Account and Transaction API Specification

Name: Account and Transaction API Specification API
Brand: Account and Transaction API Specification
Availability: InStock

✓ Official Vendor SpecFinanceBankingoauth229 EndpointsREST

For Agents

Read UK bank account, balance, transaction, and direct-debit data through the regulated Open Banking AISP standard's 29 endpoints, using consent-scoped OAuth 2.0.

Quickstart

Get started with Account and Transaction API Specification in minutes using your preferred integration method.

# Add to your MCP client config (Claude Desktop, Cursor, Windsurf)
{
  "jentic": {
    "url": "https://api.jentic.com/mcp",
    "auth": "oauth"
  }
}

# Then ask your agent:
"read uk bank account transactions"

# → Jentic returns the GET /events tool with parameter schema, agent executes.

Capabilities

What an agent can do with Account and Transaction API Specification API.

Create an account-access-consent that the PSU then authorises before any data is read

List the accounts a PSU has authorised the TPP to access

Retrieve the latest balance for a single account

Pull paginated transactions for an account, filtered by date range

GET STARTED

Start building with Account and Transaction API Specification API

Explore with Jentic

View OpenAPI Spec

The UK Open Banking Account and Transaction API (AISP) is the standard interface that account-information service providers use to read PSU bank data from regulated UK banks. It defines 29 endpoints covering account access consents, account lists, balances, transactions, beneficiaries, direct debits, standing orders, statements, products, and parties. The flow uses two OAuth 2.0 schemes: TPP client credentials for consent setup and PSU authorization-code SCA for resource access. Every ASPSP that complies with the standard exposes the same operations under their own /open-banking/v4.0/aisp base path.

Use Cases

Patterns agents use Account and Transaction API Specification API for, with concrete tasks.

★ Personal Finance Aggregation

Power a personal finance app that aggregates balances and transactions from every UK bank account a user has authorised. After the PSU authorises an account-access-consent, the app calls /accounts to enumerate consented accounts, then /accounts/{AccountId}/transactions and /accounts/{AccountId}/balances to refresh the dashboard. The standard guarantees the same shape across every regulated UK ASPSP, so adding a new bank requires no per-bank schema work.

After consent authorisation, call GET /accounts then loop GET /accounts/{AccountId}/transactions for each account between fromBookingDateTime and toBookingDateTime.

Affordability and Underwriting Checks

Run affordability checks for credit, lending, or rental decisions by reading 90 days of transactions and recurring payments straight from the borrower's bank. The API exposes /accounts/{AccountId}/standing-orders and /accounts/{AccountId}/direct-debits so an agent can compute committed outflows alongside incoming salary credits, replacing manual statement uploads.

Pull 90 days of transactions via GET /accounts/{AccountId}/transactions, then GET /accounts/{AccountId}/direct-debits and standing-orders, and compute net affordability for the consented account.

Accounting Bank Feed

Feed UK bank transactions directly into accounting software so SMEs see their ledger update in near-real-time. The TPP creates a long-lived account-access-consent, then schedules calls to /accounts/{AccountId}/transactions to pull deltas. Statements available at /accounts/{AccountId}/statements provide month-end reconciliation evidence.

Schedule a daily GET /accounts/{AccountId}/transactions filtered to the previous day's bookingDateTime range and post each transaction into the accounting ledger.

Consent Lifecycle Management

Expose a 'connected banks' settings screen where users see active consents and can revoke them on demand. The agent calls GET /account-access-consents/{ConsentId} to read consent state and DELETE /account-access-consents/{ConsentId} to revoke. This is required by the Open Banking standard to give PSUs control over their data.

List active consents from the local store, validate each with GET /account-access-consents/{ConsentId}, and call DELETE /account-access-consents/{ConsentId} for those the user revokes.

AI Agent Bank Data Tool via Jentic

Give an AI agent a regulated bank-data tool through Jentic. The agent searches Jentic by intent, loads the schema for the specific AISP operation, and executes with the consented PSU access token held in the Jentic vault. Because consents are scoped to specific accounts and resource types, the agent's blast radius is bounded by what the user authorised.

Use Jentic search 'read uk bank account transactions', load the GET /accounts/{AccountId}/transactions schema, and execute with a consented AccountId and date range.

Key Endpoints

29 endpoints — the uk open banking account and transaction api (aisp) is the standard interface that account-information service providers use to read psu bank data from regulated uk banks.

