Implementation Checklist

Checklist for implementing Plaid Core Exchange

Scoping and implementation

  • Review the Core Exchange API Reference documentation
  • Review the architecture diagram
  • Try out our Postman collection to test requests and responses on a mock bank server
  • Complete the Intake Questionnaire. The information provided allows us to best support you through your onboarding experience
  • Get access to the Plaid Data Partner Dashboard:
    • Your Plaid contact will provide you a one-time use link to either sign up for a data partner dashboard account if you do not already have Plaid dashboard access or create a new team if you already have access to the dashboard as a Plaid customer.
    • Gather business information
      In our onboarding flow, we verify your organization and require the following information which you can collect in advance:
      • Name and business email address of a responsible business contact representing the data provider organization
      • Company address
      • Company name
      • Company tax ID
      • Company Legal Entity Identifier
      • Industry
      • Licensing and registration (e.g., FDIC, NCUA, SIPC)
  • Gather technical contact information
      Before you go live, we require technical contact information In the event an urgent technical issue arises:
      • Shared email address
      • Phone number (if available)
      • Additional individual contacts
  • Prepare one or more test accounts for each type of account you support (checking, savings, credit card, loan, 401k, etc.) Ensure that:
    • All accounts have balance data
    • All accounts have contact data
    • Depository, loan, and investment accounts have transaction data
    • Depository accounts have payment networks data
  • Allowlist the following Plaid IPs:
    • 18.214.218.91
    • 3.211.30.208
    • 3.214.25.67
    • 54.88.74.128
    • 54.208.59.10
    • 54.88.202.28
    • 34.199.37.46
    • 35.168.137.48
    • 3.215.49.214
    • 34.202.178.138
    • 52.0.205.192
    • 52.3.166.211
    • 35.174.147.86
    • 52.88.82.239
    • 52.41.247.19
    • 3.233.249.56
    • 35.153.85.253
    • 3.219.116.195

Building and testing

Develop and test authentication
Develop and test FDX data subsets

Go-live

Get ready for production
  • Confirm you have implemented strong authentication in your OAuth flow (i.e., MFA)
  • Confirm your organization's name, logo, and URL. Plaid uses this information to populate your organization's details in Plaid Link. Your logo file must be a 96x96 or 152x152 circular PNG and under 2MB
  • If you would like to make an external launch announcement, reach out to our Plaid team to finalize plans
  • Once you have validated your integration, request production access in the Plaid dashboard or reach out to your Plaid contact
Pilot and migrate

(Note: This section only applies to existing Plaid partners)

If your institution is already supported in Plaid Link or you are a platform provider with numerous institutions, we will partner together to develop a pilot and migration plan. Migrations typically have 4 phases:


PhaseDescriptionTimeline*
1Friends and Family TestingLimited access, internal user traffic~ 2 weeks
2Pilot CohortEnable new connections in production for pilot cohort, monitor health and resolve issues~ 2 weeks
3Remaining CohortsEnable new connections for remaining cohorts in production, monitor health and resolve issues

**# of cohorts is partner dependent		~ 2-3 weeks
4Existing User MigrationAfter integration health is validated, Plaid will begin a process to migrate all existing items over to the OAuth + API connection.~120 days

*Timeline illustrative. Speed contingent on ability to validate institutional health, address any open issues etc.

Ongoing management

We will continue to partner together to ensure integration quality after you go live on API connectivity with Plaid. Key integration health metrics Plaid monitors include: conversion, data access success rate, data availability and accuracy.

  • Update the Plaid team with the correct point of contact to support ongoing integration health
  • Log the identifiers below to aid in troubleshooting issues with Plaid:
    • OAuth state parameter:
      • Plaid sends a unique string in the state parameter when redirecting the user’s browser to the authorization_endpoint. Useful in debugging OAuth flow errors.
    • X-Request-ID
    • User identifier
      • This is useful in debugging the request flow for a given user.
      • Depending on how you set up your API this value can be from the following sources:
        • The value of sub from your OIDC token
        • The value of sub from your OIDC userinfo_endpoint
        • Value of customerId from the /customers/current endpoint
  • Consider ways to take your integration to the next level:
    • Increase consumer throughput with App2App functionality
    • Show your customers their most up-to-date connections to Plaid-powered apps and enable them to make updates in real-time, automatically syncing permissions across the financial ecosystem via Permissions Manager

Key considerations for Digital Banking Platforms

Partnering with Digital Banking Platforms is essential to how Plaid leads the market in preparing for the open finance future. Over 30 platforms, representing 7000+ financial institutions are already live or in the process of going live with API-based data connectivity with Plaid.

The Plaid team has made key investments to support rapid scaling of our API migrations. Our Data Partner Dashboard and internal tooling make it straightforward to migrate hundreds of financial institutions and millions of new and existing users to API in a matter of weeks.

1. Execute an “opt-out migration”

Financial institutions and their end users now expect highly reliable and secure data access. In order to deliver that experience as quickly as possible, we recommend an "opt-out" migration strategy for Digital Banking Platform institutions.

How to execute:
  • Communicate with your financial institutions that Plaid API access is rolling out for all institutions
  • Share with Plaid the number of institutions you support
  • Determine if cohort-based ramping of institutions is needed (details to consider in step 2)
  • Dependent on the scale of your existing Plaid volume, we may encourage either:
    • Friends and family pilot: Set up 1-2 financial institutions for testing in production under a pseudonym only findable by active testers. Plaid will share a PDF checklist of tests to run to testers.
    • Production pilot: Bring 1-5 financial institutions live in production to validate integration before bringing the rest of your institutions live.
  • Upload financial institutions into the Data Partner dashboard
  • Plaid brings financial institutions live on API!
2. Consider backend data complexities upfront:
  • Pilot/testing plan: Do you have different backend pods, product lines, or backend core groupings that might align to different backend data models? If so, we encourage representing each subgroup in a pilot cohort to uncover any variability or errors.
  • Account and routing numbers: There is zero room for error when it comes to accuracy of account and routing numbers. We have found with platforms representing different backend cores there can be some edge-case discrepancy. Please validate that `/payment-network` data is accurate for all institutions before going live.

Architecture diagram

This sequence diagram depicts the standard flow of an end-user selecting an institution in Plaid Link and the resulting interaction flow between Plaid and a data partner’s API. Core Exchange offers flexibility that meets your needs, so exact flows can vary depending on your OAuth 2.0 and FDX implementation.

core-exchange-sequence-diagram