Bank Data Insights API (1.0)

Download OpenAPI specification:Download

Introduction

Welcome to Fimento's Bank Data Insights API documentation, a resource that facilitates access to bank data insights and enables the initiation of data collection processes. This API serves as a tool for developers and businesses seeking to integrate financial information seamlessly. Access to the API requires credentials, which are provided exclusively by our sales team. Throughout this documentation, you'll find detailed information on the API's functionalities and authentication procedures. Dive in to discover how the Bank Data Insights API can contribute to your projects by providing essential banking data access and processing capabilities.

There are three main flows surrounding the usage of the API:

  • Collecting the consent and the bank data from the end user
  • Collecting the insights from this bank data for automated credit decision
  • Visualising the insights from this bank data for manual investigation as part of a credit decision

Authentication

This API is using a Bearer authentication. All endpoints except from the login endpoint requires a valid authentication token to be present in the authorization header as a Bearer token.

The login endpoint can be used to retrieve a new authentication token using a username and password. They should be provided by the Fimento team as part of the onboarding process to our services. An authentication token is valid for a limited time. It should be cached on the API client side during its validity period to avoid unnecessary calls to the login endpoint. The login endpoint returns the validity time of the token as a convenience to set a time to live (TTL) for caching the auth token.

Demo and Testing Environment

To explore the demo/testing environment, use the demo API user on the production server and follow the usual endpoints. Demo credentials will be provided by Fimento upon request. Within the production environment, two sets of credentials are available: one for demo/testing purposes, using only test data from our bank data provider, and another for authentic scenarios, incorporating real bank data.

Testing Social Security Numbers (SSNs)

For testing the demo flow with your demo API user, employ our test SSNs designed for both "bad" and "good" customer scenarios. Use the specified SSN when initiating a new process.

SSN Quality
199503096316 Good data
197710114682 Bad data

Login

Use this endpoint to retrieve an authentication token. Tokens should be cached between requests to avoid unnecessary calls to the login endpoint. The valid until timestamp in the response can be used to set a time to live (TTL) for the cached token

Request Body schema: application/json
required
name
required
string

The username of the API user

password
required
string

The password of the API user

Responses

Request samples

Content type
application/json
{
  • "name": "string",
  • "password": "string"
}

Response samples

Content type
application/json
{
  • "access_token": "string",
  • "valid_until": 0
}

Process

Statuses

We set the overall flow status on the process itself (consentFlowStatus) and more bank/user specific flow status in the customer bank process (customerBankConsent[].status). The order of the statuses should be set in the order they are presented in the tables below. In addition, that the Customer Bank Consent statuses is set "between" the consentLinkOpened and customerApprovedConsent in the consentFlowStatus field. I.e. after the consentLinkOpened status is set in the consentFlowStatus field, the next status that should be set is the bankAddedNotCompletedAuthFlow in the customerBankConsent[].status field and then the subsequent Customer Bank Consent status.

The customerApprovedConsent and customerDeniedConsent can be set anytime after the fetchingTransactionsStarted is set.

The status has the following structure.

const status = {
  code: 'string',
  desc: 'string',
  timestamp: '2024-01-12T17:04:56.239+00:00',
  isError: boolean, // on authError only
  errorMessage: 'string', // on authError only
};

Is set in the consentFlowStatus field on the process.

Code Description Information
created Created - No banks added Initial status when the process is created
consentLinkOpened Consent link opened When end user has opened the link. If the user opens the link n times, it will save this status n times
customerApprovedConsent* Customer has approved consent When the end user has approved the consent for the selected bank flow
customerDeniedConsent* Customer has denied/revoked consent When the user has revoked its consent. This will result in a deletion of all data related to the user.
categorisationStarted Categorising transaction data - Started When we start to categorise the tranasction data.
categorisationDone Categorising transaction data - Done When the categorisation is done
insightsStarted Generate insights - Started When we start to generate the insights from the transactions
completed Customer has approved consent and insights is generated When the user has approved consent and there is a insight generated
authError Auth error Will contain different errors if the auth against the bank fails. E.g. denied sharing consent

* Can be set anytime after the fetchingTransactionsStarted is set

is set in customerBankConsent.status array

Code Description Information
bankAddedNotCompletedAuthFlow Bank added, not completed auth flow When the user has selected a bank and not yet completed the auth against this bank
bankAddedCompletedAuthFlow Bank added, completed auth flow When the user has selected a bank and completed the auth against this bank
fetchingTransactionsStarted Fetching transactions - Started When we start to fetching the users transaction data from the bank
fetchingTransactionsDone Fetching transactions - Done When the transactions are fetched and saved to our database

*** In addition to the statuses we set a string value to the consent field when the user has revoked or approved the consent to share the data.

null - initial value, neither revoked or approved,
"revoked" - revoked consent
"approved" - approved consent

Starts the initiation process

Use this endpoint to start a data collection process. The endpoint will respond with the processId and, amoung other fields, a "consent-link". Share the "consent-link" value to the end-user for them to give consent to share their bank data with one or more banks. The link is valid for 24 hours. Use the POST /process/:processId/consent endpoint to create a new consent flow in the same process if the end-user did not share all his bank data using the first consent flow. Or use the POST /process/:processId/consent-link endpoint to get a new consent link when the end-user did not use the previous consent link within 24h.

