Hacker Timesnew | past | comments | ask | show | jobs | submitlogin
Ask HN: EU Bank with Good API?
33 points by hknmtt on Jan 27, 2023 | hide | past | favorite | 69 comments
I am working on a service that connects buyers and sellers and will be doing plenty of pay-outs. The company is based in EU and EUR has been chosen as settling currency. I am therefore looking for an EU-base bank with good API to automate the necessary processes. So far, local banks are very bad in this regard. I looked at Wise and Revolut but they won't give me access to the sandbox environment to test and evaluate their APIs without signing up for paid business plan straight away, which is simply a no-go. Can you therefore recommend a bank with good API? By good I mean that it at least has a concept of idempotency and nonce and webhooks. I really don't need that much but the state of things is rotten.


In the EU we have a law (guideline) that banks need to implement PSD2.

https://www.dnb.nl/en/innovations-in-payments-and-banking/fi...

There are several companies who have build PSD2 api's and have contracts with all banks. For example in the Netherlands: https://bizcuit.nl/wat-is-psd2/

You could also register with a bank itself to connect to their PSD2 API. However I don't know the costs to obtain a license.


This^ Banks (based on their products/license) have to provide PSD2 APIs by law. Last time I checked (~3y ago) the quality of the implementations differed a lot so these aggregators made kinda sense to deal with the APIs details. Just think about the different MFA implementations banks are using. Another one for Germany is finapi.io


The API is named OpenBank, all SEPA area banks MUST have them, BUT unfortunately EU do not mandate public access to the API, only "approved institutions can use the API and some of course get approved and re-sell the API access at high prices to citizens...


We do have a law, but last I checked then in Estonia there was no way for a private person to do API based payments without later needing to log in to the website and signing the transactions manually with an ID card (i.e a smart card). Sad.


Most of these PSD2 aggregators have "Contact us" pricing. Last time I looked into it I couldn't find a provider accessible to retail customers who are only looking to access their own data.


They have to implement APIs but do they have to have reasonable costs and criteria for access? I doubt it.


> do they have to have reasonable [...] criteria for access?

Unfortunately, PSD2 is built on the model that only (expensively) certified middlemen are supposed to directly make use of the APIs provided by banks (definitively not for direct access by actual bank customers), so no, they don't…


Keep in mind that unless you have the right licenses you can't be in the money flow between buyers and sellers. Meaning buyers money can't go to your bank account and then you pay the sellers.

For this you should use stripe connect, adyen marketplace or payaut.


Why not? that restriction applies to financial services, not sale of goods. How do you think reselling works?


sorry missed to reply.

Yes you can resell but reselling is different than a marketplace. A food delivery service like Deliveroo is not selling the food, so they can't collect money on behalf of the restaurant. In theory same with amazon 3rd party seller, in this case amazon has a licensed.


Which licenses would that be? I understand that this pulls extra legal and commercial obligations but it's not clear that this requires a license.

For instance, this does not seem to be an e-money activity. I know Stripe's pitch for Connect says that they have an e-money license (and money transmitter licenses in the US but let's focus on Europe), but to me that does not imply that an e-money license is required for a marketplace.

Edit: Ah, the licensing requirements seem to stem from PSD2.

The problem with Stripe Connect is that unless you have volumes to negotiate the standard fees are very high. And of course those regulations effectively mean that they own your business...


Do you have details on this? What laws dictate this? I assume there's some criteria that qualifies a business as a marketplace where this becomes a restriction... All businesses receive money from buyers and pay suppliers on the other end but not all businesses need stripe connect.


It's from PSD2.

Yes everyone has suppliers but in a marketplace the seller is not a supplier of the platform. They are a supplier of the buyer. The marketplace is only facilitating the transaction.


That's the correct answer.


To connect directly to a European Bank's API you need to be PSD2 compliant, which costs about 100,000 EUR

You need a partner who is PSD2 compliant. Nordigen is the easiest to work with, but their API might not have all of the features you need.

If you only want to access your own accounts (not your clients accounts) then the rules might be different.


Client I'm working with decided to use Nordigen for retrieval of customer bank statement. As I'm a developer who's implementing a solution, I can say that so far their API seems to work pretty nice and is well documented.


Agreed, nordigen is amazing. One of my companies uses it. However they don't implement the full PDS2 API. The OP might need features that Nordigen don't support.


that is complete bullshit. all you need is a QWAC PSD2 certificate which costs around 150€ per year.


