For HSBC, it is important to note that:
- You can only request transactions older than 90 days during the first 60 minutes of consent;
-
Only the first
access_token
is valid to request the above.
Both points above are a design choice from the bank.
Solution
Make sure not to refresh any HSBC access_tokens
until you retrieve all the data you need.
The flow should be as follows:
- User authenticates;
- You receive an
authorization_code
; - You exchange the code above and receive a pair of
access_token
andrefresh_token
. Do not refresh tokens at this point; - You can retrieve
/accounts
,/balance
and/transactions
(plus any other necessary endpoints);
Refresh tokens if needed to request more data in the future.
As long as the initial token is maintained during the initial /transactions
requests, you should not have a problem requesting historical data.
More
Understand more about SCA limitations in this article.​
See all UK banks SCA validity window in the section "What banks and PSPs are supported in the Data API in the UK? 🇬🇧"
Comments
0 comments
Please sign in to leave a comment.