Plaidify
Plaidify is a production-oriented authenticated web access service. It gives you API, hosted-link, and agent-facing interfaces for connecting to user-authorized sites, navigating MFA, and returning structured results under a strict read-only posture.
What Plaidify Provides
| Surface | Use it when | Primary endpoints |
|---|---|---|
| Direct API | Your backend owns the connect flow and polling lifecycle | POST /connect, POST /mfa/submit, GET /access_jobs |
| Hosted Link | You need a Plaid-style launch flow in web or mobile clients | POST /link/sessions, POST /link/bootstrap, POST /link/sessions/bootstrap |
| Agent and MCP access | An internal tool or AI agent needs constrained access to a site workflow | GET /blueprints, agent-facing routes, MCP server |
Core Capabilities
- Hosted link flows for browser, iframe, and native mobile webview clients
- Signed bootstrap tokens for production-safe hosted-link launches
- Detached access jobs with polling, persisted results, and MFA continuation
- Scoped access control, audit-aware workflows, and read-only execution
- Credential encryption in transit and at rest
- Python, TypeScript, and Swift SDK surfaces for server, web, and native integrations
How It Works
- Create a hosted-link session or call
POST /connectdirectly. - Plaidify executes the connector or blueprint flow and captures any MFA state.
- Clients continue MFA through the hosted link or
POST /mfa/submit. - Hosted clients receive a short-lived
public_token, while durable results are retrieved later through server-side exchange orGET /access_jobs.
Architecture At A Glance
Client or agent
-> Plaidify API or hosted /link flow
-> access-job orchestration and MFA state
-> connector runtime or blueprint execution
-> structured result payloadOperationally, Plaidify is a FastAPI service with modular routers, Redis-backed shared state for multi-worker coordination, a detached access-job execution path for production deployments, and hosted-link assets that can be embedded in parent apps or native webviews.
Quick Start
Docker Compose
cp .env.example .env
# Set ENCRYPTION_KEY and JWT_SECRET_KEY before starting
docker compose up --build
curl http://localhost:8000/healthLocal Development
cp .env.example .env
# Set ENCRYPTION_KEY and JWT_SECRET_KEY before starting
alembic upgrade head
uvicorn src.main:app --reloadProduction Notes
- Use PostgreSQL and Redis in production.
- Prefer
POST /link/bootstrapplusPOST /link/sessions/bootstrapfor hosted client launches. - Keep
CORS_ORIGINSexplicit and enable HTTPS enforcement. - Run detached access jobs with the Redis-worker execution mode for restart-tolerant production behavior.
- Treat fixture connectors as local test assets, not public production integrations.
SDKs
- sdk/README.md for the Python SDK
- sdk-js/README.md for the TypeScript and browser SDK
sdk-swift/for the native iOS hosted-link package
Key Docs
- docs/SELF_HOST.md — fork-to-deployed Azure walkthrough for self-hosters
- docs/README.md for the technical architecture and configuration reference
- docs/DEPLOYMENT.md for production deployment and operations guidance
- docs/MOBILE_LINK_INTEGRATION.md for native mobile hosted-link integration
- docs/AGENTS.md for agent-facing usage
- docs/RUNBOOK.md for operational procedures
- docs/PRODUCT_PLAN.md for roadmap context
Validation
python -m pytest tests/test_agent_integration.py -q
PYTHONPATH=$PWD python -m pytest tests/test_hosted_link_e2e.py -q -m playwright
cd sdk-js && npm run typecheck && npm test
cd sdk-swift && swift testInstall the browser once before running the hosted-link E2E slice:
python -m playwright install chromiumLicense
MIT. See LICENSE.