search

Connect to Plaid

This guide helps you integrate Skyflow with Plaid. By the end of this guide, you’ll use Skyflow to securely store and govern sensitive data returned by Plaid.

Prerequisites

Before you start,

    Log in to your Skyflow account. If you don’t have an account, you can sign up for a free trial account.
      For trial accounts, log in to try.skyflow.com.For production accounts, log in to your dedicated sign in URL.
    Obtain your Plaid client_id and secret keys.Obtain a valid Plaid access token.

Overview

This guide shows you how to integrate Plaid with Skyflow to securely store sensitive financial and personal data returned by Plaid in four steps:

    Set up a Plaid vaultConfigure your connectionTest the end-to-end integrationMove to production

In this guide, you'll use the Plaid vault, which is accessible from any Skyflow account.

You can follow along with your own vault as well, but keep in mind that the example code may differ slightly from what you would use.

infoIf you create a connection from scratch rather than using the pre-built Plaid connection, the connection creation process is similar to the process outlined in the Stripe connection guide.

Set up a Plaid vault

To create a Plaid vault in Skyflow Studio, go to the Vault Dashboard and click Create Vault > Start With A Template > Plaid > Create as shown below:

select_plaid_template

The Plaid vault comes with a predefined vault schema that's designed to store the most sensitive data returned from the Plaid APIs. The vault schema has tables mapped to different Plaid products. This schema is customizable, and you can add/edit/delete new tables and columns as needed.

This guide uses the Auth Plaid API and inserts data into the accounts and balances tables.

Configure the connection

In this section, you'll enable and configure your Plaid connection so that it's ready for testing and production.

    Click the Skyflow logo to return to the Studio homepage.

    Click the Settings tab and select Vault.

    In the dropdown, select the Plaid vault you just created.

    Click Connections > Create Connection > Plaid.

    From the list of the routes, select Auth by clicking the route description.

    infoThe Skyflow-supported routes match 1-1 with the Plaid APIs. The Auth route is used in this example, but the other APIs follow the same process.

    With the Plaid connection template, most of the heavy lifting is done for you. For example, the Outbound Base URL is preset to the Plaid sandbox URL.

    On the Connection Configuration page, click Continue.

    For Request body, the route configuration is predefined for you, including the client_id and secret fields. You don't need to manually configure any fields in this section.

    The Response body determines which fields from Plaid that it stores in the API response. Whenever Skyflow finds a matching field, it will store the data in the selected table and column, and return the tokens to where the API call originated from.

    Select the table and column that match the field you’re tokenizing, and repeat this process for each field. If you use the Plaid vault, use the following field, table, and column mappings:

    Field name

    Table name

    Column name

    accounts.*.account_id

    accounts

    account_id

    accounts.*.balances.available

    balances

    available

    accounts.*.balances.current

    balances

    current

    numbers.ach.*.account

    numbers_ach

    account

    numbers.ach.*.account_id

    numbers_ach

    account_id

    numbers.ach.*.routing

    numbers_ach

    routing

    numbers.ach.*.wire_routing

    numbers_ach

    wire_routing

    infoFor the Response body fields, Action is always Tokenization.

    Leave all other settings blank and click Continue.

    On the summary page, you can add more routes to the connection, or you can come back later to add them. Once you create all of your routes, click Create Connection.

    Add a name for the service account, then click Finish. Your browser downloads a credentials.json file, which allows you to authenticate with Skyflow.

Your new Plaid connection and route(s) are visible on the Connections page.

select_plaid_template

    Expand the connection and click Sample Request. Note the connection path URL—you’ll need it later.

Test the end-to-end integration

In this section, you’ll test your Plaid connection by storing data in the vault and using Skyflow Connections to invoke the Plaid APIs.

Insert and retrieve client_id and secret tokens

Store your Plaid client_id and secret in the Plaid vault within the credentials table. This ensures that your Plaid authentication credentials are secure.

infoIf you choose not to store your client_id and secret within Skyflow, delete the client_id and secret fields from the Request body section.

    Use the snippet below to insert your client_id and secret into the vault. Once successfully inserted, you will receive tokenized values for the client_id and secret that you should store in your database in a way that you can retrieve them later.

