This guide provides a detailed walkthrough on integrating Plaid with Straddle for fast and secure account-to-account payments. By leveraging Plaid’s bank connections and Straddle’s payment infrastructure, you can offer a seamless and secure payment experience to your users.

Prerequisites

Before you begin, ensure you have:

Implementation Steps

Setting Up Plaid

To get the most out of the Straddle integration with Plaid, be sure to enable the following core services in your Plaid dashboard

Once that’s complete, remember to style and customize your Link application UI - it’s especially important to define a “use case” in the Data Transparency Messaging configuration.

Data transparency messaging ensures compliance with the latest open-banking regulations. Check out this article on CFPB’s 1033 Final Rule to learn more.

Plaid Link is the client-side component that your users will interact with in order to link their accounts to Plaid and allow you to access their accounts via the Plaid API.

Plaid Link will handle credential validation, multi-factor authentication, and error handling for each institution that Plaid supports. Link is supported via SDKs for all modern browsers and platforms, including webiOSAndroid, as well as via React Native, along with community-supported wrappers for FlutterAngular, and Vue.

For webview-based integrations or integrations that don’t have a frontend, Plaid also provides a drop-in Hosted Link integration mode.

To try Link, see Plaid Link Demo.

We’ll do our best here to give you a rundown of the steps required to start building on Plaid and connect to Straddle. However, you should always treat Plaid’s official documentation as the ultimate source of truth during integration with their platform.

Now you’re ready to start building. In order to integrate with Plaid Link, you will first need to create a link_token. A link_token is a short-lived, one-time use token that is used to authenticate your app with Link and initiate a session for a user.

To create one, make a /link/token/create request with your client_idsecret, and a few other required parameters from your app server.

View the /link/token/create documentation for a full list of configurations.

To see your client_id and secret, visit the Plaid Dashboard.

curl -X POST https://sandbox.plaid.com/link/token/create \
-H 'Content-Type: application/json' \
-d '{
  "client_id": "${PLAID_CLIENT_ID}",
  "secret": "${PLAID_SECRET}",
  "client_name": "Plaid Test App",
  "user": { "client_user_id": "${UNIQUE_USER_ID}" },
  "products": ["auth"],
  "country_codes": ["US"],
  "language": "en",
  "webhook": "https://webhook.example.com",
  "redirect_uri": "https://domainname.com/oauth-page.html"
}'

Once you have a link_token, all it takes is a few lines of client-side JavaScript to initialize Link. Then, in the onSuccess callback, you can call a simple server-side handler to exchange the Link  public_token for a Plaid access_token and — ultimately —a Straddle processor_token.

<button id="linkButton">Open Link - Institution Select</button>
<script src="https://cdn.plaid.com/link/v2/stable/link-initialize.js"></script>
<script>
  (async function(){
    var linkHandler = Plaid.create({
      // Make a request to your server to fetch a new link_token.
      token: (await $.post('/create_link_token')).link_token,
      onLoad: function() {
          // The Link module finished loading.
      },
      onSuccess: function(public_token, metadata) {
        // The onSuccess function is called when the user has
        // successfully authenticated and selected an account to
        // use.
        //
        // When called, you will send the public_token and the selected accounts,
        // metadata.accounts, to your backend app server.

        sendDataToBackendServer({
           public_token: public_token,
           accounts: metadata.accounts
        });
      },
        console.log('Public Token: ' + public_token);
        console.log('Customer-selected account ID: ' + metadata.account_id);
      },
      onExit: function(err, metadata) {
        // The user exited the Link flow.
        if (err != null) {
            // The user encountered a Plaid API error
            // prior to exiting.
        }
        // metadata contains information about the institution
        // that the user selected and the most recent
        // API request IDs.
        // Storing this information can be helpful for support.
      },
    });
  })();

  // Trigger the authentication view
  document.getElementById('linkButton').onclick = function() {
    linkHandler.open();
  };
</script>

Obtaining a Straddle Processor Token from Plaid

Once you have the access token, you can use it to obtain a Straddle processor token from Plaid This token is specific to Straddle and allows secure communication between Plaid and Straddle.

