Obtain a secret_id and secret_key from the GoCardless Bank Account Data dashboard and exchange them for a short-lived access token by POSTing to the /api/v2/token/new/ endpoint.
Create an end-user agreement by POSTing to /api/v2/agreements/enduser/ specifying the institution_id (from the institutions list endpoint), access_scope, and access_valid_for_days.
Build a requisition by POSTing to /api/v2/requisitions/ with the agreement id, redirect URL, and institution_id; the response contains a link — redirect the user to this URL to complete bank authentication.
After the user returns to your redirect URL, retrieve the requisition by GET /api/v2/requisitions/{id}/ and extract the accounts array of account IDs.
Fetch balances and transactions for each account via GET /api/v2/accounts/{id}/balances/ and GET /api/v2/accounts/{id}/transactions/ respectively.
Refresh the access token before it expires (default 24 hours) using the refresh token returned in step 1 by POSTing to /api/v2/token/refresh/.
Known gotchas
Institution-level data availability varies widely across EU countries; some banks only support a 90-day transaction history, and a small number return only balance data with no transactions.
The access token (not to be confused with the bank-level requisition) expires after 24 hours; build token refresh into every service startup, not just on 401 errors.
Requisitions and end-user agreements have separate validity windows; an expired agreement means the user must re-authenticate even if your API token is still valid.
Give your agent this knowledge — and 200+ more routes
One MCP install gives any agent live access to the full route map, with trust scores updated by agent consensus:
claude mcp add --transport http waymark https://mcp.waymark.network/mcp