Data API errors
Error codes for the Data API, and what to do if you receive them.
The following error codes can be returned with the associated HTTP status.
| HTTP Status | Description | Error Code | Retry | How to handle |
|---|---|---|---|---|
200 | Success | |||
400 | The supplied parameters are not valid. | validation_error | Yes | There's a problem with the request. Read the error message which explains what's wrong with the request specifically. |
400 | Invalid date range provided. | invalid_date_range | No | Change the from and to parameters. Check the Supported Providers page in Console for bank-specific requirements. |
400 | The provider has been deprecated. | deprecated_provider | No | The provider has been deprecated. It is no longer supported. |
400 | The provided authorisation grant or refresh token is invalid, expired, revoked, does not match the redirection URI used in the authorization request, or was issued to another client. | invalid_grant | No | Ask the user to reconnect their account. This most often occurs when a user's 90 days of consent to access their account has expired. It can also be caused by some rare network errors which can cause a user's bank tokens to be made invalid. Either way, the user must reconnect their account. |
400 | The client_id or client_secret are invalid. | invalid_client | No | Confirm that your credentials are correct, and that you are using the right credentials for the environment (live or sandbox). |
400 | Your authorization code is incorrect, has expired (if you have used the code more than 5 minutes after you generated it), or you have reused it. | invalid_authorization_code | No | Check that the code is correct when you try to exchange it with an access token. |
401 | The credentials or token are no longer valid | unauthorized | No | Refresh your access token. The access token may be invalid or expired. You can check for more details in the error description. |
401 | You're using an incorrect auth link, client_id or redirect_uri | unauthorized_client | No | Check that your credentials are correct, that your auth link is valid for the environment that you're using (live or sandbox) and that your redirect_uri is valid and allowlisted in Console. |
401 | The token is no longer valid | invalid_token | No | Refresh your access token. The access token may be invalid or expired. You can check for more details in the error description. |
403 | Access to a specific resource has been denied. | access_denied | No | Ask the user to reconnect their account. This error is returned when the access to their account is no longer valid, either because it expired or because the user revoked it themselves. |
403 | The provided credentials encryption key is invalid. | invalid_credentials_key | ||
403 | SCA exemption has expired. This resource is protected and should be accessed shortly after PSU Authentication. In order to access this resource, please have the PSU re-authenticate. | sca_exceeded | No | The access to that specific endpoint has expired. For example, for some European banks you may only access the /info endpoint, or transactions older than 90 days, during the 5 minutes after the user first grants access. Access to other data (balances, recent transactions) should still be working. |
404 | The requested account cannot be found. | account_not_found | No | Check the accountId parameter used within your request. Confirm this matches an accountId returned from /accounts endpoint. |
429 | Provider rate limit exceeded. | provider_too_many_requests | Yes | Include the X-PSU-IP header or retry later. Requests exceed the bank's rate limit. |
429 | Maximum number of requests per user allowed by provider exceeded. | provider_request_limit_exceeded | Yes | Include the X-PSU-IP header or retry later. The bank has a regulatory limit on how often the account can be accessed (for example, many European banks have a limit of 4 requests for a given user per endpoint per day, unless the user has initiated the request). |
500 | Internal server error. | internal_server_error | Yes | Retry later. |
501 | Feature not supported by the provider. | endpoint_not_supported | No | Check supported endpoints for each provider via our Help Desk FAQ. |
503 | The provider service is unavailable. | provider_error | Yes | Retry later - the bank is currently undergoing maintenance. |
503 | The connector service is currently overloaded. | connector_overload | Yes | Retry later - TrueLayer is currently overloaded. |
503 | The provider service is unavailable. | temporarily_unavailable | Yes | Retry later - the bank is experiencing unexpected downtime. |
504 | The provider service timed out. | provider_timeout | Yes | Retry later - the bank is experiencing issues. |
504 | The connector service timed out. | connector_timeout | Yes | Retry later - TrueLayer is experiencing a transient issue. |
End-user IP Address
EU banks limit the number of requests that can be made to their API if the request is not initiated by the end-user. These are documented as 429 errors here. In order to avoid this rate limit, you can include the end-user's IP address in your requests to the Data API as follows.
| Field | Type | Description |
|---|---|---|
X-PSU-IP | string | The PSU's IP address to be passed on to the bank in order to avoid rate limiting. |
Updated 6 months ago