Plaid Access Token
Service Name: Plaid
Service Description: Plaid is a financial technology company that provides a secure way for applications to connect with users' bank accounts. It enables developers to build financial services applications by providing APIs for account linking, transaction data, authentication, and more.
Service Address: https://plaid.com/
Validation Type: API Auth
IP Allow list: IP restrictions can be configured at the Plaid dashboard level for API requests.
Secret Access Scope: Grants access to financial data from connected bank accounts, including account information, transaction history, balances, and identity information.
Secret Revokement URL: https://dashboard.plaid.com/team/api
Secret Example: access-sandbox-12345678-9abc-def0-1234-56789abcdef0
Suspicious Activity Investigation Instructions:
- Review Plaid dashboard logs for unusual API calls or data access patterns.
- Check for unexpected Item (bank connection) creations or removals.
- Monitor for unusual transaction data retrieval or authentication attempts.
- Verify if the token is being used from unexpected geographic locations.
- Review application logs for any unauthorized use of the Plaid API.
Mitigation Instructions:
- Immediately rotate the compromised access token by creating a new one in the Plaid dashboard.
- Revoke the compromised token by navigating to the Plaid dashboard > Team > API Keys.
- Update your application with the new access token.
- Review and update your application's security practices for storing and handling Plaid tokens.
- Consider implementing additional security measures like IP restrictions in the Plaid dashboard.
- Audit your application for any potential data breaches related to the compromised token.
- Contact Plaid support if you suspect unauthorized access to financial data.