AIS Data Restrictions

AIS Data Restrictions that Yapily is aware of

Historical Data

When executing Get Transactions, the amount of historical data provided by each Institution is ultimately decided by the Institution. By default, each Institution should provide a minimum of 90 days of historical transactions, however, the amount of transactions available tends to vary across regions e.g. in the UK, it is common to receive several years whereas a European Institution is more likely to only provide 90 days worth of history.

Institution Restrictions

Some restrictions are not always commonly shared across each region and are more Institution specific. One example of this is Intesa Sanpaolo which limits the amount of transactions you can obtain to a window of 2 weeks at a time. As these Institution specific restrictions are less common, Yapily will pass on such restrictions via the API error response.

Limited Access

As part of the European Banking Authority's (EBA) Regulatory Technical Standards (RTS), it is in Article 31(5) that:

Account information service providers shall be able to access information from designated payment accounts and associated payment transactions held by account servicing payment service providers for the purposes of performing the account information service... where the payment service user is not actively requesting such information, no more than four times in a 24 hour period, unless a higher frequency is agreed between the account information service provider and the account servicing payment service provider, with the payment service user’s consent.

As a result, without the PSU actively requesting for their information, you should expect an Institution to limit the number of times you can call any of the AIS data endpoints to a maximum of four times in a single 24 hour period. This limit is reset at the end of the 24 hour period but subsequent calls after this limit will fail until the next 24 hour period. This will typically apply to EU banks but not UK.

The error message will ultimately depend on the Institution, but we will always provide HTTP response 429 for this scenario. For instance, Intesa Sanpaolo returns the following error message:

"code" : "ACCESS_EXCEEDED",
"text" : "The access on the account has been exceeding the consented multiplicity per day.",
"category" : "ERROR"