Status of the API


(Luke Sheard) #1

What’s the status of the API for the public, currently it still seems pretty bare and I wondered what the status of making it more open to developers is?


Company expenses
Moneybox app integration
U.K. Tax Returns
Why API-Driven Banking Matters
IFTTT Integration
Could Monzo link with social media e.g. Swarm (4sq)
The Monzo Extraordinary Ideas Board!
Charity Category 1
Monzo Expense Management Integration
Save The Change 1
Monzo banking license
Additional Spending Summaries
The Richest Man in Babylon: Back to Basics Budgeting
Financial Advice & Intermediary Integration
Additional info on sneak peek or widget
Account Aggregator service - Bud
Sending expenses via e-mail
Integration with WebExpenses App
No-spend streak
Custom Categories 19
Travel Map
Better analytics
Smart Notes
(James Billingham) #2

It is openly available to anyone. Just set up on https://developers.getmondo.co.uk

While there isn’t a lot on the API docs page, there are a lot of undocumented APIs too.


(Luke Sheard) #3

While there isn’t a lot on the API docs page, there are a lot of undocumented APIs too.

Interesting, how does one find out about these ‘undocumented’ APIs? :smirk:


(Priyesh Patel) #4

Hello :wave:

Our current API is definitely a prototype for where we want to be in the future. There’s still a lot of work to be done and we hope that the product of this is an API v1, which is stable (our current beta API has no guarantees in terms of backwards compatibility) and provides much more functionality. For example, at the moment we do not have public APIs for making payments :money_with_wings:.

Before we can begin to implement these :mondo: APIs for developers we need to work on a few key areas:

  • Provide mechanisms for restricting the access of apps to specific resources. For example you may only want an app to be able to read your transactions, but not edit notes or make payments. :lock:
  • Give users visibility into which apps have access to their data. Additionally allow users to revoke previously delegated permissions. :mag: (Of course this doesn’t delete data which the app may have already retrieved through the API.)
  • Establish the identity of developers and review the permissions they have requested for their apps to ensure that they are appropriate. :passport_control:
  • Construct security mechanisms around dangerous actions initiated via the API. E.g. moving money. :pound:

At the moment I am working on a new authorisation framework around our current OAuth 2.0 implementation. This will allow users to delegate granular permissions to third party apps. This is the first of many steps towards API v1, and we’re hoping to write more about this process on the Blog. :books:

Nevertheless we hope that you can still build some cool things with the current API. (Check out some of the things which have already been built with :mondo:!) If you have any feedback about the current API we’re all ears :ear:. Please let us know on the Developers Slack or right here on the Community Forum.


I'm self employed: can I download and print my expenses for my accountant?
Moneybox app integration
(James Billingham) #5

Disable the app’s SSL pinning, then MITM it.


(Alex Sherwood) #6

Here’s the latest on Monzo’s plans for the API -

TL;DR -

It’s unlikely we’ll have a full featured public API for at least the first few months after we launch current accounts. The functionality we already have may well remain (this has not been decided yet), but we do not plan to add further functionality, such as payments, or the ability to publish your OAuth client before the end of the year.

Long term, absolutely nothing has changed. We are still fully committed to our long-term strategy of building a banking platform that developers can easily integrate with. At some point next year, we hope to launch a public bank API and developer tools we’re truly proud of.


#7

Have to say for me this is very disappointing, the API was a big reason for my interest in Monzo. Will probably wait and see how PSD2 pans out in meantime


#8

You could take a look at root to see how they’ve done it. It looks amazing as far as I’ve seen.


(Simon Tillsbury) #9

I’m so eager to be able to make public applications for the Monzo API.
The docs are great, and I’ve been really enjoying messing around with the API.
I understand Monzo probably need to focus on the actual bank side of things, so will keep an eye out to see how things develop over the next 6 months or so.


(Andy Little) #10

Is Monzo planning on having some form of approval procedure (such as a review of the code and purpose of the app) before they allow an app to access the accounts of other users?
If so will we still be able to develop apps for use only with our own accounts without having approval?


(Alex Sherwood) #11

It looks like they’ll have to because

although Josh :arrow_up: doesn’t work for Monzo.

And I don’t know the answer to your second question :confused:


(Alex Sherwood) #12

A post was merged into an existing topic: Moneybox app integration


(Andre Borie) #13

I don’t really mind requiring FCA approval for accessing other’s accounts, but please make it so that we can still use the API on our own accounts.


(Alex Sherwood) #14

If I’ve understood this correctly then according to the Open Banking website, that’ll be the FCA’s decision too -

These specifications are now in the public domain (see below), so that any developer can access them to build their end points and applications. However, use of these in a production environment is limited to approved/authorised ASPSPs, AISPs and PISPs. Approval and authorisation is managed by the Financial Conduct Authority in the UK (FCA, see https://www.fca.org.uk/) and other relevant competent authorities across the EU.


(Andre Borie) #15

I fail to see why users would be able to access banking information via the app but not access the same information via the API. It’s their information, and if they’re stupid and get malware it wouldn’t matter whether they’re using the app or the API - malware will still be able to read the information from RAM just fine.


(Izzy) #16

Have there been any updates to the API, now that we have pots and current accounts, i wanted to play around with some ideas…