Create a transfer authorization

POST /transfer/authorization/create

Use the /transfer/authorization/create endpoint to authorize a transfer. This endpoint must be called prior to calling /transfer/create. The transfer authorization will expire if not used after one hour. (You can contact your account manager to change the default authorization lifetime.)

There are four possible outcomes to calling this endpoint:

  • If the authorization.decision in the response is declined, the proposed transfer has failed the risk check and you cannot proceed with the transfer.

  • If the authorization.decision is user_action_required, additional user input is needed, usually to fix a broken bank connection, before Plaid can properly assess the risk. You need to launch Link in update mode to complete the required user action. When calling /link/token/create to get a new Link token, instead of providing access_token in the request, you should set transfer.authorization_id as the authorization.id. After the Link flow is completed, you may re-attempt the authorization.

  • If the authorization.decision is approved, and the authorization.rationale_code is null, the transfer has passed the risk check and you can proceed to call /transfer/create.

  • If the authorization.decision is approved and the authorization.rationale_code is non-null, the risk check could not be run: you may proceed with the transfer, but should perform your own risk evaluation. For more details, see the response schema.

In Plaid's Sandbox environment the decisions will be returned as follows:

  • To approve a transfer with null rationale code, make an authorization request with an amount less than the available balance in the account.

  • To approve a transfer with the rationale code MANUALLY_VERIFIED_ITEM, create an Item in Link through the Same Day Micro-deposits flow.

  • To get an authorization decision of user_action_required, reset the login for an Item.

  • To decline a transfer with the rationale code NSF, the available balance on the account must be less than the authorization amount. See Create Sandbox test data for details on how to customize data in Sandbox.

  • To decline a transfer with the rationale code RISK, the available balance on the account must be exactly $0. See Create Sandbox test data for details on how to customize data in Sandbox.

