For HSBC, it is important to note that:
- You can only request transactions older than 90 days during the first 60 minutes of consent;
-
Only the first
access_tokenis valid to request the above.
Both points above are a design choice from the bank.
Solution
Make sure not to refresh any HSBC access_tokensuntil you retrieve all the data you need.
The flow should be as follows:
- User authenticates;
- You receive an
authorization_code; - You exchange the code above and receive a pair of
access_tokenandrefresh_token. Do not refresh tokens at this point; - You can retrieve
/accounts,/balanceand/transactions(plus any other necessary endpoints);
Refresh tokens if needed to request more data in the future.
As long as the initial token is maintained during the initial /transactions requests, you should not have a problem requesting historical data.
More
Understand more about SCA limitations in this article.​
See all UK banks SCA validity window in the section "What banks and PSPs are supported in the Data API in the UK? 🇬🇧"
Comments
0 comments
Please sign in to leave a comment.