41

I wasn't sure where to ask this, so please feel free to direct me to a different community if there's a good one for this question.

Are there any US banks that allow their clients programmatic access to their own data? As far as I'm aware, that's not really a thing in the US, but I might be willing to switch banks if there are any that provide access.

all 21 comments
sorted by: hot top controversial new old
[-] krayj@sh.itjust.works 12 points 1 year ago* (last edited 1 year ago)

Many 3rd party services such as "Mint Financial" (part of Intuit) offer the ability to connect to a vast number of US banking and financial institutions to ingest your transaction information as it happens, so I assume there must be APIs they are using for it. The number of institutions they support is greater than the number of institutions they don't.

[-] SomeoneSomewhere@lemmy.nz 5 points 1 year ago

Unfortunately, my understanding is that they mostly use screen-scraping.

Giving your account username/password to anyone but your bank is usually a breach of ToS, and they can use it to deny you compensation if something goes wrong and someone cleans out your bank account using internet banking.

They also get to datamine everything.

[-] ritswd@lemmy.world 8 points 1 year ago

Mint uses an OAuth token (I think through Plaid). This is not the same thing as sharing a username/password, and is authorized by your bank, since they provide the OAuth flow; otherwise OAuth wouldn’t work in the first place.

[-] Falmarri@lemmy.world 1 points 1 year ago

Fyi plaid does screen scraping to get a lot of their data. At least they did 6 years ago or so when I worked in the sector

[-] Chozo@kbin.social 6 points 1 year ago

I believe Mint uses Plaid's API and a login token from your bank to connect to your account; they're not doing web scraping or actually logging in with your account credentials.

[-] amos@lemmy.world 9 points 1 year ago

Plaid just settled a $58 million class action lawsuit for a) collecting people's usernames and passwords then b) scraping their transaction history without their consent and selling it to data brokers.

From the complaint:

  1. First, Plaid induces consumers to hand over their private bank login credentials to Plaid by making it appear those credentials are being communicated directly to consumers’ banks. Consumers are informed the connection is “private” and “secure,” and their banking credentials will “never be made accessible” to the app. They are then directed to a login screen that looks like it is coming from their bank, complete with the bank’s logo and branding. In reality, however, though Plaid does not disclose this, the login screen is created by, controlled by, and connected to Plaid. Plaid executives have acknowledged this process was “optimized” to increase “user conversions”—in other words, to provide a false sense of comfort to consumers by concealing Plaid’s role as an unaffiliated third party.
  1. Second, Plaid uses consumers’ login credentials to obtain direct and full access to consumers’ personal financial banking information for Plaid’s own commercial purposes wholly unrelated to consumers’ use of the apps. For each consumer, Plaid downloads years’ worth of transaction history for every single account they have connected to that bank (such as checking, savings, credit card, and brokerage accounts), regardless of whether the data in any of the accounts bears any relationship to the app for which the consumer signed up. Thus, a consumer who makes a single mobile payment on an app from a checking account unwittingly gives Plaid years’ worth of private, granular financial information from every account the consumer maintains with the bank, including accounts maintained for others such as relatives and children. To date, Plaid has amassed this trove of data from over 200 million distinct financial accounts.
  1. Plaid exploits its ill-gotten information in a variety of ways, including marketing the data to its app customers, analyzing the data to derive insights into consumer behavior, and, most recently, selling its collection of data to Visa as part of a multi-billion dollar acquisition. Plaid has unfairly benefited from the personal information of millions of Americans and wrongfully intruded upon their private financial affairs.
[-] chris@programming.dev 5 points 1 year ago

I, too, looked high and low for this. Switching credit unions every year or so when they’d stop offering access. I finally gave up and started using Plaid. They grab all transactions from all my various accounts for $2.16/mo and shove them into Moneydance. Not what you asked for, but it works.

[-] TheButtonJustSpins@infosec.pub 4 points 1 year ago

I'm currently having my accounts send me alerts on as many transactions as possible and then programmatically reading them from my email. It works, basically, but it's not perfect.

[-] chris@programming.dev 2 points 1 year ago

I do that too, but it is nice to not have to retype everything. For $2, well worth it.

[-] gorysubparbagel@lemmy.world 4 points 1 year ago* (last edited 1 year ago)

Some banks support the open financial exchange (OFX) protocol for fetching information: https://en.m.wikipedia.org/wiki/Open_Financial_Exchange

https://financialdataexchange.org/FDX/About/OFX-Work-Group.aspx?WebsiteKey=deae9d6d-1a7a-457b-a678-8a5517f8a474&hkey=f6ef5a03-c596-49a4-a89a-3f368e1ee43f&a315d1c24e44=2#a315d1c24e44

This is a list of some of the banks that are known to support it and their connection information from GnuCash, but it might be out if date:

https://wiki.gnucash.org/wiki/Talk:Setting_up_OFXDirectConnect

[-] partial_accumen@lemmy.world 4 points 1 year ago

I'm hoping someone gives you a better answer, but in case no one does, here's one potential path depending on how much work you're willing to put into it.

For decades there has been a Personal Finance software package call Quicken. Even before online banking existed, Quicken offered a way for banks to export transaction and balance data for people to manage their finances. Rich online banking came along and largely negated this need for most folks, but the Quicken links and exports were already implemented in thousands of banks across the USA. Now, I imagine some have given up supporting Quicken exports, but a quick Google search shows there are Quicken users doing exports even today in 2023, so apparently its still a thing.

