5

I'm trying to follow Plaid's documentation from here and I can't seem to figure out where do I get the public_token from when I'm working on Plaid development environment. They're saying that:

In their second example:

from plaid import Client


client = Client(client_id='***', secret='***', public_key='***', environment='sandbox')

# the public token is received from Plaid Link
response = client.Item.public_token.exchange(public_token)
access_token = response['access_token']

I don't know where the public_token comes from. If I go to that Plaid Link they say:

This repository is now deprecated. To integrate with Plaid, visit the docs. https://plaid.com/docs

Then, when I go to their official docs I can't seem to find any way of getting that public token.

I'm trying to do something along these lines:

from exceptions import (
    InvalidPlaidEnvironment,
    MissingPlaidCredential
)

from plaid import Client
from plaid.errors import APIError, ItemError, InvalidRequestError


VALID_ENVIRONMENTS = (
    'sandbox',
    'development',
    'production'
)

CLIENT_ID = '<development_client_id>'
SECRET = '<development_secret>'
PUBLIC_KEY = '<development_public_key>'
ENVIRONMENT = 'development'


class PlaidProcessor:
    """
    Simple processor class for Plaid API
    """

    def __init__(
            self,
            client_id=CLIENT_ID,
            secret=SECRET,
            public_key=PUBLIC_KEY,
            environment=ENVIRONMENT
    ):
        """
        Constructor for PlaidProcessor. Initialize our class with basic credentials
        data.

        Args:
            client_id (str): Plaid client ID
            secret (str): Plaid secret
            public_key (str): Plaid public key
            environment (str): One of sandbox, development, or production
        """

        self.client_id = client_id
        self.secret = secret
        self.public_key = public_key
        self.environment = environment

        if not self.client_id:
            raise MissingPlaidCredential(
                'Missing CLIENT_ID. Please provide Plaid client id.'
            )

        if not self.secret:
            raise MissingPlaidCredential(
                'Missing SECRET. Please provide Plaid secret.'
            )

        if not self.public_key:
            raise MissingPlaidCredential(
                'Missing PUBLIC_KEY. Please provide Plaid public key.'
            )

        if not self.environment:
            raise MissingPlaidCredential(
                'Missing environment. Please provide Plaid environment.'
            )

        if self.environment.lower() not in VALID_ENVIRONMENTS:
            valid_environments_str = ','.join(VALID_ENVIRONMENTS)

            raise InvalidPlaidEnvironment(
                f'Please insert one of the following environments: {valid_environments_str}'
            )

        self.client = Client(
            client_id=self.client_id,
            secret=self.secret,
            public_key=self.public_key,
            environment=self.environment
        )

        self.access_token = None
        self.public_token = None

    def get_public_token(self):
        # how do I get the access token?
        pass

In the docs, they're also specifying the following:

A public_token (which is returned in your Link onSuccess() callback) should be passed to your server, which will exchange it for an access_token. public_tokens are one-time use tokens and expire after 30 minutes. You can generate new public_tokens as needed via the /item/public_token/create endpoint.

An access_token is used to access product data for an Item. This should be stored securely, and never in client-side code. This is used to make authenticated requests to the Plaid API for the user. By default, access_tokens do not expire, though you can rotate them; if it winds up in an error state, the access_token will work again if the Item’s error is resolved. Each access_token is unique to a specific Item, and cannot be used to access other Items.

but this is just more confusing. Can anybody give me some advice regarding this?

Grajdeanu Alex
  • 388
  • 6
  • 20

1 Answers1

7

basically public_token comes from the client side means

when you will implement the frontend-part/client-side for that Plaid to Link or to create items then the backside process for that creates public_token here is the link for that (official-docs); as per the docs on onSuccess of the the public token generates;

and that public token will send to the server-side/backend-part here and you can use that public token as per the requirements:
as follow:

from plaid import Client


client = Client(client_id='***', secret='***', public_key='***', environment='sandbox')

# the public token is received from Plaid Link
response = client.Item.public_token.exchange(public_token)
access_token = response['access_token']
Tyagi
  • 699
  • 6
  • 6
  • 1
    figured that out eventually but still, is there a (any) way to do this without the *client* side? I mean, I'd just like to build a pure, custom API wrapper around their API. – Grajdeanu Alex Feb 26 '20 at 20:14
  • I was confused on how to get a public token also. I dug through Plaid's QuickStart examples and found that the Plaid client side library generates it somehow: https://github.com/plaid/quickstart/blob/b1108f46acfc92abf15e78467757525bff646ffd/html/index.html#L311. Like you, I don't have a need for the Plaid front end and would like to get public tokens from the server side. I've not found a way to do this yet, but am asking Plaid Support. – jones-chris Aug 30 '20 at 03:04
  • @jones-chris did you ever figure this out? in the same situation, trying to avoid using plaid's front end – dan_g Dec 13 '20 at 22:57
  • 1
    @dan_g I contacted Plaid and they said I had to use their front end :(. If you're looking for a programmatic way to pull bank data, you can use Python and OFX. See this example: https://github.com/jones-chris/personal-budget/blob/master/personal_budget/main.py. It ran successfully on my local machine, but doesn't work in AWS - my guess is because of USAA client white listing....but I don't know for sure. I hope that helps :)! – jones-chris Dec 14 '20 at 12:42