Account Information Service (Single Access)

Summary

Account Information Service (AIS) allows importing data from the end-user account from any supported bank to your system. In order to do that, the user has to log in to a bank via our SignIn Flow. Upon successful login, Kontomatik will return the session information needed to start the import via our API.

Single access lets you get the data just one time, right after the user authorizes the action.

Integration

To integrate AIS in the Single access mode into your process you will need to:

Get API access
Get your Client ID from Insight, generate API key(s) and whitelist your server(s)
Embed our SignIn Widget or implement the SignIn Redirection on your website
Configure the SignIn Flow parameters and handle necessary callbacks
Depending on your chosen SignIn version
1. Create a connection between your frontend and backend to pass session information from the SignIn Widget to your servers
2. Integrate with Redirection status endpoint to get to pass session information
In your backend, integrate with the Default Import command and Get Import Result endpoint
(optionally) Integrate with Analytical Services endpoints
Save the data from our API

Sample process flow

A user visits your website, fills in a form to start your process
You assign ownerExternalId, a unique identifier to the user, and show the SignIn Widget to the user
The user goes through the bank authorization
onSuccess callback is triggered - you can pass the received session information to the backend and redirect the user to another step in your process
On the backend, you send a request to import the data with the session information to the Default Import endpoint
You receive a command ID that you can now use to periodically (once every 2-5 seconds) ask for the import status via Get Import Result endpoint
At this point the user’s participation has ended, and you can inform them that they will be notified later about the result of the bank verification
Once all data is imported, you will receive it as a response of the Get Import Result import alongside a “successful” status - you should now stop calling that endpoint and save the response with the data to your server
(optionally) Make requests to our Analytical Services endpoints to fetch extra insights into the owner’s finances
Inform the user about the status of the verification or your decision regarding the user’s application

Testing

In order to test the service, you have two starting options:

test using real bank accounts that you acquired, works in test and production environments, supports only manual session creation;
test using our mock bank, KontoBank, works only in the test environment, supports manual and automatic session creation.

Kontomatik does not supply clients with real bank accounts for any testing. If you want or need to test this service in production, you need to use your own bank accounts. Friends&family testing is popular among our clients in such cases.

KontoBank is not intended to help our clients test their business cases. It is designed for basic integration tests. Accounts returned by this service might not reflect any real situations that might happen in the production environment.

Create a test session manually

To create a test session you can embed the SignIn Widget on your internal website just as you would on production, but in the client parameter you will have to use your test client ID.

Then perform the login process using one of the two targets:

KontoBank - resembles a login process based on screen-scraping;
KontoBank (API) - a version that includes a redirection page opened in a new window, resembling a PSD2 API flow.

Both targets offer test accounts listed on this page.

Once you successfully log in, you can use the session information returned by the Widget to perform Default import (steps 5 and further in the Sample process flow).

Create a test session automatically

For automated testing, you can create a session using our dedicated endpoint that will return necessary information to continue the flow with other API endpoints. Remember to use the test API URLs, your API key and a whitelisted server from your test account.

In order to create such a session you will have to supply KontoBank mock account information (as per the list) and ownerExternalId.

As a response you will receive sessionId and sessionIdSignature that you can use to perform Default Import and other actions (steps 5 and further in the Sample process flow).

Please see the endpoint specification in our technical documentation.

Important information

Coverage and data scope

We support major banks in many countries and we’re ready to add more depending on the demand. In those banks the basic data scope includes:

Information about account owner(s)
List of accounts with balances
List of transactions with details
List of credit cards and transactions

Each bank is different and offers a different set of details. You can check our Coverage to find which banks we support and what data scope they offer.

Transaction history

In each bank we’re able to fetch a different scope of history in terms of the timespan when the transactions were made. In some banks it can be 10 years, 4 years, 1 year or just 90 days.

Typically, we recommend importing 90 days of transactional history, up to a 1 year, due to general availability and the time it takes to download the data.

However, you need to remember that fetching more than 90 days requires additional setup due to Strong Customer Authentication implemented by banks: Getting more than 90 days of data.

Auto import

It’s possible to use Single Access without integrating with our API. It requires a minimal setup from your side. Please see this article for details.

Best practices

To improve your conversion and make the process better for the users, you can implement the following:

Provide an extensive description of what the widget does, its benefits and explain why it is safe.

Make the widget a separate step in the application process to allow the user to focus solely on it.

Allow users to continue filling the application when the import takes place.

Use gzip encoding in your HTTP requests to download data faster.

Remember to save responses from SignIn Widget and Kontomatik API, especially identifiers such as sessionId, in order to easier identify issues that arise. We also recommend saving your own requests you make to our API.