What can the product do?

This product provides temporary, asynchronous access to the account data of a bank account with the aim of receiving or retrieving an electronic account statement in order to be able to use this data in a PFM tool, for example. The focus here is on the bank customer, since several bank details can be combined under one bank customer. As part of the synchronization, repeated access to the bank data takes place via a login in online banking. The various synchronization variants are described in more detail below. In summary, this product supports multiple queries of account transactions without requiring the account holder to log in again.


What happens?

Various functions within our API are available to the provider for creation, administration and use, which are described in more detail below. In this context, a distinction is made between the bank customer, an access token, the bank details and the bank account.


Bank customer: Is a person under whom one or more bank details are grouped.


Access token: The access token is a special API key that can only query the data of a bank customer. This can be used, for example, directly on mobile devices.


Bank details: This is the login to a bank. Several bank details can be assigned to each bank customer.


Bank account: Within a bank account there can be several bank accounts, each containing information about the account and the turnover.


The typical procedure is as follows:


  1. Create bank customer via API
  2. Installation access token via API
  3. Creation of bank details using the API
  4. Interaction of the bank customer via the wizard (login to online banking and authorization for revolving accesses, which can then take place without logging in again).
  5. Retrieval of the results for the respective bank account


What steps are included?


The following features are currently supported:


Bank customers - You can use the API to create, query (individually and as a list) and delete bank customers. The associated access tokens can also be created, queried (individually and as a list) and deleted. In addition, the validity of these can be extended via the API. By default, a token is valid for 1 hour, but this can also be changed using the API.


Bank details - Using the API, bank details of a bank customer can be created, queried (individually and as a list) and deleted. Each new bank account creation requires an interaction (bank selection and login) of the end customer. The end customer is guided through the process. A special JavaScript widget or wizard API is available for the integration of this process. In addition, a created bank account can be synchronized, i.e. the current data (account information and turnover) for the accounts within this bank account are read out via the respective bank and stored in the system.


Bank account - Using the API, bank accounts of a bank customer can be queried (individually and as a list) and account information and turnovers of a bank account can be queried. In addition, the API can be used to mark all previous bank account transactions as "seen". Here the turnovers can be filtered after a period. Which data as actual result to account information and turnovers in the detail can be supplied maximally, can be seen here: https://docs.fintecsystems.com/swagger/#tag/XS2A.api.accounts


Synchronization variants - Three variants are distinguished with regard to synchronization:


  1. The credentials are encrypted and stored on the server side of the system. Synchronization takes place automatically once a day.
  2. The credentials are encrypted, shared and one part is stored in the FTS system; the second part is stored in the provider's system. When called by the provider's system, the provider is transferred so that the cipher can be decrypted. The bank account is then accessed.
  3. There is no automatic synchronization. Each access requires an interaction with the end customer.

Certain events (new bank account, new sales, incorrect synchronization) that may occur during synchronization are notified via Webhook. If repeated errors occur, the corresponding bank details are deactivated.