access_token and item FAQ

Current API

How to track users across items

Do items or access tokens expire?

How do I delete an item?

What are the differences among a public_token, access_token, and an item?

How are tokens formatted?

How to track users across items

A new, unique item is generated every time you create an item. If one set of credentials were used to create an item twice, you would receive two unique items.
You can check whether credentials have been previously used to create an item by comparing the items’ accounts.name and accounts.mask.

Do items or access tokens expire?

Items do not expire. access_tokens, which are used to make API requests on behalf of an item, do not expire unless they are rotated.

How do I remove an item?

To deactivate an item, send a POST request to /item/remove, as here:
curl -X POST https://sandbox.plaid.com/item/remove \
 -H 'content-type: application/json' \
 -d '{
   "client_id": String,
   "secret": String,
   "access_token": String
 }'

We do not currently offer a method for the end user to directly remove an item, but you could add this feature to your integration by providing a method for your users to trigger a request to /item/remove.

What are the differences among a public_token>, access_token, and an item?

An item represents a set of credentials at a financial institution. It is unique and does not expire. Access its data by making requests with an access_token. Retrieve an access_token by exchanging a public_token.

A public_token is a short-lived token returned by Plaid Link when creating an item. It can be exchanged for an access_token or used to initialize Link in update mode on behalf of an item.

An access_token is a rotatable token affiliated with an item. It is used to make product requests on behalf of an item.

How are tokens formatted?

Tokens follow this format: [type]-[env]-[uuid]

Possible types: public, access, processor
Possible environments: sandbox, development, production

For example: access-development-7c69d345-hda9-ka68-ahs3-e9317406a2

Legacy API

How to track users across access_tokens

Do access_tokens expire?

How do I delete an access_token?

What is the difference between a public_token and an access_token?

 

How to track users across access_tokens

An access_token is generated each time you add a user. Even if a given pair of credentials has been added previously, adding them again will generate a new access_token.

You can verify whether the same account has been previously linked by comparing the institution type to the values under the meta.name and meta.number properties in the response to the values of previously linked accounts.

Do access_tokens expire?

access_tokens do not expire. You can delete an access_token by issuing a DELETE request to a product endpoint that the access_token is authorized for. 

How do I delete an access_token?

You only need to issue a DELETE request for one of the products associated with the access_token to delete the access_token entirely. For example, if you would like to delete an access_token that was originally added to Connect and upgraded to Info, you can issue the following request:

 

curl -X DELETE https://tartan.plaid.com/info
-d client_id={CLIENT_ID} \
-d secret={SECRET} \
-d access_token={ACCESS_TOKEN}

We do not currently offer a method for the end user to directly revoke the access_token, but you could add this feature to your integration by providing a method for your users to trigger a DELETE request for their access_token.


What is the difference between a public_token and an access_token?

A public_token is returned by Plaid Link and is safe to expose in the app or browser, cannot be used to retrieve sensitive account information, and should be sent to your app server. You can exchange the Plaid Link public_token for an API access_token by making a /exchange_token API request from your app server.

It is important that you store each public_token that is generated. A user's public_token can be used to initialize Link in update mode when a user-actionable error is encountered such as invalid credentials or account not setup.

Did you find this article helpful?

Yes, I found this article helpful No, I didn't find this article helpful

Thanks for your feedback

support@plaid.com
https://cdn.desk.com/
false
desk
Loading
seconds ago
a minute ago
minutes ago
an hour ago
hours ago
a day ago
days ago
about
false
Invalid characters found
/customer/en/portal/articles/autocomplete