> ## Documentation Index > Fetch the complete documentation index at: https://docs.yapily.com/llms.txt > Use this file to discover all available pages before exploring further. # Get Data Constraints Rules > Get Data Constraints Rules against an Institution for Account Authorisation requests ## OpenAPI ````yaml /openapi-converted.json get /institutions/constraints/data openapi: 3.0.1 info: description: >- The Yapily API enables connections between your application and users' banks. For more information check out our [documentation](/introduction). In particular, make sure to view our [Getting Started](/getting-started/get-started) steps if this is your first time here. While testing the API, our list of [sandbox credentials](/resources/sandbox/sandbox-credentials) maybe useful. title: Yapily API version: 12.3.4 contact: name: Yapily Support url: https://docs.yapily.com/resources/support email: support@yapily.com servers: - url: https://api.yapily.com security: - basicAuth: [] tags: - description: >- The `Application` is the base entity that is used to interact with the API and contains a collection of `Institution` objects. You can have multiple Applications associated with your account e.g. a production application with live access to each `Institution` and a development application with access to sandboxes. name: Application - description: >- The Users endpoints are used to manage each user (otherwise known as the PSU) in Yapily. Each user belongs to an Application and as a consequence, so do each `Consent` created for a particular `User`. name: Users - description: >- An `Institution` object represents any Account Serving Payment Servicing Provider (ASPSP) that has been integrated and is accessible through the Yapily APIs (ASPSPs are entities that publish Read/Write APIs to permit, with customer consent, payments initiated by third party providers and/or make their customers financial data available to third party providers via their API endpoints). Any one of the following would be represented as Institution: - Traditional banks e.g. Santander - Neo-banks e.g. Monzo - Building societies e.g. Cumberland Building Society name: Institutions - description: >- The Consents endpoints are used to manage each `Consent` created by Yapily in response to an authorisation created for a user. The `Consent` object contains data that identifies a user's consent for a specific `Institution` within a Yapily application. Other than the id of the consent, the `institution-id` for the corresponding `Institution` and the user identifiers (`user-uuid` and `application-user-id`), it contains various details that indicates how the `Consent` can be used. name: Consents - description: >- Before calling [Financial Data](#yapily-api-financial-data) or [Payments](#yapily-api-payments) endpoints, a consent from an end-user must be obtained. Consents are valid for up to 90 days for Financial Data endpoints and have a single-use for Payment endpoints i.e. a new consent must be obtained for each payment. NOTE: A user consent is also referred to as an 'Authorisation'. name: Authorisations - description: >- In order to access a user's Financial Data, you are required to request an [Authorisation](#tag/Authorisations) from the user to share the account information the bank has. Once a `consent-token` is obtained, you can call the necessary Financial Data endpoint(s) to retrieve the user's data. name: Financial Data - description: >- In order to make a Payment on behalf of a user, you are required to request an [Authorisation](#tag/Authorisations) from the user to authorise the user's account to make the payment from. Once a `consent-token` is obtained, you can call the necessary Payments endpoint(s) to execute a payment. name: Payments - description: >+ The Notifications endpoints provide an interactive way for user to receive notifications according to different event-types. This feature is currently in private beta. Please reach out if you require access. name: Notifications - description: >- Variable Recurring Payments enables transfer of money between accounts held by the same person or transfer of money for business payments. In order to make Sweeping Variable Recurring Payments on behalf of a user, you are required to request an [Consent](#tag/Authorisations) from the user by calling the Sweeping Consent endpoint to authorise the user's account to make the payment. Once a `consent-token` is obtained, you can call the Payments endpoint to execute the Sweeping Variable Recurring Payments transaction. Before executing the payment, you have the option to confirm availability of funds in the user's