# Support
source: https://developer.mastercard.com/open-finance-au/documentation/support/index.md

Here we provide details of how you can get support, along with Frequently Asked Questions and other material.

We provide two levels of support:

* For specific product help with Mastercard Open Finance, we provide a full Support Case Management (SCM) tool via the Mastercard Connect website.

<!-- -->

* For general enquiries and help with the Mastercard Developers website and API access, use the "Get Help" button on this page.

## Get Help with Mastercard Open Finance {#get-help-with-mastercard-open-finance}

Mastercard Connect is the secure global platform where Mastercard business customers come to onboard, enroll, service, and grow their business with Mastercard.

The Support Case Management (SCM) tool within Mastercard Connect is used to create and track support cases created in SCM with the Mastercard Open Finance support team.
Note: Access to the SCM tool on Mastercard Connect is only available once a contract between you and Mastercard has been executed. Please work with your Sales Representative or Client Success Manager, or contact [OFin.contactsales@mastercard.com](mailto:OFin.contactsales@mastercard.com) for more information.

### Create a Support Case in SCM {#create-a-support-case-in-scm}

To create a new Support Case:

1. Sign into <https://www.mastercardconnect.com>

2. Select **Support Case Management** from the menu.

3. Go to **Support Cases** and click on the **Go to support cases** button (alternatively, you can access support cases through the Help Center by clicking on the **Help** icon).

4. On the **Support Cases** page you can create a new case, or track the progress of an existing case. To create a new case, click on the **Create new case** button.

   * Enter a suitable summary (a brief description of the issue) in the first text box.

   * Select Open Banking (US and Australia) as the category so your query goes to the correct team (select **Other** and **Open Banking** , then **US and Australia** ).
     ![](https://static.developer.mastercard.com/content/open-finance-au/uploads/OFin-SCM-create-case.png)

   * Add details of the issue in the Description field.

   * Under the **US and Australia information** heading, select the **Issue Type** (for example, **Request a new feature** or **New support case** ).
     ![](https://static.developer.mastercard.com/content/open-finance-au/uploads/OFin-SCM-create-case-us-aus-info.png)

   * When you've entered all the information required, click on the **Create Case** button.

## Get Help with Mastercard Developers {#get-help-with-mastercard-developers}

You can contact us for technical support for issues relating to the Mastercard Developers Platform by clicking on the "Get Help" button:

<br />

Once logged in to Mastercard Developers you can get help with issues such as API access keys, information on other API products on the Mastercard Developers platform, and other related matters. Note that this service will not be able to provide in-depth product support for Mastercard Open Finance.

## Frequently Asked Questions {#frequently-asked-questions}

### General {#general}

Mastercard Open Finance has two levels of test access:

* The Sandbox version allows access to all endpoints using testing customers and mock Financial Institution data.
* Production (Non-Billable) is also a testing environment but uses active customers and real Financial Institution data.

A testing customer is used for testing purposes and can only be used with Mastercard Open Finance test profiles and test bank (Finbank).

An active customer mimics the workflow of the production environment, however no charges are incurred. When the account is moved to Production any active customer existing in the schema will then become a billable event.
500 testing customers. If this limit is hit, it is suggested to delete testing customers from the environment. After the customer's initial report is generated and during the credit-decisioning process, you can refresh the reports using the APIs rather than re-engaging the customer provided that the customer's consent is still active. In the Mastercard Open Finance system, there are two different types of customers: "testing" and "active". Testing customers can interact with our testing institution, Finbank, but cannot interact with live institutions. Testing customers are to be used for development and ongoing regression testing and will not be used in production. Conversely, active customers (also referred to as billable customers) represent end users on your platform. They can interact with live institutions but will throw an error if you try to add data from a testing institution. Each customer type has its own endpoint for creation. Please note that if you are not on a Production (non-billable) or one of the Production-level plans, you will not have the ability to create active customers. Sandbox is the free tier used for testing and you will not have access to live Financial Institution (FI) data. Sandbox allows partners to test and use our APIs using Finbank or Finbank Profiles located on our documentation under Test the APIs.

Production is a paid tier and allows partners to access live FI data, i.e. CommonWealth Bank and Westpac, using an "active customer" (also referred to as billable customers) which represents end users on a partner platform.
Here is a list that covers common HTTP and Mastercard Open Finance API error codes:

**HTTP 429 Error**:

* Incorrect credentials (e.g., the key and secret are switched) or incorrect App-Key value are being used.
* Attempt to access an endpoint to which they do not have access. To fix this, we recommend to upgrade the account service plan to have access to restricted services.
* The rate limit was hit. Note: In Sandbox, Mastercard Open Finance sets limits to 0 for services that are not accessible.

