An app may connect to your financial accounts in multiple ways which determine where you provide your login credentials. Regardless of which type of connection is made, we do not share your financial information with the app or service you are trying to connect to without your permission, and we never share your credentials with the app or service either.
Using login credentials
- OAuth and API - Plaid does not store account credentials
- OAuth (Open Authentication) is an industry-standard protocol for authenticating and granting access to data to third party applications. With OAuth, you will be redirected to your financial institution’s website where you can directly input your login credentials. After that, your financial institution will provide Plaid with access through a secure token. Plaid then retrieves and provides the financial data that you’ve agreed to share with the app you’re using.
- Your financial institution may use an API solution that provides Plaid with a type of security identifier. In this case, you will be asked to provide your bank account login credentials directly within Plaid’s authentication flow and Plaid will securely connect to your financial institution without storing your credentials.
- Non-OAuth - Plaid has access to and stores account credentials
- There are many reasons for the non-OAuth connection type to exist, one of which might be because your financial institution is currently in the process of migrating to the OAuth experience.
Using routing and account numbers
In this case, you would be asked to provide your routing number and account number directly to Plaid during the account connection process. Plaid will then either verify your account details immediately or send micro-deposits to your account for manual verification which could take one to two business days.