AWS Partner Network (APN) Blog

How to Build a Fintech App on AWS Using the Plaid API  

By Rana Dutt, Sr. Solutions Architect – AWS

Plaid-AWS-Partners
Plaid
Connect with Plaid-1

Open Finance initiatives have been gaining momentum across the world. These initiatives require that banks provide access to customer data through a common, open API for third-party applications, which are referred to as fintech apps.

The fintech app providers are generally not banks, but they offer users a variety of convenient payment and finance features on smartphone apps. These apps enhance the customer experience and foster greater choice and innovation. Users simply need to link the app to their bank and brokerage accounts, and grant the necessary permissions.

Fintech apps offer users benefits such as:

  • Viewing balances across multiple bank accounts.
  • Initiating payments to friends.
  • Applying for loans without gathering and scanning bank and income statements.
  • Paying for things online using a “Buy Now Pay Later” plan.
  • Showing monthly income and expense categories to help set budgets.
  • Displaying overall investment performance across multiple brokerage accounts.
  • Buying crypto-assets.

In this post, I will show you how to build and deploy a basic fintech app on Amazon Web Services (AWS) in under an hour by using the Plaid Link API. This app allows users to sign up, log in, select their bank from a list, connect to that bank, and display the latest transactions.

About Plaid

Plaid is a San Francisco-based financial services company and AWS Partner that helps fintech providers connect users safely to their bank accounts.

The Plaid Link acts as a secure proxy between a fintech app and a bank. With Plaid, application developers no longer need to worry about implementing scores of different ways to access data in myriad financial institutions.

Plaid is currently able to connect to more than 12,000 banks and financial institutions throughout the world. It provides a single API to connect to them. Currently, about 5,500 fintech apps use Plaid’s API to enable their users to access their bank accounts.

What We Will Build in This Post

Through this post, we will build a demo fintech app on AWS using the AWS Amplify framework and Plaid Link. AWS Amplify helps us quickly build a serverless web app with a React frontend, user sign-up and sign-in using Amazon Cognito, an Amazon API Gateway-based REST API, and an Amazon DynamoDB database for storage.

Plaid-Fintech-API-1

Figure 1 – Architecture of demo fintech app.

AWS Amplify generates the code for signing up and authenticating users who are then stored in a Cognito user pool. It also helps create a REST API invoked by the React frontend and implemented by an AWS Lambda function behind Amazon API Gateway. The backend Lambda function sets up the Plaid Link which allows the end user to interact with a selected bank.

AWS Amplify also helps store the Plaid API key securely in AWS Secrets Manager so that it never needs to appear in the code or in a file. Plaid access tokens (described in the next section) are stored in the DynamoDB database.

This is a completely scalable and secure architecture which does not require the user to manage any server instances.

How Plaid Link Works

To build an app using Plaid Link, you first need to go to Plaid.com, click on the Get API Keys button, and create an account. You can create a free sandbox account to start.

You can then log into your dashboard and find your sandbox API key under the menu for Team Settings – Keys.

The following diagram shows what our demo Web app needs to implement.

Plaid-Fintech-API-2

Figure 2 – Plaid Link flow.

All API calls are made through a Plaid client object. The message flow is as follows:

  1. The app first creates a Plaid client object by passing in the Plaid API key and Plaid client ID. It then calls the client’s createLinkToken method to obtain a temporary link token.
  2. When the user selects a bank, the app uses the link token to open a Plaid Link to the bank and obtain a temporary public token.
  3. The app then calls the client object’s exchangePublicToken method to exchange the public token for a permanent access token and an item ID that represents the bank.
  4. The app stores the access token in DynamoDB for subsequent requests pertaining to that item. For example, the app can pass the access token to the client object’s getTransactions method to obtain a list of transactions within a specific date range.

Building and Deploying the App

Prerequisites

Building the App

Clone the repo and run npm install:

$ git clone https://github.com/aws-samples/aws-plaid-demo-app.git 
$ cd aws-plaid-demo-app
$ npm install

Initialize a new Amplify project. Hit Return to accept the defaults.

$ amplify init
? Enter a name for the project (awsplaiddemoapp)
? Initialize the project with the above configuration? (Y/n) y
? Select the authentication profile you want to use: (Use arrow keys)
>	AWS profile 
? Please choose the profile you want to use: (Use arrow keys)
>	default
…
Your project has been successfully initialized and connected to the cloud! 

