Skip to main content

Announcing StackOne Defender: leading open-source prompt injection guard for your agent Read More

Connect

Connectors Agent Auth MCP Connector Builder

Optimize

Tool Discovery Falcon Engine

Secure

Defender
Connectors

HRIS / HCM

Employee Onboarding Employee Offboarding

Recruiting

Application Screening Interview Scheduling

Customer Support

Ticket Triage Voice Call Summarization

Sales & CRM

Deal Risk Scoring Lead Qualification

Accounting & Finance

Invoice Processing Month-End Accruals

Marketing

Campaign Reports Lead Nurture Sequences
View all use cases

Developers

Docs Changelog Status

Learn

Blog Case Studies Events Partners
Pricing
Login Book Demo Start Free

Plaid MCP Server
for AI Agents

Production-ready Plaid MCP server with 30 extensible actions — plus built-in authentication, security, and optimized execution.

Start Free Book Demo Read Docs →
Plaid logo
Plaid MCP Server
Built by StackOne StackOne

Coverage

30 Agent Actions

Create, read, update, and delete across Plaid — and extend your agent's capabilities with custom actions.

MCP Actions → Create Actions →

Authentication

Agent Tool Authentication

Per-user OAuth in one call. Your Plaid MCP server gets session-scoped tokens with zero credentials stored on your infra.

Agent Auth →

Security

Agent Protection

Every Plaid tool response scanned for prompt injection in milliseconds — 88.7% accuracy, all running on CPU.

Prompt Injection Defense →

Performance

Max Agent Context. Min Cost.

Free up to 96% of your agent's context window to enhance reasoning and reduce cost, on every Plaid call.

Tools Discovery →

What is the Plaid MCP Server?

A Plaid MCP server lets AI agents read and write Plaid data through the Model Context Protocol — Anthropic's open standard for connecting LLMs to external tools. StackOne's Plaid MCP server ships with 30 pre-built actions, fully extensible via the Connector Builder — plus managed authentication, prompt injection defense, and optimized agent context. Connect it from MCP clients like Claude Desktop, Cursor, and VS Code, or from agent frameworks like OpenAI Agents SDK, LangChain, and Vercel AI SDK.

All Plaid MCP Tools and Actions

Every action from Plaid's API, ready for your agent. Create, read, update, and delete — scoped to exactly what you need.

Asset Reports

  • Create Asset Report

    Create an Asset Report for the linked Item, providing a point-in-time snapshot of account balances, transactions, and identity data for lending and verification via POST /asset_report/create

  • Get Asset Report

    Retrieve a completed Asset Report containing account balances, transaction history, and identity data via POST /asset_report/get

  • Remove Asset Report

    Permanently delete an Asset Report and invalidate its token via POST /asset_report/remove

Institutions

  • Get Institutions

    Retrieve a paginated list of all Plaid-supported financial institutions with filtering by country, products, and routing numbers via POST /institutions/get

  • Search Institutions

    Search Plaid's institution directory by name or query string with optional product and country filters via POST /institutions/search

Items

  • Get Item

    Retrieve metadata and health status for a linked financial institution Item via POST /item/get

  • Remove Item

    Permanently remove a linked Item, invalidating its access_token and ending all associated billing via POST /item/remove

Link Tokens

  • Create Link Token

    Create a link_token to initialize Plaid Link, the client-side UI component for bank account connection, via POST /link/token/create

  • Get Link Token

    Retrieve metadata and configuration details for a previously created link_token via POST /link/token/get

Statements

  • List Statements

    Retrieve a list of available bank statements for all accounts linked to an Item via POST /statements/list

  • Download Statement

    Download a single bank statement PDF by its statement ID via POST /statements/download

Transactions

  • Get Transactions

    Fetch historical transaction data within a specified date range with pagination and optional enrichment fields via POST /transactions/get

  • Sync Transactions

    Get incremental transaction updates using Plaid's recommended cursor-based sync approach, returning added, modified, and removed transactions since the last sync via POST /transactions/sync

Other (17)

  • Get Accounts

    Retrieve all financial accounts (checking, savings, credit, loan, investment) linked to an Item via POST /accounts/get

  • Get Account Balance

    Fetch real-time balance data directly from the financial institution for all or specific accounts via POST /accounts/balance/get

  • Get Asset Report PDF

    Download a completed Asset Report as a formatted PDF document for sharing with lenders and verifiers via POST /asset_report/pdf/get

  • Get Auth

    Retrieve bank account numbers and routing numbers needed to initiate ACH, EFT, BACS, and wire transfers via POST /auth/get

  • Get Identity

    Retrieve personal identity information (name, email, phone, address) for account holders directly from the financial institution via POST /identity/get

  • Get Institution By ID

    Retrieve detailed metadata for a single financial institution by its Plaid institution_id via POST /institutions/get_by_id

  • Get Investment Holdings

    Retrieve current investment portfolio holdings including stocks, bonds, mutual funds, and ETFs for linked brokerage and retirement accounts via POST /investments/holdings/get

  • Get Investment Transactions

    Retrieve investment transactions (buys, sells, dividends, fees, transfers) within a specified date range for linked brokerage accounts via POST /investments/transactions/get

  • Get Liabilities

    Retrieve detailed liabilities data for credit cards, student loans, and mortgages associated with an Item via POST /liabilities/get

  • Get Recurring Transactions

    Fetch Plaid-detected recurring transaction patterns (subscriptions, income deposits, bills) for accounts associated with an Item via POST /transactions/recurring/get

  • Update Item Webhook

    Update or set the webhook URL for receiving real-time event notifications for an Item via POST /item/webhook/update