He's right though, to acquire a cert that a bank will accept you need to be an AISP [0] or a PISP (or both) [1]. In other words: you need a license from a regulatory body of one of the PSD2 countries

To talk to a bank's PSD2 API you often need /both/ a QWAC and a QSEALC cert. A QWAC cert is basically a normal TLS (client) cert with some PSD2 specific OIDs like the QC Statement (0.4.0.1862) [2] that a bank can use to identify who you are and which authority gave you a license (for AISP / PISP activities). The QSEALC is typically used to sign the http requests at the application level in the form of an extra http header (X-Signature or something similar).

The above is all moot though, if you just want to do payouts I recommend you stay far away from PSD2

[0] Account Information Service Provider = AISP; Payment Initiation Service Provider = PISP

[1] https://www.entrust.com/-/media/documentation/datasheets/qua...

[2] see 5.1 in here https://www.etsi.org/deliver/etsi_ts/119400_119499/119495/01...


i was wrong. my bank's documentation did not include this crucial detail so i had the impression that, at leas my bank, allows anyone with verified ssl certificate to access the api(which is quite basic anyway).


it costs just the (nominal) registration fee per country if you are classed as a "small payment institution" (less than 3m EUR transactions monthly)


How do you get classed as a "small payment institution" and what does that cost?


By meeting the criteria as mentioned. Application/registration fee varies by jurisdiction. e.g. Its free in Spain, it costs 500 GBP in UK. Other countries are somewhere between the two.

You can get more information from your local financial authority.


We use Mangopay (https://www.mangopay.com/) at $DAYJOB as a payment provider. They have a working API (in python at least) and a functionning sandbox environment.


looks like it might be a good payment gateway for me, which i am on the lookout as well. good fees and rich with features.


i tried to open an account but their ToS prohibit my business(not a porn) so quite similar to adyen.


Not sure whether https://www.solarisgroup.com/en/ works the way you need it.

Highjacking this topic: is anyone aware of a bank whose APIs I can use as a private customer? I just want to automatically pull in my transfers and balance and analyse it using jupyter notebooks. Would actually love to be able to use a CLI to transfer money, but that's even farther out. My banking app sucks.


>I just want to automatically pull in my transfers and balance and analyse it using jupyter notebooks.

You can try looking for a bank that lets you export OFX / QFX files. Those can be imported into gnucash, or processed any other way.

ofxget is a tool to download OFXes from a bunch of banks registered in their database, though it's volunteer-driven, so your bank might be in there but not actually work. Even if your bank does have an OFX endpoint, it might require you to a) use your actual bank creds instead of being able to create an automation token, and b) not have 2FA, for the same reason.

QFX in particular will probably be available if the bank supports Quicken's built-in feature for downloading that file from the desktop client, so you can use it to get the file directly instead.


Is PSD2 for companies only?

E.g. https://developers.erstegroup.com/docs/apis/bank.eboe

When I try to register as developer with Erste, there is an option to say that I want access to the APIs for personal projects. https://developers.erstegroup.com/register


> Is PSD2 for companies only?

Yes, that's my understanding – banks are only required to grant access to certified entities. As a regular customer (which includes regular businesses, too, not just just natural persons), you're then supposed to make use of one of those certified entities as a middleman for accessing the APIs.

Maybe some banks extend API access to regular customers, too, but that's entirely voluntarily and not mandated by PSD2.


Oh, will try with some banks. Thanks.


Monzo in the UK has a solid read API that you can use for your own account: https://docs.monzo.com/#introduction


Thanks, but with the UK leaving the EU, it's even harder to have an account with them. Should have mentioned that I'm located in Germany.


In Germany some banks continue offering the old FinTS API, which from the customer point of view is what PSD2 should have been (i.e. not necessarily referring to the technical implementation details of the API, but the fact that it gives more or less full access to everything you can do with your bank account, and that it is directly useable by regular customers, too).

After a quick search I found this list of banks, though no idea on how current or complete that list is: https://subsembly.com/banken.html


Hey, I've worked on integrations with a whole range of banks across Europe, and I will say that all the sandboxes are dreadful and out of date and banks won't give you access to anything near production unless you have an account with them. For business/corporate accounts you can integrate directly with the banks own premium/treasury APIs, in which case you generally won't need PSD2 certificates, however it does depend on the appetite of the risk department of the bank. Of the requirements you're looking for, webhooks are not that common yet. This is mainly because it wasn't within the scope of PSD2. Banks are starting to implement this though as a premium feature.

If you want more detail I can give you an overview of what you need to know - sounds like we might be able to help here at Payable.


