For MFA accounts, I get a list of accounts but once I request transactions, I get CHALLENGE_RESPONSE_REQUIRED again. Is this expected?

StackOverflow https://stackoverflow.com/questions/17597502

Question

I have been testing the new Customer Account Data (AggCat) API. For some accounts, I can call discoverAndAddAccounts and then call getAccountTransactions without an issue. However, when testing with a MFA (multi-factor auth) account (where I successfully finish the discoverAndAddAccounts MFA flow, entering the answer to MFA question(s)), a call to getAccountTransactions returns no records and a NotRefreshedReason of CHALLENGE_RESPONSE_REQUIRED . This happens even though I just answered the MFA to get the account list.

Now, if I then call updateInstitutionLogin requesting a refresh, I get challenged again (different question) and then the update is performed (seems to be on all accounts at the institution), so subsequent calls to getAccountTransactions return the data I expect.

My question is - is this expected for MFA accounts (this test was for TD Ameritrade)? I'm wondering if we would need to have a (somewhat awkward) flow in the application where, if you setup/link your accounts, you'll have to be prompted multiple times to fetch transaction data. Ideally of course, I'd like them to only have to go through that MFA flow once to identify themselves.

Était-ce utile?

La solution

Initial call to discoverAndAddAccounts does not do a deep dive into the FI to retrieve details. So updateInstitutionLogin call immediately after 'discoverAndAddAccounts' with refresh flag set to true is always recommended( That triggers an explicit refresh request to the FI).

Autres conseils

The DiscoverAndAdd API logins and grabs the accounts on the summary page. The following API calls will attempt to capture the Transactions: GetAccount, GetCustomerAccount, GetLoginAccounts, GetAccountTransactions, UdpdateInstitutionLogin with Refresh="True".

The additional challenge occurs when the Financial Institution doesn't recognize our subsequent login and challenges the login with a question we do not know.

This is not a typical use case but has been seen with TD Ameritrade.

Licencié sous: CC-BY-SA avec attribution
Non affilié à StackOverflow
scroll top