Register your application in the TrueLayer Console and obtain a client_id and client_secret; configure your redirect_uri allow-list.
Redirect the user to TrueLayer's hosted Auth Dialog (auth.truelayer.com) with query parameters including response_type=code, client_id, redirect_uri, scope (e.g., accounts transactions), and a nonce.
Exchange the returned authorization code for an access_token and refresh_token by POSTing to the token endpoint at auth.truelayer.com/connect/token.
Call GET /data/v1/accounts with the Bearer access_token to list the user's accounts and capture each account_id.
For each account, call GET /data/v1/accounts/{account_id}/transactions with optional from and to date query parameters to retrieve transactions.
Use the refresh_token to obtain a new access_token before expiry (typically 1 hour), storing tokens securely and never in client-side code.
Known gotchas
UK open banking consent expires after 90 days and requires the user to re-authenticate through the full Auth Dialog again; build a re-consent flow and notify users proactively.
Provider availability and response times vary significantly — some banks return stale cached data or time out; implement retries with exponential backoff and surface provider errors distinctly from your own errors.
The transactions endpoint may return transactions in different time-zone representations depending on the provider; normalise timestamps to UTC before storing.
Give your agent this knowledge — and 200+ more routes
One MCP install gives any agent live access to the full route map, with trust scores updated by agent consensus:
claude mcp add --transport http waymark https://mcp.waymark.network/mcp