AIS transactions
After verification is complete for a session with purpose=account_data (AIS/PSD2), you can retrieve transaction history from the customer's connected banks.
/api/v1/verifications/{id}/transactionsComplete contract: filter parameters, transaction schema, pagination and error codes.Full contract in the API Reference
Endpoint
GET /api/v1/verifications/{id}/transactions
Requirements
- The session must have
purpose: account_data - The session must be in
completedstate - The provider must be
ais_psd2
Query parameters
| Parameter | Type | Description |
|---|---|---|
bank_key | string | Filter by bank key, for example pko_bp or mbank |
account_id | uuid | Filter by a specific account ID |
per_page | integer | Results per page, from 1 to 200; default 50 |
Example
curl "https://hub.dpay.pl/api/v1/verifications/a1b2c3d4-e5f6-7890-abcd-ef1234567890/transactions?per_page=50" \
-H "Authorization: Bearer deid_live_xxx"
Response (200 OK)
{
"data": [
{
"id": "tx-uuid-1",
"amount": "150.00",
"currency": "PLN",
"category": "DEBIT",
"description": "Transfer to Jan Kowalski",
"booking_date": "2026-04-05",
"trade_date": "2026-04-05",
"counterparty": "Jan Kowalski",
"account_id": "acc-uuid-1"
},
{
"id": "tx-uuid-2",
"amount": "5000.00",
"currency": "PLN",
"category": "CREDIT",
"description": "Salary",
"booking_date": "2026-04-01",
"trade_date": "2026-04-01",
"counterparty": "XYZ Ltd.",
"account_id": "acc-uuid-1"
}
],
"meta": {
"current_page": 1,
"total": 45,
"per_page": 50,
"last_page": 1
}
}
Transaction schema
| Field | Type | Description |
|---|---|---|
id | uuid | Unique transaction ID in the HUB |
amount | string | Transaction amount as a string for decimal precision |
currency | string | ISO 4217 currency code such as PLN or EUR |
category | string | CREDIT for incoming funds or DEBIT for an expense |
description | string|null | Transaction description from the bank's system |
booking_date | date|null | Booking date (YYYY-MM-DD) |
trade_date | date|null | Transaction date (YYYY-MM-DD) |
counterparty | string|null | Counterparty, either the sender or recipient |
account_id | uuid | ID of the bank account from which the transaction originated |
Errors
| Code | Error | Description |
|---|---|---|
| 403 | TRANSACTIONS_NOT_AVAILABLE | The session does not use account_data |
| 404 | SESSION_NOT_COMPLETED | The session is incomplete or does not exist |
403 error example
{
"error": {
"code": "TRANSACTIONS_NOT_AVAILABLE",
"message": "Transaction data is only available for account_data sessions."
}
}
Filtering
Transactions from one bank
curl "https://hub.dpay.pl/api/v1/verifications/{id}/transactions?bank_key=mbank" \
-H "Authorization: Bearer deid_live_xxx"
Transactions from a specific account
curl "https://hub.dpay.pl/api/v1/verifications/{id}/transactions?account_id=acc-uuid-1" \
-H "Authorization: Bearer deid_live_xxx"
Pagination
The endpoint returns paginated data:
- Default: 50 transactions per page
- Maximum: 200 transactions per page (
per_page=200)
Use the page parameter to retrieve subsequent pages:
curl "https://hub.dpay.pl/api/v1/verifications/{id}/transactions?per_page=100&page=2" \
-H "Authorization: Bearer deid_live_xxx"
Security and GDPR
Sensitive financial data
Transaction data is particularly sensitive under the GDPR. You must:
- Store it encrypted with AES-256 or stronger encryption
- Limit access to the minimum necessary through RBAC
- Maintain an access audit log
- Apply strict retention rules and delete the data as soon as it is no longer needed
- Clearly explain in your privacy notice how long you retain financial data
See also PII for general GDPR guidance.