Vault.Bank does not assume responsibility for the expiration of tokens managed by external institutions. Each institution determines the duration and validity period of its tokens. Vault.Bank is not liable for this process and cannot influence the token policies implemented by external institutions for established connections.
Important context: There’s no single lifetime for tokens. Linking flows use multiple tokens with different lifetimes based on risk and regulations.
1) What “linking an external account” means in token terms
Linking a bank account for transfers requires two key capabilities:
- Permission to access account data (verify ownership, balances, routing info) via OAuth or consent tokens.
- Payment credential (tokenized bank account or stored record) accepted by payment rails, which may expire or be revoked.
Tokens keep apps from storing user credentials and allow access to be scoped, time-limited, auditable, and revocable.
2) Typical token chain in a “link + transfer” flow
A. Session/init token (very short-lived)
Providers issue a one-time “start linking” token to begin a secure bank-linking session.
- Example (Plaid):
link_tokenexpires in ~4 hours for new links, ~30 minutes for updates, configurable in hosted flows.
Why so short? It’s a launch key; short expiry limits misuse if leaked.
B. Exchange token (short-lived, one-time)
After user consent, the UI returns a temporary token that the server exchanges for a longer-lived credential.
- Plaid returns a
public_tokento exchange for anaccess_token.
Why short-lived? It crosses client-server boundaries; short life reduces interception risk and keeps real credentials server-side.
C. Data access token (medium/long-lived, revocable)
Used by apps to call APIs for account info or identity verification.
In OAuth, this is an access token scoped for limited permissions, avoiding sharing user passwords.
- Typically short-lived (minutes to hours) to minimize risk.
- Long lifetimes increase exposure if leaked.
Why used? Bearer tokens allow resource servers to validate access without passwords, with scoped permissions and revocation.
D. Refresh token / re-consent (longer-lived)
To avoid repeated logins, systems use refresh tokens to get new short-lived access tokens.
OAuth defines refresh tokens for this purpose; OWASP calls this the model of short-lived access tokens + refresh tokens.
Duration? Varies by issuer; many rotate refresh tokens for security.
Why? Keeps links active (e.g., recurring transfers) without re-authentication, while keeping access tokens short-lived.
E. Payment credential token (may expire)
For moving money, an additional “payment-ready” token is needed.
- Example (Stripe Financial Connections): tokenized account numbers (TANs) that can expire or be revoked, requiring relinking.
Why expire? To reduce fraud risk from long-term use; institutions revoke due to policy, security, or account changes.
3) Common token lifetimes
Think of short-lived tokens for starting or using access, and longer-lived tokens for renewing access.
Very short-lived (minutes to hours)
- Link/session tokens (e.g., Plaid
link_token): 30 minutes to 4 hours, configurable. - One-time exchange tokens (e.g., public tokens): used immediately, not stored long-term.
Why? Reduce risk if intercepted, since exposed client-side.
Short-lived (minutes to hours, sometimes a day)
- OAuth access tokens: kept short to limit damage if leaked.
Why? Minimize impact and enable meaningful revocation.
Longer-lived (days to months)
- Refresh tokens: vary widely, often rotated for security.
Why? Better user experience without constant logins, while keeping access tokens short.
4) Why tokens are used for linking accounts and transferring funds
1) They avoid storing bank credentials
OAuth tokens let apps access limited data without user passwords, lowering breach and phishing risks.
2) They scope permissions
Tokens limit access to specific accounts, data types, or actions (read-only vs payments).
3) They allow revocation and recovery
Linked accounts can be disabled by events like password or MFA changes; relinking restores or renews access.
4) Short expirations reduce damage from leaks
Bearer tokens grant power to whoever holds them; short lifetimes limit exposure.
