Date Published
Mahesh Kukreja
Word count
Hacker News points


This guide provides an overview of how to effectively pentest Plaid's web applications and APIs. It covers the following products: Plaid APIs, Plaid Portal, Plaid Developer Dashboard, and Plaid Link. The Plaid Portal allows users to manage connections made to their bank accounts through Plaid on apps like Betterment, Chime, Venmo, etc. The Plaid Developer Dashboard enables customers or individual developers/researchers to manage teams, users, API keys, etc. Plaid offers a variety of API endpoints that interact with Plaid products such as Transactions, Auth, Balance, etc. Plaid Link is the client-side component that users interact with in order to link their financial accounts through Plaid to their chosen apps. The guide outlines various security test cases for each product and provides detailed steps on how to effectively test them.