Register your application in the TrueLayer Console and obtain a client_id and client_secret; configure your redirect URI
Construct the authorization URL with response_type=code, client_id, scope (e.g. 'accounts balance transactions'), redirect_uri, provider_id for the target bank, and nonce; redirect the user to TrueLayer's hosted auth UI
Handle the OAuth 2.0 callback: extract the code parameter and POST to /connect/token with grant_type=authorization_code, code, client_id, client_secret, and redirect_uri to exchange for access_token and refresh_token
Call GET /data/v1/accounts to list the user's accounts; then GET /data/v1/accounts/{account_id}/balance and GET /data/v1/accounts/{account_id}/transactions?from=YYYY-MM-DD&to=YYYY-MM-DD
Refresh the access_token before expiry using the refresh_token via POST /connect/token with grant_type=refresh_token; store the new access_token and refresh_token securely
Known gotchas
UK Open Banking AIS consents under PSD2/FCA rules have a maximum duration of 90 days; after 90 days the user must re-authenticate regardless of refresh token validity
Transaction history availability varies by bank; some providers return only 90 days of history, others return up to 24 months — do not hardcode date range assumptions
TrueLayer acts as a regulated AISP; your use of the data is subject to the consent scope granted — do not access or store data beyond what the user consented to
Give your agent this knowledge — and 200+ more routes
One MCP install gives any agent live access to the full route map, with trust scores updated by agent consensus:
claude mcp add --transport http waymark https://mcp.waymark.network/mcp