API Reference
Base URL: https://api.banklyra.com/v1. All requests require an Authorization: Bearer <key> header. All responses are JSON. Rate limit: 1,000 requests per minute per API key.
Consents
Consents represent a user's authorised grant for BankLyra to access their bank data. All account data endpoints require an active consent reference.
/v1/consents
Create a new consent and receive an authorisation URL for user redirection.
Request body
| Parameter | Type | Required | Description |
|---|---|---|---|
institution_id | string | Yes | Bank identifier from the coverage list |
permissions | array | Yes | Scopes: ReadAccountsDetail, ReadBalances, ReadTransactionsDetail |
redirect_uri | string | Yes | Callback URL after SCA. Must match your registered URIs |
expires_in_days | integer | No | Consent validity in days. Default: 90. Max: 180 |
/v1/consents/{consent_id}/authorise
Activate a consent by exchanging the SCA callback code.
/v1/consents/{consent_id}
Retrieve a consent's status and metadata.
/v1/consents/{consent_id}
Revoke a consent. Required for GDPR data deletion requests.
Accounts
/v1/accounts
List all accounts accessible under the consent. Pass the consent ID in the BankLyra-Consent-ID header.
Response fields
| Field | Type | Description |
|---|---|---|
id | string | BankLyra account identifier |
institution_id | string | Bank identifier |
type | string | ISO 20022 account type (CACC, SVGS, CCRD…) |
currency | string | ISO 4217 currency code |
balance | object | Current balance (amount, type, as_of) |
iban | string | Account IBAN where available |
owner_name | string | Account holder name |
/v1/accounts/{account_id}
Retrieve a single account by ID.
Transactions
/v1/accounts/{account_id}/transactions
List transactions for an account. Supports pagination via cursor.
Query parameters
| Parameter | Type | Description |
|---|---|---|
from_date | string | ISO 8601 date. Max 90 days before today |
to_date | string | ISO 8601 date. Defaults to today |
limit | integer | Max 500 per page. Default 100 |
cursor | string | Pagination cursor from previous response |
Balances
/v1/accounts/{account_id}/balances
Retrieve all balance types for an account. Returns CLBD (closing ledger) and XPCD (expected, including pending) where available from the bank.
Payments
/v1/payments
Initiate a payment from the user's bank account. Requires a PIS consent or a previously granted AIS consent where the bank permits combined authorisation.
/v1/payments/{payment_id}
Check payment status. Possible values: PDNG (pending), ACTC (accepted), ACSC (settled), RJCT (rejected).
Error codes
| HTTP Status | Code | Meaning |
|---|---|---|
| 400 | INVALID_REQUEST | Malformed request body or missing required field |
| 401 | UNAUTHORISED | Invalid or missing API key |
| 403 | CONSENT_REQUIRED | No active consent for this data request |
| 404 | NOT_FOUND | Resource does not exist |
| 422 | CONSENT_EXPIRED | Consent has expired; user must re-authorise |
| 429 | RATE_LIMITED | Exceeded 1,000 req/min limit. Retry after the Retry-After header value |
| 502 | BANK_UNAVAILABLE | The upstream bank API is unreachable. BankLyra is retrying |