      $BEARER_TOKEN: Generate an API bearer token in Skyflow Studio by clicking your name icon in the top right and selecting Generate API Bearer Token > Generate Token as shown below. Click the Copy icon to copy the token, then replace this param with the token. It is valid for 24 hours. generate_bearer_token$CLIENT_ID and $SECRET: Replace with your Plaid client_id and secret.$VAULT_URL: replace with your vault URL by going to your vault details page. $VAULT_ID: replace with your vault ID by going to your vault details page.
    curl -i -X POST '$VAULT_URL/v1/vaults/$VAULT_ID/credentials' \
    -H 'Authorization: Bearer $BEARER_TOKEN' \
    -d '{
        "quorum": false,
        "records": [
            {
                "fields": {
                    "client_id": "$CLIENT_ID",
                    "secret": "$SECRET"
                }
            }
        ],
        "tokenization": true
    }'

    Call the Plaid connection using the following cURL request. Update the following parameters:

      $SKYFLOW_CONNECTIONS_ENDPOINT: Replace with your connection path URL.$BEARER_TOKEN: Generate an API bearer token in Skyflow Studio by clicking your name icon in the top right and selecting Generate API Bearer Token > Generate Token. Click the Copy icon to copy the token, then replace this param with the token. It is valid for 24 hours.$CLIENT_ID_TOKEN and $SECRET_TOKEN: Replace with the client_id and secret tokens you just stored in your database from step 1.$PLAID_ACCESS_TOKEN: Replace with the access token you generated to call the Plaid APIs.
    curl -i -X POST '$SKYFLOW_CONNECTIONS_ENDPOINT' \
    -H 'Content-Type: application/json' \
    -H 'X-Skyflow-Authorization: $BEARER_TOKEN' \
    -d '{
        "client_id": "$CLIENT_ID_TOKEN",
        "secret": "$SECRET_TOKEN",
        "access_token": "$PLAID_ACCESS_TOKEN"
    }'

    Skyflow returns a response similar to the following:

    {
        "accounts": [
            {
                "account_id": "06db7bce-b0f1-4162-802e-d0cb17363046",
                "balances": {
                    "available": "f30a42db-22ea-4613-82f9-fa4748a0be60",
                    "current": "52f3eb09-f14c-4788-90d5-64a4ed368c94",
                    "iso_currency_code": "USD",
                    "limit": null,
                    "unofficial_currency_code": null
                },
                "mask": "0000",
                "name": "Plaid Checking",
                "official_name": "Plaid Gold Standard Interest Checking",
                "subtype": "checking",
                "type": "depository"
            }
        ],
        "item": {
            "available_products": [
                "assets",
                "balance",
                "identity",
                "liabilities"
            ],
            "billed_products": [
                "auth",
                "transactions"
            ],
            "consent_expiration_time": null,
            "error": null,
            "institution_id": "ins_127989",
            "item_id": "wG3j4Pr9erHVneKnVod6HnPL9qDzQgirAeyJw",
            "optional_products": null,
            "products": [
                "auth",
                "transactions"
            ],
            "update_type": "background",
            "webhook": ""
        },
        "numbers": {
            "ach": [
                {
                    "account": "952f8c5e-2eb1-4f17-affa-b829e53f12e7",
                    "account_id": "06db7bce-b0f1-4162-802e-d0cb17363046",
                    "routing": "011401533",
                    "wire_routing": "021000021"
                }
            ],
            "bacs": [],
            "eft": [],
            "international": []
        },
        "request_id": "gjNGqAUBronfU2F"
    }

    Notice that the following values in the balances.available and balances.current objects are tokenized. Additionally, the values within the numbers.ach[0].account object are also tokenized.

    infoThis example uses the Auth endpoint and receives a response for only one account. In a real response, you could see multiple accounts.

    Once you receive a successful response from Skyflow, use Skyflow Studio to navigate to your vault. You should now see one or more new record entries within the tables and columns that you defined within the Response body section.

Move to production

When you’re ready to move your Plaid connection to your production environment, complete the following steps.

    Log in to your Skyflow production environment and recreate your Plaid connection following the steps to Set up a Plaid vault and Configure the connection. a. While configuring the connection, replace the Outbound Base URL in the Plaid connection from the sandbox URL to the production URL.

    select_plaid_template

    Insert your Plaid production client_id and secret similar to the steps outlined in the Insert and retrieve client_id and secret section. Note the client_id and secret tokens that are returned by Skyflow—you’ll need them later.