Request Body

Required

Defines the request schema for /transfer/authorization/create

Parameters

client_id
string
Your Plaid API client_id. The client_id is required and may be provided either in the PLAID-CLIENT-ID header or as part of a request body.
secret
string
Your Plaid API secret. The secret is required and may be provided either in the PLAID-SECRET header or as part of a request body.
access_token
required, string
The Plaid access_token for the account that will be debited or credited.
account_id
required, string
The Plaid account_id corresponding to the end-user account that will be debited or credited.
funding_account_id
string
Specify the account used to fund the transfer. Should be specified if using legacy funding methods only. If using Plaid Ledger, leave this field blank. Customers can find a list of funding_account_ids in the Accounts page of your Plaid Dashboard, under the “Account ID” column. If this field is left blank and you are using legacy funding methods, this will default to the default funding_account_id specified during onboarding. Otherwise, Plaid Ledger will be used.
ledger_id
string
Specify which ledger balance should be used to fund the transfer. You can find a list of ledger_ids in the Accounts page of your Plaid Dashboard. If this field is left blank, this will default to id of the default ledger balance.
payment_profile_token
string
The payment profile token associated with the Payment Profile that will be debited or credited. Required if not using access_token.
type
required, string
The type of transfer. This will be either debit or credit. A debit indicates a transfer of money into the origination account; a credit indicates a transfer of money out of the origination account.
network
required, string
The network or rails used for the transfer. For transfers submitted as ach or same-day-ach, the Standard ACH cutoff is 8:30 PM Eastern Time. For transfers submitted as same-day-ach, the Same Day ACH cutoff is 3:30 PM Eastern Time. It is recommended to send the request 15 minutes prior to the cutoff to ensure that it will be processed in time for submission before the cutoff. If the transfer is processed after this cutoff but before the Standard ACH cutoff, it will be sent over Standard ACH rails and will not incur same-day charges; this will apply to both legs of the transfer if applicable. The transaction limit for a Same Day ACH transfer is $1,000,000. Authorization requests sent with an amount greater than $1,000,000 will fail. For transfers submitted as rtp, Plaid will automatically route between Real Time Payment rail by TCH or FedNow rails as necessary. If a transfer is submitted as rtp and the counterparty account is not eligible for RTP, the /transfer/authorization/create request will fail with an INVALID_FIELD error code. To pre-check to determine whether a counterparty account can support RTP, call /transfer/capabilities/get before calling /transfer/authorization/create. Wire transfers are currently in early availability. To request access to wire as a payment network, contact your Account Manager. For transfers submitted as wire, the type must be credit; wire debits are not supported. The cutoff to submit a wire payment is 6:30 PM Eastern Time on a business day; wires submitted after that time will be processed on the next business day. The transaction limit for a wire is $999,999.99. Authorization requests sent with an amount greater than $999,999.99 will fail.
amount
required, string
The amount of the transfer (decimal string with two digits of precision e.g. “10.00”). When calling /transfer/authorization/create, specify the maximum amount to authorize. When calling /transfer/create, specify the exact amount of the transfer, up to a maximum of the amount authorized. If this field is left blank when calling /transfer/create, the maximum amount authorized in the authorization_id will be sent.
ach_class
string
Specifies the use case of the transfer. Required for transfers on an ACH network. For more details, see ACH SEC codes. Codes supported for credits: ccd, ppd Codes supported for debits: ccd, tel, web "ccd" - Corporate Credit or Debit - fund transfer between two corporate bank accounts "ppd" - Prearranged Payment or Deposit - The transfer is part of a pre-existing relationship with a consumer. Authorization was obtained in writing either in person or via an electronic document signing, e.g. Docusign, by the consumer. Can be used for credits or debits. "web" - Internet-Initiated Entry. The transfer debits a consumer’s bank account. Authorization from the consumer is obtained over the Internet (e.g. a web or mobile application). Can be used for single debits or recurring debits. "tel" - Telephone-Initiated Entry. The transfer debits a consumer. Debit authorization has been received orally over the telephone via a recorded call.
wire_details
object
Information specific to wire transfers.
message_to_beneficiary
string
Additional information from the wire originator to the beneficiary. Max 140 characters.
wire_return_fee
string
The fee amount deducted from the original transfer during a wire return, if applicable.
user
required, object
The legal name and other information for the account holder. If the account has multiple account holders, provide the information for the account holder on whose behalf the authorization is being requested. The user.legal_name field is required. Other fields are not currently used and are present to support planned future functionality.
legal_name
required, string
The user’s legal name. If the user is a business, provide the business name.
phone_number
string
The user’s phone number.
email_address
string
The user’s email address.
address
object
The address associated with the account holder.
street
string
The street number and name (i.e., “100 Market St.”).
city
string
Ex. “San Francisco”
region
string
The state or province (e.g., “CA”).
postal_code
string
The postal code (e.g., “94103”).
country
string
A two-letter country code (e.g., “US”).
device
object
Information about the device being used to initiate the authorization. These fields are not currently incorporated into the risk check.
ip_address
string
The IP address of the device being used to initiate the authorization.
user_agent
string
The user agent of the device being used to initiate the authorization.
origination_account_id
string
Plaid’s unique identifier for the origination account for this authorization. If not specified, the default account will be used.
iso_currency_code
string
The currency of the transfer amount. The default value is “USD”.
idempotency_key
string
A random key provided by the client, per unique authorization, which expires after 48 hours. Maximum of 50 characters. The API supports idempotency for safely retrying requests without accidentally performing the same operation twice. For example, if a request to create an authorization fails due to a network connection error, you can retry the request with the same idempotency key to guarantee that only a single authorization is created. Idempotency does not apply to authorizations whose decisions are user_action_required. Therefore you may re-attempt the authorization after completing the required user action without changing idempotency_key. This idempotency key expires after 48 hours, after which the same key can be reused. Failure to provide this key may result in duplicate charges.
user_present
boolean
If the end user is initiating the specific transfer themselves via an interactive UI, this should be true; for automatic recurring payments where the end user is not actually initiating each individual transfer, it should be false. This field is not currently used and is present to support planned future functionality.
with_guarantee
boolean
If set to false, Plaid will not offer a guarantee_decision for this request (Guarantee customers only).
beacon_session_id
string
The unique identifier returned by Plaid’s beacon when it is run on your webpage.
originator_client_id
string
The Plaid client ID that is the originator of this transfer. Only needed if creating transfers on behalf of another client as a Platform customer.
credit_funds_source
object
test_clock_id
string
Plaid’s unique identifier for a test clock. This field may only be used when using sandbox environment. If provided, the authorization is created at the virtual_time on the provided test clock.
ruleset_key
string
The key of the Ruleset for the transaction. This feature is currently in closed beta; to request access, contact your account manager.

