Skip to content

Plaid API Keys

Service Name: Plaid

Service Description: Plaid is a financial services company that provides a secure way for users to connect their financial accounts to apps and services. It enables applications to connect with users' bank accounts to access financial data for various use cases including account funding, payment processing, lending, financial management, and more.

Service Address: https://plaid.com/

Validation Type: API Auth

IP Allow list: IP restrictions can be configured in the Plaid Dashboard under team settings.

Secret Access Scope: Grants programmatic access to Plaid's API services, allowing applications to connect to financial institutions, retrieve account and transaction data, process payments, and perform other financial operations.

Secret Revokement URL: https://dashboard.plaid.com/team/keys

Secret Example: access-development-12345678-abcd-efgh-ijkl-1234567890ab

Suspicious Activity Investigation Instructions:

  • Review Plaid Dashboard logs for unusual API calls or access patterns
  • Check for unexpected increases in API usage or requests from unfamiliar IP addresses
  • Monitor for unauthorized connections to new financial institutions
  • Review any webhooks or callbacks to unfamiliar endpoints
  • Check for data access to accounts that shouldn't be accessed

Mitigation Instructions:

  • Log in to the Plaid Dashboard at https://dashboard.plaid.com/
  • Navigate to Team Settings > API Keys
  • Locate the compromised key and click "Rotate" to invalidate it
  • Generate a new API key to replace the compromised one
  • Update your application code with the new API key
  • Consider implementing additional security measures such as IP restrictions
  • Review and update access permissions for team members who have access to

API keys