ACH payment requests to the 3rd party API?

Hi @micasuh,

Thanks for contacting us. The plugin code documentation shows exactly what information is being sent to the api.plaid.paymentplugins api. There are two fields being captured, account_id and client_id, both of which are public identifiers.

This information is in no way sensitive and is gathered for reporting and support purposes on the Stripe and Plaid side. This API is called only once, not multiple times. When you connect the plugin to Stripe using our Connect integration, you are granting our Platform access to your Stripe account so we can already see this information in our Stripe Platform dashboard. For example, when you send a support request along with your account ID, we can lookup your account’s specific log data etc. This functionality simply adds metadata to our Stripe dashboard so we can identify the Stripe account associated with a Plaid account.

Kind Regards,

Thanks for the quick reply, Mr. Clayton. I appreciate your clarity on this but it leaves me with more questions.

I’m confused why account_id and client_id are not directly sent to Stripe or Plaid?

I did not know about your Connect Integration. Where you say we are giving you Platform access to the Stripe account, this is another connection I worry about the sensitive information. I understand the desire to add support requests and easy access to log files, but this means customers of your plugin are trusting you and can’t see what you’re able to do.

Will you ever provide a way to make direct connections to Stripe and Plaid without the third party connections to paymentplugins.com?

Hi @micasuh,

Using Stripe Connect through our Platform does not mean requests are going through our servers. In fact all transactions go directly to Stripe and Plaid. Stripe Connect is Stripe’s recommended way for partners to integrate merchant’s websites with their Stripe accounts. The account_id is your public Stripe identifier. The account ID exists in Stripe and on your WordPress site. It’s what links them together.

Your Plaid client_id is the same thing, a public identifier so Plaid knows who you are. The singular API call to api.paymentplugins.com exists so your Stripe Account’s metadata can be updated with the Plaid ID. That request goes through our server because it’s the most secure way to do so.

Kind Regards,

Thanks again, Mr. Clayton, I will take this into account as I test with this plugin.

@micasuh,

I spent some time looking at alternate methods of updating the account’s metadata and found a way to do it through Stripe without calling api.plaid.paymentplugins. Version 3.1.4 no longer has this API call.

Kind Regards,

@mrclayton Your customer support is admirable and impressive. I appreciate you taking my words into consideration and so quickly. As an advocate of open source software, I’m always looking to make sure code is transparent and secure. Thank you!