Bank Integration Flow

Overview

The bank integration process in OmniButler enables users to securely connect their financial accounts through Plaid. The flow is designed to be secure, efficient, and user-friendly, leveraging Plaid's Link interface for bank authentication and Firestore for connection management.

Flow Diagrams

System Flow

```mermaid sequenceDiagram participant User participant Frontend participant Backend participant Plaid API participant Firestore

User->>Frontend: Initiate bank connection
Frontend->>Backend: GET /bank/connect
Backend->>Backend: Verify Firebase token
Backend->>Firestore: Get user details
Backend->>Plaid API: Create link token
Plaid API-->>Backend: Return link token
Backend-->>Frontend: Return link token
Frontend-->>User: Launch Plaid Link
User->>Frontend: Complete Plaid Link
Frontend->>Backend: POST /bank/set_access_token
Backend->>Backend: Verify Firebase token
Backend->>Firestore: Get user details
Backend->>Plaid API: Exchange public token
Plaid API-->>Backend: Return access token
Backend->>Firestore: Create bank connection
Backend->>Plaid API: Get institution details
Backend->>Firestore: Store institution info
Backend-->>Frontend: Return success

```

Code Flow

```mermaid graph TD subgraph Frontend A[User Initiation] → B[Plaid Link SDK] B → C[Get Link Token] end

subgraph Backend
    D[API Request with Token] --> E[Auth Middleware]
    E --> F[verify_firebase_token]

    subgraph Application Layer
        F --> G[PlaidConnectRouter]
        G --> H[create_link_token]
        G --> I[exchange_public_token]
    end

    subgraph Domain Layer
        H --> J[BankConnection Model]
        I --> K[ItemStatus Enum]
    end

    subgraph Infrastructure Layer
        J --> L[PlaidClient]
        L --> M[link_token_create]
        L --> N[item_public_token_exchange]
        J --> O[Firestore Operations]
    end
end

style Frontend fill:#f9f,stroke:#333,stroke-width:2px
style Backend fill:#bbf,stroke:#333,stroke-width:2px
style Application Layer fill:#dfd,stroke:#333,stroke-width:2px
style Domain Layer fill:#fdd,stroke:#333,stroke-width:2px
style Infrastructure Layer fill:#ddf,stroke:#333,stroke-width:2px

```

Key Components

1. Frontend
2. Plaid Link SDK
3. Token management

4. API client

5. Application Layer

6. PlaidConnectRouter: Manages bank connection endpoints
7. verify_firebase_token: Handles token verification

8. API routes and controllers

9. Domain Layer

10. BankConnection: Core bank connection entity
11. ItemStatus: Connection status tracking

12. InstitutionInfo: Bank institution details

13. Infrastructure Layer

14. PlaidClient: Plaid API integration
15. Firestore client
16. Firebase admin SDK

Technical Details

Authentication Flow

1. Initial Connection
2. User initiates bank connection
3. Backend creates Plaid link token

4. User authenticates with bank through Plaid Link

5. Token Exchange

6. Plaid returns public token
7. Backend exchanges for access token

8. Access token stored securely in Firestore

9. Connection Creation

10. System creates bank connection record
11. Fetches institution details
12. Stores connection metadata

Data Models

BankConnection

class BankConnection(BaseModel):
    connection_id: str
    app_user_id: str
    institution_id: str
    institution_name: str
    item_id: str
    access_token: str
    cursor: str = ""
    status: ItemStatus = ItemStatus.GOOD
    error_type: str | None = None
    error_code: str | None = None
    last_sync: datetime
    account_ids: list[str]

ItemStatus

class ItemStatus(StrEnum):
    GOOD = "good"
    BAD = "bad"
    ERROR = "error"
    PENDING_EXPIRATION = "pending_expiration"
    PENDING_DISCONNECT = "pending_disconnect"

Security Considerations

• All authentication through Firebase
• Access tokens stored securely in Firestore
• Public tokens are single-use
• Each connection has isolated access

API Endpoints

The bank integration flow uses these endpoints:

1. Plaid Integration
2. /api/v1/bank/connect - Create link token
3. /api/v1/bank/set_access_token - Exchange public token

Error Handling

The system handles various error scenarios:

1. Authentication Failures
2. Invalid tokens
3. Expired sessions

4. Plaid API errors

5. Connection Failures

6. Invalid public tokens
7. Institution errors

8. Storage failures

9. Integration Issues

10. Plaid API errors
11. Token exchange failures
12. Institution data issues

Monitoring

The system logs key events: - Connection creation - Token exchanges - Institution data fetches - Error conditions

Areas for Improvement

By Category

1. Security Enhancements

• Token Handling
• Implement token rotation mechanism
• Add token expiration monitoring
• Implement token revocation
• Add rate limiting for token exchanges

• Remove sensitive data from logs

• Data Protection

• Implement encryption for sensitive data
• Add connection audit logging
• Implement row-level security

• Add data access controls

• Error Handling

• Implement specific error types
• Add proper error messages
• Implement consistent error patterns
• Add error recovery mechanisms

2. Architecture Improvements

• Clean Architecture
• Create proper interfaces for Plaid integration
• Move Plaid client dependency to infrastructure layer
• Separate connection and data concerns

• Implement proper dependency injection

• Repository Pattern

• Define clear repository interfaces
• Implement proper data access patterns
• Add connection status tracking
• Implement proper error handling

3. Performance Optimizations

• Caching
• Implement institution data caching
• Add connection status caching
• Implement token caching

• Add performance monitoring

• Batch Operations

• Implement batch token exchanges
• Add bulk institution data fetches
• Implement connection pooling
• Add performance metrics

4. User Experience

• Connection Management
• Add connection status notifications
• Implement progress tracking
• Add error recovery flows

• Implement user feedback

• Error Recovery

• Add automatic reconnection
• Implement error reporting
• Add user guidance
• Implement fallback mechanisms

By Priority

High Priority

1. Security
2. Token rotation implementation
3. Enhanced error handling

4. Data encryption

5. Reliability

6. Error recovery mechanisms
7. Connection status tracking

8. Automatic reconnection

9. Performance

10. Institution data caching
11. Batch operations
12. Connection pooling

Medium Priority

1. Features
2. Additional Plaid products
3. Country support expansion

4. Enhanced metadata

5. Monitoring

6. Connection health tracking
7. Performance metrics

8. Automated alerts

9. User Experience

10. Status notifications
11. Progress tracking
12. Error recovery flows

Low Priority

1. Documentation
2. API documentation
3. Troubleshooting guides

4. Best practices

5. Testing

6. Integration tests
7. Load testing

8. Test automation

9. Maintenance

10. Dependency updates
11. Code optimization
12. Technical debt

Future Considerations

Short-term (1-3 months)

• Implement token rotation
• Add basic monitoring
• Enhance error handling

Medium-term (3-6 months)

• Expand country support
• Add performance optimizations
• Implement comprehensive testing

Long-term (6+ months)

• Add advanced security features
• Implement AI-powered error detection
• Create automated recovery systems

Robust SyncProgress Handling (June 2025)

The transaction sync system now mirrors the email system's robust SyncProgress handling: - SyncProgress is updated at every stage (pending, in_progress, completed, failed), with detailed context and error information. - Failed syncs are automatically reset to 'pending' for retry, ensuring reliability and idempotency. - All orchestrator and worker code now uses the same update pattern as the email system, with structured logging and error handling. - Tests have been updated to assert on sync progress updates, ensuring regression safety and business-driven coverage. - This closes the gap with the email system for progress tracking, error recovery, and user experience. - All relevant code and tests now pass, confirming the system is robust and production-ready.