Your bank has a REST API now (shhh! — don't tell them)

by

I’m very happy to announce the launch of the Wesabe API. This is a new release for us, and a new way of using Wesabe — as a tool for getting your data out of your banks and credit cards, and into whatever form or program is going to most help you manage your money. We’re excited and very happy with what possibilities the API creates. (If you don’t know about APIs, there’s a good introduction to the idea at Programmable Web.)

Of course, lots of companies have APIs. What makes ours different?

We already provide a set of tools for automatically uploading your bank and credit card data to the Wesabe site. With the release of this API, we’re adding tools to help you automatically download and manipulate that data, too. As a result, we’re not just providing an API for our own site, but also for all the bank and credit card sites that Wesabe supports, as well. Since Wesabe supports banks and credit cards in over 30 countries around the world, we’re effectively providing developers everywhere a way to unlock data from their financial institutions and put that data to work.

Wesabe is a site that exists in order to change the balance of information — and with information, power — between consumers and the businesses we patronize. As I’ve written before, we believe that businesses know way too much about consumers (where we live, how much we make, our roommates, our magazine subscriptions, and so on), and consumers know way too little about businesses. Our mission is to unlock the power of financial data:

  • for individuals, by freeing that data from the vaults of financial institutions and putting it into the hands of the people who need it and can use it to make their lives better, and
  • for consumers as a community, by pooling our data anonymously and finding the patterns that point the way towards great value and great satisfaction.

We want to take the idea of a credit bureau (where businesses report their experiences with consumers so that other businesses can benefit) and turn it on its head — building instead a value bureau, where consumers can share their experiences with businesses, so all consumers can benefit.

We believe that the best way to get to this goal is by putting that powerful data in the hands of every consumer who wants it. If you’ve been using Excel for years and you have your reports just the way you like them, great: the Wesabe API supports Excel downloads and can be called from within Excel using VBScript. If you’ve developed your own tools already, great: you can use our API to automate download of your data to your own system, and take advantage of our automation work and the community editing the people on Wesabe provide. Or, if you use the Wesabe site all the time but really want a report we don’t yet provide, this is a way to get that for yourself (or, we hope from other developers will to share their work). As the database grows, our ability to make better and better recommendations for great values and financial strategies does, too — no matter what tools people are using.

In a way, it’s almost inconceivable that a bank would open an API. Banks and credit cards make so much of their money from consumers who are bad at managing their own finances. Why make it easy for people to see the problems they can overcome? That’s why we believe Wesabe has a role to play, advocating for consumers and their finances directly, and that’s why we believe that opening an API is different in our industry than others. We’re freeing a set of data that otherwise might have remained locked away.

We’ve posted a set of documentation about the new API at https://www.wesabe.com/page/api, including example code in Ruby, Python, Perl, and Java. Also, we’ve created a Wesabe Group for API developers to get help or ask questions.

Check it out. And let us know how we can make it better. We’re looking forward to seeing what you create.

26 Responses to “Your bank has a REST API now (shhh! — don't tell them)”

  1. Bil Herron Says:

    Wow.

    This is AWESOME. I’m blown away. I can’t wait to take a crack at this, you guys are great!

  2. Marc Hedlund Says:

    Thanks, Bill! Please let us know what you think once you’ve given it a go.

  3. Jay Says:

    Thanks! This is way easier than figuring out OFX :)

  4. SanjayaK Says:

    Bank and credit card data are very sensitive data elements and should be handled very carefully when it comes to security. How does this API ensures that? So far I have not read a convincing story about REST security.

  5. Charlie Park Says:

    You guys are stellar. That is all.

  6. Taybin Says:

    It’s a little worrying that your update about your API doesn’t mention security anywhere.

  7. atish Says:

    What does Wesabe get out of this?

  8. James Says:

    Utterly wonderful.

  9. Sam Quigley Says:

    SanjayK: At the moment, there isn’t any special REST security in the API. This version uses HTTP basic authentication[1] and requires everything to be encrypted with SSL (SSLv3 or TLS v1)[2]. This is the same (or better) than what online banking websites use, and ensures that all communications are encrypted end-to-end. It’s also a very widely-adopted standard, so it also ensures that your data is easily (and securely) accessible in as many languages as possible.

    We may add other security features in the future, but the plan right now is to wait and see how people use the API first. If you do have any specific questions or concerns, please let us know and we’d be happy to help: support@wesabe.com

    [1]: http://en.wikipedia.org/wiki/Basic_authentication_scheme
    [2]: http://en.wikipedia.org/wiki/Transport_Layer_Security

  10. Sam Quigley Says:

    Taybin: We do have some notes on API security considerations here: http://www.wesabe.com/page/api/security As API adoption grows, and as we receive feedback from developers, we’ll be updating that page to include more considerations and advice — so if there’s anything we didn’t cover, or anything you think we should add, please send us a note at support@wesabe.com

    In general, we are going to be watching API clients very closely, and will adjust our security model based on how people use the service. We want this to be easy for people to use and code against, but we’re also not going to be shy about cutting off access to any clients that don’t meet our requirements… If you’re interested in writing an API client you should definitely keep an eye on that page!

