Guides • Build Banking Apps
Usage and limits
doc

Usage and limits

Our Open Banking API is limited to a global maximum of 100 requests per second per application.

AISP requests

In compliance with Article 36.5 of the SCA RTS (Strong Customer Authentication Regulatory Technical Standards)1, you must not make more than 4 requests for account information over a period of 24 hours for each account, endpoint, and consent, respectively.

This limit may be surpassed in the following scenarios:

  • The user has many transactions, which will not fit in the response payload of a single request, and more requests need to be made in order to obtain all the latest transactions.
    note

    For the subsequent requests to be considered part of the original request, the requests must happen sequentially, one after the other, over a short period of time.

  • The user has many accounts. As the limit is per account, endpoint, and consent, you can make 4 requests per day for each of the consented accounts.
  • The user is actively requesting data. This limit does not apply if you are making requests because the PSU is present and actively requesting data at your end. In such a case, make sure to include with the request the x-fapi-customer-ip-address header containing the IP address of the PSU.
  • The user has just consented access. In such a case, you can make as many requests as needed to obtain all the necessary historical transactions.
    Time restriction

    Access to transactions older than 90 days is only possible during the first 5 minutes after the user authorised the consent. Those 90 days are counted from the moment the request for the transactions is made.

Example

Scenario: A PSU has consented access to 3 accounts – let's call them A, B, and C. Account A has an average of 100 transactions per hour. Accounts B and C have 2 transactions per day on average.

In such a case, we would expect up to:

  • 1 request every 6 hours to the /balances endpoint, for each of the accounts (A, B, C).
  • 1 request every 6 hours to the /transactions endpoint, for each of the two accounts with few transactions (B, C).
  • Several burst requests every 6 hours to the /transactions endpoint for the account with many transactions (A).
  • An arbitrary number of requests to the /balances and /transactions endpoints throughout the day every time the PSU requests information, with the x-fapi-customer-ip-address header included for each request (A, B, C).

Please make sure to stay under these limits.

If you have a specific use case for the API and these limits are a problem, contact our API Support team.


1Article 36.5 of the Strong Customer Authentication Regulatory Technical Standards: UK version | EU version

Was this page helpful?