account by calling the Funds Confirmation endpoint. See [VRP Payments](/payments/vrps/additional-information) for more information. name: Variable Recurring Payments - description: Hosted Payment Pages endpoints for payments products name: Hosted Payment Pages - description: Hosted Consent Pages endpoints for data products name: Hosted Consent Pages - description: >- The constraints endpoints can be used to retrieve institution specific data requirements and rules that will apply when performing other operations. name: Constraints - description: >- Application Management endpoints help with creating and managing client sub-applications. name: Application Management - description: 'Data Plus endpoints enable our customers to enrich transaction data. ' name: Data Plus - description: Webhook endpoints name: Webhooks - description: Application Beneficiaries Endpoints name: Application Beneficiaries - description: User Beneficiaries Endpoints name: User Beneficiaries paths: /institutions/constraints/data: get: tags: - Constraints summary: Get Data Constraints Rules description: >- Get Data Constraints Rules against an Institution for Account Authorisation requests operationId: getAccountConstraintsRulesByInstitution parameters: - description: >- Unique Id(s) of the `Institution`(s) to retrieve the Data Constraints for. Multiple institutionIds need to be separated by `,` name: institutionIds required: true in: query schema: type: array items: type: string - description: >- Country code of the `Institution`(s). Ensure that the country code matches the respective institutionIds; any mismatch will result in an HTTP 404 error response. in: query name: institutionCountryCode required: true schema: type: string - description: >- The path on the API that is associated with the operation for which constraints are to be retrieved in: query name: endpointPath required: false schema: type: string - description: >- The HTTP method that is associated with the operation for which constraints are to be retrieved in: query name: endpointMethod required: false schema: type: string enum: - POST - PATCH - PUT - GET - DELETE responses: '200': content: application/json;charset=UTF-8: schema: $ref: '#/components/schemas/ApiListResponseOfDataConstraints' description: Ok '400': content: application/json;charset=UTF-8: examples: 500 Error Response: $ref: '#/components/examples/400-error-response' schema: $ref: '#/components/schemas/ApiResponseError' description: Bad Request. '401': content: application/json;charset=UTF-8: examples: 500 Error Response: $ref: '#/components/examples/401-error-response' schema: $ref: '#/components/schemas/ApiResponseError' description: >- Either authentication credentials were not supplied, or they were invalid. '404': content: application/json;charset=UTF-8: examples: 500 Error Response: $ref: '#/components/examples/404-error-response' schema: $ref: '#/components/schemas/ApiResponseError' description: Not Found. '500': content: application/json;charset=UTF-8: examples: 500 Error Response: $ref: '#/components/examples/500-error-response' schema: $ref: '#/components/schemas/ApiResponseError' description: Unexpected Error components: schemas: ApiListResponseOfDataConstraints: type: object properties: meta: $ref: '#/components/schemas/ResponseMeta' data: type: array items: $ref: '#/components/schemas/DataConstraintsResponse' example: meta: tracingId: a43049c1dbc04d6f8c8e2dfdc523217a data: - institutionId: mock-sandbox institutionCountryCode: GB endpointPath: /account-auth-requests endpointMethod: POST request: headers: title: Header type: object properties: psuID: title: PSU Id type: string description: __Mandatory__. The psu id body: required: - institutionId type: object properties: userUuid: title: User UUID type: string format: uuid institutionId: title: Institution Identifier type: string description: >- __Mandatory__. The reference to the `Institution` which identifies which institution the authorisation request is sent to. example: yapily-mock oneTimeToken: title: One Time Token type: boolean description: >- __Conditional__. Used to receive a `oneTimeToken` rather than a `consentToken` at the `callback` for additional security. This can only be used when the `callback` is set. See [Using a callback with an OTT (Optional)](/open-banking-flow/handling-redirects/callback-url) for more information. example: false callback: title: Callback type: string description: >- __Optional__. The server to redirect the user to after the user complete the authorisation at the `Institution`. See [Using a callback (Optional)](/open-banking-flow/handling-redirects/callback-url) for more