Welcome to finAPI XS2A Server!


finAPI offers XS2A Server to the banks to allow licensed TPPs to access payment accounts via the API Interface following the Berlin Group Standard.

This documentation covers the API specification for the XS2A interface

More information about the APIs and the sandbox data is available in the TPP-Developer Guide. The sandbox and production URLs are published by the banks.

If you need any help with the API, contact xs2a-support@finapi.io.

Welcome to finAPI Access!


Access REST Services lie at the core of finAPI’s Open Banking ecosystem. The Access API enables you to receive and analyze bank account information, and execute payments. The services are divided into the following sections:

  • The Authorization section provides the OAuth endpoints to receive and manage access tokens which you need for any other service call.
  • Mandator Administration and Client Configuration sections provide endpoints to configure your client. If you are a licensed TPP, the TPP Certificates and TPP Credentials sections are also relevant for your configuration.
  • The Users section allows you to manage your user base.
  • Banks, Bank Connections and Accounts provide endpoints to receive bank accounts with their Transactions or Securities.
  • The Categories and Labels sections provide endpoints to re-categorize and/or label transactions.
  • Payments and Standing Orders provide endpoints for executing money transfers, direct debits, and standing orders.
  • The Notification Rules section allows you to configure push notifications that will be sent to your client when certain events take place.
  • The Mocks and Tests section provides services which you can use to test your API integration. Note that these services can be used only on the Sandbox environment.
We use cutting edge technology for constantly enhancing our services, from data analysis pipelines to an event driven system, which is built in scalable modules, that you also may use in a proprietary environment. If you are interested in this kind of usage, please feel free to contact us for an offer.
Additional information about our API can be found here: Access public documentation

If you need any further help with the API, contact support@finapi.io.

Welcome to finAPI Access!


NOTE: This is a deprecated version of the API!

Access REST Services lie at the core of finAPI’s Open Banking ecosystem. The Access API enables you to receive and analyze bank account information, and execute payments. The services are divided into the following sections:

  • The Authorization section provides the OAuth endpoints to receive and manage access tokens which you need for any other service call.
  • Mandator Administration and Client Configuration sections provide endpoints to configure your client. If you are a licensed TPP, the TPP Certificates and TPP Credentials sections are also relevant for your configuration.
  • The Users section allows you to manage your user base.
  • Banks, Bank Connections and Accounts provide endpoints to receive bank accounts with their Transactions or Securities.
  • The Categories and Labels sections provide endpoints to re-categorize and/or label transactions.
  • Payments and Standing Orders provide endpoints for executing money transfers, direct debits, and standing orders.
  • The Notification Rules section allows you to configure push notifications that will be sent to your client when certain events take place.
  • The Mocks and Tests section provides services which you can use to test your API integration. Note that these services can be used only on the Sandbox environment.
We use cutting edge technology for constantly enhancing our services, from data analysis pipelines to an event driven system, which is built in scalable modules, that you also may use in a proprietary environment. If you are interested in this kind of usage, please feel free to contact us for an offer.
Additional information about our API can be found here: Access public documentation

If you need any further help with the API, contact support@finapi.io.

Welcome to finAPI Payment!


Enable your users to pay directly from their bank account with easy-to-integrate services. With our broad bank reach, you can streamline your payment flow, taking advantage of the minimal number of the strong customer authentication required by the user (usually only one for XS2A). No bank account import necessary!

finAPI Payment is not a separate API, but a sub-section of the finAPI Access API. Please refer to finAPI Access, sections Payments/Standing Orders.

Additional information about Payments can be found here: Payment public documentation

If you need any help with the API, contact support@finapi.io.

Welcome to finAPI GiroIdent!


GiroIdent is a XS2A-based KYC solution which enables online identification of end customers with a high degree of security. By relying on the user simply providing access to their bank accounts, GiroIdent makes identity verification quick and user-friendly.

