One of the reasons why this error might happen is due to SCA (Strong Customer Authentication) as part of the Regulatory Technical Standards imposed by some banks in Open Banking connections.
Part of SCA is the limiting of sensitive or historical transactional data retrieval to a set period after the initial consent and authentication of an end-user. In real terms, this means that clients will be allowed to access as much transactional data including direct debits and standing orders as the bank allows for a period of 45 minutes (or 5 minutes, depending on the bank - look for "SCA exemption time" in the bank's coverage) after the initial authentication of an end-user.
After this period, banks that enforce SCA will only return 90 days of transactions. More than this, you will receive an
What to do next?
- When first authenticating a new user, obtain as much historical data as the bank allows;
- Do not refresh your initial
access_tokenreceived during a code exchange until all of your historical data is received. Some banks only allow retrieving historical data with the initial token.
If you need more information...
Monzo displays 88 days instead of an "access denied" error. Read more about it in this article.
Read our blog post to learn more about the implications of Strong Customer Authentication.