# Exchange the public token from Plaid Link for an access token.
curl \
  -H 'Content-Type: application/json' \
  -d '{
    "client_id": "${PLAID_CLIENT_ID}",
    "secret": "${PLAID_SECRET}",
    "public_token": "${PUBLIC_TOKEN}"
  }' \
  -X POST \
  https://sandbox.plaid.com/item/public_token/exchange

# Create a processor token for a specific account id.
curl \
  -H 'Content-Type: application/json' \
  -d '{
    "client_id": "${PLAID_CLIENT_ID}",
    "secret": "${PLAID_SECRET}",
    "access_token": "${ACCESS_TOKEN}",
    "account_id": "${ACCOUNT_ID}",
    "processor": "straddle"
  }' \
  -X POST \
  https://sandbox.plaid.com/processor/token/create

Note that straddle (that’s us!) is the specific processor you’re requesting the token for. This tells Plaid to generate a token compatible with Straddle’s systems.

Using the Straddle Bridge API with Plaid Token

Once you have obtained the Straddle processor token from Plaid, you can use it to create a paykey via Straddle’s Bridge API. Here’s the correct HTTP request format:

Bridge a Plaid Token
curl -X POST https://sandbox.straddle.io/v1/bridge/plaid \
  -H "Authorization: Bearer YOUR_STRADDLE_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "customer_id": "0191ef41-8de5-716c-bfa4-41cd79e85705",
    "plaid_token": "straddle-sandbox-123abc...",
    "metadata": {
      "nickname": "My Bank Account"
    }
  }'

Replace YOUR_STRADDLE_API_KEY with your actual Straddle API key, and fill in the appropriate values for customer_id and plaid_token. The metadata field is optional but can be useful for storing additional information related to the Plaid account.

Straddle will interact with Plaid /auth and /identity endpoints on your behalf to resolve the users bank account details an ownership information

Handling the Straddle API Response

The Straddle API will respond with a paykey object. Here’s an example of what you might receive:

{
  "data": {
    "paykey": "05f5d55cb14f7e8a0ec2e5689376e3b4665efc34834d30995babbd5010b39913",
    "bank_data": {
      "routing_number": "011000138",
      "account_number": "******7890",
      "account_type": "checking"
    },
    "id": "0191ef49-892c-7460-99d1-f5589d7d9989",
    "customer_id": "0191ef41-8de5-716c-bfa4-41cd79e85705",
    "label": "CHASE BANK - *7890",
    "source": "plaid",
    "institution_name": "CHASE BANK",
    "status": "active",
    "created_at": "2024-09-14T06:47:39.5648743Z",
    "updated_at": "2024-09-14T06:47:39.5648746Z",
    "metadata": {
      "plaid_account_id": "5f7a8b9c0d1e2f3g4h5i6j7k"
    }
  },
  "meta": {
    "api_request_id": "243431dd-7deb-4445-820d-55a942ace70f"
  },
  "response_type": "object"
}

Note that the source field is set to plaid in this case, indicating that the paykey was created using a Plaid token.

You should store this paykey securely for future use in transactions. When it’s time to get paid , create a charge and Straddle will automatically attempt to verify the account’s balance prior to origination.

Best Practices and Security Considerations

  1. Token Security: Never expose Plaid access tokens or Straddle processor tokens to the frontend. Always handle these server-side.

  2. Error Handling: Implement robust error handling for both Plaid and Straddle API calls.

  3. Metadata Usage: Use the metadata field to store relevant information, such as the Plaid account ID, for future reference.

  4. Token Refreshing: Be aware of token expiration policies for both Plaid and Straddle. Implement token refresh mechanisms as needed.

  5. Compliance: Ensure you’re complying with both Plaid and Straddle’s terms of service and data handling requirements.

  6. Logging: Implement comprehensive logging for debugging and audit purposes, but be careful not to log sensitive information.

Troubleshooting Common Issues

  1. Invalid Processor Token: Ensure you’re using straddle'as the processor when requesting the token from Plaid.

  2. Authentication Errors: Double-check your API keys for both Plaid and Straddle.

  3. Expired Tokens: If you’re getting authentication errors, your tokens might have expired. Implement a token refresh mechanism.

  4. Account Not Supported: Some bank accounts may not be supported for ACH transactions. Handle these cases gracefully in your UI.

  5. Rate Limiting: Be aware of rate limits on both Plaid and Straddle APIs. Implement appropriate backoff strategies if you hit these limits.

By following this guide, you should be able to successfully integrate Plaid with Straddle, leveraging the strengths of both platforms to provide a robust, secure payment solution for your users.