  • Refresh Asset Report

    Create a refreshed copy of an existing Asset Report with updated data from the financial institutions via POST /asset_report/refresh

  • Filter Asset Report

    Create a filtered copy of an Asset Report with specified accounts excluded via POST /asset_report/filter

  • Exchange Public Token

    Exchange a single-use public_token for a permanent access_token via POST /item/public_token/exchange

  • Sandbox Create Public Token

    Create a test public_token for a sandbox Item, simulating the Plaid Link flow without user interaction, via POST /sandbox/public_token/create

  • Refresh Statements

    Trigger on-demand extraction of bank statements for a specified date range via POST /statements/refresh

  • Refresh Transactions

    Trigger an on-demand refresh of transaction data for an Item, bypassing the normal automatic update schedule, via POST /transactions/refresh

Set Up Your Plaid MCP Server in Minutes

One endpoint. Any framework. Your agent is talking to Plaid in under 10 lines of code.

MCP Clients

Agent Frameworks

Claude Desktop
{
  "mcpServers": {
    "stackone": {
      "command": "npx",
      "args": [
        "-y",
        "mcp-remote@latest",
        "https://api.stackone.com/mcp?x-account-id=<account_id>",
        "--header",
        "Authorization: Basic <YOUR_BASE64_TOKEN>"
      ]
    }
  }
}

More Accounting MCP Servers

Chargify (Maxio)

118+ actions

Zoho Books

104+ actions

QuickBooks Online

95+ actions

Xero

71+ actions

Microsoft Dynamics 365 Business Central

70+ actions

Fastbill

57+ actions

Expensify

15+ actions

All Accounting MCP Servers →

Plaid MCP Server Resources

MCP Code Mode: Keeping Tool Responses Out of Agent Context

Anthropic's code_execution processes data already in context. Custom MCP code mode keeps raw tool responses in a sandbox. 14K tokens vs 500.

11 min

Comparing BM25, TF-IDF, and Hybrid Search for MCP Tool Discovery

Benchmarking BM25, TF-IDF, and hybrid search for MCP tool discovery across 916 tools. The 80/20 TF-IDF/BM25 hybrid hits 21% Top-1 accuracy in under 1ms.

10 min

Indirect Prompt Injection Defense for MCP Tools: A Technical Guide

MCP tools that read emails, CRM records, and tickets are indirect prompt injection vectors. Here's how we built a two-tier defense that scans tool results in ~11ms.

12 min

Plaid MCP Server FAQ

Plaid MCP server vs direct API integration — what's the difference?
A Plaid MCP server and direct API integration serve different use cases. Direct API integration is for software-to-software — backend code calling Plaid. A Plaid MCP server is for AI agents — MCP clients like Claude and Cursor, plus framework agents built with OpenAI, LangChain, or Vercel AI — discovering and calling Plaid at runtime. StackOne provides both.
How does Plaid authentication work for AI agents?
Plaid authentication for AI agents works through a StackOne Connect Session. Create one via the dashboard or the SDK — you get an auth link and ready-to-paste config for Claude Desktop, Cursor, and other MCP clients. Your user authenticates their own Plaid account; StackOne handles token exchange, storage, and refresh. Credentials never reach the LLM, and each user is isolated via origin_owner_id.
Are Plaid MCP tools vulnerable to prompt injection?
Yes — Plaid MCP tools can be vulnerable to indirect prompt injection. Any tool that reads user-written content — documents, messages, tickets, records, or free-text fields — is a potential vector. StackOne Defender scans every tool response before it enters the agent's context — regex patterns in ~1ms, then a MiniLM classifier in ~4ms. 88.7% accuracy, CPU-only.
What is the context bloat of a Plaid agent and how do I avoid it?
Context bloat happens when Plaid tool schemas and API responses eat your Plaid agent's memory, preventing it from reasoning effectively. A single Plaid query can return a massive JSON response, and connecting multiple tools compounds the problem. Tools Discovery and Code Mode reduce context bloat — loading only relevant tools per query and keeping raw responses out of the agent's context.
Can I limit which actions my Plaid agent can access?
Yes — you can limit which actions your Plaid agent can access directly from the StackOne dashboard. Toggle actions on or off, or restrict them to specific accounts, with no code changes to your agent. Session tokens can be scoped to exact actions so if one leaks, exposure stays contained.
Can I create custom agent actions for my Plaid MCP server?
Yes — you can create custom agent actions for your Plaid MCP server using Connector Builder. It's an integration agent your coding assistant (Claude Code, Cursor, or Copilot) can invoke to research Plaid's API, generate production-ready connector YAML, test against the live API, and validate before you ship.
When should I NOT use a Plaid MCP server?
Skip a Plaid MCP server if your integration is purely software-to-software — direct Plaid API integration is simpler when no AI agent is involved. For deterministic, compliance-critical operations (financial transactions, regulatory reporting), direct API gives you predictable behavior without agent-driven decision-making. MCP shines when AI agents need to dynamically discover and call Plaid actions at runtime.
What AI frameworks and AI clients does the StackOne Plaid MCP server support?
The StackOne Plaid MCP server supports both. MCP clients (paste-and-go apps): Claude Desktop, Claude Code, Cursor, VS Code, Goose. Agent frameworks (code SDKs you build with): OpenAI Agents SDK, Anthropic, Vercel AI, Google ADK, CrewAI, Pydantic AI, LangChain, LangGraph, Azure AI Foundry.

Put your AI agents to work

All the tools you need to build and scale AI agent integrations, with best-in-class connectivity, execution, and security.

Start Free Book Demo