Quickstart: Retrieve test bank data

Learn how to connect with our Data API and retrieve bank data in a few quick steps.

In this guide, you'll connect with our Data API and retrieve test bank data. To do this, you will need to:

  1. Generate an authentication link. This link provides a simple user interface for your users to connect their bank accounts.
  2. Log in to our Mock Bank account and obtain an access_token. You'll use this access_token to get sample data including accounts, transactions and balances.

Before you start

Sign up to Console and create an app. If this is your first time using Console, follow our Create a Console account quickstart guide to get up and running fast.

Configure Postman

First, download and configure the sandbox Data Postman collection.

This collection contains preconfigured requests to retrieve sample data and generate code snippets in various languages.

You can also download the live Postman collection and environment.

Authorise a test user

Build an auth link

An auth link is just a URL. When your user opens it, TrueLayer takes them
through connecting their bank, then sends them back to your app with a code
you exchange for an access token.

You build the link yourself by adding query parameters to TrueLayer's
authorisation server URL. This page shows you how, step by step.

Before you start

You need two things from Console:

  1. Your client_id — find it in your app's settings.
  2. A registered redirect URI — the page TrueLayer returns the user to after
    they connect their bank. It must be added to your app in Console before you
    use it in a link. If you're just testing, add and use
    https://console.truelayer.com/redirect-page, which displays the code in
    your browser.

The anatomy of an auth link

Every auth link starts with the same base URL, followed by a ? and a list of
parameters joined by &:

https://auth.truelayer.com/?parameter1=value1&parameter2=value2

The four required parameters

Start with these four — they're all you need for a working link:

ParameterWhat to put
response_typeAlways code.
client_idYour client_id from Console.
redirect_uriA redirect URI registered against your app in Console.
scopeThe data you're asking for — a space-separated list (see Scopes).
📘

One strongly recommended extra: state

state is any value you choose (for example, your own ID for the user). TrueLayer
hands it back to you on the redirect, so you can tell which user just connected.
It's optional but we recommend always including it.

Choose your scopes

Scopes decide what data you can access. List them in the scope parameter,
separated by spaces. A few rules to remember:

  • accounts and cards are the starting points.
  • balance and transactions are add-ons — each must be paired with accounts
    or cards (for example, accounts balance).
  • Add offline_access if you need ongoing access (it gives you a refresh_token).

For example, to read a user's accounts, balances, and transactions:

info accounts balance transactions

See Scopes for the full list.

Build a complete auth link

1. Start with the base URL and response_type:

https://auth.truelayer.com/?response_type=code

2. Add your client_id:

https://auth.truelayer.com/?response_type=code&client_id=yourapp-abc123

3. Add your redirect_uri:

https://auth.truelayer.com/?response_type=code&client_id=yourapp-abc123&redirect_uri=https://console.truelayer.com/redirect-page

4. Add your scope. Because parameter values can't contain raw spaces,
replace each space with %20 (this is called URL encoding):

https://auth.truelayer.com/?response_type=code&client_id=yourapp-abc123&redirect_uri=https://console.truelayer.com/redirect-page&scope=info%20accounts%20balance

5. Add state (recommended):

https://auth.truelayer.com/?response_type=code&client_id=yourapp-abc123&redirect_uri=https://console.truelayer.com/redirect-page&scope=info%20accounts%20balance&state=user-1234

That's a complete, working auth link.

Test your auth link with Mock Bank

To try your link end to end without a real bank, add providers=uk-cs-mock.
This makes TrueLayer's fictitious Mock Bank available in the bank selection
screen:

https://auth.truelayer.com/?response_type=code&client_id=yourapp-abc123&redirect_uri=https://console.truelayer.com/redirect-page&scope=info%20accounts%20balance&state=user-1234&providers=uk-cs-mock

Open the link, choose Mock Bank, and log in with a set of Mock Bank credentials (for example, username john, password doe). You'll be redirected to your redirect URI with a code in the URL. The next step is to exchange this for an access token.

⚠️

Common mistakes

  • redirect_uri not registered: the URI in your link must exactly match one
    saved in Console (including https:// and any trailing path). A mismatch is the
    most common cause of errors.

  • Raw spaces in scope: always encode spaces as %20.

  • Reusing a link: each auth link starts a single auth session. Generate a new
    one every time a user connects or reconnects.

  • Missing response_type=code: it's required and must be exactly code.

Advanced options

Once your basic link works, you can add optional parameters to skip screens, set the language, use PKCE, and more — see Auth link parameters for the full list.

Get an access token

To get a sandbox access token:

  1. In Postman, select the TrueLayer Data Products Sandbox environment.
  2. Add values to the following variables within the environment:
    • client_id : Your sandbox client_id
    • client_secret : Your sandbox client_secret
    • redirect_uri : This variable already contains the default redirect URI from Console, but you can change it if you need to.
  3. Go to Exchange code for access token.
  4. In the Body tab, scroll down to the code parameter. Input the code you got from the test auth link.
  5. Send the request. If successful, the response contains an access_token. This saves automatically.
📘

A note on responses

If you enabled the offline_access permission in Console, the response also includes a refresh_token. Use it to renew the access_token — see Renew an access token with a refresh token.

Access sample data

Now you have your access token, run any of the Data API requests to retrieve sample account numbers, transaction data or personal information.

For example: the List all accounts request within the Data > Accounts folder retrieves all account information for the given set of credentials.


Next steps

See Overview for more information including available data and supported countries.

Did this page help you?