To meet the varying degrees of KYC strictness businesses must adhere to, we currently offer three types of identity checks:
  • GiroIdent Basis: Verifies the identity of the end user (Name) by using finAPI access to bank account capabilities
  • GiroIdent Plus: Verifies the identity of the end user (Name, Address, DOB) by using finAPI access to bank account capabilities and Schufa data
  • GiroIdent GWG (§ 14 GwG): Verifies the proven identity of the end user (Name, Address, DOB, Bank account) by using finAPI access to bank account capabilities and Schufa data
  • GiroIdent GwG Total (§ 12 GwG), i.e. SCHUFA MyConnect: FinAPI offers the complete KYC flow according to § 12 GwG in partnership with SCHUFA. The end-to-end customer flow ensures full AML compliance, including a Qualified Electronic Signature as per the legal requirements. finAPI Verifies the proven identity of the end-user (Name, Address, DOB, Bank account) by using finAPI access to bank account capabilities and Schufa data. Additionally, it allows the end-user to perform a “reference bank transfer” as requested by the § 12 GwG. For more information on the SCHUFA MyConnect flow, please reach out to us via support@finapi.io.
Additional information about our API can be found here: GiroIdent public documentation.

Welcome to finAPI Data Intelligence!


With finAPI Data Intelligence REST services we want to provide a deeper insight in the picture that describes the financial situation of a customer. Although we already provide services suitable for an individualized personal finance management experience of an end user with our Access PFM product, with Data Intelligence we complete this picture for B2B customers with the need of a deep insight in the financial situation of their users.

To achieve this we structured our Data Intelligence services accordingly:
  • Under the Risk Reports section you can find reports related to transactions which might be connected to a payment risk, if you provide goods with a payment plan to this customer. We detect these transactions and bundle them under one report, which your application can consume within seconds.

  • To have a deeper understanding of the cash flow of your users, we provide the whole Cash Flow Reports section. Here you can find a variety of income and expenditure related labels, in which we aggregate and summarize the according transactions belonging to a specific field, like insurances, income or rent and living.

To provide data in the highest possible quality, DI normalises all data flows received via various data sources. The services can be furthermore easily integrated together with finAPI Access.

Various business needs are covered by using a combination of an expert system, driven by clear defined rules and also machine learning approaches for, on the one hand refining the expert system and on the other hand providing a label coverage near to 100% for all transactions.

Furthermore, we use cutting edge technology for constantly enhancing our services, from data analysis pipelines to an event driven system, which is build in scalable modules, that you also may use in a proprietary environment. If you are interested in this kind of usage, please feel free to contact us for an offer.

Please find further information about implementation and usage of this API here: Data Intelligence public documentation

If you need any help with the API, contact support@finapi.io.

Welcome to finAPI Schufa Services!


The finAPI Schufa API is designed to support a Schufa Mobile Application by providing access to Schufa end-user functionality, as available on the meineSchufa Portal. Currently, it is connected to the meineSchufa Grow Portal via a set of web scrapers.


Welcome to Schufa FraudPool!

The Schufa FraudPool API is designed to support the Schufa FraudPool application.


Welcome to finAPI Web Form 2.0!


finAPI's Web Form 2.0 is a complementary product to finAPI Access. It is our product offering for Compliance-as-a-Service.

As a customer, if you do not have a PSD2 license or if you are interested in using finAPI's license to manage end user credentials for bank communication, we welcome you to explore the endpoints in this section further.
All POST endpoints will generate a unique URL. This URL can be provided to the end customer. He/she can render a web form with it. finAPI will then orchestrate the next steps between the end user and bank to complete the request.

Additional information about our API can be found here: Web Form 2.0 Public Documentation

If you need any help with the API, contact support@finapi.io.

Welcome to the finAPI System Administration!


The System Administration API lets you administer the mandators/clients that exist in the finAPI system.

Use the BASIC AUTH button in the navigation to log in with your Sys-Admin credentials. Please use the ‘Change password’ service regularly to keep your credentials secure.

Note that all requests to this API are being logged, and can be linked to your person.

If you need any help with the API, contact support@finapi.io.

Welcome to finAPI Process Controller!


This service can be used to create process IDs. Behind a process ID is a user, which is managed by the system and returns an access token by retrieving the ID.

A process token can be attached to a link in emails or printed as a QR code, which includes the link.

User management in the Processmanager is largely automated. A user is created when a process token is created. This is automatically deleted after a configurable period of time for the mandator if it is not used.
Alternatively, the deletion of the user can be initiated directly by calling the invalidate or complete endpoint. In this case, a defined period of time also applies until the user is finally deleted, in order to be able to terminate other asynchronous internal system processes.