Create a Session Token

POST /session/token/create

Any Plaid experience a user sees such as connecting a bank account, verifying identity, or sharing a credit report is considered a session. Today, most sessions happen through Link and the token to start these Link session is a link token created and configured via link/token/create. Sessions are a higher level abstraction where configuration primarily happens in Plaid Dashboard. Depending on the template id provided, the session may a Link session, specified by a Link token, or may be another experience in the future. A primary benefit is that configuration changes can be done in Dashboard with no code changes required.

Currently, this endpoint is only supported for Layer templates and Link but is reserved in the future to initialize other end-user Plaid experiences. The returned Link token is used as an parameter when initializing the Link SDK. For more details, see the Link flow overview.

Request Body

Required

SessionTokenCreateRequest defines the request schema for /session/token/create

Parameters

client_id
string
Your Plaid API client_id. The client_id is required and may be provided either in the PLAID-CLIENT-ID header or as part of a request body.
secret
string
Your Plaid API secret. The secret is required and may be provided either in the PLAID-SECRET header or as part of a request body.
template_id
required, string
The id of a template defined in Plaid Dashboard
user
object
SessionTokenCreateRequestUser defines per-session user-specific data for /session/token/create. Required if the root-level user_id field isn’t included.
client_user_id
required, string
A unique ID representing the end user. Typically this will be a user ID number from your application. Personally identifiable information, such as an email address or phone number, should not be used in the client_user_id. It is currently used as a means of searching logs for the given user in the Plaid Dashboard.
user_id
string
The Plaid user_id of the User associated with this webhook, warning, or error.
user_id
object
redirect_uri
string
A URI indicating the destination where a user should be forwarded after completing the Link flow; used to support OAuth authentication flows when launching Link in the browser or another app. The redirect_uri should not contain any query parameters. When used in Production, must be an https URI. To specify any subdomain, use * as a wildcard character, e.g. https://*.example.com/oauth.html. Note that any redirect URI must also be added to the Allowed redirect URIs list in the developer dashboard. If initializing on Android, android_package_name must be specified instead and redirect_uri should be left blank.
android_package_name
string
The name of your app’s Android package. Required if using the session token to initialize Layer on Android. Any package name specified here must also be added to the Allowed Android package names setting on the developer dashboard. When creating a session token for initializing Layer on other platforms, android_package_name must be left blank and redirect_uri should be used instead.
webhook
string
The destination URL to which any webhooks should be sent. If you use the same webhook listener for all Sandbox or all Production activity, set this value in the Layer template editor in the Dashboard instead. Only provide a value in this field if you need to use multiple webhook URLs per environment (an uncommon use case). If provided, a value in this field will take priority over webhook values set in the Layer template editor.

Response

SessionTokenCreateResponse defines the response schema for /session/token/create

Response Properties

request_id
required, string
A unique identifier for the request, which can be used for troubleshooting. This identifier, like all Plaid identifiers, is case sensitive.
link
object
Response data for /session/token/create intended for use with the Link SDK.
link_token
required, string
A Link token, which can be supplied to Link in order to initialize it and receive a public_token.
expiration
required, string
The expiration date for the link_token, in ISO 8601 format. A link_token created to generate a public_token that will be exchanged for a new access_token expires after 4 hours. A link_token created for an existing Item (such as when updating an existing access_token by launching Link in update mode) expires after 30 minutes.
user_id
string
A unique user_id generated by Plaid for the client-provided client_user_id. This field is currently in beta.