ING seems to have excellent resources for this. I'll link their developer portal below. They do also offer CLI and SDKs and a somewhat extensive documentation.

https://developer.ing.com/openbanking/home


Most of the banks have a basic PSD2 API implementation just to stick with the regulation. But there are many open banking providers, i've used https://www.aiia.eu/ they were really good and also had better DX


Been on a similar search for a while. Looks like the PSD2 directive is really only a suggestion to EU banks. Sadly.

Maybe https://tink.com/ has a product you can use?


N26 is PSD2 compliant [1] and they seem to have a sandbox available [2]. I can't speak to the dev experience but I like them as a customer.

[1]: https://support.n26.com/en-eu/security/open-banking-psd2/psd...

[2]: https://github.com/n26/psd2-tpp-docs/blob/main/doc/sandbox.m...


As a customer who has managed to fall in between cracks quite a few times. I would say N26 customer service needs some serious work.

At one point they literally lost some of my money and then said it was returned but I wouldn't be able to see a transaction for it because there wasn't one. That is probably the worst but other times have seen me on the phone arguing about stuff that really shouldn't need arguing about.


PSD2 requires a business and a very expensive license to operate. It's unfortunately not something that retail customers can get direct access to.


TransferWise (now Wise): https://api-docs.transferwise.com/#wise-platform-api


The author stated that Wise wasn't giving them sandbox access before signing up for a business plan which ruled them out.


Perhaps I am cynical, but I think it's just a matter of time until businesses will require to connect to your bank accounts whenever you want the simplest thing from them.


https://beta.doc.bunq.com/basics/sandbox


Nordea could be one:

1. https://www.nordea.fi/en/business/our-services/mobile-online...

2. https://developer.nordeaopenbanking.com/


Another, but more Finnish bank OP financial group:

1. https://op-developer.fi/


https://doc.bunq.com

I haven't used it, but they are a tech bank.


I am using it, and I find it provides good services overall. Much more flexible than traditional banks. I contacted the customer service once and it responded.

I have not used the API, but I looked at it at some point and it seemed capable of doing what you could do in the official app.


https://www.bunq.com/about-us

When I see a webpage like this, I immediately close the tab and get away. No business with them.


Well, you can't have it both ways. Banks that follow the standard "we are a respectable organization of respectable managers" image rarely allow people a look into their systems.

Disclaimer: I'm a bunq customer, both for business and for private purposes. Smoothest experience I have ever had with a financial organization. Stuff "just works" and is hassle free.


I assume you’re talking about the “pride flags”? Those are just the bank’s colors.


> On a mission to make life easy

F*k them and the wagon they rolled in on, I want life on hard mode. (/s)


https://clearjunction.com/ offers pretty decent APIs and the features you described. Virtual bank accounts, per-customer deposit vaults, payouts, payins, webhooks and so on... They've been fairly reliable over the years.


Would Stripe's Connect work for you? They have all the tools for setting up a platform that onboards merchants, takes payments on their behalf and pays them out. You can sign up and use the sandbox for free, and only pay when you process transactions.


No, I am never going to trust an American company with my finances. That includes BrainTree, former EU equivalent to Stripe, owned by PayPal.


You could try Modern Treasury and outsource the API requirements.

https://www.moderntreasury.com/products/payments


Fabrick is exactly what you need, an open bank API https://www.fabrick.com/

but probably it's not going to be cheap.


Very funny that we have PSD2 yet almost no one can actually use it


It's not funny, it's an indictment of how slow and reactionary the banking sector is. Every EU country should have put PSD2 into their national law 3 years ago; I can't check but I expect they did so.

This means any issue with rollout and access is not on legislators, but on banking businesses who simply don't care about partners and customers, because they feel untouchable.

A few months ago there was an EU consultation on the impact of PSD2, precisely to address lags in implementations and possible improvements to the directive.


FIO Bank

https://www.fio.cz/bank-services/internetbanking-api


that is my current bank. but they do not have a concept of nonce. at least not in their "simple" api. am researching their open banking api at the moment but as far, as i know the bank quite well, i dobut it will work as needed because they are a MVP bank. bare minimum.


Look into https://www.railsr.com/ (formerly Railsbank)


based on their api docs they have only transfers between their own accounts = useless.


Hmm. I signed up for Revolut business sandbox api recently and it didn’t ask me to pay first. I could use the api etc. Did they change?


Maybe looking for a dedicated payout service might work in this regard. Companies like Adyen have Payout APIs


yes, that is possibility. but not with adyen, their ToS do not supprot my business(not, it is not porn).


https://www.fidor.de/


Fidor has been pretty good for the fintech space back in early 2010s




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: