Generate Plaid Processor Token for HIFI

Use HIFI with Plaid Auth to send and receive payments

Overview

HIFI and Plaid have partnered to provide a way to integrate Plaid’s instant account verification with HIFI's digital payment solution. With Plaid Link, users can quickly and securely onboard a bank account to natively issue payments through HIFI's API.

Getting Started

You'll first want to familiarize yourself with Plaid Link, a drop-in client-side integration for the Plaid API that handles input validation, error handling, and multi-factor authentication. You will also need to have a verified HIFI account to add a bank funding source. Your customers will use Link to authenticate with their financial institution and select the bank account they wish to connect. From there, you'll receive a Plaid access_token and a HIFI processor_token, which allows you to quickly and securely verify a bank funding source via HIFI's API without having to store any sensitive banking information. Utilizing Plaid + HIFI enables a seamless workflow for connecting external financial accounts to HIFI.

Instructions

Set up your accounts

You'll need accounts at both Plaid and HIFI in order to use the Plaid + HIFI integration. You'll also need to enable your Plaid account for the Checkbook integration as HIFI internally uses Checkbook.

First, you will need to use the HIFI API to create a HIFI user, if you do not already have one.

Next, verify that your Plaid account is enabled for the integration. If you do not have a Plaid account, create one.

To enable your Plaid account for the integration, go to the Integrations section of the account dashboard. If the integration is off, simply click the 'Enable' button for Checkbook to enable the integration.

Finally, you'll need to complete your Plaid Application Profile in the Dashboard, which involves filling out basic information about your app, such as your company name and website. This step helps your end-users learn more how your product uses their bank information and is also required for connecting to some banks.

Create a link_token

In order to integrate with Plaid Link, you will first need to create a link_token. A link_token is a short-lived, one-time use token that is used to authenticate your app with Link. To create one, make a /link/token/create request with your client_id, secret, and a few other required parameters from your app server. For a full list of link_token configurations, see /link/token/create.

To see your client_id and secret, visit the Plaid Dashboard.

curl -X POST https://sandbox.plaid.com/link/token/create \
-H 'Content-Type: application/json' \
-d '{
  "client_id": "${PLAID_CLIENT_ID}",
  "secret": "${PLAID_SECRET}",
  "client_name": "Plaid Test App",
  "user": { "client_user_id": "${UNIQUE_USER_ID}" },
  "products": ["${PRODUCT}"],
  "country_codes": ["US"],
  "language": "en",
  "webhook": "https://webhook.example.com",
  "redirect_uri": "https://domainname.com/oauth-page.html",
}'

Integrate with Plaid Link

Once you have a link_token, all it takes is a few lines of client-side JavaScript to launch Link. Then, in the onSuccess callback, you can call a simple server-side handler to exchange the Link public_token for a Plaid access_token and a HIFI processor_token.

<button id="linkButton">Open Link - Institution Select</button>
<script src="https://cdn.plaid.com/link/v2/stable/link-initialize.js"></script>
<script>
  (async function(){
    var linkHandler = Plaid.create({
      // Make a request to your server to fetch a new link_token.
      token: (await $.post('/create_link_token')).link_token,
      onSuccess: function(public_token, metadata) {
        // The onSuccess function is called when the user has successfully
        // authenticated and selected an account to use.
        //
        // When called, you will send the public_token and the selected accounts,
        // metadata.accounts, to your backend app server.
        sendDataToBackendServer({
           public_token: public_token,
           accounts: metadata.accounts
        });
      },
      onExit: function(err, metadata) {
        // The user exited the Link flow.
        if (err != null) {
            // The user encountered a Plaid API error prior to exiting.
        }
        // metadata contains information about the institution
        // that the user selected and the most recent API request IDs.
        // Storing this information can be helpful for support.
      },
    });
  })();

  // Trigger the authentication view
  document.getElementById('linkButton').onclick = function() {
    // Link will automatically detect the institution ID
    // associated with the public token and present the
    // credential view to your user.
    linkHandler.open();
  };
</script>

See the Link parameter reference for complete documentation on possible configurations.

Plaid.create accepts one argument, a configuration Object, and returns an Object with three functions, open, exit, and destroy. Calling open will display the "Institution Select" view, calling exit will close Link, and calling destroy will clean up the iframe.

Write server-side handler

The Link module handles the entire onboarding flow securely and quickly, but does not actually retrieve account data for a user. Instead, the Link module returns a public_token and an accounts array, which is a property on the metadata object, via the onSuccess callback. Exchange this public_token for a Plaid access_token using the /item/public_token/exchange API endpoint.

The accounts array will contain information about bank accounts associated with the credentials entered by the user, and may contain multiple accounts if the user has more than one bank account at the institution. If you want the user to specify only a single account to link so you know which account to use with HIFI, set Account Select to "enabled for one account" in the Plaid Dashboard. When this setting is selected, the accounts array will always contain exactly one account.

Once you have identified the account you will use, you will send the access_token and account_id property of the account to Plaid via the /processor/token/create endpoint in order to create a HIFI processor_token. You'll send this token to HIFI and they will use it to securely retrieve account and routing numbers from Plaid.

You can create HIFI processor_tokens in both API environments:

Sandbox (https://sandbox.plaid.com): test simulated users
Production (https://production.plaid.com): production environment for when you're ready to go live and have valid HIFI Production credentials

# Exchange token
curl -X POST https://sandbox.plaid.com/item/public_token/exchange \
  -H 'Content-Type: application/json' \
  -d '{
    "client_id": "${PLAID_CLIENT_ID}",
    "secret": "${PLAID_SECRET}",
    "public_token": "${PUBLIC_TOKEN}"
  }'

# Create a processor token for a specific account id. HIFI internally uses Checkbook.
curl -X POST https://sandbox.plaid.com/processor/token/create \
  -H 'Content-Type: application/json' \
  -d '{
    "client_id": "${PLAID_CLIENT_ID}",
    "secret": "${PLAID_SECRET}",
    "access_token": "${ACCESS_TOKEN}",
    "account_id": "${ACCOUNT_ID}",
    "processor": "checkbook"
  }'

For a valid request, the API will return a JSON response similar to:

{
  "processor_token": "processor-sandbox-0asd1-a92nc",
  "request_id": "m8MDnv9okwxFNBV"
}

For possible error codes, see the full listing of Plaid error codes.