Account Information Service (Multiple Access)

Summary

Account Information Service (AIS) allows importing data from the end-user account from any supported bank to your system. In order to do that, the user has to log in to a bank via our SignIn Widget. Upon successful login, the widget returns the session information needed to start the import via our API.

Multiple access lets you get the data up to 4 times a day for up to 6 months. To do that, following the initial user authorization, you will receive a token allowing you to refresh the data later.

Integration

To integrate AIS in the Multiple access mode into your process,process you will need to:

  1. Get API access
  2. Get your Client ID from Insight, generate API key(s) and whitelist your server(s)
  3. Embed our SignIn Widget on your website and set the accessMode parameter to MULTIPLE or MIXED*
  4. Configure other Widget parameters and handle necessary Widget callbacks
  5. Create a connection between your frontend and backend to pass session information from the Widget to your servers
  6. On your backend, integrate with the following endpoints:
    1. Default Import
    2. Get Import Result
    3. Reuse Multiple Access
    4. (optionally) Revoke Multiple Access Consent
  7. (optionally) Integrate with Analytical Services endpoints
  8. Save the data retrieved from our API to your servers

Sample process flow

  1. A user visits your website, fills out a form to start your process
  2. You assign ownerExternalId, a unique identifier to the user, and show the SignIn Widget to them
  3. The user goes through the bank authorization
  4. onSuccess callback is triggered - you can pass the received session information to the backend and redirect the user to the next step in your process
  5. Pass the multipleAccessId token, which you will receive if the user authorizes repeated access*
  6. At this point the user’s participation has ended, and you can inform them that they will be notified later about the result of the bank verification
  7. On the backend, you send a request to import the data with the session information to the Default Import endpoint
  8. You receive a command ID that you can now use to periodically (once every 2-5 seconds) ask for the import status via Get Import Result endpoint
  9. Once all data is imported, you will receive it in the response from the Get Import Result import alongside a “successful” status - you should now stop calling that endpoint and save the response with the data to your server
  10. (optionally) Make requests to our Analytical Services endpoints to fetch extra insights into the owner’s finances
  11. Inform the user about the status of the verification status or your decision regarding their application
  12. Next time you want to get more data, on your backend make a call to the Reuse Multiple Access endpoint using the multipleAccessId token, which will return a new session information
  13. Using that new session, repeat the points 6-10
  14. For each subsequent import, just repeat the points 12-13
  15. (optionally) When you no longer need the access to data or the user informs you that they have withdrawn their consent, you can make a request to the Revoke Multiple Access Consent endpoint using the multipleAccessId token

*Multiple and mixed modes

In case you don’t require repeated access to the bank data, but you prefer it, you can set the accessMode to MIXED.

If you do so, the user will see all banks that support both modes, but if a given bank doesn’t support Multiple Access, you will receive only one time access. In those instances you won’t receive a multipleAccessId via the onSuccess Widget callback.

The user can’t manually switch to the single access for banks that support both accesses.

MULTIPLE access mode might limit the number of available banks, but will guarantee that the consent given by the user is for repeated access to their data.

Token validity and billing

The multiple access tokens remain valid for up to 180 days. However, it’s possible that due to technical constraints posed by the banks, this period will be a bit shorter. The user may also withdraw their consent before this period ends.

Thus, you need to be prepared that at any moment a token can expire. In such a case, you will receive an InvalidMultipleAccessId error via API and will have to ask the user to log into their bank and grant the access again.

For billing purposes, each token is split into 30-day cycles. For each cycle that ends in a given month you pay a fee. You also pay a fee for every successful import that happened within those ended cycles.

Details about billing with an in-depth explanation can be found in this file (Polish version only).

Other information

For information about the bank coverage, data scope and best practices, please refer to the relevant sections in the Single Access article.

Documentation

For technical documentation, refer to our unified documentation that offers comprehensive support for customers integrating with AIS services, our PDF parser, and Data Analysis solutions. Discover detailed guidance on seamless integration with Kontomatik services and explore their full range of capabilities.

Open documentation
See documentation change log

Contact

Sales

Do you need help in explaining our products, costs, and cooperation?

Contact our Sales team
Technical Support

Do you have technical questions about our services or API integration?

Contact Support