Plaid

target_in_scope

asset_identifier asset_type availability requirement confidentiality requirement eligible for bounty eligible for submission integrity requirement max_severity
api.plaid.com URL critical
Plaid's legacy developer API. Docs: https://plaid.com/docs/legacy/api/
cdn.plaid.com URL critical
This is on Amazon CloudFront, so the scope here is limited to our content and configuration issues.
dashboard.plaid.com URL critical
Plaid's developer dashboard
demo.plaid.com URL low low low medium
Demo Plaid developer integration
https://github.com/plaid/link SOURCE_CODE critical
Plaid's drop-in client-side module for authentication. Available for web, mobile web and iOS.
link.plaid.com URL critical
Internal API for legacy Plaid Link customers.
my.plaid.com URL medium high high critical
Portal for customers to access their information as seen by Plaid apps they have permissioned.
production.plaid.com URL critical
Plaid's developer API. Docs: https://plaid.com/docs
https://github.com/plaid/plaid-link-android SOURCE_CODE critical
Plaid's drop-in client-side module for authentication. Available for web, mobile web and iOS.
https://github.com/plaid/plaid-link-examples SOURCE_CODE critical
Plaid's drop-in client-side module for authentication. Available for web, mobile web and iOS.
https://github.com/plaid/plaid-link-ios SOURCE_CODE critical
Plaid's drop-in client-side module for authentication. Available for web, mobile web and iOS.

target_out_of_scope

asset_identifier asset_type availability requirement confidentiality requirement eligible for bounty eligible for submission integrity requirement max_severity