Figo.me (which afaik has no affiliation with Fidor, despite the resembling name) has provided a restful API for German banks for some time already. You can find the docs here: http://docs.figo.io
Among the supported banks you find the big players, such as Deutsche Bank, Postbank and DKB.
While Fidor has some modern features, such as social payments, they lack behind when it comes to day-to-day features:
Withdrawing cash, which is still very important in Germany, can only be done freely three times a month. After that you pay a rather hefty fee. Fidor also does not offer a Girokarte, which is still the number one payment method in German shops - online and offline.
All the above mentioned banks offer a better service and some even free credit cards with unlimited worldwide withdrawals.
This is absolutely amazing. I say this as someone that's incredibly frustrated with the access my bank gives me to my account data.
Anyone have any idea why banks are so closed-minded regarding opening up their data via APIs? I suppose, now that I think about it, there are all sorts of regulation hoops that need to be jumped through. Something as simple as "a financial institution requires positive document identification of client to release bank statements", which sounds good on paper, but makes API-enabling an absolute legal nightmare.
Any commercial bank that is not totally useless will be able to give you access to payments, transactions and account statements. There are standards for this, for instance ISO 20022 (xml based) or older protocols used in the SWIFT network.
The banks will charge a fair amount for this though, and they will do it only for large customer and financial institutions. One reason is that it's one of the thing that they make money from in transactional banking.
One other reason is that it's technically challenging, both for a customer and the bank to set up a secure message interchange, and there is no standard for authenticating the messages, or the sender.(That I know of, that's reasonably sane.)
One other reason is that it's normally a lot of manual work to set up all this for a customer.
It's also expensive to devlop a solution for this. There are a lot of systems that handles different things - ledgers, payment systems, message brokers, authorisation systems, the actual internet banking system, etc. In any case, it's more than one system and it's complex.
That said; Fidor seems to have come a long way, and I know that other banks are also adding features like this to their internet banks.
Most commercial customers tend to view the transactional part of a bank (payments, accounts) as an "it service provider" and not as a "bank", so things like this will absolutely come, also to USA that seems to be a bit old fashioned in regards to banking.
> Anyone have any idea why banks are so closed-minded regarding opening up their data via APIs?
1. The data has a lot of value, you need to convince your bank that having a great API is worth more than more rigid control of your interaction (more to them, not to you).
2. As you say, regulatory/legal stuff can be a nightmare.
3. Most first-world banks' internal systems are a bit of a maze given they've been built up over 40 or more years. Making them work safely and sanely with letting anyone code apps against interfaces is not particularly trivial.
I've started building an app with Plaid and so far, it's amazing. Covers the major banks (similar to the original ApplePay banks), and has a beautiful API.
It's just sad that the banking infrastructure underneath is still the old legacy BS. Having to answer security questions or relay two-factor auth is insane. I yearn for the days when we can OAuth with our banks!
I used to be the VP of Engineering at Simple. We always wanted to release an API but weren't able to. They're working on a bunch of great stuff over there, but I hope they do release one someday.
I can no longer speak for them, but while I was there we were entirely focused on getting our core consumer online banking product right. We did not want to launch an API without properly supporting the community, and we didn't want to distract ourselves from executing on the core product. There were other complexities but it's not appropriate for me to say any more.
These libraries are screen scrapers with no security control. You can't make a read only version that prevents an attacker from using your API key to steal your money, for example.
I want to completely disclose Neocities financing, and lack of API for safely doing this has been a frustrating problem.
You would have to proxy the requests on your server, enforce read-only on your public facing API, and keep the token sever-side for talking to the bank?
Put varnish in front of your API to act as a caching layer and prevent anyone from causing your server to overload the bank API.
There is the age-old OFX which many banks and credit card companies do support. May not be quite as complete, but many functions are possible. Typically you need to enable OFX (sometimes wrongly labeled with Quicken nomenclature) and isn't always free. There are a bunch of libraries out there that work with the standard.
I'm not aware of any, but I've been wanting for exactly the same thing. It seems like it would be an interesting (albeit expensive) experiment to build an API-first bank. It would open up all sorts of interesting possibilities like an ecosystem of third-party clients to access your banking information.
We've built exactly this at here https://Holvi.com for business customers. We offer a full bank account replacement with integrated merchant account for online payments. A full API is in private beta at the moment. We are regulated as an authorised payment institution, and can currently service customers in all EU/EEA countries. Email toivotuo@holvi.com for access to the beta.
I'm working on http://teller.io/ for UK banks. The API supports read operations as well as write operations, e.g. making payments. I've integrated 5 banks now working on the 6th and planning to launch this month.
You can sign up but the only way to verify your account is via PostIdent. Afaik, that service isn't available anywhere except Germany, Austria and Switzerland.
I do realize that there is plenty of red tape in the world of banking, but it would be great to see a "disruptive" bank service on the net that's actually built for netizens.
As a customer I hope someone will start working on a native iOS app. Right now the Fidor app isn't updated very often and lacks a bit usability, even comparing it to a simple website wrapper like the Deutsche Bank app which actually works quite nicely and offers convenient features like TouchID sign in.
Among the supported banks you find the big players, such as Deutsche Bank, Postbank and DKB.
While Fidor has some modern features, such as social payments, they lack behind when it comes to day-to-day features:
Withdrawing cash, which is still very important in Germany, can only be done freely three times a month. After that you pay a rather hefty fee. Fidor also does not offer a Girokarte, which is still the number one payment method in German shops - online and offline.
All the above mentioned banks offer a better service and some even free credit cards with unlimited worldwide withdrawals.