Cannot download Chase OFX

[ChromoX]

When trying to download from Chase with the following config:

[f0a14074d33cdf83b4a099bc322dbe2fe19680ca1719425b33de5022]
account_type = CHECKING
description = Checking
institution.broker_id =
institution.client_args.app_id = QWIN
institution.client_args.app_version = 2200
institution.client_args.id = 4fa6f700154f49543b869492f99c883f
institution.client_args.ofx_version = 103
institution.description = Chase
institution.id = 10898
institution.local_id = e51fb78f88580a1c2e3bb65bd59495384383e58abda8796c9bf06dcf
institution.org = B1
institution.password =
institution.url = https://ofx.chase.com
institution.username =
local_id = f0a14074d33cdf83b4a099bc322dbe2fe19680ca1719425b33de5022
number = XXXXXXXXX
routing_number = XXXXXXXXX

After sending the request(It prints out in verbose mode), I receive this:

Traceback (most recent call last):
File "/usr/local/bin/ofxclient", line 11, in <module>
  sys.exit(run())
File "/usr/local/lib/python3.5/site-packages/ofxclient/cli.py", line 52, in run
  main_menu()
File "/usr/local/lib/python3.5/site-packages/ofxclient/cli.py", line 87, in main_menu
  view_account_menu(account)
File "/usr/local/lib/python3.5/site-packages/ofxclient/cli.py", line 160, in view_account_menu
  out = account.download(days=DOWNLOAD_DAYS)
File "/usr/local/lib/python3.5/site-packages/ofxclient/account.py", line 102, in download
  response = self.institution.client().post(query)
File "/usr/local/lib/python3.5/site-packages/ofxclient/client.py", line 110, in post
  response = res.read().decode('ascii')
 UnicodeDecodeError: 'ascii' codec can't decode byte 0x92 in position 337: ordinal not in range(128)```

[agenecov]

I am also getting this exact same error using Chase. It works with my Bank of America account.

[openaki]

Happened to me as well. On further inspection it looks like Chase is sending the following message, that contains a UTF-8 char (')

<MESSAGE>Please verify your identity within the next 7 days. Using your desktop computer, go to your bank?s website and visit the Secure Message Center for instructions.

Once instructions are followed the error goes away and the account can be added.

[tgoetze]

You can fix the decoding by changing the line of code in client.py:

From:
response = res.read().decode('ascii')
to
response = res.read().decode('ascii', 'ignore')

[agenecov]

i resolved the decoding issue, and got the message asking to please verify my identity within 7 days.

but when i log in and verify my identity, i still cannot access my info. i still get the same verification request message. anyone else have this issue? i have already activated quicken/quickbooks etc in my account settings.

[tgoetze]

I am having the same issue with Chase. I updated the client version as was suggested, but I also get in a loop of being requested to verify on the website, verifying, getting requested to verify...

I called and they said they have no support for third party apps, so currently my Chase account is treated special--bordering on being enough to cancel it. One thing I might try is to wait a few hours after verifying before attempting to actually trying to download. I noticed that sometimes there is quite a delay before I actually get a message in my secure inbox (after attempting to download).

[sysbot]

I've successfully passed this step by modifying the ofx_version as suggested to '103'. Then do the request which you will get

authentication failed: Please verify your identity within the next 7 days. Using your desktop computer, go to your banks website and visit the Secure Message Center for instructions.

While still in the "add bank", go to bank to verify the code, then go back to adding screen and type the username/password again. Make sure to not quit your 'ofxclient' during this session.

Here's a working screen for Chase

bank name eg. "express" (enter to exit)> chase
(0) Chase (credit card)
(1) JPMorgan Chase Bank
(2) JPMorgan Chase Bank (Texas)
choice> 0
------
Notice
------
You are about to test to make sure your username and password
are correct.  This means you will be sending it to the URL below.
If the URL does not appear to belong to your bank then you should
exit this program by hitting CTRL-C.
  bank name: Chase (credit card)
  bank url:  https://ofx.chase.com
------
username> <username redact>
password>
authentication failed: Please verify your identity within the next 7 days. Using your desktop computer, go to your banks website and visit the Secure Message Center for instructions.
username> <username redact>
password>

Main
Edit /Users/bao/ofxclient.ini to
change descriptions or ofx options
+----------------------------------
(0) Bank <redact>
(1) Bank <redact>
(2) Bank <redact>
(3) Chase (credit card) : CREDIT CARD
(A) Add an account
(D) Download all combined
(Q) Quit

[agenecov]

did you have to do this every time you log in? or does it work after you do it once?

also, what terminal interface is that? did you write that interface yourself, or is there a standard interface in this library? i've been using the underlying classes

[sysbot]

the CLI is from running ofxclient. You only need to do it once. Ofxclient save the config into ~/ofxclient.ini for between runs.

