Why is there no OpenBanking API for personal use?
api money openbanking · 16 comments · 600 words · read ~348 times.
The recent news that MoneyDashboard is suddenly shutting down has exposed a gap in the way OpenBanking works. It is simply impossible for a user to get read-only access to their own data without using an aggregator. And there are very few aggregators around.
Why is it impossible for me to get programmatic access to my own data?
There are two interlinked reasons which I'd like to discuss.
Background
OpenBanking is a brilliant idea encoded in an excellent standard wrapped in some very complex processes and with some rather unfair limitations.
OpenBanking presents a standardised API to allow read and write access to a financial account. So I could give a smartphone app read-only access to my credit card and let it automatically tell me when I've spent more than £50 on sausage rolls this week. Or I could add all my bank accounts to one service which would let me see my net worth. Or any of a hundred ideas.
I could also connect my accounts in such a way that when Bank Account A drop below £100, an OpenBanking API request is sent to Bank Account B to transfer some money to A.
Nifty!
Access
But here's the first problem. The only way you can get access to a bank's API is if you have a licence. And you only get a licence if you're a financial institution who can prove that they have robust security controls. Which means that individuals have to go through an aggregator. Or, in OpenBanking terms, an "Account Information Service Provider".
Some OpenBanking providers will let individuals play in a "sandbox" to test out the API. There are no real accounts and no real money, it's just a way to test how the API works.
I can see why that makes sense for write access. You don't want a user's unpatched Raspberry Pi suddenly sending all their money to Russia.
And I can see why that makes sense for organisations which deal with data from multiple people. One leak and everyone is exposed.
But I'm not convinced that it makes sense to deny an individual read-only API access to their own account. Sure, I might accidentally leak my own data - but the same risk exists if I download a PDF statement from my bank.
Coverage
The second problem is that not every OpenBanking consumer will talk to every OpenBanking provider.
For example, I have an account with Coventry Building society. They have an OpenBanking API which no one uses! They're not the largest financial institution in the UK, but have a fair few customers. And yet all the OpenBanking apps refuse to work with it.
So even if I did find an aggregator with an API, it may not work with all my financial institutions.
What's next?
As much as I love using someone else's website or app, sometimes there's nothing better than writing something bespoke.
I was using MoneyDashboard as an unofficial API. I gave them read-only access to my accounts and then piggybacked off their API. But that's now closed.
Similarly, I was using Moneyed - which offered a personal OpenBanking API - but that shut down as well.
And now I can't find anything.
If you know of an Account Information Service Provider which provides read-only API access to connected accounts, please let me know!
Free Open Banking API using Nordigen / GoCardless
Converting MoneyDashboard's export file to a CSV - for Firefly III and others
ive also been looking for something. I stumbled upon https://docs.moneyhubenterprise.com/docs/introduction
i haven't looked in depth, and there's no info on how to switch from a 'test' to 'regular' user so you can access your own accounts.
@edent says:
The CEO of MoneyHub says it is only for businesses - https://www.reddit.com/r/UKPersonalFinance/comments/16yoyxp/comment/k3epzv7/?context=3
Yeah I just got the same reply from their support team: “ Unfortunately we do not currently provide access for personal use”
I know Monzo have an API which allows access to your own account (or a few users) -https://docs.monzo.com . It's not Open Banking (although they do support OpenBanking on Plus and Premium accounts - you can view your Monzo account in many other apps and vice versa - I've got nearly all of my accounts showing up in Monzo: including, via my credit report, my mortgage). The "developer API" doesn't show any OpenBanking integrated accounts though so as a "work around aggregator API" it won't be a good option.
@Edent I was once very interested in this when I was sick of entering every transaction I had in GnuCash by CSV monthly but I gave up trying to overcome these half baked implementations of APIs. I guess this is a case where banks know who their real customers are.
@Edent
Yep, I can't see any good reason not to allow direct api access from a customer system to their personal bank data. It's directly equivalent to using the web interface that undoubtedly already exists. Sure there is a slight variation in attack surface, but that's not particularly hard to adjust to. I suspect the issue is who gets the blame for the inevitable breach from someone's poorly secured SBC. Even then, contract law can make demarcation clear enough... 🤷♂️
Dave says:
Nordigen, now owned by GoCardless give you 50 accounts for free
I investigated this while at Capital One (a couple of years ago) and the main reason was that banks would still be liable for any data leakage that the third party (or in this case you the user whose data it is) would perform, so to make it a little(?) safer it'd be easier to restrict it.
Agreed it's a sucky situation for folks who want their data and could accidentally leak PDFs with the same result 🤷🏽♂️
Also as someone who's implemented Open Banking on both consumer and service provider, it's not necessarily something I'd expect lots of folks to enjoy doing themselves 😂
@edent says:
"We do these things not because they are easy, but because
we thought they would be easythey are hard!"@Edent Well that’s bloody annoying. Money DB was pretty good. Their closing down notice points users to Snoop as an alternative. If you find something better, be sure to let us great unwashed know.
@blog There's Mint, but that's not just an API.
@Edent do you know why the Coventry api isn't used? Assume no-one has bothered to integrate with it, or jump through hoops to get access?
@ldodds I spoke to Cov last year. Apparently all the focus is on bigger names. Once you've got HSBC, Barclays, NatWest etc you've covered 90% of the population.
@Edent Here in Germany you even need to have a BaFin (Federal Financial Supervisory Authority) license to built anything related to accessing bank account data…
@Edent This is such a pet peeve of mine. The banks deserve everything that is coming.
@minbzk zorg nou eens op landelijk of Europees niveau dat ik op een normale, gemakkelijke manier bij mijn EIGEN data kan.
https://api.ynab.com/
You have to pay £90 a year for their budgeting software (which I’ve used and is pretty good once you get the hang of it)
More comments on Mastodon.