POST /protect/report/create

Use this endpoint to create a Protect report to document fraud incidents, investigation outcomes, or other risk events. This endpoint allows you to report various types of incidents including account takeovers, identity fraud, unauthorized transactions, and other security events. The reported data helps improve fraud detection models and provides valuable feedback to enhance the overall security of the Plaid network. Reports can be created for confirmed incidents that have been fully investigated, or for suspected incidents that require further review. You can associate reports with specific users, sessions, or transactions to provide comprehensive context about the incident.

Servers

https://production.plaid.com
https://sandbox.plaid.com

Request headers

Name	Type	Required	Description
`Content-Type`	String	Yes	The media type of the request body. Default value: "application/json"

Request body fields

Name	Type	Required	Description
`report_type`	String	Yes	The type of incident being reported. `USER_ACCOUNT_TAKEOVER` - Indicates that a legitimate user's account was accessed or controlled by an unauthorized party. `FALSE_IDENTITY` - Indicates that a user created an account using stolen or fabricated identity information. `STOLEN_IDENTITY` - Indicates that a user created an account using identity information belonging to a real individual without their consent. `SYNTHETIC_IDENTITY` - Indicates that a user created an account using a fake or partially fabricated identity (e.g., combining real and fake information to form a new persona). `MULTIPLE_USER_ACCOUNTS` - Indicates that the same individual is operating multiple accounts in violation of policy. `SCAM_VICTIM` - Indicates that the user was tricked into authorizing or sending funds as part of a scam. `BANK_ACCOUNT_TAKEOVER` - Indicates that a user's linked bank account was accessed or misused by an unauthorized party. `BANK_CONNECTION_REVOKED` - Indicates that a linked bank account connection was revoked by the financial institution, often due to suspected misuse, fraud, or security concerns. `CARD_TESTING` - Indicates that a card was used in small or repeated transactions to test its validity. `UNAUTHORIZED_TRANSACTION` - Indicates that a transaction was made without the user's consent or authorization. `CARD_CHARGEBACK` - Indicates that a card transaction was reversed via a chargeback claim. `ACH_RETURN` - Indicates that an ACH transaction was returned or reversed by the bank. `DISPUTE` - Indicates that a user filed a dispute regarding a transaction or account activity. `FIRST_PARTY_FRAUD` - Indicates that a user intentionally misrepresented themselves or their actions for financial gain. `MISSED_PAYMENT` - Indicates that a user failed to make a required payment on time. `LOAN_STACKING` - Indicates that a user applied for or took out multiple loans simultaneously beyond their ability to repay. `MONEY_LAUNDERING` - Indicates that funds are being moved through accounts to obscure their illicit origin. `NO_FRAUD` - Indicates that an investigation determined no fraudulent activity occurred on user/event (positive label) `OTHER` - Indicates that the case involves fraud or financial risk not covered by other report types. Requires notes describing the report. Valid values: `"ACH_RETURN"` `"MULTIPLE_USER_ACCOUNTS"` `"MONEY_LAUNDERING"` `"BANK_ACCOUNT_TAKEOVER"` `"SYNTHETIC_IDENTITY"` `"NO_FRAUD"` `"CARD_TESTING"` `"CARD_CHARGEBACK"` `"BANK_CONNECTION_REVOKED"` `"LOAN_STACKING"` `"OTHER"` `"STOLEN_IDENTITY"` `"UNAUTHORIZED_TRANSACTION"` `"MISSED_PAYMENT"` `"USER_ACCOUNT_TAKEOVER"` `"FALSE_IDENTITY"` `"FIRST_PARTY_FRAUD"` `"SCAM_VICTIM"` `"DISPUTE"`
`notes`	String	No	Additional context or details about the report, required if `report_type` is `OTHER`.
`client_id`	String	No	Your Plaid API `client_id`. The `client_id` is required and may be provided either in the `PLAID-CLIENT-ID` header or as part of a request body.
`report_confidence`	String	Yes	The confidence level of the incident report. `CONFIRMED` indicates the incident has been verified and definitively occurred. `SUSPECTED` indicates the incident is believed to have occurred but has not been fully verified. Valid values: `"CONFIRMED"` `"SUSPECTED"`
`incident_event`	Object	No	details about the incident event.
`incident_event.protect_event_id`	String	No	A globally unique identifier representing a Protect event that may be associated with this incident.
`incident_event.time`	String	No	The timestamp when the incident occurred, in ISO 8601 format (e.g., '2020-07-24T03:26:02Z').
`incident_event.signal_client_transaction_id`	String	No	The unique ID used to refer to a Signal transaction evaluation that may be associated with this incident.
`incident_event.amount`	Object	No	The monetary amount associated with the incident.
`incident_event.amount.value`	Number	Yes	The monetary value of the incident amount.
`incident_event.amount.iso_currency_code`	String	No	The ISO-4217 currency code of the incident amount. Defaults to `USD` if not specified. Default value: "USD"
`incident_event.idv_session_id`	String	No	A unique identifier for an Identity Verification session that may be associated with this incident.
`incident_event.internal_reference`	String	No	A unique ID representing the incident in your system. Personally identifiable information, such as an email address or phone number, should not be used in this field.
`incident_event.access_token`	String	No	An access token associated with the Item related to this incident.
`incident_event.link_session_id`	String	No	A unique identifier for a Link session that may be associated with this incident.
`ach_return_code`	String	No	Must be a valid ACH return code (e.g. `R01`), required if `report_type` is `ACH_RETURN`.
`bank_account`	Object	No	Bank account information associated with the incident.
`bank_account.routing_number`	String	No	Routing number of the bank account. Must be present if `account_number` is present.
`bank_account.account_number`	String	No	Full account number of the bank account.
`bank_account.account_id`	String	No	Plaid's unique identifier for the account.
`report_source`	String	Yes	The source that identified or reported the incident. `INTERNAL_REVIEW` - Incident was identified through internal fraud investigations or review processes. `USER_SELF_REPORTED` - Incident was reported directly by the affected user. `BANK_FEEDBACK` - Incident was identified through bank feedback, including ACH returns and connection revocations. `NETWORK_FEEDBACK` - Incident was identified through card network alerts or chargebacks. `AUTOMATED_SYSTEM` - Incident was detected by automated systems such as fraud models or rule engines. `THIRD_PARTY_ALERT` - Incident was identified through external vendor or consortium alerts. `OTHER` - Incident was identified through a source not covered by other categories. Valid values: `"OTHER"` `"BANK_FEEDBACK"` `"AUTOMATED_SYSTEM"` `"THIRD_PARTY_ALERT"` `"INTERNAL_REVIEW"` `"USER_SELF_REPORTED"` `"NETWORK_FEEDBACK"`
`secret`	String	No	Your Plaid API `secret`. The `secret` is required and may be provided either in the `PLAID-SECRET` header or as part of a request body.
`user_id`	String	No	The Plaid User ID associated with the report.

How to start integrating

Add HTTP Task to your workflow definition.
Search for the API you want to integrate with and click on the name.
- This loads the API reference documentation and prepares the Http request settings.
Click Test request to test run your request to the API and see the API's response.