What Is Bank Restricted Access?

Many financial institutions offer a feature called restricted access (sometimes called "read-only access," "accountant access," or "third-party access"). This is a limited login credential that a bank account owner can create and share with a third party — such as their accountant or bookkeeper — granting them the ability to view certain account information without having full control over the account.

Restricted access credentials are intentionally limited. Depending on the bank, they may allow a third party to view balances, review recent transactions, or download basic reports. They are designed to give visibility without granting the ability to move money, change account settings, or perform other sensitive actions.

Why Bank APIs Require Full Account Owner Credentials

When LedgerSync connects to a financial institution to retrieve bank statements, it does so through the bank's data aggregation API — the same secure infrastructure used by platforms like QuickBooks, Mint, and other financial tools.

These APIs are built with a fundamental security requirement: only the account owner's credentials can authorize data access.

The reason is straightforward. Banks are regulated institutions with strict obligations around account access and data privacy. Their systems are designed to verify that the person (or authorized application) requesting data is the legitimate account owner. When a user authenticates through LedgerSync, the bank's API validates that the credentials belong to someone with full account ownership rights before releasing any data.

Restricted access credentials — even legitimate ones issued by the bank — do not satisfy this ownership verification. They are not recognized by the API as having authorization to grant data-sharing consent on behalf of the account. The API interprets them as insufficient for the level of access required to export statement-level data.

This is not a LedgerSync limitation. It is a universal requirement enforced by the financial institutions themselves.

Why LedgerSync Cannot Use Restricted Access Credentials

Even if a client shares their restricted access login with the accounting firm, LedgerSync cannot use those credentials to fetch bank statements. Here is why:

1. API rejection. The bank's aggregation API will simply reject the connection attempt or return no data when restricted credentials are used. The API expects account owner-level authentication to authorize the data request.
2. Incomplete data access. Restricted credentials are often scoped to a limited view of the account — they may not expose the full transaction history, statement documents, or account identifiers that LedgerSync needs to perform accurate reconciliation.
3. No consent authority. Data aggregation APIs require the account owner to grant consent for a third-party application to access their data. Restricted users do not have the authority to grant that consent — only the account owner can.

Why It Is Better Security for the Client to Enter Their Own Credentials

We understand that asking a client to enter their bank login may feel like an added step. However, this model is actually the most secure approach for everyone involved — and here is why.

The accounting firm never sees or stores the client's credentials. When the client enters their username and password directly into LedgerSync's secure credential flow, those credentials are passed directly to the bank's authentication system. LedgerSync does not log, store, or have access to the client's login information. The accounting firm is completely removed from the credential chain.

It limits liability for the accounting firm. If the firm were to collect, store, or handle client banking credentials directly, it would expose itself to significant legal and regulatory risk. Under the current model, the firm has no access to credentials and therefore no liability if those credentials were ever compromised through an unrelated breach.

It keeps the client in control. The client retains full ownership of their banking credentials at all times. They are not surrendering control to a third party — they are simply authorizing LedgerSync, on a session or persistent basis, to retrieve their data on their behalf. This is the same model used by QuickBooks, Xero, and every major financial platform in the industry.

Credentials are encrypted and handled by bank-grade infrastructure. LedgerSync's credential flow uses the same tokenization and encryption standards required by financial data aggregators like MX and Mastercard/Finicity. Once authenticated, LedgerSync stores only a secure token — not the password itself — to perform ongoing data refreshes.

Summary

Having the client enter their own credentials directly is not just a technical requirement — it is the safest, most compliant, and most professionally sound way to connect bank accounts for statement retrieval.