**HTTP 404 Error**:

The most common reason for a 404 error is due to making a request to a service that does not exist. This typically happens due to an incorrect URL. When this occurs, check logs and HTTP methods to make sure the URL exists and the correct HTTP method is used for the service.

**API Error 325**:

The 325 error indicates that aggregation is already occurring. Typically this error occurs when you call to refresh a report that initiates a connection to the bank while there already is a connection open for the account. For example, if you immediately call refresh or call the report again while the system is in the middle of aggregation you will receive a 325 error. To avoid the 325 error, the app should check the accounts aggregation status before making another request for account aggregation.

**API Errors 44000, 10000, and 110015**:

These errors are usually associated with performance issues. If the call is attempted again, the next attempt will usually work. Mastercard Open Finance looks for exceptions on an ongoing basis and implements fixes to keep the error volume as low as possible.

* 14001: Timeout error
* 10000: General system error
* 110015: Unexpected error occurred, typically around Enrollment and Billing

<br />

**API Errors 14001, 38003, and 38007**:

This group of errors is associated with trying to access records that do not exist. This is typically due to improper handling and tracking of app data that have been deleted or never existed. Endpoints should not be used to probe for data and applications should know what data to access before the call is made.

* 38003: Trying to call an account that does not exist, customer does not have given account.
* 14001: Trying to call a customer that does not exist. Customer not found.
* 38006: The customer does not have an account associated with the institutionId.
* 38007: The customer does not have any account associated with the institutionLoginId.

<br />

**Aggregation Error 106**:

The 106 error code indicates an account mismatch between the institution and the application. Ask the user to log into Financial Institution website and verify if the account is accessible and active, and if transactions are visible. IF the account still fails, then verify the account details, account nickname and/or number needs to be verified. IF the error still persists, please submit a ticket to API Support.

**API Error 14006**:

Financial Institution (FI) not found. This error typically happens when we have removed an FI ID from service and consolidated the FI into another FI and the application is not puling the new list and caching it.

**API Token Errors**:

**10022** : This error is for an invalid token. Please be sure to use the correct credentials from the Mastercard Open Finance Developer Portal and request a new token. If the problem persists, please submit a ticket to API Support.
**10023** : Expired token error. Tokens are valid for two hours after a token is generated and is required on all API calls. Best practice is to assign a timestamp for the generated token and check the current timestamp to see if the token was generated within the past 90 minutes. If the token timestamp is greater than 90 minutes, generate a new token.
**10024**: Missing Parameter (App-Token). Please make sure you are passing the token (App-Token) and App-Key in the header for each request. A token is required to authorize the use of all services.
The API supports either Unix epoch timestamps or [ISO-8601](https://www.iso.org/iso-8601-date-and-time-format.html) depending on the API. Please refer to each API documentation to learn what format it accepts and returns.  
A Unix epoch timestamp is a long value representing the number of seconds that have elapsed since January 1, 1970 (midnight UTC/GMT). An epoch value is represented in seconds. Timestamps in Java and Javascript are in milliseconds. To convert from Java to epoch, divide the Java time by 1000. To convert from epoch to Java, multiply the epoch time by 1000. [Epoch Converter](https://www.epochconverter.com/) has a page with a simple utility for converting quickly between readable dates and epoch timestamps. Request URLs must be URL-encoded. In practice this means that spaces in URL query values must be replaced with + and the @ symbol must be replaced with %40.

**GOOD**:
?search=New+York+City\&start=1\&limit=10

**BAD**:
?search=New York City\&start=1\&limit=10

HTTP will truncate the ""BAD"" query at the space after the word "New", so you will receive 25 records (the default limit) matching only the word "New".

### Auth and Configuration {#auth-and-configuration}

A Mastercard Open Finance Auth Token is valid for up to two hours (120 minutes) and is required to access all of the Mastercard Open Finance endpoints. Best practice is to use a single token for all endpoint requests and assign a timestamp for each token. Check the current timestamp before making any requests and if the token is older than 90 minutes, generate a new token. This typically implies the app key is wrong. It will say too many requests because the app key controls the rate limit, and the rate limit of any invalid key is 0. If the Partner ID or Partner Secret is wrong, an "Invalid Credentials" error will be thrown instead. A Mastercard Open Finance token is required to access any of the APIs and is passed as a header. See Partner Authentication. After 5 failed attempts to authenticate, your account will be locked with the JSON response:

```json
{
    "code": 24302,
    "message": "Your account has been temporarily locked due to 5 incorrect login attempts. Please contact Mastercard."
}
```

Please contact API Support to get assistance unlocking your account.

