Thank you for that information! I found a page on the Plaid website that seems to summarize things nicely; in particular it notes that:JohnSlackII wrote: ↑Sat Nov 11, 2023 9:19 amNo, that's not correct.KarenC wrote: ↑Sat Nov 11, 2023 8:56 amOn the Plaid page I linked it says:JohnSlackII wrote: ↑Sat Nov 11, 2023 8:43 amThe thing about OAuth is both the aggregator AND the financial institution (FI) AND the customer-facing application (Min, YNAB, etc) need to support it.KarenC wrote: ↑Sat Nov 11, 2023 8:02 am I'm not sure if this addresses your concerns, but Plaid and MX seem to use OAuth (so maybe they don't store the credentials?):
https://docs.mx.com/products/connectivi ... reference/
The links above (thanks for sharing them btw, I hadn't seen them before) describe how Plaid and MX implement OAuth. But if your FI doesn't support it you're still in the old world of the aggregator storing your username and password.
(I couldn't find anything as definitive on the MX page.)OAuth support is required in all Plaid integrations that connect to financial institutions. Without OAuth support, your end users will not be able to connect accounts from institutions that require OAuth, which includes several of the largest banks in the US. OAuth setup can be skipped only if your Plaid integration is limited to products that do not connect to financial institutions (Enrich, Identity Verification, Monitor, and Document Income).
So, given the above and what you've said, as long as the customer-facing application supports OAuth you're good to go WRT Plaid.
That page you linked is a guide for applications that themselves want to connect to Plaid. It doesn't describe how Plaid itself connects to financial institutions.
What it's saying is that you as a application need to use OAuth to connect yourself to Plaid. This are the key sentences:
"OAuth support is required in all Plaid integrations that connect to financial institutions. Without OAuth support, your end users will not be able to connect accounts from institutions that require OAuth, which includes several of the largest banks in the US."
So if you as an application don't connect to Plaid using OAuth, you can't connect to FIs that themselves require OAuth, and regardless they won't let you connect to financial institutions at all.
("OAuth experience" gave me a chuckle.)There are many reasons for the non-OAuth connection type to exist, one of which might be because your financial institution is currently in the process of migrating to the OAuth experience.
https://support-my.plaid.com/hc/en-us/a ... -accounts-