Plaid Integration - No Clue!

I need help setting up the Plaid Plugin. I use the element actions to show the Plaid element but it appears for a second and then disappears (I know my public key isn’t inserted, normally it is). I think I just don’t understand the Auth workflow I need to do to exchange keys. Can anybody help?

1 Like

Hey @ryley.randall.

The element is an invisible element that is never seen in run mode; you just drag it onto the page where it won’t get in your way while developing.

If you use that Get bank account action with all the values set, it will open of the plain link product.

Important safety tip: The identity product is not available in the Sandbox, so un-check that box. If you leave it checked, the flow will not start (or as in my case, briefly flash that it is loading and then disappear.)

I use Plaid quite a bit, so feel free to continue this thread with more questions.

–Ken

2 Likes

Thank you for providing guidance! I’ll piggyback off this thread as I’m having similar trouble. I unclicked “Collect Identity” but still getting an issue where the pop up disappears the second it appears - any ideas what I’m doing wrong?

P.S. I’m new to Bubble and never used APIs before, so the issue can be something very simple.

Thank you for your help!

image

Okay, just to cover some basics:

You need a Plaid account to use this – head over to plaid.com and signup for an account.

Plaid has three levels of account:

–Sandbox (Free forever using sample data)
–Development (Free forever using live data, limited to 100 “items” where an item is a login to a financial institution by a user.)
–Production (Paid, starting at $500/month and going up from there.)

Once you have an account, you will have access to your api keys…those are needed for the Bubble plugin to work. Referencing your screenshot above, the Public Key value will be listed as public_key over at Plaid. You can review the Plaid documentation to see which product you actually want to use (Auth, Transactions or Identity.) The Client Name is a text value that is used by the link product which would typically be your company name. It is used for messages to the user like "Your account is now linked to <>.

The Webhook URL is going to be a URL within your Bubble app and is documented here. Webhooks are how Plaid alerts your app that data has changed, giving you the opportunity to perform processing. For example, a typical use case is that Plaid says a webhook when new transactions have been posted for an account. This field is optional, so you might want to skip it until you have the connection made.

Use the Sandbox until you have an understanding of what is going on. All bank accounts use the username of user_good and password of pass_good. Again, these are just dummy accounts so you can see the connection and import some fake transactions.

–Ken

3 Likes

Hi Ken,

Thank you very much for your help!

I was able to interact with Plaid API and retrieve data. However, I have two questions as follows:

  • Based on my understanding, I first need to run Plaid element via “Get bank account with Plaid A” to get public_token. I then use “Plaid - Get access token” to get the permanent access token. I’m having trouble performing these two in sequence (i.e. Step 1 and Step 2) - I’m getting an error message when I try to (please see below). I found a workaround by creating a separate button and clicking those sequentially, but would like these two steps to be performed automatically without extra clicking
    image

  • When I retrieve data using “Get bank account details”, multiple accounts come as one string separated by comma. As such, when I save data using “Create a new thing”, all 4 bank accounts are saved into one data record - is there any way to split those into multiple records (i.e. four separate rows)?

Thank you very much for your help!

Glad it is progressing for you!

Yes, you start with Get bank account with Plaid A – that triggers the link product with Plaid.

That should really be the end of the Plaid interaction for that event – at this point, your app is waiting for Plaid to interact with the user while they put in a bad password, retry, select a different bank, etc. etc. It eventually completes, hopefully successfully.

The way you pick the ball back up, is to use the “A Plaid token has been created” Event (not action.) In that Event, is where you perform the Plaid - Get access token action. This event is where you would store the item info, trigger other processing, etc. The token you get is for a Plaid Item. Each Plaid Item can have multiple Plaid Accounts. The item is tied to a set of credentials at a bank and the accounts are the one or more accounts under that login (think, Checking, Savings, Mortgage, Credit Card, etc.) I store the plaid items as one thing, and the accounts as a different thing, as a list child of the plaid item.

Once you have the token for the item, you turn around and get the bank account details for the accounts you desire (which may or may not be all of them depending on your need.) In my case, I’m not using the plugin, but rather I’m using one of my own using the API connector. It gets all the accounts for a given Plaid Item. I process that list of accounts with a Schedule a workflow on a list action, so no need to parse a comma separated string.

Here is a screenshot of that accounts call:

I gave the API in the connector a unique name (ours is TOH-PLAID) just so I was clear when using our homegrown stuff vs the plugin.

–Ken

4 Likes

Hi Ken,

Thank you very much for your help!

Can you please elaborate on how to create a scheduled workflow to split the string into separate records? I tried to follow a thread with a similar issue but it was too confusing.

So far, I was able to create an event that pulls and saves item_id and access_token into the database and run the “Get bank account details” action to pull the bank account data (please see below)

When I get to scheduled workflow step, I get the following window:
image

For “Type of Things”, it’s my understanding that I should be using the table I’m trying to save my data into (i.e. Account table). However, when I pick “List to run on” as result of Step 3 (get bank account detail), I seem to get into the loop and red text.

For “API Workflow”, I assume it’s used to define the steps the workflow needs to perform each time? Do I need a “Create a new thing” action to save data for each field? Also, it seems that I can’t reference previous steps within the workflow - is it better to execute “get account details” here then?

For schedule date, do I associate it with clicking a button or should I define a specific interval?

Apologies for all the questions - the schedule workflow function doesn’t seem very intuitive to me.

Hey @twoandahalfaccountan.

What I’m going to show you, does not use the Get bank account details action that comes with the plugin – I use the plugin to interact with the Plaid link product, but then use my own API calls using the API connector. Just wanted to make sure that was clear.

But If you want to use my process to gather bank account details, then first create the API for TOH-PLAID as I described in an earlier post. Make sure everything is exactly as presented but using your own keys. For ease of copy/paste, here is the JSON Body:

{
"client_id": "<Client ID>",
"secret": "<Secret Key>",
"access_token": "<Access Token>"
} 

Once that is made, here is the action that uses it – which basically goes back to Plaid, gets all accounts for the token just created, and then calls another bubble api that performs actions for each account in the list.

The Type of things should be Get PLAID Accounts account.
The List to run on is TOH-PLAID - Get PLAID Accounts’s accounts (or whatever you named it)

API Workflow is an API you will need to create within bubble. It is a set of actions that will be performed on the individual accounts that the workflow on a list action sends to it.

For this one, I have a series of fields I want passed in, which can then be used in Create a Thing action, or whatever makes sense. You can see in the previous screenshot how to pass the actual values in.

To directly answer some of your questions about the Schedule API workflow on a list, action:

The Type of things should match whatever you are providing in the List to run on field.
Yes, the API Workflow is the steps to perform on each item within the list.
The Create a new thing action is needed for each item in the list (in this case a plaid account,) but not each field.
Just use Current date/time for schedule date, and an interval of 5 – which says, schedule to do this now, and do process an item every 5 seconds. Once you understand all this better, you can fine tune this.

Hope this gets you closer…

–Ken

3 Likes

Thank you very much for your response!
I’ll try it out tonight - hopefully I’ll figure out how to set it up.
Just a quick question - is there a reason why you don’t use Plaid’s “get account details” action and rather created your own API?

I had built some of this on my own before the plugin was developed, so just easier to keep what was already working.

Got it - I’ll go your route as I can’t seem to figure out how Plaid’s plug-in works :slight_smile:

On your screenshot for creating API, it seems that the Access_Token is the token generated by Plaid for a specific Item - does it mean that an API call has to be created every time a new item (Institution) is added or can this form somehow pull it from a database?

That’s a screenshot from a demo I cobbled together to keep it simple. In reality, I pull everything from the database in real-time. I have a Plaid Items table, with an access_token field among other things. You can track those Plaid items based on whatever works for you, but a common use case would be to relate it to the Current User.

Thank you for your detailed instructions - I was able to make it work.
Couple of general questions:

  • I noticed that “Plaid - Get Access Token” function pulls a different access_token and item_id for the same institution if i run it multiple times (i.e. if I login into Chase twice in sandbox mode, it’ll generate two different access_tokens and item_id). I was wondering if it’s because I’m in sandbox mode and once Plaid is running live it’ll only generate one access code per financial institution
  • I don’t see anywhere in Auth function the name of financial institution - how do I know that a particular account belongs to Chase, for example? I’d like to save the financial institution’s name along with account_id so it can be visible.

Thank you for your help!

Every time you connect a bank, you are creating a new plaid item. A plaid item has a one to one relationship with a set of login credentials a user has with a financial institution, not the institution alone. So the behavior you are seeing is correct. Note that once you move to the development plan, you are only allowed 100 plaid item connections and once you use a connection, it counts forever to prevent abuse.

The institution name can be retrieved with another api connector call. Take a look at the plaid api for a full list: https://plaid.com/docs/api/
I believe I use the /institution/get_by_id to get the institution name using the Id on the account response.

1 Like

Hi Ken,

I was able to figure out how to run API workflow to get accounts and transactions for a specific token.
It seems that the API workflow on a list runs for one token at a time; however, I can’t figure out how to make it run on a recurring basis until it goes through the entire list of tokens. (i.e. Run API workflow on a list for each token until all tokens associated with a user are gone through). I tried messing around with a recurrent event feature, but it doesn’t seem to be meant for that. How do you update transactions for each token?

Sounds like you are ready for webhooks. :slight_smile:

Plaid will send an event (webhook) to a url you supply at the time you create the plaid item (you can also add it later). If you look at the connect a bank action, you’ll see a place to set that. The webhook is sent to that url whenever a plaid item has new transactions (among other things) and it has the plaid item_id so you know what to update. This way, you do not need any process that polls for changes, you are simply notified at the time it happens so you always have the most up-to-date data.