METHOD

PATH

DESCRIPTION

POST

/account-access-consents

Create a new account-access-consent

GET

/account-access-consents/{ConsentId}

Retrieve the state of a consent

DELETE

/account-access-consents/{ConsentId}

Revoke a consent

GET

/accounts

List authorised accounts for the PSU

GET

/accounts/{AccountId}

Retrieve a single account

GET

/accounts/{AccountId}/balances

Get the latest balance for an account

GET

/accounts/{AccountId}/direct-debits

List direct debits on an account

GET

/accounts/{AccountId}/standing-orders

List standing orders on an account

POST

/account-access-consents

Create a new account-access-consent

GET

/account-access-consents/{ConsentId}

Retrieve the state of a consent

DELETE

/account-access-consents/{ConsentId}

Revoke a consent

GET

/accounts

List authorised accounts for the PSU

GET

/accounts/{AccountId}

Retrieve a single account

Why though Jentic?

Three things that make agents converge on Jentic-routed access.

Credential isolation

Both the TPPOAuth2Security client_credentials token and the PSU authorization_code access token are stored encrypted in the Jentic vault. Agents make AISP calls through Jentic and the correct token type is selected automatically per operation, so the raw bearer never enters agent context.

Intent-based discovery

Agents search Jentic by intent (for example 'read uk bank account transactions') and Jentic returns the right /accounts, /accounts/{AccountId}/transactions, or consent operation with its parameter schema and required permission scopes.

Time to first call

Direct integration with even one ASPSP: 4-8 weeks for QSeal certificate setup, dynamic client registration, consent flow, SCA, and per-bank quirks. Through Jentic with credentials provisioned: 1-2 days to wire the agent to the standard operations.

Related APIs

Alternatives and complements available in the Jentic catalogue.

Alternative

Plaid API

Aggregator API for bank data across the US, UK, EU, and Canada with a single integration.

Pick Plaid when multi-region coverage matters more than direct adherence to the UK Open Banking spec, or when a single SDK across geographies is preferred.

Alternative

TrueLayer API

European Open Banking aggregator providing AISP and PISP behind one API.

Use TrueLayer when the team wants a single AISP/PISP API across UK and EU banks instead of integrating with each ASPSP directly.

Complementary

Open Banking Confirmation of Funds

CBPII standard for checking whether sufficient funds exist before a card payment.

Use Confirmation of Funds alongside AISP when the use case needs a yes/no funds check rather than full transaction history.

Complementary

Open Banking Event Notifications

Standard for ASPSPs to notify TPPs of consent or resource events.

Pair with AISP when the TPP needs push notifications about consent expiry or resource changes rather than polling.

FAQs

Specific to using Account and Transaction API Specification API through Jentic.

What authentication does the Open Banking AISP API use?

Two OAuth 2.0 schemes are required by the standard. TPPOAuth2Security uses client_credentials and is used by the TPP to create and manage the account-access-consent. PSUOAuth2Security uses authorization_code with strong customer authentication so the PSU can authorise the TPP to read their data. Through Jentic both tokens are held in the encrypted vault and never enter agent context.

Can I retrieve transactions for a specific account through this API?

Yes. Once the PSU has authorised an account-access-consent that includes the ReadTransactionsBasic and ReadTransactionsDetail permissions, call GET /accounts/{AccountId}/transactions with optional fromBookingDateTime and toBookingDateTime query parameters to page the booked and pending transactions for that account.

What are the rate limits for the Open Banking AISP API?

Rate limits are set by each ASPSP rather than the standard itself. The Open Banking specification mandates that ASPSPs publish their limits and that TPPs must back off on HTTP 429. Many large UK banks publish limits in the region of 4 requests per second per consent for transaction calls — always honour the bank's own published numbers.

How do I revoke a consent through Jentic?

Use the Jentic search query 'revoke an open banking account access consent', select DELETE /account-access-consents/{ConsentId}, load the schema, and execute with the ConsentId. Jentic attaches the TPP client_credentials token from the vault so the call is authorised.

Can I read standing orders and direct debits with this API?

Yes. With ReadStandingOrdersDetail and ReadDirectDebits in the consent permissions, GET /accounts/{AccountId}/standing-orders and GET /accounts/{AccountId}/direct-debits return the recurring outflows on the account, including amount, frequency, and next-payment date.

Which UK banks expose this API?

Every regulated UK ASPSP (the CMA9 plus all other authorised banks and building societies) implements this version of the Account and Transaction API at their own /open-banking/v4.0/aisp base path. The same OpenAPI spec describes them all; only the host and authorisation server change per bank.