[tgoetze]

@sysbot ,
I am glad to hear you had success, but I am still out of luck. Any chance you could POST a --verbose session so we can see all the headers that worked for you?

Here's what I got when following your suggestions:

username> xxxxxxxxxx
password>
DEBUG:root:posting data to https://ofx.chase.com
DEBUG:root:---- request ----
DEBUG:root:OFXHEADER:100
DATA:OFXSGML
VERSION:103
SECURITY:NONE
ENCODING:USASCII
CHARSET:1252
COMPRESSION:NONE
OLDFILEUID:NONE
NEWFILEUID:d608aa3f48784fb686757b78d811816a

<OFX>
<SIGNONMSGSRQV1>
<SONRQ>
<DTCLIENT>20160819081825
<USERID>xxxxxxxxxx
<USERPASS>XXXXXXXXXXXXX
<LANGUAGE>ENG
<FI>
<ORG>B1
<FID>10898
</FI>
<APPID>QWIN
<APPVER>2200
<CLIENTUID>9792ce123b6d44debed68d2c50df1cbd
</SONRQ>
</SIGNONMSGSRQV1>
</OFX>
DEBUG:root:---- response ----
DEBUG:root:{'fp': None, 'status': 200, 'will_close': False, 'chunk_left': 'UNKNOWN', 'length': 0, 'strict': 0, 'reason': 'OK', 'version': 11, 'debuglevel': 0, 'msg': <httplib.HTTPMessage instance at 0x0166DB98>, 'chunked': 0, '_method': u'POST'}
DEBUG:root:OFXHEADER:100
DATA:OFXSGML
VERSION:103
SECURITY:NONE
ENCODING:USASCII
CHARSET:1252
COMPRESSION:NONE
OLDFILEUID:NONE
NEWFILEUID:d608aa3f48784fb686757b78d811816a

<OFX><SIGNONMSGSRSV1><SONRS><STATUS><CODE>2000<SEVERITY>ERROR<MESSAGE>Please verify your identity within the next 7 days. Using your desktop computer, go to your banks website and visit the Secure Message Center for instructions.</STATUS><DTSERVER>20160819111806.874[-4:EDT]<LANGUAGE>ENG<FI><ORG>B1<FID>10898</FI></SONRS></SIGNONMSGSRSV1></OFX>
authentication failed: Please verify your identity within the next 7 days. Using your desktop computer, go to your banks website and visit the Secure Message Center for instructions.
username> xxxxxxxxxx
password>
DEBUG:root:posting data to https://ofx.chase.com
DEBUG:root:---- request ----
DEBUG:root:OFXHEADER:100
DATA:OFXSGML
VERSION:103
SECURITY:NONE
ENCODING:USASCII
CHARSET:1252
COMPRESSION:NONE
OLDFILEUID:NONE
NEWFILEUID:e545036b3d784489a7dc442ff5050874

<OFX>
<SIGNONMSGSRQV1>
<SONRQ>
<DTCLIENT>20160819082036
<USERID>xxxxxxxxxx
<USERPASS>XXXXXXXXXXXXX
<LANGUAGE>ENG
<FI>
<ORG>B1
<FID>10898
</FI>
<APPID>QWIN
<APPVER>2200
<CLIENTUID>9792ce123b6d44debed68d2c50df1cbd
</SONRQ>
</SIGNONMSGSRQV1>
</OFX>
DEBUG:root:---- response ----
DEBUG:root:{'fp': None, 'status': 200, 'will_close': False, 'chunk_left': 'UNKNOWN', 'length': 0, 'strict': 0, 'reason': 'OK', 'version': 11, 'debuglevel': 0, 'msg': <httplib.HTTPMessage instance at 0x016710A8>, 'chunked': 0, '_method': u'POST'}
DEBUG:root:OFXHEADER:100
DATA:OFXSGML
VERSION:103
SECURITY:NONE
ENCODING:USASCII
CHARSET:1252
COMPRESSION:NONE
OLDFILEUID:NONE
NEWFILEUID:e545036b3d784489a7dc442ff5050874

<OFX><SIGNONMSGSRSV1><SONRS><STATUS><CODE>2000<SEVERITY>ERROR<MESSAGE>USER NOT AUTHORIZED TO ACCESS THE SYSTEM WITH THIS APPLICATION</STATUS><DTSERVER>20160819112017.514[-4:EDT]<LANGUAGE>ENG<FI><ORG>B1<FID>10898</FI></SONRS></SIGNONMSGSRSV1></OFX>
authentication failed: USER NOT AUTHORIZED TO ACCESS THE SYSTEM WITH THIS APPLICATION

[sysbot]

That's interesting. I didn't get that <OFX><SIGNONMSGSRSV1><SONRS><STATUS><CODE>2000<SEVERITY>ERROR<MESSAGE>USER NOT AUTHORIZED TO ACCESS THE SYSTEM WITH THIS APPLICATION</STATUS><DTSERVER>20160819112017.514[-4:EDT]<LANGUAGE>ENG<FI><ORG>B1<FID>10898</FI></SONRS></SIGNONMSGSRSV1></OFX> authentication failed: USER NOT AUTHORIZED TO ACCESS THE SYSTEM WITH THIS APPLICATION message.