information. example: https://display-parameters.com accountRequest: title: Account Request type: object properties: transactionFrom: title: Transaction From Date type: string description: >- __Optional__. Used to specify the lower bound on when to pull transaction. This should be declared when accessing transaction older than 90 days for banks in the [CBI Globe](/data/financial-data-resources/data-restrictions#cbi-globe-gateway). format: date-time transactionTo: title: Transaction To Date type: string description: >- __Optional__. When performing a request using the consent, this is the latest date of transaction records that can be retrieved. format: date-time expiresAt: title: Expires At type: string description: >- __Optional__. Used to set a hard date for when the user's associated `Consent` will expire. **Note**: If this supported by the bank, specifying this is property is opting out of having a long-lived consent that can be perpetually re-authorised by the user. This will add an `expiresAt` field on the `Consent` object which will render it unusable after this date. **Note**: This is not supported by every `Institution`. In such case, the request will not fail but the property will be ignored and the created `Consent` will not have an expiry date. format: date-time accountIdentifiers: title: Account Info required: - accountIdentification type: object properties: accountId: type: string description: __Conditional__. Unique identifier of the account. example: '500000000000000000000001' accountIdentification: title: Account Identifications required: - identification - type type: object properties: type: enum: - SORT_CODE - ACCOUNT_NUMBER - IBAN - BBAN - BIC - PAN - MASKED_PAN - MSISDN - BSB - NCC - ABA - ABA_WIRE - ABA_ACH - EMAIL - ROLL_NUMBER - BLZ - IFS - CLABE - CTN - BRANCH_CODE - VIRTUAL_ACCOUNT_ID title: Account Identification Type type: string description: >- __Mandatory__. Used to describe the format of the account. See [Account Identification Combinations](/payments/payment-resources/intro-to-payment-execution#account-identifications-combinations) for more information on when to specify each type. example: SORT_CODE identification: title: Account Identification type: string description: >- __Mandatory__. The value associated with the account identification type. See [Account Identification Combinations](/payments/payment-resources/intro-to-payment-execution#account-identifications-combinations) for more information on the format of the values. example: '401016' description: >- __Conditional__. Used to create a request for the balance of the account specified. Once the user authorises the request, only the balance can be obtained by executing [GET Account Balances](./#get-account-balances). This can be specified in conjunction with `accountIdentifiersForTransaction` to generate a `Consent` that can both access the accounts balance and transactions. accountIdentifiersForTransaction: type: array items: required: - accountIdentification type: object properties: accountId: type: string description: >- __Conditional__. Unique identifier of the account. example: '500000000000000000000001' accountIdentification: title: Account Identifications required: - identification - type type: object properties: type: enum: - SORT_CODE - ACCOUNT_NUMBER - IBAN - BBAN - BIC - PAN - MASKED_PAN - MSISDN - BSB - NCC - ABA - ABA_WIRE - ABA_ACH - EMAIL - ROLL_NUMBER - BLZ - IFS - CLABE - CTN - BRANCH_CODE - VIRTUAL_ACCOUNT_ID title: Account Identification Type type: string description: >- __Mandatory__. Used to describe the format of the account. See [Account Identification Combinations](/payments/payment-resources/intro-to-payment-execution#account-identifications-combinations) for more information on when to specify each type. example: SORT_CODE identification: title: Account Identification type: string description: >- __Mandatory__. The value associated with the account identification type. See [Account Identification Combinations](/payments/payment-resources/intro-to-payment-execution#account-identifications-combinations) for more information on the format of the values. example: '401016' description: >- __Conditional__. Used to create a request for the transactions of the account specified. Once the user authorises the request, only the transactions can be obtained by executing [GET Account Transactions](./#get-account-transactions). This can be specified in conjunction with `accountIdentifiersForBalance` to generate a `Consent` that can both access the accounts balance and transactions. accountIdentifiersForBalance: type: array items: required: - accountIdentification type: object properties: accountId: type: string description: >- __Conditional__. Unique identifier of the account. example: '500000000000000000000001' accountIdentification: title: Account Identifications required: - identification - type type: object properties: type: enum: - SORT_CODE - ACCOUNT_NUMBER - IBAN - BBAN - BIC - PAN - MASKED_PAN - MSISDN - BSB - NCC - ABA - ABA_WIRE - ABA_ACH - EMAIL - ROLL_NUMBER - BLZ - IFS - CLABE - CTN - BRANCH_CODE - VIRTUAL_ACCOUNT_ID title: Account Identification Type type: string description: >- __Mandatory__. Used to describe the format of the account. See [Account Identification Combinations](/payments/payment-resources/intro-to-payment-execution#account-identifications-combinations) for more information on when to specify each type. example: SORT_CODE identification: title: Account Identification type: string description: >- __Mandatory__. The value associated with the account identification type. See [Account Identification Combinations](/payments/payment-resources/intro-to-payment-execution#account-identifications-combinations) for more information on the format of the values. example: '401016' description: >- __Conditional__. Used to create a request for the transactions of the account specified. Once the user authorises the request, only the transactions can be obtained by executing [GET Account Transactions](./#get-account-transactions). This can be specified in conjunction with `accountIdentifiersForBalance` to generate a `Consent` that can both access the accounts balance and transactions. featureScope: title: Feature Scope type: array items: type: string description: >- Used to describe what functions are supported by the associated `Institution` description: Account authorisation request schema description: >- The request body containing an `AccountAuthorisationRequest` json payload ApiResponseError: type: object properties: error: $ref: '#/components/schemas/ApiError' raw: deprecated: true type: array items: $ref: '#/components/schemas/RawResponse' description: >- Used to return errors from the bank from each request - `400` - Returned by any `POST` endpoint when the body does not conform to the contract - `401` - Returned by any endpoint when an invalid `authToken` is used for authentication - `403` - Returned by any [Financial Data](/api-reference#financial-data) and any [Payments](/api-reference#payments) endpoint when the `Consent` is no longer authorised to access financial data or to make a payment - `404` - Returned by any endpoint where there are path parameters and the path parameters supplied are unable to find the desired resource - `409` - Returned by any `POST` endpoint when creating a resource that conflicts with any other existing resource e.g. [Create User](/api-reference/addUser) - `424` - Returned by any [Financial Data](/api-reference#financial-data) and any [Payments](/api-reference#payments) endpoint when the feature to be accessed is not supported by the `Institution`. - `500` - Returned by any endpoint when Yapily is down. If you encounter any false positives, please [notify us](mailto:support@yapily.com) example: error: tracingId: 74b13ce8ed51419f92c5d609e04532de code: 424 institutionError: errorMessage: >- {"Code":"500 Internal Server Error","Id":"5ff8d331-4282-41e0-b5ef-1ac9ac39f009","Message":"Technical Error. Please try again later","Errors":[{"ErrorCode":"UK.OBIE.UnexpectedError","Message":"There was a problem processing your request. Please try again later"}]} httpStatusCode: 500 source: INSTITUTION status: FAILED_DEPENDENCY ResponseMeta: type: object properties: tracingId: type: string DataConstraintsResponse: required: - institutionId - institutionCountry - request type: object properties: institutionId: type: string description: The id to represent the `Institution`. example: modelo-sandbox institutionCountryCode: type: string description: 2 letter ISO Country code of the `Institution`. example: GB endpointPath: type: string description: Define the applicable API end point. endpointMethod: type: string description: Https Method for the endpoint. request: $ref: '#/components/schemas/RequestConstraints' ApiError: type: object description: Provides details of the error that has occurred. properties: code: type: integer description: __Mandatory__. Numeric `HTTP` status code associated with the error. format: int32 institutionError: $ref: '#/components/schemas/InstitutionError' message: type: string description: >- __Mandatory__. Description of the exact error that has been experienced. source: type: string status: type: string description: __Mandatory__. Textual description of the `HTTP` error