    Depending on your backend environment, use Skyflow’s server-side SDKs to integrate your server with Skyflow and Plaid. If your backend is written in a language that we don’t currently support through our SDKs, integrate with Skyflow’s REST APIs.

    Below is an example of how to initialize a Skyflow client and call the invokeConnection method using the Node.js SDK. To see other languages, refer to the SDKs.

    import {
      generateBearerToken,
      isExpired,
      Skyflow
    } from 'skyflow-node';
    
    let bearerToken = '';
    let filepath = 'CREDENTIALS_FILE_PATH';
    
    function getSkyflowBearerToken() {
      return new Promise(async (resolve, reject) => {
        try {
          if (!isExpired(bearerToken)) resolve(bearerToken)
          else {
            let response = await generateBearerToken(filepath);
            bearerToken = response.accessToken;
            resolve(bearerToken);
          }
        } catch (e) {
            reject(e);
        }
      });
    }
    
    // Initialize the Skyflow client
    const client = Skyflow.init({
      // Id of the vault that the client should connect to
      vaultID: '$VAULT_ID',
      // URL of the vault that the client should connect to  
      vaultURL: '$VAULT_URL',
      // Helper function generates a Skyflow bearer token
      getBearerToken: getSkyflowBearerToken
    });
    
    const response = client.invokeConnection({
      connectionURL: '$CONNECTION_URL',
      methodName: Skyflow.RequestMethod.POST,
      requestHeader: {
        'Content-Type': 'application/json'
      },
      requestBody: {
        "client_id": "$CLIENT_ID_TOKEN",
        "secret": "$SECRET_TOKEN",
        "access_token": "$PLAID_ACCESS_TOKEN"
      }
    });
    
    response.then(
      (res) => {
        console.log(JSON.stringify(res));
      }
    ).catch((err) => {
      console.log(JSON.stringify(err));
    });
    infoRemember, the access token is the token Plaid returns to your application in plain text once a user has successfully authenticated.

    Once successful, you should see a response similar to the one below.

    {
        "accounts": [
            {
                "account_id": "06db7bce-b0f1-4162-802e-d0cb17363046",
                "balances": {
                    "available": "f30a42db-22ea-4613-82f9-fa4748a0be60",
                    "current": "52f3eb09-f14c-4788-90d5-64a4ed368c94",
                    "iso_currency_code": "USD",
                    "limit": null,
                    "unofficial_currency_code": null
                },
                "mask": "0000",
                "name": "Plaid Checking",
                "official_name": "Plaid Gold Standard Interest Checking",
                "subtype": "checking",
                "type": "depository"
            }
        ],
        "item": {
            "available_products": [
                "assets",
                "balance",
                "identity",
                "liabilities"
            ],
            "billed_products": [
                "auth",
                "transactions"
            ],
            "consent_expiration_time": null,
            "error": null,
            "institution_id": "ins_127989",
            "item_id": "wG3j4Pr9erHVneKnVod6HnPL9qDzQgirAeyJw",
            "optional_products": null,
            "products": [
                "auth",
                "transactions"
            ],
            "update_type": "background",
            "webhook": ""
        },
        "numbers": {
            "ach": [
                {
                    "account": "952f8c5e-2eb1-4f17-affa-b829e53f12e7",
                    "account_id": "06db7bce-b0f1-4162-802e-d0cb17363046",
                    "routing": "03aa714e-308e-45ba-ab3b-488db15d152e",
                    "wire_routing": "2704873d-8542-49ab-8eb9-5e6144b42b99"
                }
            ],
            "bacs": [],
            "eft": [],
            "international": []
        },
        "request_id": "gjNGqAUBronfU2F"
    }

    Notice that the values in the balances.available and balances.current objects have been tokenized as well as the values in the numbers.ach[0].account object.

    Once you receive a successful response from Skyflow, navigate to your vault in Skyflow Studio. You now have one or more new records in the tables and columns that you defined in the Response body section.

Next steps

Now that you have successfully tokenized a response from Skyflow and Plaid, visit the Detokenizing data section to learn how to detokenize the tokens.

In this article