Account Aggregation APIs
Building with PSD2, Open Finance, and FDX
Financial data aggregation has moved from being a niche capability to a core building block of modern banking and fintech products. Whether it’s personal finance dashboards, SME accounting tools, or credit scoring engines, access to account aggregation APIs enables seamless integration of financial data across multiple institutions.
But integration is not straightforward. Different markets are governed by different standards, and each brings its own quirks. In this guide, we’ll walk through how developers can approach aggregation APIs under PSD2 in the EU, Open Finance in the UK, and FDX in the US—highlighting technical nuances and data normalization challenges along the way.
The Regulatory Frameworks
PSD2 (EU)
The Second Payment Services Directive (PSD2) requires European banks to expose APIs for account information services (AIS) and payment initiation services (PIS). For developers, this means:
OAuth2-based authentication and consent flows.
Strong Customer Authentication (SCA) requirements, typically via redirect or decoupled flows.
JSON-based payloads, though schemas can differ across banks.
Open Finance (UK)
The UK’s Open Banking initiative, often referred to as Open Finance, extends PSD2 principles with stricter API specifications published by the Open Banking Implementation Entity (OBIE). Developers benefit from:
Standardized API definitions across banks.
Richer data sets, such as product and pricing APIs.
Centralized conformance testing and certification.
FDX (US)
The Financial Data Exchange (FDX) is an industry-led standard adopted by many US banks and aggregators. It focuses on:
A common API specification for data access.
Token-based authentication (often OAuth2 + JWT).
A flexible data model that supports both retail and business accounts.
Unlike PSD2 and OBIE, FDX is not regulatory-driven but industry-driven—so adoption can vary between institutions.
Technical Challenges in Aggregation
1. Authentication and Consent
Authentication flows differ dramatically. EU and UK APIs often enforce SCA with multi-step user redirections. In the US, FDX-compliant APIs can provide smoother token exchange but require custom integration for each financial institution. Developers must design modular OAuth2 clients that can adapt to variations.
2. Data Model Normalization
While PSD2 and OBIE aim for uniform JSON schemas, in practice, fields like transaction categorization, balances, or pending transactions vary. FDX introduces its own data structures. Without normalization, downstream applications face inconsistent inputs. A common approach is to build an internal canonical model that maps bank-specific fields to a standardized schema.
3. Rate Limits and Throttling
Most APIs impose rate limits, which can be especially restrictive when syncing historical data. Building efficient caching layers and implementing incremental sync (pulling only deltas rather than full histories) is critical.
4. Error Handling and Retries
Timeouts, SCA expirations, and intermittent errors are common. Developers should adopt exponential backoff strategies and design idempotent request handlers to avoid duplicating transactions on retries.
Developer Patterns for Aggregation APIs
Canonical Data Layer
Use a microservice dedicated to aggregation that normalizes data into a unified schema (balances, transactions, accounts). This service can expose a clean API to your internal systems.
Event-Driven Sync
Employ event-driven architecture (Kafka, RabbitMQ) to process incoming account updates in near real-time. This reduces polling and helps meet latency requirements for fintech applications.
Consent Management Service
Store and track consent artifacts (e.g., OAuth tokens, consent expirations) centrally. This allows teams to handle SCA renewals gracefully without disrupting UX.
Sandbox-First Testing
Leverage official sandboxes (OBIE test banks, FDX test suites) before going live. Each API provider’s quirks will surface early in testing, saving integration headaches later.
Real-World Example: Transaction Aggregation
Imagine a fintech building a personal finance management (PFM) app. Users connect accounts from both EU and US banks. The aggregation flow might look like this:
User initiates a connection in-app → redirect to the bank’s consent page.
Bank authenticates via SCA (EU/UK) or token-based flow (FDX).
Aggregation service retrieves raw JSON payloads.
Canonical model normalizes transactions into a common schema (date, merchant, amount, category).
Event-driven pipeline updates the user’s dashboard in near real-time.
This abstraction allows the PFM app to operate without knowing which standard (PSD2, OBIE, FDX) powered the data.
Closing Thoughts
Building with account aggregation APIs is both an opportunity and a challenge. The reward is seamless access to user-permissioned financial data that powers the next generation of fintech apps. The challenge lies in navigating fragmented standards, inconsistent data models, and regulatory complexity.
For fintech developers, success depends on building strong normalization layers, resilient authentication handling, and scalable sync pipelines. Done right, aggregation becomes not just a compliance requirement but a competitive differentiator—unlocking richer user experiences and new financial products.
