Data API errors

Error codes for the Data API, and what to do if you receive them.

The following error codes can be returned with the associated HTTP status.

HTTP StatusDescriptionError CodeRetryHow to handle
400The supplied parameters are not valid.validation_errorYesThere's a problem with the request. Read the error message which explains what's wrong with the request specifically.
400Invalid date range provided.invalid_date_rangeNoChange the from and to parameters. Check the Supported Providers page in Console for bank-specific requirements.
400The provider has been deprecated.deprecated_providerNoThe provider has been deprecated. It is no longer supported.
400The provided authorisation grant or refresh token is invalid, expired, revoked, does not match the redirection URI used in the authorization request, or was issued to another client.invalid_grantNoAsk the user to reconnect their account. This most often occurs when a user's 90 days of consent to access their account has expired. It can also be caused by some rare network errors which can cause a user's bank tokens to be made invalid. Either way, the user must reconnect their account.
400The client_id or client_secret are invalid.invalid_clientNoConfirm that your credentials are correct, and that you are using the right credentials for the environment (live or sandbox).
400Your authorization code is incorrect, has expired (if you have used the code more than 5 minutes after you generated it), or you have reused it.invalid_authorization_codeNoCheck that the code is correct when you try to exchange it with an access token.
401The credentials or token are no longer validunauthorizedNoRefresh your access token. The access token may be invalid or expired. You can check for more details in the error description.
401You're using an incorrect auth link, client_id or redirect_uriunauthorized_clientNoCheck that your credentials are correct, that your auth link is valid for the environment that you're using (live or sandbox) and that your redirect_uri is valid and allowlisted in Console.
401The token is no longer validinvalid_tokenNoRefresh your access token. The access token may be invalid or expired. You can check for more details in the error description.
403Access to a specific resource has been denied.access_deniedNoAsk the user to reconnect their account. This error is returned when the access to their account is no longer valid, either because it expired or because the user revoked it themselves.
403The provided credentials encryption key is invalid.invalid_credentials_key
403SCA exemption has expired. This resource is protected and should be accessed shortly after PSU Authentication. In order to access this resource, please have the PSU re-authenticate.sca_exceededNoThe access to that specific endpoint has expired. For example, for some European banks you may only access the /info endpoint, or transactions older than 90 days, during the 5 minutes after the user first grants access. Access to other data (balances, recent transactions) should still be working.
404The requested account cannot be found.account_not_foundNoCheck the accountId parameter used within your request. Confirm this matches an accountId returned from /accounts endpoint.
429Provider rate limit exceeded.provider_too_many_requestsYesInclude the X-PSU-IP header or retry later. Requests exceed the bank's rate limit.
429Maximum number of requests per user allowed by provider exceeded.provider_request_limit_exceededYesInclude the X-PSU-IP header or retry later. The bank has a regulatory limit on how often the account can be accessed (for example, many European banks have a limit of 4 requests for a given user per endpoint per day, unless the user has initiated the request).
500Internal server error.internal_server_errorYesRetry later.
501Feature not supported by the provider.endpoint_not_supportedNoCheck supported endpoints for each provider via our Help Desk FAQ.
503The provider service is unavailable.provider_errorYesRetry later - the bank is currently undergoing maintenance.
503The connector service is currently overloaded.connector_overloadYesRetry later - TrueLayer is currently overloaded.
503The provider service is unavailable.temporarily_unavailableYesRetry later - the bank is experiencing unexpected downtime.
504The provider service timed out.provider_timeoutYesRetry later - the bank is experiencing issues.
504The connector service timed out.connector_timeoutYesRetry later - TrueLayer is experiencing a transient issue.

End-user IP Address

EU banks limit the number of requests that can be made to their API if the request is not initiated by the end-user. These are documented as 429 errors here. In order to avoid this rate limit, you can include the end-user's IP address in your requests to the Data API as follows.

X-PSU-IPstringThe PSU's IP address to be passed on to the bank in order to avoid rate limiting.