Response

Defines the response schema for /transfer/authorization/create

Response Properties

authorization
required, object
Contains the authorization decision for a proposed transfer.
id
required, string
Plaid’s unique identifier for a transfer authorization.
created
required, string
The datetime representing when the authorization was created, in the format 2006-01-02T15:04:05Z.
decision
required, string
A decision regarding the proposed transfer. approved – The proposed transfer has received the end user’s consent and has been approved for processing by Plaid. The decision_rationale field is set if Plaid was unable to fetch the account information. You may proceed with the transfer, but further review is recommended. Refer to the code field in the decision_rationale object for details. declined – Plaid reviewed the proposed transfer and declined processing. Refer to the code field in the decision_rationale object for details. user_action_required – An action is required before Plaid can assess the transfer risk and make a decision. The most common scenario is to update authentication for an Item. To complete the required action, initialize Link by setting transfer.authorization_id in the request of /link/token/create. After Link flow is completed, you may re-attempt the authorization request.
decision_rationale
required, object
The rationale for Plaid’s decision regarding a proposed transfer. It is always set for declined decisions, and may or may not be null for approved decisions.
code
required, string
A code representing the rationale for approving or declining the proposed transfer. If the rationale_code is null, the transfer passed the authorization check. Any non-null value for an approved transfer indicates that the the authorization check could not be run and that you should perform your own risk assessment on the transfer. The code will indicate why the check could not be run. Possible values for an approved transfer are: MANUALLY_VERIFIED_ITEM – Item created via a manual entry flow (i.e. Same Day Micro-deposit, Instant Micro-deposit, or database-based verification), limited information available. ITEM_LOGIN_REQUIRED – Unable to collect the account information due to Item staleness. Can be resolved by using Link and setting transfer.authorization_id in the request to /link/token/create. MIGRATED_ACCOUNT_ITEM - Item created via /transfer/migrate_account endpoint, limited information available. ERROR – Unable to collect the account information due to an unspecified error. The following codes indicate that the authorization decision was declined: NSF – Transaction likely to result in a return due to insufficient funds. RISK - Transaction is high-risk. TRANSFER_LIMIT_REACHED - One or several transfer limits are reached, e.g. monthly transfer limit. Check the accompanying description field to understand which limit has been reached.
description
required, string
A human-readable description of the code associated with a transfer approval or transfer decline.
guarantee_decision
required, string
Indicates whether the transfer is guaranteed by Plaid (Guarantee customers only). This field will contain either GUARANTEED or NOT_GUARANTEED indicating whether Plaid will guarantee the transfer. If the transfer is not guaranteed, additional information will be provided in the guarantee_decision_rationale field. Refer to the code field in guarantee_decision_rationale for details.
guarantee_decision_rationale
required, object
The rationale for Plaid’s decision to not guarantee a transfer. Will be null unless guarantee_decision is NOT_GUARANTEED.
code
required, string
A code representing the reason Plaid declined to guarantee this transfer: RETURN_BANK: The risk of a bank-initiated return (for example, an R01/NSF) is too high to guarantee this transfer. RETURN_CUSTOMER: The risk of a customer-initiated return (for example, a R10/Unauthorized) is too high to guarantee this transfer. GUARANTEE_LIMIT_REACHED: This transfer is low-risk, but Guarantee has exhausted an internal limit on the number or rate of guarantees that applies to this transfer. RISK_ESTIMATE_UNAVAILABLE: A risk estimate is unavailable for this Item. REQUIRED_PARAM_MISSING: Required fields are missing.
description
required, string
A human-readable description of why the transfer cannot be guaranteed.
payment_risk
required, object
This object includes the scores and risk level. This response is offered as an add-on to /transfer/authorization/create. To request access to these fields please contact your Plaid account manager.
bank_initiated_return_score
required, integer
A score from 1-99 that indicates the transaction return risk: a higher risk score suggests a higher return likelihood. The score evaluates the transaction return risk because an account is overdrawn or because an ineligible account is used and covers return codes: “R01”, “R02”, “R03”, “R04”, “R06”, “R08”, “R09”, “R13”, “R16”, “R17”, “R20”, “R23”. These returns have a turnaround time of 2 banking days.
customer_initiated_return_score
required, integer
