Storage
An access_token
is your key to retrieving data on behalf of an item
, a set of credentials at a financial institution. access_token
s are obtained by exchanging a public_token
, which you receive from Plaid Link, via the /item/public_token/exchange
endpoint.
A public_token
expires after 30 minutes and is usable only once; after it has been exchanged for an access_token
(or used to initialize Link in update mode), it will no longer be valid. Thus, the public_token
does not need to be stored after it is used.
An access_token
, however, does not expire, and it should be securely stored. For security reasons, you may rotate an access_token
, which invalidates it and returns a new access_token
. This new access_token
can be used to make requests on behalf of the item
to which the original access_token
corresponded.
For security reasons, Plaid does not offer an endpoint that returns a list of your item
s or access_token
s.
Removal
See the our article Access_token and Item FAQ > How do I remove an item.