access_token is your key to retrieving data on behalf of an
item, a set of credentials at a financial institution.
access_tokens are obtained by exchanging a
public_token, which you receive from Plaid Link, via the
public_token expires after 30 minutes and is usable only once; after it has been exchanged for an
access_token (or used to initialize Link in update mode), it will no longer be valid. Thus, the
public_token does not need to be stored after it is used.
access_token, however, does not expire, and it should be securely stored. For security reasons, you may rotate an
access_token, which invalidates it and returns a new
access_token. This new
access_token can be used to make requests on behalf of the
item to which the original
For security reasons, Plaid does not offer an endpoint that returns a list of your
See the our article Access_token and Item FAQ > How do I remove an item.