A score from 1-99 that indicates the transaction return risk: a higher risk score suggests a higher return likelihood. The score evaluates the transaction return risk of an unauthorized debit and covers return codes: “R05”, “R07”, “R10”, “R11”, “R29”. These returns typically have a return time frame of up to 60 calendar days. During this period, the customer of financial institutions can dispute a transaction as unauthorized.
risk_level
required, string
Comprises five risk categories (high risk, medium-high risk, medium risk, medium-low risk, low risk) based on the probability of return
warnings
required, array[object]
If bank information was not available to be used in the Signal model, this array contains warnings describing why bank data is missing. If you want to receive an API error instead of Signal scores in the case of missing bank data, file a support ticket or contact your Plaid account manager.
warning_type
string
A broad categorization of the warning. Safe for programmatic use.
warning_code
string
The warning code identifies a specific kind of warning that pertains to the error causing bank data to be missing. Safe for programmatic use. For more details on warning codes, please refer to Plaid standard error codes documentation. If you receive the ITEM_LOGIN_REQUIRED warning, we recommend re-authenticating your user by implementing Link’s update mode. This will guide your user to fix their credentials, allowing Plaid to start fetching data again for future Signal requests.
warning_message
string
A developer-friendly representation of the warning type. This may change over time and is not safe for programmatic use.
proposed_transfer
required, object
Details regarding the proposed transfer.
ach_class
string
Specifies the use case of the transfer. Required for transfers on an ACH network. For more details, see ACH SEC codes. Codes supported for credits: ccd, ppd Codes supported for debits: ccd, tel, web "ccd" - Corporate Credit or Debit - fund transfer between two corporate bank accounts "ppd" - Prearranged Payment or Deposit - The transfer is part of a pre-existing relationship with a consumer. Authorization was obtained in writing either in person or via an electronic document signing, e.g. Docusign, by the consumer. Can be used for credits or debits. "web" - Internet-Initiated Entry. The transfer debits a consumer’s bank account. Authorization from the consumer is obtained over the Internet (e.g. a web or mobile application). Can be used for single debits or recurring debits. "tel" - Telephone-Initiated Entry. The transfer debits a consumer. Debit authorization has been received orally over the telephone via a recorded call.
account_id
string
The Plaid account_id for the account that will be debited or credited.
funding_account_id
required, string
The id of the associated funding account, available in the Plaid Dashboard. If present, this indicates which of your business checking accounts will be credited or debited.
ledger_id
string
Plaid’s unique identifier for a Plaid Ledger Balance.
type
required, string
The type of transfer. This will be either debit or credit. A debit indicates a transfer of money into the origination account; a credit indicates a transfer of money out of the origination account.
user
required, object
The legal name and other information for the account holder.
legal_name
required, string
The user’s legal name.
phone_number
required, string
The user’s phone number.
email_address
required, string
The user’s email address.
address
required, object
The address associated with the account holder.
street
required, string
The street number and name (i.e., “100 Market St.”).
city
required, string
Ex. “San Francisco”
region
required, string
The state or province (e.g., “CA”).
postal_code
required, string
The postal code (e.g., “94103”).
country
required, string
A two-letter country code (e.g., “US”).
amount
required, string
The amount of the transfer (decimal string with two digits of precision e.g. “10.00”). When calling /transfer/authorization/create, specify the maximum amount to authorize. When calling /transfer/create, specify the exact amount of the transfer, up to a maximum of the amount authorized. If this field is left blank when calling /transfer/create, the maximum amount authorized in the authorization_id will be sent.
network
required, string
The network or rails used for the transfer.
wire_details
object
Information specific to wire transfers.
message_to_beneficiary
string
Additional information from the wire originator to the beneficiary. Max 140 characters.
wire_return_fee
string
The fee amount deducted from the original transfer during a wire return, if applicable.
origination_account_id
required, string
Plaid’s unique identifier for the origination account that was used for this transfer.
iso_currency_code
required, string
The currency of the transfer amount. The default value is “USD”.
originator_client_id
required, string
The Plaid client ID that is the originator of this transfer. Only present if created on behalf of another client as a Platform customer.
credit_funds_source
required, object
request_id
required, string
A unique identifier for the request, which can be used for troubleshooting. This identifier, like all Plaid identifiers, is case sensitive.