For HSBC, it is important to note that:
- You can only request transactions older than 90 days during the first 60 minutes of consent;
- Only the first
access_tokenis valid to request the above.
Both points above are a design choice from the bank.
Make sure not to refresh any HSBC
access_tokensuntil you retrieve all the data you need.
The flow should be as follows:
- User authenticates;
- You receive an
- You exchange the code above and receive a pair of
refresh_token. Do not refresh tokens at this point;
- You can retrieve
/transactions(plus any other necessary endpoints);
Refresh tokens if needed to request more data in the future.
As long as the initial token is maintained during the initial
/transactions requests, you should not have a problem requesting historical data.
Understand more about SCA limitations in this article.
See all UK banks SCA validity window in the section "What banks and PSPs are supported in the Data API in the UK? 🇬🇧"