Our Open Banking API is limited to a global maximum of 100 requests per second per application.
In compliance with Article 36.5 of the SCA RTS (Strong Customer Authentication Regulatory Technical Standards)1, you must not make more than 4 requests for account information over a period of 24 hours for each account, endpoint, and consent, respectively.
This limit may be surpassed in the following scenarios:
For the subsequent requests to be considered part of the original request, the requests must happen sequentially, one after the other, over a short period of time.
x-fapi-customer-ip-address
header containing the IP address of the PSU.Access to transactions older than 90 days is only possible during the first 5 minutes after the user authorised the consent. Those 90 days are counted from the moment the request for the transactions is made.
Scenario: A PSU has consented access to 3 accounts – let's call them A, B, and C. Account A has an average of 100 transactions per hour. Accounts B and C have 2 transactions per day on average.
In such a case, we would expect up to:
/balances
endpoint, for each of the accounts (A, B, C)./transactions
endpoint, for each of the two accounts with few transactions (B, C)./transactions
endpoint for the account with many transactions (A)./balances
and /transactions
endpoints throughout the day every time the PSU requests information, with the x-fapi-customer-ip-address
header included for each request (A, B, C).Please make sure to stay under these limits.
If you have a specific use case for the API and these limits are a problem, contact our API Support team.
1Article 36.5 of the Strong Customer Authentication Regulatory Technical Standards: UK version | EU version