An Update on the Monzo API


(Beatrice Borbon) #1

As Open Banking regulations arrive, we’re excited to make a new interim API accessible! @simon has the details


Api
(simon) #2

If you want to know more or chat about Open Banking come along to our Open Office on January 30th


( surohpotsirhC) #3

I’ve already sent this to a couple of companies because I want Monzo integration in them.


#4

If you give a third party access to your Monzo account information through the AIS API, and at any point want to revoke that access, you should first contact that company directly. Otherwise, you can reach out to us via in-app chat and we’ll help sort it out on your behalf.

Am I the only one who is concerned by this? Shouldn’t API access be easily revokable on Monzo’s end by me?

When I revoke Google account access to a 3rd party I always, as a matter of course, withdraw their access to the Google account form Google’s end as well. And I consider this absolutely crucial, as otherwise I have to take their word for it.


(Alex Brooks) #5

So we’re right to consider this another delay to the long touted API? And said delay being blamed on compliance with open banking regs?

Starling have had this down for over 12 months. What’s going on?


(simon) #6

Hi Nanos, Absolutely, we have the ability to evict any sessions that may be active with AISPs. The reason to ask you to contact the third party first is so that they know you’re disconnecting. Otherwise they’ll just see an access denied message and probably wonder why.

If you’re not able to disconnect a third party from with-in their app (there will probably be a logout button or disconnect Monzo option), then you can contact us and we can revoke the access they have.

We’ll also prompt you periodically to review which companies have access to your account.


Emma Feedback Thread / Q&A
Tracking API access?
#7

That’s a good thing, and I applaud you for it!

However, I am still concerned that you suggest terminating the connection on your end only as exception and last resort (“Otherwise”, “If you’re not able to disconnect”), and make it quite difficult (contact support).

As I said above: In my opinion this should be done as a matter of course. (And consequently should be easy to do without contacting support.)


One-Click Disconnections for Third Party API Account Access
(simon) #8

Absolutely agree, eventually we’ll have some kind of dashboard in-app that lets you do this. This will become a lot more important once banks start onboarding Payment Initiation Service Providers (PISPs) as you’ll want to know exactly who has mandates to move money out of your account (similar to how you can manage your direct debits now).


One-Click Disconnections for Third Party API Account Access
(Tom Warren) #9

Have any companies/services i.e. Yolt etc had prior knowledge of this and have access already?

Or maybe more importantly, read this today and already expressed interest :smirk:


(simon) #10

About 8 or so have emailed either today or over the last few days. If you know one you think would be a great fit, ask them to email me at openbanking@monzo.com :slight_smile:


(Andy) #11

Would this help companies offer interest on “pots” savings? Integration with Ratesetter, like Plum has, would be amazing.


#12

How does this impact on the hobbyist who wants to use the API to interact with just thier own account ?


(simon) #13

Part of the reason for building the AIS Api is to decouple the “Monzo API”, the “Developer API” and the API we need to give AISPs that will be stable enough for them to build things on.

The good news is that the work we’ve done for getting the AIS API live means we’re now a lot close to being able to give out “Auth V2” clients to developers.
This is a big step for us and means we’ll be able to plan a clear migration of the developer community off Auth V1 and onto Auth V2 now.
Auth V2 will let us more safely grant access to things like moving money in and out of pots and setting up payments.

Before it was all or nothing, so we had to basically block all Auth V1 clients from these more dangerous endpoints.


(Paul Buckley) #14

I wish I had the skills to use the api and write an Alexa skill. ‘alexa… What’s my monzo balance?’


(Stephen Spencer) #15

I’ve spotted that a skill has already been written by @Geit here: https://github.com/Geit/alexa-monzo
You have to push it up yourself to your personal Amazon developer account and set it up with a personal Monzo login (hence I guess not pushing it to the Alexa Skill store for all to use; both Amazon and Monzo wouldn’t be happy with that setup), but I guess once Monzo launch Auth V2 and commit to some level of stability there, it would be possible to “launch” it for the public, or maybe Monzo would even take it in house?


#16

So for the foreseeable future there will be a maintained way for users to use the API if they wish, not just big developers (with backing of a firm to get regulatory approval etc) ? This sounds great


(Andre Borie) #17

The API with Auth v2 sounds exactly like that, but to be honest even the API v1 is actually more featured than the AIS API as it allows access to detailed merchant data which the AIS API still doesn’t provide. :wink:


(simon) #18

We talked with Amazon for a while about this, but they were worried about the fact that anyone could ask your Alexa what your balance is, and wanted us to wait until, there was some kind of 2FA (like it asks you for a pin that you get from your phone) :frowning:


(Andre Borie) #19

Why is that a problem? It’s the whole point of the thing - just don’t enable it if you’re not comfortable with it.


(simon) #20

I know right…

I’m sure Amazon had their reasons, like Apple and the App store, they wanted to be very careful stewards of their ecosystem. I thought it’d be fine though…