So to programmatic access:

I don't know of any banks that have a straight up REST API you can hit, but with Quicken the linkage is there for exports you'd just have to wrap your own controls around it. Here's one conversation about some advance end users (not programmers) doing basic automation. In one search I saw some references to some python packages, so maybe that's path less kludgy.

[-] TheButtonJustSpins@infosec.pub 2 points 1 year ago

It looks like that's all about using browser automation to record the clicks needed to log into accounts and export the files? If Quicken could pull information directly, that would be better. It looks like Chase, for example, ended its OFX access last year. :/

[-] max@feddit.nl 4 points 1 year ago

My bank, bunq, allows that. I do remember people talking about using it as a US citizen. Might be worth looking into.

[-] TheButtonJustSpins@infosec.pub 4 points 1 year ago* (last edited 1 year ago)

This looks really cool. Just spent a bunch of time looking into it and finally found this, though:

All personal plans are available in Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Lichtenstein, Luxembourg, Malta, the Netherlands, Norway, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden, Ukraine.

Doesn't look like it's available in the US.

Edit: Looks like they're working on coming to the US, though! https://www.bunq.com/us

Signing up for updates. Thanks for the heads up!

[-] max@feddit.nl 4 points 1 year ago

Doesn’t look like it’s available in the US.

That's a bummer. Hoping for you they get at it soon, though. I for one love it, since I barely have to move around money anymore between my different budgeting piggy banks anymore. It's all automatic :D

[-] fuser@quex.cc 3 points 1 year ago

what are you looking to do? I don't know of any consumer bank APIs but most equity and exchange brokerages will let you check account balances and make trades with an API key and credentials. Probably not initiate payments or transfers though. There are too many security risks involved for allowing that via a consumer-level API. There are also tools like Mint that store your credentials and can presumably access your data because they have corporate level agreements with the Financial institutions - I haven't used that and would not normally recommend a corporate-based solution like that personally, but it might work for your needs.

[-] TheButtonJustSpins@infosec.pub 6 points 1 year ago

I explicitly don't want to provide full banking credentials to third parties.

I'd like to get transactions to import into my budgeting app (Actual).

[-] fuser@quex.cc 2 points 1 year ago

I don't blame you re the third party - I wouldn't either. I generally download a transaction file periodically and import it locally using the app. I think you're going to find it difficult to find an API that will allow little people access, even though they are obviously happy to offer that to the big companies. Some of the brokerages have checking accounts and it might be possible to pull the transaction data via the brokers API (maybe), but whichever way you look at it, I suspect the most pragmatic solution is probably going to be a download/import of some kind.

[-] TheButtonJustSpins@infosec.pub 3 points 1 year ago

I haven't seen a way to pull from, for example, Fidelity or Vanguard.

I'm hoping some forward-thinking online bank is going to come along and offer clients readonly access to their own financial information. It seems like such a simple and logical thing, and yet nobody does it.

this post was submitted on 13 Aug 2023
41 points (93.6% liked)

No Stupid Questions

35806 readers
224 users here now

No such thing. Ask away!

!nostupidquestions is a community dedicated to being helpful and answering each others' questions on various topics.

The rules for posting and commenting, besides the rules defined here for lemmy.world, are as follows:

Rules (interactive)


Rule 1- All posts must be legitimate questions. All post titles must include a question.

All posts must be legitimate questions, and all post titles must include a question. Questions that are joke or trolling questions, memes, song lyrics as title, etc. are not allowed here. See Rule 6 for all exceptions.



Rule 2- Your question subject cannot be illegal or NSFW material.

Your question subject cannot be illegal or NSFW material. You will be warned first, banned second.



Rule 3- Do not seek mental, medical and professional help here.

Do not seek mental, medical and professional help here. Breaking this rule will not get you or your post removed, but it will put you at risk, and possibly in danger.



Rule 4- No self promotion or upvote-farming of any kind.

That's it.



Rule 5- No baiting or sealioning or promoting an agenda.

Questions which, instead of being of an innocuous nature, are specifically intended (based on reports and in the opinion of our crack moderation team) to bait users into ideological wars on charged political topics will be removed and the authors warned - or banned - depending on severity.



Rule 6- Regarding META posts and joke questions.

Provided it is about the community itself, you may post non-question posts using the [META] tag on your post title.

On fridays, you are allowed to post meme and troll questions, on the condition that it's in text format only, and conforms with our other rules. These posts MUST include the [NSQ Friday] tag in their title.

If you post a serious question on friday and are looking only for legitimate answers, then please include the [Serious] tag on your post. Irrelevant replies will then be removed by moderators.



Rule 7- You can't intentionally annoy, mock, or harass other members.

If you intentionally annoy, mock, harass, or discriminate against any individual member, you will be removed.

Likewise, if you are a member, sympathiser or a resemblant of a movement that is known to largely hate, mock, discriminate against, and/or want to take lives of a group of people, and you were provably vocal about your hate, then you will be banned on sight.



Rule 8- All comments should try to stay relevant to their parent content.



Rule 9- Reposts from other platforms are not allowed.

Let everyone have their own content.



Rule 10- Majority of bots aren't allowed to participate here.



Credits

Our breathtaking icon was bestowed upon us by @Cevilia!

The greatest banner of all time: by @TheOneWithTheHair!

founded 1 year ago
MODERATORS