Status of the API

lukesheard · 24 August 2016 20:27

What’s the status of the API for the public, currently it still seems pretty bare and I wondered what the status of making it more open to developers is?

billinghamj · 25 August 2016 07:49

It is openly available to anyone. Just set up on https://developers.getmondo.co.uk

While there isn’t a lot on the API docs page, there are a lot of undocumented APIs too.

lukesheard · 25 August 2016 12:28

While there isn’t a lot on the API docs page, there are a lot of undocumented APIs too.

Interesting, how does one find out about these ‘undocumented’ APIs?

priyesh · 25 August 2016 13:47

Hello

Our current API is definitely a prototype for where we want to be in the future. There’s still a lot of work to be done and we hope that the product of this is an API v1, which is stable (our current beta API has no guarantees in terms of backwards compatibility) and provides much more functionality. For example, at the moment we do not have public APIs for making payments .

Before we can begin to implement these :mondo: APIs for developers we need to work on a few key areas:

Provide mechanisms for restricting the access of apps to specific resources. For example you may only want an app to be able to read your transactions, but not edit notes or make payments.
Give users visibility into which apps have access to their data. Additionally allow users to revoke previously delegated permissions. (Of course this doesn’t delete data which the app may have already retrieved through the API.)
Establish the identity of developers and review the permissions they have requested for their apps to ensure that they are appropriate.
Construct security mechanisms around dangerous actions initiated via the API. E.g. moving money.

At the moment I am working on a new authorisation framework around our current OAuth 2.0 implementation. This will allow users to delegate granular permissions to third party apps. This is the first of many steps towards API v1, and we’re hoping to write more about this process on the Blog.

Nevertheless we hope that you can still build some cool things with the current API. (Check out some of the things which have already been built with :mondo:!) If you have any feedback about the current API we’re all ears . Please let us know on the Developers Slack or right here on the Community Forum.

billinghamj · 25 August 2016 15:53

Disable the app’s SSL pinning, then MITM it.

alexs · 11 May 2017 16:48

Here’s the latest on Monzo’s plans for the API -

TL;DR -

It’s unlikely we’ll have a full featured public API for at least the first few months after we launch current accounts. The functionality we already have may well remain (this has not been decided yet), but we do not plan to add further functionality, such as payments, or the ability to publish your OAuth client before the end of the year.

Long term, absolutely nothing has changed. We are still fully committed to our long-term strategy of building a banking platform that developers can easily integrate with. At some point next year, we hope to launch a public bank API and developer tools we’re truly proud of.

misterm · 11 May 2017 17:53

Have to say for me this is very disappointing, the API was a big reason for my interest in Monzo. Will probably wait and see how PSD2 pans out in meantime

awn · 15 May 2017 13:22

You could take a look at root to see how they’ve done it. It looks amazing as far as I’ve seen.

megasimon · 15 May 2017 19:32

I’m so eager to be able to make public applications for the Monzo API.
The docs are great, and I’ve been really enjoying messing around with the API.
I understand Monzo probably need to focus on the actual bank side of things, so will keep an eye out to see how things develop over the next 6 months or so.

Andy1 · 16 May 2017 07:59

Is Monzo planning on having some form of approval procedure (such as a review of the code and purpose of the app) before they allow an app to access the accounts of other users?
If so will we still be able to develop apps for use only with our own accounts without having approval?

alexs · 16 May 2017 08:06

It looks like they’ll have to because

although Josh doesn’t work for Monzo.

And I don’t know the answer to your second question

alexs · 10 July 2017 13:46

A post was merged into an existing topic: Moneybox app integration

anon23935806 · 10 July 2017 13:44

I don’t really mind requiring FCA approval for accessing other’s accounts, but please make it so that we can still use the API on our own accounts.

alexs · 10 July 2017 13:50

If I’ve understood this correctly then according to the Open Banking website, that’ll be the FCA’s decision too -

These specifications are now in the public domain (see below), so that any developer can access them to build their end points and applications. However, use of these in a production environment is limited to approved/authorised ASPSPs, AISPs and PISPs. Approval and authorisation is managed by the Financial Conduct Authority in the UK (FCA, see https://www.fca.org.uk/) and other relevant competent authorities across the EU.

anon23935806 · 10 July 2017 13:53

I fail to see why users would be able to access banking information via the app but not access the same information via the API. It’s their information, and if they’re stupid and get malware it wouldn’t matter whether they’re using the app or the API - malware will still be able to read the information from RAM just fine.

ismet · 4 December 2017 12:15

Have there been any updates to the API, now that we have pots and current accounts, i wanted to play around with some ideas…