šŸ—ŗļø New: Open Finance Map ā€” What 8 years of tracking Open Banking taught us. Learn more ā†’
Menu
AccountingGuides & Tutorials

How to Get Your Plaid API Key

Get your Plaid API keys and start pulling bank data in under 10 minutes with this step-by-step guide covering dashboard setup, environments, sandbox testing, and common authentication mistakes.

Saurabh RaiSaurabh Rai

Saurabh Rai

6 min read
How to Get Your Plaid API Key

Plaid is the financial data infrastructure company that connects applications to bank accounts. If your product needs to pull transaction data or verify bank account ownership, Plaid is probably on your shortlist. Most fintech apps in the US and Canada rely on Plaid to handle the messy reality of connecting to 9,600+ financial institutions through a single API.

You're here because you need a Plaid API key to connect your app. Here's how to get your credentials and make your first request without reading their entire documentation.

Prerequisites

Before you start, make sure you have:

  • An email address for your Plaid account (business email preferred for production approval)
  • A clear idea of which Plaid products you need (Transactions, Auth, Identity, Balance, etc.)
  • Node.js, Python, Ruby, Go, or Java installed if you want to use one of Plaid's official client libraries

Step 1: Create a Plaid account

Go to https://dashboard.plaid.com/signup and create an account. Plaid will ask for basic information about you and your company. Complete the signup process and acknowledge their terms of service. Plaid's own quickstart guide walks through the full flow if you want the longer version.

Once you're in, you'll land on the Plaid Dashboard. This is where you manage API keys and production access.

Step 2: Find your Plaid API keys

From the Dashboard, navigate to Developers > Keys (or go directly to https://dashboard.plaid.com/developers/keys). This is where Plaid stores your API keys.

You'll see two credentials:

  • client_id: A unique identifier for your application. This stays the same across all environments.
  • secret: An environment-specific key. You'll get a separate secret for each Plaid environment.

Plaid API keys dashboard

Plaid uses two environments:

  • Sandbox (sandbox.plaid.com): Free test environment with simulated bank data. No real financial institutions, no billing. This is where you build and test.
  • Production (production.plaid.com): Real bank connections, real data, real billing. Requires approval from Plaid before you can access it.

Your Sandbox secret is available immediately after signup. Copy it now.

Step 3: Understand how Plaid authentication works

Plaid's server-to-server authentication is straightforward. Every API request requires your client_id and secret, passed either as headers (PLAID-CLIENT-ID and PLAID-SECRET) or in the JSON request body. The full details are in Plaid's API overview.

There's no OAuth token exchange for server-side API calls. You send your credentials with each request. The OAuth-style flow in Plaid (called Plaid Link) is the client-side component your end users interact with when connecting their bank accounts. That's a separate concern from getting your API keys.

Step 4: Store your credentials securely

Add your client_id and secret to environment variables. Never hardcode them in your application code.

export PLAID_CLIENT_ID='your_client_id_here'
export PLAID_SECRET='your_sandbox_secret_here'
export PLAID_ENV='sandbox'

If you're using a .env file for local development, add it to your .gitignore immediately. Plaid secrets pushed to a public repository are a real risk, especially once you have production credentials.

Step 5: Set up billing (when you're ready for production)

Sandbox usage is always free. When you're ready to go live, you'll need to request Production access through the Dashboard by selecting Migrate to Production and filling out the application.

Plaid offers three pricing tiers:

  • Pay as you go: No minimum spend, standard per-use rates. Good for early-stage projects.
  • Growth: Annual commitment with lower per-use costs. Includes a personal account manager.
  • Custom: For high-volume usage above $2,000/month. Contact Plaid's sales team.

Your first 200 production API calls are free under Plaid's Limited Production access, so you can test with real bank connections before committing to a plan.

Test your Plaid API key

Create a test Item in the Sandbox using Plaid's sandbox-only endpoint. This bypasses the Link UI flow and lets you verify your credentials directly:

curl -X POST https://sandbox.plaid.com/sandbox/public_token/create \
  -H "Content-Type: application/json" \
  -d '{"client_id": "YOUR_CLIENT_ID", "secret": "YOUR_SANDBOX_SECRET", "institution_id": "ins_109508", "initial_products": ["transactions"]}'

A successful response returns a public_token. You can then exchange it for an access_token:

curl -X POST https://sandbox.plaid.com/item/public_token/exchange \
  -H "Content-Type: application/json" \
  -d '{"client_id": "YOUR_CLIENT_ID", "secret": "YOUR_SANDBOX_SECRET", "public_token": "PUBLIC_TOKEN_FROM_PREVIOUS_STEP"}'

If you get back an access_token and item_id, your credentials are working correctly.

