#jjoyceiv - plaid

Hello. Let's chat in here @winged portal

Give me a bit to catch up on threads and i'll be right with you

Sure thing. A bit more context: our existing implementation, which has been working for going on six years, has never stored Plaid's access_token. Neither Stripe's Plaid docs nor Plaid's Stripe docs ever suggested this was necessary, and we agreed up to now. The only way to even use Plaid's update mode, and to receive the webhooks regarding items becoming deauthenticated from Plaid, is to use the token. That won't work for our existing customers, and we don't want to store it for new customers, since that's a piece of sensitive user information we don't store now. The most sensitive data we store are first name, last name, email address, unit number, and a Stripe customer ID. We want to keep it that way.

Got it. Thanks for the details

I don't know the answer to this off the top of my head, but let me check in with a co-worker who may know

Thank you. You're already infinitely more helpful than either of the support teams...

Still have someone looking into this

No problem.

Hey @winged portal! Stepping in here for @bitter comet as he needed to step away. So there is no reason you should need to store Plaid access tokens. Once the bank accounts are verified with Plaid they are stored in Stripe as "verified". However, it is still possible that payouts or debits to/from the bank account can fail and then Stripe would disable the bank account, but that has nothing really to do with Plaid.

Okay. So that won't change whatsoever after enabling OAuth in Plaid, it sounds like. That's good news, as it makes the implementation burden much lower.

Can you pass this along to someone who can make that clear in Stripe's Plaid documentation (and ideally Plaid's Stripe documentation)? I'm certain I'm not the only dev, and we are not the only company, who is facing this exact situation (thanks to Plaid's mass email about OAuth) and exact sort of question (given the guidance not to store access_token up to this point).

Yes I'll follow up with some internal feedback about this. Thanks for flagging it.

I think the docs really need a "Plaid OAuth Changes" section to highlight what's going on, direct devs to Plaid's OAuth guide, and make very clear to ignore the part about update mode, reauth, etc.