  11. Taybin Says:

    Sam: thanks for the followup.

  12. Brent Says:

    You guys are so awesome. I’m just sayin.

  13. Chris Roos Says:

    Hey, excellent work folks. Now all we need is the ability to write data to our cash accounts from the command line / quicksilver… :-)

  14. Scott Hanselman Says:

    Cool. I’ve just put a C# client (the beginnings of one) at http://code.google.com/p/wesabedotnetclient/

  15. Mr eel Says:

    You say wesabe supports banks and credit card companies in over 30 countries, but how do I find out if my bank is included?

    This information doesn’t seem to be included on the site, or at least it’s not easily discoverable.

    I had considered signing up for this service, but that’s some pretty critical information missing.

    Oh, and good choice with a REST API! I can imagine using it quite heavily.

  16. Chris Roos Says:

    @Mr eel. As signup is completely free and takes a few minutes, why not just signup and have a look? If your bank isn’t supported I believe you might be able to set-up a generic account (I’m not 100% sure about this) and just upload your transactions manually.

  17. Michael Chermside Says:

    I agree with Mr eel: it would be nice to have a list of supported institutions. That being said, I *do* intend to check out Wesabe sometime soon — it sounds worth investigating.

  18. Jeremy Zawodny Says:

    Oooh! This may be what finally motivates me to sign up and spend some time with the service. Nice job, guys!

  19. Damien Says:

    Nice! I’ve been looking for something like this for a while!

    But about finding out which banks are supported, I’ve signed up but still don’t know where to find this information. When I try to add an account for my bank (Chase), it just tells me “Go to your bank’s or credit card’s web site. Download an account statement to your computer.” I guess my bank is not supported then? If I need to download the Wesabe Uploader just to find out this information, that stinks since I’m running Linux. =/

    Anyways, if Chase is not one of the supported banks, it would be awesome if the code was made open source and anyone could contribute to add their bank to the wesabe API. Seems like that could be a win/win situation, no?

  20. Gene Blishen Says:

    This looks very interesting. I have passed this info onto IT to look at. We just finnished a Soap/XML bridge so we could entertain something like this. See you in Seattle Marc.

  21. friendly developer Says:

    This is really cool. I have a question. You wrote:

    “As a result, we’re not just providing an API for our own site, but also for all the bank and credit card sites that Wesabe supports, as well.”

    Does this mean I could use your APIs to custom write an application that runs on my machine which would leverage your platform to pull data directly to my client? Or does you API work in such a way that I would have to create a Wesabe account, and use the API to get my data filtered through my Wesabe account? As far as I can tell from docs, that is the case.

    However, your quote implied to me that there were now APIs for the banks which I could use.

    If your API supports the use case I am describing, an example would be much appreciated.

    Thank you!

  22. Marc Hedlund Says:

    Hey, friendly,

    The API does currently require you to have a full Wesabe account, but we may modify this in the future. The reason we provide the API in the format we do is that we want to build up a large database of transactions so that we can make recommendations to consumers about where they’ll get the best values. So, it’s in our interest to have the data filtered through the Wesabe site. We also think it’s in your interest, since we clean up the data substantially, both algorithmically (since banks tend to put out data in a bunch of irregular formats), and through community editing (since we translate from bank back-end names like “WHLE FDS BERKELY 423220 G” to human names like “Whole Foods” when a quorum of users agree that that edit is the right edit).

    However, if you’re not comfortable with that, it’s not a requirement, and you can use our (open source) Firefox Uploader to get data out of your bank and do whatever you want with it. (See http://blog.wesabe.com/index.php/2007/07/25/the-wesabe-firefox-uploader/ for more info.) We completely support you have full, free, easy access to your data whether through our site or just using our tools.

    Hope this helps. Let me know if you have any other questions.

  23. friendly developer Says:

    Thank you for a very helpful answer. Keep up the great work!

  24. How to do almost anything online « Gurgle Italy (Children of a Lesser God) Says:

    […] Wesabe. Wesabe is best in its class, allowing access to bank accounts and credit cards so that you can pay one-off or repeating bills. Use the new REST API for custom apps. […]

  25. Who owns your bank transaction data? « Rowan Simpson Says:

    […] Their REST API for bank transaction data; and […]

  26. jjray Says:

    “The reason we provide the API in the format we do is that we want to build up a large database of transactions … .” I take it then that tradeoff for use of the API is turning over the data to you. Privacy issue. From reading your privacy statement, I guess the response is that the financial data is not individually identifiable in that your company only has user name and email address. But surely you also have IP address and probably account numbers as well. That’s enough individually identifiable data to tie the financial acct info back to a user. Every service has a cost of some sort. Perhaps that’s a fair tradeoff.

Comments are closed.


Follow

Get every new post delivered to your Inbox.

%d bloggers like this: