FYI.

This story is over 5 years old.

It's Bonkers That More Banks Don't Provide APIs

Screen-scraping remains the norm.

There was a quaint time when interactions between you and your bank were just that: between you and your bank. Of course, accountants and money managers existed before the contemporary internet—albeit not so much for us regular folk—but it was nothing like the current Mint-dominated landscape of third-party accounting and budgeting tools, many of which demand direct access to your bank accounts to do their work.

Advertisement

What might not be obvious is how these services generally connect to your bank accounts in the first place. In many cases, this is done via the third-party banking data aggregator Yodlee, which provides the interface between actual banks and services like Personal Capital, LearnVest, and Fidelity's Full View, in addition to its own Mint competitor Yodlee MoneyCenter. In its earlier days, Mint itself plugged in via Yodlee.

Yodlee is not magic. It accesses banking information, in many if not most cases, via good old fashioned screen scraping. A user provides their account information and password to their budgeting software of choice and, programmatically, their account information will be copy and pasted straight from their account to the third-party service. This is done via a script, and it's not a whole lot different than if an actual human sat down at a computer and went to work copying over all of your money-data.

Data aggregation is generally well past screen scraping, though it persists. More frequently, data is accessed via APIs, unified sets of methods that developers can employ to directly connect to a data source, bypassing the human interface completely. This makes a whole lot of sense, particularly given that more and more data sources are being accessed via machine, and teaching machines to act like humans to access data can unnecessarily tax the web interface being scraped. Generally, it's an inelegant, creaky process, and, moreover, the burden falls on account holders in the event the third-party software manages to fuck it all up.

Last week, Wells Fargo announced that it had created an API alternative so that small businesses can access account-holder data without the need for screen scraping. "We are on a mission to help lead the financial industry beyond screen scraping," Brett Pitts, head of digital for Wells Fargo Virtual Channels, told American Banker. "It's not as robust as what we need from a security perspective; it's brittle in terms of ongoing customer experience management, and it can be frustrating for all the parties involved. So it's time to move beyond that."

To do this, Wells Fargo is turning to accounting software firm Xero. Security will be handled via OAuth tokens, resulting in a system that will allow users to allow third parties to access their account information without having to provide those third parties with their password information. Sharing password information has been one of the chief concerns with the ad hoc screen scraping approach.

When the Wells Fargo/Xero system is implemented by the end of the year, banking customers will be presented with the option to have their data shared with Xero. If they say yes, every morning their account information will be loaded up into the Xero system where it can be accessed via API and OAuth.

That still leaves a whole lot of banks dependent on screen scraping, which isn't very reassuring. That said, as someone who builds software (and someone who uses the most low-tech two-branch bank in the southwestern US), I just like the idea of interacting with my money in the rawest way possible this side of slipping cash in an envelope under my landlord's door. Command line banking, sign me up.