Authorizations:
bearer
header Parameters
partner-bank-id
required
string

The partner bank id for this process

idempotency-key
string

A unique id for this request. Used for idempotency. If not set the request will not be idempotent

Request Body schema: application/json
required
socialSecurityNumber
required
string

The social security number of the end user

market
required
string
Enum: "SE" "FI"

The market of the process. This will affect the banks and the languages available in the consent flow

firstName
string

The first name of the end user

lastName
string

The last name of the end user

redirectUrl
string

The redirect url after the consent flow is finished

dataCollectionType
string
Enum: "transaction-categorisation" "bank-account-verification"

The type of data collection that indicates how to collect and process the customer data.

Array of objects (BrokerBank)

List of banks from broker for consent. Only used when the partnerBank is a broker

Responses

Request samples

Content type
application/json
{
  • "socialSecurityNumber": "string",
  • "market": "SE",
  • "firstName": "string",
  • "lastName": "string",
  • "redirectUrl": "string",
  • "dataCollectionType": "transaction-categorisation",
  • "brokerBanks": [
    ]
}

Response samples

Content type
application/json
{
  • "_id": "605c6c479691950d359bb0e9",
  • "consentFlowStatuses": [
    ],
  • "consentFlowStatus": {
    },
  • "market": "SE",
  • "partnerBank": "605c6c479691950d359bb0e9",
  • "socialSecurityNumber": "string",
  • "createdAt": "2019-08-24T14:15:22Z",
  • "customerBankConsent": [
    ],
  • "firstName": "string",
  • "lastName": "string",
  • "consent": "null",
  • "updatedAt": "2019-08-24T14:15:22Z",
  • "dataCollectionType": "transaction-categorisation",
  • "brokerBanks": [
    ]
}

Get single process

Use this endpoint to retrieve information about an already created process. This can be useful if you want to check the status of a process for example.

Authorizations:
bearer
path Parameters
processId
required
string
Example: 605c6c479691950d359bb0e9

Id of the process

header Parameters
partner-bank-id
required
string

The partner bank id for this process

Responses

Response samples

Content type
application/json
{
  • "_id": "605c6c479691950d359bb0e9",
  • "consentFlowStatuses": [
    ],
  • "consentFlowStatus": {
    },
  • "market": "SE",
  • "partnerBank": "605c6c479691950d359bb0e9",
  • "socialSecurityNumber": "string",
  • "createdAt": "2019-08-24T14:15:22Z",
  • "customerBankConsent": [
    ],
  • "firstName": "string",
  • "lastName": "string",
  • "consent": "null",
  • "updatedAt": "2019-08-24T14:15:22Z",
  • "dataCollectionType": "transaction-categorisation",
  • "brokerBanks": [
    ]
}

Delete a process

Use this endpoint to delete a process along with the collected data and generated insights.

Authorizations:
bearer
header Parameters
partner-bank-id
required
string

The partner bank id for this process

Responses

Response samples

Content type
application/json
{
  • "message": [
    ],
  • "error": "Bad request",
  • "statusCode": 400
}

Creates a new consent flow for the process

Use this endpoint when the end user wants to share more bank data from another bank in case they did not share it in the previous consent link. The previous consent flow must be revoked or approved before being able to create a new one. That way, there cannot be more than 1 consent flow valid at a time for the process. The endpoint will return a response with the consent link. Share the "consent-link" value to the end-user for them to give consent to share their bank data with one or more banks. The link is valid for 24 hours.

Authorizations:
bearer
header Parameters
partner-bank-id
required
string

The partner bank id for this process

Responses

Response samples

Content type
application/json

Subscribes to process updates

Add the webhookUrl to the list of webhooks that will be called when a process is updated

Authorizations:
bearer
Request Body schema: application/json
required
webhookUrl
required
string

The URL to the webhook

Responses

Request samples

Content type
application/json
{
  • "webhookUrl": "string"
}

Insights

Use these endpoints to retrieve the credit insights data generated after the the data collection process.

Get link for visualisation

This endpoint retrieves the iFrame link that embeds the visualisation tool that can be used to view bank data from a specific end-user. The visualisation link is only valid for a limited time. It should be fetched every time a user wants to access the visualisation interface.

Authorizations:
bearer
path Parameters
processId
required
string

The id of the process which is included in the visualisation interface

header Parameters
partner-bank-id
required
string

The partner bank id for this insight/process

Responses

Response samples

Content type
application/json
{
  • "visualisationUrl": "string"
}

Get insights

This endpoint retrieves the object with insights data that can be used in KALP calculation and automatic credit rules.

Authorizations:
bearer
path Parameters
processId
required
string

The id of the process which produced the insights

header Parameters
partner-bank-id
required
string

The partner bank id for this insight/process

Responses

Response samples

Content type
application/json
{
  • "transactionGraph": [
    ],
  • "accountsInfo": [
    ],
  • "totalBalance": { },
  • "fetchedAtInterval": {
    },
  • "categorisation": { },
  • "socialSecurityNumber": "string",
  • "firstName": "string",
  • "lastName": "string",
  • "processId": "string",
  • "computationAutomation": { }
}

Get categorised transactions

Use this endpoint to get the categorised transactions that were used to generate the insights. It can be usefull if you want to build your own insights computations

Authorizations:
bearer
path Parameters
processId
required
string

The id of the process which produced the insights

query Parameters
page
required
number

The page number of the transactions to fetch

Responses

Response samples

Content type
application/json
{
  • "transactions": [
    ]
}