Why Accessing Bank APIs Directly Is So Hard and What Developers Do Instead
Connecting directly to a bank's API in the EU or UK requires an eIDAS Qualified Certificate (QWAC), which costs between €2,000 and €10,000 annually and can take months to obtain through regulatory channels. Beyond the certificate hurdle, every bank interaction also demands an OAuth 2.0 Authorization Code flow with Strong Customer Authentication, where users must verify their identity via 2FA before granting data access. Even after clearing those two barriers, developers face a fragmented landscape of incompatible response formats, pagination schemes, and error structures across different banks. To avoid this complexity, most teams turn to aggregator services such as Plaid, Tink, or TrueLayer, which hold the required certificates, manage consent flows, and expose a single unified API. A newer tier of certificate-free aggregators simplifies onboarding further by offering usage-based bearer-token access with no enterprise contracts or minimum volume requirements.
This is an AI-generated summary. ShortSingh links to the original source for the complete article.
Discussion (0)
Log in to join the discussion and vote.
Log in