This API looks really shiny and well documented, kudos!
Do you only screen scrape or have backend/backoffice/negotiated integrations with various banks? How do you deal with enduser bank credential storage (both technically and legally when dealing with bank ToS)?
Also, in your experience, have any standards like OFX actually achieved critical mass for adoption amongst banks, and has that made your team's lives any easier?
For the top 14 banks we work closely with the banks to build connections - however for the smaller and mid-size banks we work and connect with a variety of vendors that serve those banks.
I personally sit on the OFX consortium (and a couple other financial standards committees) and I'm not overly bullish. I'll just leave this link here.... https://xkcd.com/927/
That XKCD strip is very true for financial standards. :(
I think you missed a question (unless it was intentional :), but how do you deal with enduser bank credential storage (both technically and legally when dealing with bank ToS)?
For example, on the technical side, do you store the credentials themselves or just session tokens/cookies?
I believe some of the data aggregation is done by reverse engineering APIs of mobile banking apps. You can easily do that by setting up MITM proxy to intercept requests. In some cases, you may need to decompile app binaries to decipher password encryption algorithms.
Do you only screen scrape or have backend/backoffice/negotiated integrations with various banks? How do you deal with enduser bank credential storage (both technically and legally when dealing with bank ToS)?
Also, in your experience, have any standards like OFX actually achieved critical mass for adoption amongst banks, and has that made your team's lives any easier?