Guide to linking external accounts

Overview of the steps to take to link an account to an external account.



To link external accounts, you need to use the v0 APIs.


The v0 Accounts API allows you to link a customer's Bond account to their verified external bank account. Once the external account has been linked, the customer can then transfer funds back and forth between their account and the external account. Once the link is established, we use the linked_account_id identifier to represent the customer's external account.



An external account can only be linked once it has been verified. This verification takes place as part of the linking process. The type of verification performed depends on the institution the account is held with.

The following graphic depicts the overall linking process flow and fund transfer.


The linking process comprises the following steps:

  1. Start the Linking external accounts SDK and provide details of the customer's Bond card account.
  2. From the returned list of options, select the required institute.
  3. The customer enters their external account details.
    The request is either approved or needs to be verified as described below. See table below for verification methods.
  4. Once these steps have been successfully completed, the customer's external bank account can be used for making transfers.

For examples of how to use the Linking external account SDK, see Linking external accounts SDK.

Account verification

Each of the available methods for verification depends on the intuition. Each method falls into one of these categories:

  • Instant—Your customer enters their bank details during the linking process.
  • Automatic—The process performs a micro-deposit and automatically verifies the deposit.
  • Manual—The process makes two micro-deposits which then need to be manually verified by the customer.

The following graphic depicts the verification options depending on the institution selected.


The following table describes the verification methods, their types, and how they are work.

Verification method




Instant auth


The default Auth flow during which the customer selects their banking institution and provides their login credentials. Does not require extra configuration steps if Auth is already configured in your app. Supports more than 3,800 financial institutions with credential-based logins.

Instant match


When using Instant Match, your user is prompted to enter their account number and routing number. The last four digits of the user-provided account number are verified against the account mask retrieved from the financial institution. Instant match is automatically provided at supported institutions as a fall-back method when Instant Auth is not available.

Automated micro-deposits


Plaid makes a single micro-deposit and then automatically verifies it within one to two business days. Expires and needs to be renewed.

Same-day micro-deposits


Used for institutions that don't support Instant Auth, Instant Match, or Automated Micro-deposit verification. Plaid makes two deposits that post within one business day (using Same Day ACH). Users are instructed to manually verify the deposited amounts within one business day. Expires and needs to be renewed.

Does not support transaction history.


Used in a case where a user wants to send a transfer to an external account that is not their own.

Does not support transaction history.

Linking an unverifiable account

To transfer funds to a third-party, external account, because you can't verify this account, you need to use the operation shown below.

To transfer funds to an unverifiable account, use the POST /accounts/account_id/migrate_account/plaid operation and provide the body parameters as shown in the table below.






External bank account number.



Bank routing number.



checking or savings



Freeform, alphanumeric name of the external bank account being linked, for example Casino Royale

An example of a request to transfer funds to an external account is shown below.

curl --request POST \
     --url \
     --header 'Authorization: YOUR-AUTHORIZATION' \
     --header 'Content-Type: application/json' \
     --header 'Identity: YOUR-IDENTITY' \
     --data '
     "account_type": "savings",
     "account_number": "1111222233335897",
     "routing_number": "021000770",
     "bank_name": "Casino Royale"
require 'uri'
require 'net/http'
require 'openssl'

url = URI("")

http =, url.port)
http.use_ssl = true

request =
request["Content-Type"] = 'application/json'
request["Identity"] = 'YOUR-IDENTITY'
request["Authorization"] = 'YOUR-AUTHORIZATION'
request.body = "{\"account_type\":\"savings\",\"account_number\":\"1111222233335897\",\"routing_number\":\"021000770\",\"bank_name\":\"Casino Royale\"}"

response = http.request(request)
puts response.read_body
const options = {
  method: 'POST',
  headers: {
    'Content-Type': 'application/json',
    Identity: 'YOUR-IDENTITY',
    Authorization: 'YOUR-AUTHORIZATION'
  body: JSON.stringify({
    account_type: 'savings',
    account_number: '1111222233335897',
    routing_number: '021000770',
    bank_name: 'Casino Royale'

fetch('', options)
  .then(response => response.json())
  .then(response => console.log(response))
  .catch(err => console.error(err));
import requests

url = ""

payload = {
    "account_type": "savings",
    "account_number": "1111222233335897",
    "routing_number": "021000770",
    "bank_name": "Casino Royale"
headers = {
    "Content-Type": "application/json",
    "Identity": "YOUR-IDENTITY",
    "Authorization": "YOUR-AUTHORIZATION"

response = requests.request("POST", url, json=payload, headers=headers)

var client = new RestClient("");
var request = new RestRequest(Method.POST);
request.AddHeader("Content-Type", "application/json");
request.AddHeader("Identity", "YOUR-IDENTITY");
request.AddHeader("Authorization", "YOUR-AUTHORIZATION");
request.AddParameter("application/json", "{\"account_type\":\"savings\",\"account_number\":\"1111222233335897\",\"routing_number\":\"021000770\",\"bank_name\":\"Casino Royale\"}", ParameterType.RequestBody);
IRestResponse response = client.Execute(request);
OkHttpClient client = new OkHttpClient();

MediaType mediaType = MediaType.parse("application/json");
RequestBody body = RequestBody.create(mediaType, "{\"account_type\":\"savings\",\"account_number\":\"1111222233335897\",\"routing_number\":\"021000770\",\"bank_name\":\"Casino Royale\"}");
Request request = new Request.Builder()
  .addHeader("Content-Type", "application/json")
  .addHeader("Identity", "YOUR-IDENTITY")
  .addHeader("Authorization", "YOUR-AUTHORIZATION")

Response response = client.newCall(request).execute();

A successful request returns an access_token and linked_account_id to represent the link between the customer's account and the external account, as shown below.

    "linked_account_id": "1a130d45-3dc3-4c58-b0d8-9784aae0d009",
    "access_token": "access-sandbox-035d67aa-5d6b-4014-98af-e09b7335ea31",
    "status": "active",
    "verification_status": "unverifiable",
    "account_type": "checking",
    "account_category": "depository"

Did this page help you?