One of the reasons why this error occurs is due to SCA (Strong Customer Authentication) as part of the Regulatory Technical Standards imposed by some banks in Open Banking connections.
Part of SCA is the limiting of sensitive or historical transactional data retrieval to a set period after the initial consent and authentication of an end-user. This means that clients will be allowed to access as much transactional data including direct debits and standing orders as the bank allows for a period of 45 minutes (or 5 minutes, depending on the bank - look for "SCA exemption time" in the bank's coverage) after the initial authentication of an end-user.
After this period, banks that enforce SCA will only return 90 days of transactions. More than this, you will receive an access_denied
error.
Solution
- When first authenticating a new user, obtain as much historical data as the bank allows;
- Do not refresh your initial
access_token
received during a code exchange until all of your historical data is received. Some banks only allow retrieving historical data with the initial token.
More
Monzo displays 88 days instead of an "access denied" error. Read more about it in this article.
Read our blog post to learn more about the implications of Strong Customer Authentication.
Comments
0 comments
Please sign in to leave a comment.