### Connect {#connect}

Yes, Mastercard Open Finance provides an SDK for Web and React Native on the NPM registry. There is also an Android SDK hosted on JCenter and an iOS SDK as well. Yes. During your onboarding to Production the product delivery team will work with you to configure these 8 Financial Institutions you want to display. Yes, this will be configured with the product delivery team during your onboarding to Production. The Mastercard Open Finance generic branding will be used, and a standard transaction aggregation will be performed. No. The Experience parameter can be omitted. The absence of this parameter will cause Connect to default to using Mastercard's generic branding and performing a standard transaction aggregation. Yes, the old account would still show after deletion. However, Mastercard Open Finance would not be able to aggregate data from the old account as it has been closed at the Financial Institution. Yes. It is possible to customize the Connect experiences to support multiple Mastercard Open Finance solutions. Reach out to your Account Manager for assistance customizing your Connect experience.

### Financial Institutions {#financial-institutions}

Mastercard Open Finance provides FI Certification status information via the [Get Certified Institutions API](https://developer.mastercard.com/open-finance-au/documentation/financial-institutions/index.md).

### Products {#products}

Account Balance caches the balance in the database (DB) every \~4 hours and only pulls from the DB for a quicker response time. Account Balance Live pulls it from the Financial Institution directly in an interactive request and takes a bit longer, but it's a real-time balance (no refresh required). You can use the Get Customer Transactions to pull transactions across all accounts.

Some API calls are on a per-account basis. For example, if you pull something like Account Details or Account Owner that would be one API call per account. But for transactions or credit decisioning reports, it's one API call for all transactions.
Yes, you can choose any single verification service or all verification services. The lender will contract with Mastercard Open Finance for Lend but can select to use only selected verification services. When requesting transactions data and/or generating reports, it is possible to specify a date range for transaction history of interest. Note that the quantity of transactions returned by the FI will also depend on availability of transactions and CDR regulation.
By default:

* the Get Transactions API returns up to 180 days of transaction history
* Verification of Assets (VOA) report includes up to 180 days of transaction history
* Verification of Income (VOI) and Cash Flow (CFR) reports include up to 365 days of transaction history

It is possible to pull maximum up to 12 months of historic transactions.
No, not at this time. You can retrieve a customer's account number by calling the Get Account Details service. No, a request to each account is required to get Account Details for the account selected. Making a request for multiple accounts is not an available service. The Account Owner's name is as shown on the account with a Financial Institution, and can vary by institution. Mastercard Open Finance outputs reports in the following formats: JSON, XML, PDF. The Accept header is used to indicate the type of media or resource used in the response. No, account details can be used for recurring payments on a given account. Only if an account materially changes might it be necessary to re-verify. Mastercard Open Finance would recommend the use of our Account Balance Check product to have higher confidence in the availability of funds prior to processing a payment. No. An account needs to be verified on the first interaction only. If an account number for a given Account ID is already retrieved, it is sufficient to request a balance for the account prior to processing any payment to see if funds are available. **Pending Transactions**
A pending transaction is a transaction that has been initiated but has not been cleared or posted by the institution. For many institutions, Mastercard Open Finance is able to capture pending transactions when they are displayed or provided in the institution's data.

Pending transactions are ephemeral. Each connection to an institution will capture pending transactions that are available at that time; if any of those transactions are not found in a subsequent connection, they will be deleted from the data. In other words, an account will show the set of pending transactions which were found in the most recent aggregation of the account. Older pending transactions may disappear, and new transactions may appear.

There is no guarantee of continuity for transactions that move from pending to posted at the institution. When an institution changes a transaction from pending to posted, the pending transaction may disappear in Mastercard Open Finance data, and a new transaction with status active may appear. In some circumstances (depending on the institution), the status of the original transaction in the Mastercard Open Finance data may just change from pending to active.

"Pending" transactions are identified in the transaction record, like this:

***Pending Transaction Example***
{
"amount": -22.99,
"accountId": 2055,
"customerId": 41442,
"status": "pending",
...
}

**Shadow Transactions**
A "shadow" transaction occurs when a transaction is originally found during an account aggregation, but in a subsequent aggregation, the transaction is not found. Therefore, it is unknown whether the transaction is still legitimate because it is possible that the Financial Institution (FI) may have determined that the transaction was invalid and removed it from the FI's data source. Alternatively, the FI may have altered the transaction to be substantially different from the original transaction. These modifications or deletions can cause transactions to duplicate in the Mastercard Open Finance data or persist after being removed from the institution's data source.

Mastercard identifies these transactions by designating them with a "shadow" status. Developers may choose how to handle the shadow status, but we generally recommend treating them as having been deleted from the data source.

**Note:** In some cases that result in a shadow status, there may be a new active transaction representing the new transaction state. There is no need to link these transactions together as the current transactions at the FI represent the latest transaction state.

***Shadow Transaction Example***
{
"amount": -22.99,
"accountId": 2055,
"customerId": 41442,
"status": "shadow",
...
}