I assumed you have already enabled banking with Quicken from Chase site?

[tgoetze]

Yes. I was pleasantly surprised to see that it no longer takes hours for the message to show up in my Chase secure message box, so I was able to try it a few times.

If I start ofxclient a second time, then it goes back to requiring me to authorize again--which jives with why it might have worked for you. I at least got a different response the second time I did the user/pass from within the same ofxclient runtime.

My guess is Chase likes the use of the same CLIENTUID field, since those were the same on my calls from within one ofxclient session--but they are different between sessions (unless loaded from the .ini file).

[sysbot]

It seemed to me that unless your "Add Chase" is completely successful, the Bank info is not saved into .ini hence you will need to authorize again when you rerun ofxclient.

The message "not authorized" to access seemed like a remote problem to me then it is in the ofxclient software.

[tgoetze]

I did some more digging and found out that even though I used to download transactions into Quicken from the Chase credit card, somehow my account was not enabled for "Financial Software Access". Once I enabled that, following sysbot's approach works great.

I guess one open issue on this is allowing a user to specify the OFX version (or knowing that Chase wants 103). Another could be to generate and persist a CLIENTUID for each Institution (or Account) so that re-running ofxclient would be able to do the right thing in this case.

[jat255]

I'm having this problem as well, but unfortunately never receiving a message in my "secure message center." Anyone seen this?

[tgoetze]

The first time I experienced it, there was a delay of several hours before my secure message showed up on the Chase website, so I suggest checking back later.

[jat255]

Interesting. I already had a couple of Chase cards added (just got a new one and wanted to add it). Still no message this morning, which is odd. Either way, I was able to work around it by manually creating an entry for the card/account in my ofxclient.ini file, and putting the password in the keyring, matching the others.

[reubano]

It appears the default behavior is to change the CLIENTUID for each invocation of the username/password prompt, even within the same ofxclient session. The solution is to set the CLIENTUID once before the loop so it stays the same within the session.

cli.py

from ofxclient.client import ofx_uid

...

def login_check_menu(bank_info):
    ...
    cid = ofx_uid()

    while 1:
        ...
        institution = Institution(
            ...
            client_args={'ofx_version': args.ofx_version, 'id': cid}
        )

    ...

Once I did this (and after setting the ofx version to 103), my Chase account successfully validated.

[antonioshadji]

I saw this message on the chase site today.
If you use financial management software, such as Quicken® or QuickBooks®, to connect to your account information directly, ... (If you use a token to sign in, you can't connect to financial management software directly.)

[jantman]

The comment from @reubano works for me, the id needs to stay the same.

[agenecov]

I was able to successfully connect with chase through the CLI by keeping my session open and authorizing, allowing it to write the necessary information to ofxclient.ini. This might be a dumb question, but how can I now use this info in the .ini file with the python wrapper?

[qqrs]

I was able to set up ofxclient and download checking and credit card OFX data from Chase today. Documenting here in case it is helpful for anyone else.

I did not need to do anything special with UIDs as was described above. Perhaps these workarounds have now been merged into the project, or perhaps Chase is now more lenient.

Here are the exact steps I followed:

1. Install latest ofxclient

mkvirtualenv -p python3 ofx
pip install git+https://github.com/captin411/ofxclient.git@master

2. Log in to chase.com, go to settings, go to "Desktop apps", and enable access for apps like Quicken or QuickBooks

3. Run ofxclient --ofx-version 103

4. Add account, bank name "Chase (credit card)". Use this even for checking/savings accounts. The other choices for Chase use oasis.cfree.com, which I have never heard of. Possibly an old endpoint, or possibly a scam, who knows?

5. Enter your chase.com username and password. You'll see the message

authentication failed: Please verify your identity within the next 7 days. Using your desktop computer, go to your banks website and visit the Secure Message Center for instructions.

6. Do that. Log in to chase.com, look for a message in the Secure Message Center, and follow the instructions to approve access.

7. Repeat steps 3 - 5. This time, it should succeed, and you will be able to download OFX files for each of your accounts.

8. For subsequent downloads, you can simply run ofxclient. The OFX version setting is stored in your ofxclient.ini.

You can also run ofxclient --download-days 365 to get more than 30 days. (It does appear Chase limits how far back you can request data, but I haven't discerned the pattern.)

[jackkamm]

@qqrs 's instructions worked great. Note it's important to use the latest version of ofxclient from github, not PyPi (which is a version behind) -- otherwise I get TypeError: option values must be strings (#31).