The snazzy writeup suggests loads of people are involved but the project has a pretty low number of contributors. Is this the whole organisation or a subset of people doing some work relating to the concept.
The idea of a common API is really fantastic mind you.
Hi Folks, Simon here from the Open Bank Project. We're based in Berlin but were involved from the early stages in the report published by the UK Treasury. We put up the sandbox to get feedback on the APIs etc. Guess we have some high load on one of our servers at the moment! Feel free to ask any questions. (AMA??)
While I wait for the pages to load...
Any fintechs (or other) actually planning on implementing this API?
What is the relationship like with the industry? (Is there feedback being implemented in the API?)
More information would help. There seems to be interest around the world to change/modernize the financial industry for consumers.
Thanks for taking questions.
Finally loaded. Here is the blurb from their website:
UK Open Banking
A demo of Open Banking APIs in the UK
In February 2016, a group of experts from the banking, FinTech, security and open data communities published a framework to deliver an open standard for Application Programming Interfaces (APIs) for UK banks. This work, led by HM Treasury, aims to increase competition and innovation in and around banking to improve outcomes for customers and thus further support the UK’s world-leading FinTech industry.
The European Union is rapidly advancing legislation (PSD2) that will, upon implementation in the next two years, require banks in the EU to open their payment and transaction systems to certified third parties. This is a good moment for the UK to take a leadership role and influence the EU and beyond.
We took this opportunity to reveal the first Open Banking API sandbox specificaly targeted at supporting discussion around the UK Open Banking standard. The sandbox we are showing today provides a selection of API calls relevant to the UK Open Banking Standards report. Feel free to explore the calls. We believe our technology gives the UK a tremendous headstart and access to a vibrant Fintech developer community.
I just gave them my email address and was taken through to Mailchimp, where their address is given as being in Berlin! Strange that this is supposed to be led by HM Treasury.
The report sets out a framework rather than a specification at this point. It talks about a phased approach starting with open data (e.g. branches, products) then transaction history and then write (e.g. payment) options. PSD2 from the EU might well influence the operations supported first.
The report was commissioned by the government and delivered by a private company Open Data Institute Limited. This sandbox is from another private company Open Bank Project aka Tesobe.
I've been dreaming of a standardized banking API for as long as I've been using online banking. It crushes my soul every time Mint makes me send them my actual log in credentials just to scrape transaction data. Really hope this catches on, but I think too many orgs have a vested interest in being the gate-keepers of your banking data.
If you're in the UK and want a banking API (including payments and transfers), I'm building http://teller.io/. It's been in private beta about 2.5 months and access will be opening more broadly soon. I couldn't wait for banks to get themselves into gear so I reverse engineered all of their mobile apps, took their private APIs and expose a single unified API through Teller.
So far the RBS banks, e.g. Natwest are in prod. If you bank with them, want super early access, understand it's beta product and will give some feedback: sg <> @ <> teller.io
They do pin certs. I don't disable pinning, I quite like the protection it gives me. I actually inject code at runtime to observe and modify behaviour.
It's not against their TOS for me as a customer to reverse engineer their mobile clients (AFAIK), it is against their TOS for you as a bank customer to give Teller any authentication details. This is nothing new, the incumbent aggregator Yodlee also causes users to violate the bank TOS in this way. But aggregators solve such a pain point that users are prepared to use these services.
Every UK bank is aware of Teller, even ones I have not interacted with directly. I've been up to Edinburgh and to the RBS London offices a bunch of times, I know them well. I hope to work with the banks and not against them.
Stevie gave me access a few weeks ago, I'm working on a product on top of Teller. What he's working on is really exciting and enables developers to build all kinds of apps they couldn't do previously.
Aren't there terms of service that prohibit you from reverse engineering their software and profiting from it? I want to build a mobile app on top of a private reverse engineered API and my lawyer says it could jeopardize my LLC's assets if we get sued
"...require banks in the EU to open their payment and transaction systems to certified third parties"
Does anyone know if this will mean that average Joe can't just write a script to access his account, because he isn't a "certified third party"?
48 comments
[ 5.9 ms ] story [ 105 ms ] threadThe snazzy writeup suggests loads of people are involved but the project has a pretty low number of contributors. Is this the whole organisation or a subset of people doing some work relating to the concept.
The idea of a common API is really fantastic mind you.
More information would help. There seems to be interest around the world to change/modernize the financial industry for consumers. Thanks for taking questions.
UK Open Banking
A demo of Open Banking APIs in the UK
In February 2016, a group of experts from the banking, FinTech, security and open data communities published a framework to deliver an open standard for Application Programming Interfaces (APIs) for UK banks. This work, led by HM Treasury, aims to increase competition and innovation in and around banking to improve outcomes for customers and thus further support the UK’s world-leading FinTech industry.
The European Union is rapidly advancing legislation (PSD2) that will, upon implementation in the next two years, require banks in the EU to open their payment and transaction systems to certified third parties. This is a good moment for the UK to take a leadership role and influence the EU and beyond.
We took this opportunity to reveal the first Open Banking API sandbox specificaly targeted at supporting discussion around the UK Open Banking standard. The sandbox we are showing today provides a selection of API calls relevant to the UK Open Banking Standards report. Feel free to explore the calls. We believe our technology gives the UK a tremendous headstart and access to a vibrant Fintech developer community.
Click below and enjoy!
Github: https://github.com/OpenBankProject/OBP-API/
API Documentation: https://github.com/OpenBankProject/OBP-API/wiki
API Explorer: https://uk-apiexplorer.openbankproject.com
Also what type of operations are intended to be supported (read/write?)
Some news coverage here:
http://www.theguardian.com/money/2015/jun/29/digital-banking...
http://www.thememo.com/2015/06/25/meet-mondo-the-app-thats-g...
http://techcrunch.com/2015/05/24/mondo/
http://www.bloomberg.com/news/articles/2015-08-18/mondo-s-ce...
They are launching soon and will have an API: https://getmondo.co.uk/docs/
Some news coverage here: http://www.theguardian.com/money/2015/jun/29/digital-banking... http://www.thememo.com/2015/06/25/meet-mondo-the-app-thats-g... http://techcrunch.com/2015/05/24/mondo/ http://www.bloomberg.com/news/articles/2015-08-18/mondo-s-ce...
Here is a video of me cURL-ing my bank account yesterday: https://www.youtube.com/watch?v=wwWccFD0wv8
Here is a CLI one of my beta testers @sebinsua/@nouswaves made for his bank account: https://github.com/sebinsua/teller-cli
So far the RBS banks, e.g. Natwest are in prod. If you bank with them, want super early access, understand it's beta product and will give some feedback: sg <> @ <> teller.io
* find the certificate file in the app and replace it with your own.
* hook the function that verifies the certificate and make it return true.
Every UK bank is aware of Teller, even ones I have not interacted with directly. I've been up to Edinburgh and to the RBS London offices a bunch of times, I know them well. I hope to work with the banks and not against them.
I'd be curious about security as few of the URLs here shed any light on the topic and from my experience it often is rather INsecurity circus.
I'm somewhat impressed though - I was defeated by certificate pinning on one UK bank's mobile app. How did you get round that?
I don't disable PKI pinning. I inject code at runtime to observe and change behaviour.