status type. tracingId: type: string description: >- __Optional__. A unique identifier assigned by Yapily for the request that can be used for support purposes. RawResponse: deprecated: true type: object description: >- [DEPRECATED] Interaction (raw request and response) that occurred with the `Institution` in order to fulfil a request. properties: request: $ref: '#/components/schemas/RawRequest' duration: type: string format: iso8601 headers: type: object additionalProperties: type: string resultCode: type: integer format: int32 result: type: object RequestConstraints: required: - body type: object description: Object defining the constraints rules applicable for a given requests. properties: headers: $ref: '#/components/schemas/Schema' body: $ref: '#/components/schemas/Schema' InstitutionError: type: object description: >- Raw error details provided by the `Institution`, when it was the error source. properties: errorMessage: type: string description: Textual description of the `Institution` error. httpStatusCode: type: integer description: Numeric HTTP status code associated with the `Institution` error. format: int32 RawRequest: type: object properties: method: type: string url: type: string requestInstant: type: string format: date-time headers: type: object additionalProperties: type: string body: type: object bodyParameters: type: object additionalProperties: type: string startTime: type: string format: date-time startedAt: type: string format: date-time deprecated: true Schema: type: object properties: $ref: ad3d4b7e-e601-4dd9-9190-edd12bf2db7e title: type: string maximum: type: number exclusiveMaximum: type: number minimum: type: number exclusiveMinimum: type: number pattern: type: string format: regex maxItems: type: integer minimum: 0 minItems: type: integer minimum: 0 uniqueItems: type: boolean required: type: array items: type: string minItems: 1 uniqueItems: true enum: type: array items: {} minItems: 1 uniqueItems: false type: $ref: '#/components/schemas/SchemaType' contains: $ref: '#/components/schemas/Schema' not: $ref: '#/components/schemas/Schema' if: $ref: '#/components/schemas/Schema' then: $ref: '#/components/schemas/Schema' else: $ref: '#/components/schemas/Schema' allOf: type: array items: $ref: '#/components/schemas/Schema' oneOf: type: array items: $ref: '#/components/schemas/Schema' anyOf: type: array items: $ref: '#/components/schemas/Schema' items: $ref: '#/components/schemas/Schema' properties: type: object additionalProperties: $ref: '#/components/schemas/Schema' description: type: string format: type: string default: {} example: {} dependentRequired: description: >- dependentRequired keyword is used to satisfy dependency between fields type: object additionalProperties: type: array items: type: string uniqueItems: true default: [] $defs: type: object additionalProperties: $ref: '#/components/schemas/Schema' x-yapily-annotations: type: object properties: lastUpdatedAt: type: string format: date-time x-yapily-validations: type: object properties: maxDurationFromNow: type: string format: duration additionalProperties: false SchemaType: type: string enum: - array - boolean - integer - number - object - string examples: 400-error-response: description: 400 Error value: error: tracingId: 0c2d0973bdd24224a65e5d0f7d1b6154 code: 400 status: BAD_REQUEST supportUrl: https://support.yapily.com/ source: YAPILY issues: - type: BAD_REQUEST code: 10600 message: >- The server could not understand the request due to invalid syntax 401-error-response: description: 401 Error value: error: tracingId: 0c2d0973bdd24224a65e5d0f7d1b6154 code: 401 status: UNAUTHORIZED supportUrl: https://support.yapily.com/ source: YAPILY issues: - type: CREDENTIALS code: 10700 message: Authorization header invalid or credentials not authenticated 404-error-response: description: 404 Error value: error: tracingId: 0c2d0973bdd24224a65e5d0f7d1b6154 code: 404 status: NOT FOUND supportUrl: https://support.yapily.com/ source: YAPILY issues: - type: INVALID_REQUEST code: 10800 message: Resource not found 500-error-response: description: 500 Error value: error: tracingId: 0c2d0973bdd24224a65e5d0f7d1b6154 code: 500 status: INTERNAL SERVER ERROR supportUrl: https://support.yapily.com/ source: YAPILY issues: - type: INTERNAL_SERVER_ERROR code: 11000 message: Unexpected server error securitySchemes: basicAuth: description: >- Use HTTP Basic Authentication with your Application ID as username and Application Secret as password. Manage credentials in the [Yapily Console](https://console.yapily.com/). See [Authentication](/api-reference/authentication) for details. scheme: basic type: http ````