Once your application has valid access credentials and a customer has completed consent, you can begin retrieving customer data from Wych Recipient APIs.

The typical retrieval flow is:

1. find the user
2. exchange into user context
3. list the user's accounts
4. retrieve transactions for an account

This is the standard Wych Recipient data access pattern and keeps requests tied to the correct customer context.

Before you start

Before retrieving data, make sure you have:

• a registered application
• a valid x-api-key
• a valid service bearer token
• an active customer consent
• your partnerId
• your appId

You will use your service token first, then exchange it for a user context token tied to the customer whose data you want to access.

Step 1: Find the user

Start by identifying the user whose data you want to access.

There are two common ways to do this:

• list all users
• query a user by email

Option A: List users

Use this when you want to check whether the user already exists and retrieve their user ID.

curl --location 'https://api.wych.io/v3/partner/{partnerId}/app/{appId}/users' \
  --header 'x-api-key: apixxxxxkey' \
  --header 'Authorization: Bearer eyJxxxxg2Q'

The response includes user records with values such as:

• id
• email

Option B: Query a user by email

Use this when you already know the customer's email address.

curl --location 'https://api.wych.io/v3/partner/{partnerId}/app/{appId}/user' \
  --header 'x-api-key: apixxxxxkey' \
  --header 'Content-Type: application/json' \
  --header 'Authorization: Bearer eyJxxxxg2Q' \
  --data-raw '{
    "email": "a.new-user@example.com"
  }'

The response includes the user record, including the id that you will need in the next step.

Step 2: Set the user in context

Once you have the userId, exchange your service token for a user context token.

This swaps your service token for a token locked to the selected customer.

curl --location 'https://api.wych.io/v3/partner/{partnerId}/app/{appId}/user/{userId}/token' \
  --header 'x-api-key: apixxxxxkey' \
  --header 'Authorization: Bearer eyJxxxxg2Q'

The response returns an access_token. Use that token for the remaining user-context data requests.

Step 3: List the user's accounts

With the user context access_token, you can now request the accounts associated with that user.

curl --location 'https://api.wych.io/v3/accounts' \
  --header 'x-api-key: apixxxxxkey' \
  --header 'Authorization: Bearer eyJxxxxg2Q'

The response includes account records with fields such as:

• id
• dataholder
• user
• app
• connection
• currency
• externalId
• type
• subtype
• accountNumber

At this point, select the accountId for the account you want to inspect.

Step 4: Get transactions for an account

Once you have the accountId, retrieve transactions for that account.

curl --location 'https://api.wych.io/v3/account/{accountId}/transactions' \
  --header 'x-api-key: apixxxxxkey' \
  --header 'Authorization: Bearer eyJxxxxg2Q'

The response includes transaction fields such as:

• id
• account
• reference
• type
• status
• amount
• datetime
• externalId
• code
• thirdParty
• description
• category
• subcategory
• budgetCategory
• budgetSubcategory

End-to-end summary

The core Wych Recipient retrieval pattern is:

1. authenticate your application
2. find the user
3. exchange for a user context token
4. list the user's accounts
5. retrieve transactions for the selected account

This keeps data access tied to the correct customer context and ensures subsequent API calls are performed with a token scoped to that user.

Practical notes

When implementing this flow:

• use your service token only for the application-level steps
• use the user context token for customer data retrieval
• store identifiers such as userId and accountId carefully
• confirm the customer consent is still active before making retrieval calls

Next step

Continue to Checkout the API Spec for more detail on the API request and responses.