Security best practices

  • Store your client_id and secret in environment variables or a dedicated secrets manager (AWS Secrets Manager or similar).
  • Use separate secrets for Sandbox and Production. Plaid generates different secrets per environment by default, so don't mix them up.
  • Add .env to your .gitignore before your first commit. Not after.
  • Never expose your secret in client-side code. All Plaid API calls (except Link initialization) should happen server-side.
  • Monitor your Plaid Dashboard for unexpected activity, especially after granting team members access.

Common gotchas

Mixing up environment URLs and secrets. Your Sandbox Plaid API key only works against sandbox.plaid.com. Your Production secret only works against production.plaid.com. If you're getting INVALID_API_KEYS errors, check that your environment URL and secret match.

Confusing Plaid Link with API authentication. Plaid Link is the client-side UI widget your end users interact with to connect their bank accounts. It produces a public_token that you exchange server-side for a permanent access_token. The client_id and secret are your server-to-server credentials, not something you pass to Link directly.

Forgetting to request Production access. Sandbox works immediately, but Production requires a separate application through the Dashboard. The approval process includes reviewing your use case, compliance requirements, and may take a few days. Plan for this lead time before your launch date.

Not handling the access_token lifecycle. Once you exchange a public_token for an access_token, that access token remains valid until you explicitly revoke it via /item/remove. There's no expiration, but you still need to handle error states (like when a user changes their bank password) through Plaid's webhook system.

Assuming all institutions support all products. Not every bank supports every Plaid product. If you request Auth for an institution that only supports Transactions, Link will fail. Check institution coverage before building your product selection logic.

Building financial integrations beyond banking data

If you're building a fintech application that needs both bank account data and accounting platform connectivity, the two sides of the integration stack are different. Plaid handles the banking layer: account verification and transaction feeds. (For more on how banks and apps connect, see our bank API integration guide.) The accounting layer, connecting to platforms like QuickBooks and Xero for invoices and financial reporting, requires a separate integration approach.

Check out our other API key guides for platforms in the accounting and finance space, including QuickBooks and Xero.

Ready to get started?

Scale your integration strategy and deliver the integrations your customers need in record time.

Get started for freeTalk to an expert
Ready to get started?
Talk to an expert

Trusted by fast-moving product & engineering teams

JobNimbus
Blue Zinc
Drata
Octa
Nmbrs
Apideck Blog

Insights, guides, and updates from Apideck

Discover company news, API insights, and expert blog posts. Explore practical integration guides and tech articles to make the most of Apideck's platform.

Stablecoin APIs are the new payments infrastructure layer
AccountingGuides & Tutorials

Stablecoin APIs are the new payments infrastructure layer

A developer's guide to stablecoin APIs in 2026: Stripe, Circle, Fireblocks, Paxos, and the x402 agentic payment protocol. Covers API surface, custody models, gas fee abstraction, GENIUS Act compliance, and machine-to-machine payment flows.

GJ

GJ

16 min read
Embedded Lending: How Revenue Financing Platforms Use Banking, Accounting, and Commerce Data
AccountingIndustry insights

Embedded Lending: How Revenue Financing Platforms Use Banking, Accounting, and Commerce Data

Revenue financing and embedded lending platforms use banking, accounting, and ecommerce data together to onboard and underwrite SMBs in hours, not weeks. Here's how.

Saurabh Rai

Saurabh Rai

9 min read
SAP Business One API Integration Guide: Authentication, Endpoints, and OData Queries
AccountingGuides & Tutorials

SAP Business One API Integration Guide: Authentication, Endpoints, and OData Queries

A practical guide to integrating with the SAP Business One Service Layer API. Covers session-based authentication, OData v4 endpoints, querying, pagination, User-Defined Fields, error handling, and production deployment tips.

GJ

GJ

12 min read