The webhook in your bubble app, is an api endpoint. Here’s how I have mine setup:

The url you would provide to plaid at time of setup would be: https://yourapp.yourbubble.com/version-test/api/1.1/wf/plaid_hook (remove the version-test for production.) You can see that authentication is turned off, because the webhook is simply notifying you of activity, it does not provide anything beyond the number of transactions and the item_id. I only allow the event to trigger, if the item_id finds a match in my db (shown in screenshot above.)

What I do, is log the webhook in a table in bubble a) so I have the log and b) it gives me an easy thing to pass to custom events for the actual retrieval of data:

15%20PM

So far, I only take action on the webhook, if the webhook_code is the Historical Update from Plaid, or a Default Update (read more about plaid webhooks here.) There is a third type of transaction hook, the Initial Update. Initial is sent to you when plaid has downloaded the most recent 30 days of transactions; Historical update is when it has downloaded everything it can get, and Default is triggered as new transactions come along after setup.

Since you seem to already be able to pull transactions, I won’t go into the details of those updates, but you basically take the item_id provided, lookup the access_token you have stored and perform an api call to plaid to retrieve the recent transactions by providing start and end dates. Similarly you can refresh balances, etc.

There are also webhooks to alert when plaid items need updating (password change for example.) and other things.

Glad things are progressing for you!

–Ken

1 Like

Hi Ken,

Thank you for the additional guidance! I have a few questions to clarify my understanding:

  1. It sounds that Plaid sends a string of item_ids every time certain trigger occurs to a specified url. Bubble knows to retrieve these item_ids based on the url name (i.e. “plaid_hook”). Endpoint is then able to use that data as parameters. Let me know if my understanding is correct.
  2. If so, do you embed the endpoint into scheduled API workflow on a list as “API Workflow” like you would with any other endpoint?
  3. If 2 is correct, then it sounds that API workflow would itself be triggered by an even (i.e. button click). What happens if the webhook has multiple item_ids that are in my database? How would API workflow be able to process multiple item_ids (the issue I’m currently having)?
  4. I understand the value of saving webhooks into a table, but retrieving them with API workflow would land me into the same trouble of having multiple item_ids to run (unless I’m missing something).
  5. If I’m having this endpoint as public access, do I need to have a separate endpoint to save transactions into a table (with access_token I’m currently storing)? I’m just worried that using open access endpoint to retrieve and save transactions would create a security vulnerability.

Thank you for all your help!

Hey,

Here is what Plaid sends to the bubble api endpoint (which you will set to the exact same url for all plaid items.) Plaid sends this webhook independently for each plaid item_id (ie. you will get multiple hits to your api endpoint each to be processed on its own.

{
"webhook_type": "TRANSACTIONS",
"webhook_code": "DEFAULT_UPDATE",
"item_id": "wz666MBjYWTp2PDzzggYhM6oWWmBb",
"error": null,
"new_transactions": 3
}

You can see it is identifying the item_id, which you would lookup in your db. It is also specifying the type of webhook (in this example, DEFAULT_UPDATE for TRANSACTIONS.) Take a look at the docs for all the possible values. The bubble api endpoint that plaid sends information to parses these items as shown in the earlier screenshot and can be used in actions to process.

Yes, it needs to have public_access, and that is why you do a lookup of the item_id. If the item_id is not provided, or you do not have a match, you can ignore the request altogether. If you DO have a match of item_id, then you will be looking up the access_token in your db and going directly to plaid (not back to whomever triggered the webhook.) In other words, once the webhook is received, that connection is dropped so anybody trying to compromise your system, would now be out of the loop – even if they guessed the plaid item_id, they would not see the transactions you retrieved–the worst thing they can do, if they are able to guess a plaid_id, is cause you to do extra retrieval of transactions. The webhook is just alerting you; once it hits the server, its done.

1 Like

I’m a bit at a loss on how to execute the webhooks - do you use API workflow on a list?
When I use API workflow on a list, the end point usually receives data from a source (i.e. API call) and then triggers an action.

However, in this case, it looks like the plaid_hook is the source of data - if you use API workflow, can you share a screenshot on how it’s implemented?

Thank you!

Do you mean what happens after the webhook is received?

If yes:

I pass the webhook information I saved to another api endpoint. Here is the one I do for the Default Update:

Which triggers the following:

Then within the plaid_hook_default_update endpoint, I use the actions needed to retrieve data from Plaid. For example, here’s one that retrieves transactions:

SECURITY NOTE: In the screenshot above, I am retrieving the client id and secret from the database, which probably won’t be the final approach. I do it right now because I have different accounts for Dev and Live, but those values should be kept private.

That action, retrieves a list of transactions from Plaid for the item_id from the webhook. I choose to get transactions between the current date/time and 3 days earlier just in case transactions were missed in previous updates. It runs another api endpoint for each transaction returned – the only thing that happens there is to create a new thing (checking for dupes before creating especially since I overlap the 3 days.)

1 Like