Account Information Service (Multiple Access)

Summary

Account Information Service (AIS) allows importing data from the end-user account from any supported bank to your system. In order to do that, the user has to log in to a bank via our SignIn Flow. Upon successful login, the Kontomatik returns the session information needed to start the import via our API.

Multiple access lets you get the data up to 4 times a day for up to 6 months. To do that, following the initial user authorization, you will receive a token allowing you to refresh the data later.

Integration

To integrate AIS in the Multiple access mode into your process,process you will need to:

  1. Get API access
  2. Get your Client ID from Insight, generate API key(s) and whitelist your server(s)
  3. Embed our SignIn Widget or implement the SignIn Redirection on your website and set the accessMode parameter to MULTIPLE or MIXED*
  4. Configure other SignIn Flow parameters and handle necessary callbacks
  5. Depending on your chosen SignIn version
    1. Create a connection between your frontend and backend to pass session information from the SignIn Widget to your servers
    2. Integrate with Redirection status endpoint to get to pass session information
  6. On your backend, integrate with the following endpoints:
    1. Default Import
    2. Get Import Result
    3. Reuse Multiple Access
    4. (optionally) Revoke Multiple Access Consent
  7. (optionally) Integrate with Analytical Services endpoints
  8. Save the data retrieved from our API to your servers

Sample process flow

  1. A user visits your website, fills out a form to start your process
  2. You assign ownerExternalId, a unique identifier to the user, and show the SignIn Widget to them
  3. The user goes through the bank authorization
  4. onSuccess callback is triggered - you can pass the received session information to the backend and redirect the user to the next step in your process
  5. Pass the multipleAccessId token, which you will receive if the user authorizes repeated access*
  6. At this point the user’s participation has ended, and you can inform them that they will be notified later about the result of the bank verification
  7. On the backend, you send a request to import the data with the session information to the Default Import endpoint
  8. You receive a command ID that you can now use to periodically (once every 2-5 seconds) ask for the import status via Get Import Result endpoint
  9. Once all data is imported, you will receive it in the response from the Get Import Result import alongside a “successful” status - you should now stop calling that endpoint and save the response with the data to your server
  10. (optionally) Make requests to our Analytical Services endpoints to fetch extra insights into the owner’s finances
  11. Inform the user about the status of the verification status or your decision regarding their application
  12. Next time you want to get more data, on your backend make a call to the Reuse Multiple Access endpoint using the multipleAccessId token, which will return a new session information
  13. Using that new session, repeat the points 6-10
  14. For each subsequent import, just repeat the points 12-13
  15. (optionally) When you no longer need the access to data or the user informs you that they have withdrawn their consent, you can make a request to the Revoke Multiple Access Consent endpoint using the multipleAccessId token

*Multiple and mixed modes

In case you don’t require repeated access to the bank data, but you prefer it, you can set the accessMode to MIXED.

If you do so, the user will see all banks that support both modes, but if a given bank doesn’t support Multiple Access, you will receive only one time access. In those instances you won’t receive a multipleAccessId via the onSuccess Widget callback (or in the Redirection status endpoint response).

The user can’t manually switch to the single access for banks that support both accesses.

MULTIPLE access mode might limit the number of available banks, but will guarantee that the consent given by the user is for repeated access to their data.

Testing

In order to test the service, you have two starting options:

Please remember that even in the test environment you’re still bound by the service characteristics, including a limit of 4 imports per day per account.

Create a test session manually

To create a test session you can embed the SignIn Widget on your internal website just as you would on production, remember to set accessMode to MIXED or MULTIPLE and in the client parameter you will have to use your test client ID.

Then perform the login process using KontoBank (API) which includes a redirection page opened in a new window, resembling a PSD2 API flow. The target offers test accounts listed on this page.

Once you successfully log in, you can save the session information and the multipleAccessId returned by the Widget. Then you can perform Default import and other actions, including repeated access (steps 7 and further in the Sample process flow).

Create a test session automatically

For automated testing, you can create a session using our dedicated endpoint that will return necessary information to continue the flow with other API endpoints. Remember to use the test API URLs, your API key and a whitelisted server from your test account.

In order to create such a session you will have to supply KontoBank mock account information (as per the list), ownerExternalId and set the multipleAccess parameter to true.

As a response you will receive sessionId and sessionIdSignature that you can use to perform Default Import (steps 5 and further in the Sample process flow).

Please see the endpoint specification in our technical documentation.

Token validity and billing

The multiple access tokens remain valid for up to 180 days. However, it’s possible that due to technical constraints posed by the banks, this period will be a bit shorter. The user may also withdraw their consent before this period ends.

Thus, you need to be prepared that at any moment a token can expire. In such a case, you will receive an InvalidMultipleAccessId error via API and will have to ask the user to log into their bank and grant the access again.

For billing purposes, each token is split into 30-day cycles. For each cycle that ends in a given month you pay a fee. You also pay a fee for every successful import that happened within those ended cycles.

Details about billing with an in-depth explanation can be found in this file (Polish version only).

Other information

For information about the bank coverage, data scope and best practices, please refer to the relevant sections in the Single Access article.

Documentation

For technical documentation, refer to our unified documentation that offers comprehensive support for customers integrating with AIS services, our PDF parser, and Data Analysis solutions. Discover detailed guidance on seamless integration with Kontomatik services and explore their full range of capabilities.

Contact

Sales

Do you need help in explaining our products, costs, and cooperation?

Technical Support

Do you have technical questions about our services or API integration?