Add authentication:

$ amplify add auth 
? Do you want to use the default authentication configuration? 
>	Default configuration 
? How do you want users to be able to sign in? (Use arrow keys and space bar to select)
•	Email
•	Username
? Do you want to configure advanced settings? 
>	No, I am done

Add the API:

$ amplify add api
? Please select from one of the below mentioned services: REST
? Provide a friendly name for your resource to be used as a label for this category in the project: plaidtestapi
? Provide a path (e.g., /book/{isbn}): /v1
? Choose a Lambda source: Create a new Lambda function
? Provide an AWS Lambda function name: plaidaws
? Choose the runtime that you want to use: NodeJS
? Choose the function template that you want to use: Serverless ExpressJS function (Integration with API Gateway)
? Do you want to configure advanced settings? Yes
? Do you want to access other resources in this project from your Lambda function? No
? Do you want to invoke this function on a recurring schedule? No
? Do you want to enable Lambda layers for this function? No
? Do you want to configure environment variables for this function? Yes
? Enter the environment variable name: CLIENT_ID
? Enter the environment variable value: [Enter your Plaid client ID]
? Select what you want to do with environment variables: Add new environment variable
? Select the environment variable name: TABLE_NAME
? Enter the environment variable value: plaidawsdb
? Select what you want to do with environment variables: I am done
? Do you want to configure secret values this function can access? Yes
? Enter a secret name (this is the key used to look up the secret value): PLAID_SECRET
? Enter the value for PLAID_SECRET: [Enter your Plaid sandbox API key - hidden]
? What do you want to do? I'm done
? Do you want to edit the local lambda function now? No
? Restrict API access: No
? Do you want to add another path? No

Copy the Lambda source file, install dependencies, and push:

$ cp lambda/plaidaws/app.js amplify/backend/function/plaidaws/src/app.js
$ cd amplify/backend/function/plaidaws/src
$ npm i aws-sdk moment plaid@8.5.4
$ amplify push

Add a database:

$ amplify add storage
? Please select from one of the below mentioned services: NoSQL Database
? Please provide a friendly name for your resource that will be used to label this category in the project: plaidtestdb
? Please provide table name: plaidawsdb

You can now add columns to the table.

? What would you like to name this column: id
? Please choose the data type: string
? Would you like to add another column? Yes
? What would you like to name this column: token
? Please choose the data type: string
? Would you like to add another column? No
? Please choose partition key for the table: id
? Do you want to add a sort key to your table? No
? Do you want to add global secondary indexes to your table? No
? Do you want to add a Lambda Trigger for your Table? No
Successfully added resource plaidtestdb locally

Update the Lambda function to add permissions for the database:

$ amplify update function


? Select the Lambda function you want to update plaidaws
General information
- Name: plaidaws
- Runtime: nodejs

Resource access permission
- Not configured

Scheduled recurring invocation
- Not configured

Lambda layers
- Not configured

Environment variables:
- CLIENT_ID: plaidclientid

Secrets configuration
- PLAID_SECRET

? Which setting do you want to update? Resource access permissions
? Select the categories you want this function to have access to.
	storage
? Storage has 2 resources in this project. Select the one you would like your Lambda to access plaidawsdb
? Select the operations you want to permit on plaidawsdb: create, read, update, delete
? Do you want to edit the local lambda function now? No

Deploying the App

Add hosting for the app:

$ amplify add hosting
? Select the plugin module to execute:
>	Hosting with Amplify Console (Managed hosting)
? Choose a type
>	Manual deployment

Deploy the app:

$ amplify publish

Testing the App

Go to the URL displayed by the amplify publish command, and sign up as a new user. After logging in, select a bank from the list displayed.

If you are using the sandbox environment, use the credentials user_good / pass_good to access the bank and display the transactions.

Conclusion

The walkthrough in this post demonstrates how easy it is to use AWS Amplify to create a secure, scalable, and completely serverless fintech app on AWS that allows users to sign up, select from among the 10,000 banks that Plaid Link connects to, and obtain the transaction history for a particular account.

From here, you can add features such as making payments to friends or vendors, displaying balances across multiple accounts, sending low balance alerts and helping set a budget.

.
Plaid-APN-Blog-CTA-1
.


Plaid – AWS Partner Spotlight

Plaid is an AWS Partner that  helps fintech providers connect users safely to their bank accounts.

Contact Plaid | Partner Overview

*Already worked with Plaid? Rate the Partner

*To review an AWS Partner, you must be a customer that has worked with them directly on a project.