
RESTful API for Account Information Services (AIS) and Payment Initiation Services (PIS)

The following pages give you some general information on how to use our APIs.
The actual API services documentation then follows further below. You can use the menu to jump between API sections.

This page has a built-in HTTP(S) client, so you can test the services directly from within this page, by filling in the request parameters and/or body in the respective services, and then hitting the TRY button. Note that you need to be authorized to make a successful API call. To authorize, refer to the 'Authorization' section of the API, or just use the OAUTH button that can be found near the TRY button.

General information

Error Responses

When an API call returns with an error, then in general it has the structure shown in the following example:
  \"errors\": [
      \"message\": \"Interface 'FINTS_SERVER' is not supported for this operation.\",
      \"code\": \"BAD_REQUEST\",
      \"type\": \"TECHNICAL\"
  \"date\": \"2020-11-19 16:54:06.854\",
  \"requestId\": \"selfgen-312042e7-df55-47e4-bffd-956a68ef37b5\",
  \"endpoint\": \"POST /api/v1/bankConnections/import\",
  \"authContext\": \"1/21\",
  \"bank\": \"DEMO0002 - finAPI Test Redirect Bank\"

If an API call requires an additional authentication by the user, HTTP code 510 is returned and the error response contains the additional "multiStepAuthentication" object, see the following example:

  \"errors\": [
      \"message\": \"Es ist eine zusätzliche Authentifizierung erforderlich. Bitte geben Sie folgenden Code an: 123456\",
      \"type\": \"BUSINESS\",
      \"multiStepAuthentication\": {
        \"hash\": \"678b13f4be9ed7d981a840af8131223a\",
        \"status\": \"CHALLENGE_RESPONSE_REQUIRED\",
        \"challengeMessage\": \"Es ist eine zusätzliche Authentifizierung erforderlich. Bitte geben Sie folgenden Code an: 123456\",
        \"answerFieldLabel\": \"TAN\",
        \"redirectUrl\": null,
        \"redirectContext\": null,
        \"redirectContextField\": null,
        \"twoStepProcedures\": null,
        \"photoTanMimeType\": null,
        \"photoTanData\": null,
        \"opticalData\": null
  \"date\": \"2019-11-29 09:51:55.931\",
  \"requestId\": \"selfgen-45059c99-1b14-4df7-9bd3-9d5f126df294\",
  \"endpoint\": \"POST /api/v1/bankConnections/import\",
  \"authContext\": \"1/18\",
  \"bank\": \"DEMO0001 - finAPI Test Bank\"

An exception to this error format are API authentication errors, where the following structure is returned:

  \"error\": \"invalid_token\",
  \"error_description\": \"Invalid access token: cccbce46-xxxx-xxxx-xxxx-xxxxxxxxxx\"


API services that may potentially return a lot of data implement paging. They return a limited number of entries within a \"page\". Further entries must be fetched with subsequent calls.

Any API service that implements paging provides the following input parameters:
• \"page\": the number of the page to be retrieved (starting with 1).
• \"perPage\": the number of entries within a page. The default and maximum value is stated in the documentation of the respective services.

A paged response contains an additional "paging" object with the following structure:

  \"paging\": {
    \"page\": 1,
    \"perPage\": 20,
    \"pageCount\": 234,
    \"totalCount\": 4662


The finAPI services support internationalization which means you can define the language you prefer for API service responses.

The following languages are available: German, English, Czech, Slovak.

The preferred language can be defined by providing the official HTTP Accept-Language header.

finAPI reacts on the official iso language codes "de", "en", "cs" and "sk" for the named languages. Additional subtags supported by the Accept-Language header may be provided, e.g. "en-US", but are ignored.
If no Accept-Language header is given, German is used as the default language.

• Bank login hints and login fields are only available in the language of the bank and not being translated.
• Direct messages from the bank systems typically returned as BUSINESS errors will not be translated.
• BUSINESS errors created by finAPI directly are available in German and English.
• TECHNICAL errors messages meant for developers are mostly in English, but also may be translated.

Request IDs

With any API call, you can pass a request ID via a header with name \"X-Request-Id\". The request ID can be an arbitrary string with up to 255 characters. Passing a longer string will result in an error.

If you don't pass a request ID for a call, finAPI will generate a random ID internally.

The request ID is always returned back in the response of a service, as a header with name \"X-Request-Id\".

We highly recommend to always pass a (preferably unique) request ID, and include it into your client application logs whenever you make a request or receive a response (especially in the case of an error response). finAPI is also logging request IDs on its end. Having a request ID can help the finAPI support team to work more efficiently and solve tickets faster.

Overriding HTTP methods

Some HTTP clients do not support the HTTP methods PATCH or DELETE. If you are using such a client in your application, you can use a POST request instead with a special HTTP header indicating the originally intended HTTP method.

The header's name is X-HTTP-Method-Override. Set its value to either PATCH or DELETE. POST Requests having this header set will be treated either as PATCH or DELETE by the finAPI servers.


X-HTTP-Method-Override: PATCH
POST /api/v1/label/51
{\"name\": \"changed label\"}

will be interpreted by finAPI as:

PATCH /api/v1/label/51
{\"name\": \"changed label\"}

User metadata

With the migration to PSD2 APIs, a new term called \"User metadata\" (also known as \"PSU metadata\") has been introduced to the API. This user metadata aims to inform the banking API if there was a real end-user behind an HTTP request or if the request was triggered by a system (e.g. by an automatic batch update). In the latter case, the bank may apply some restrictions such as limiting the number of HTTP requests for a single consent. Also, some operations may be forbidden entirely by the banking API. For example, some banks do not allow issuing a new consent without the end-user being involved. Therefore, it is certainly necessary and obligatory for the customer to provide the PSU metadata for such operations.

As finAPI does not have direct interaction with the end-user, it is the client application's responsibility to provide all the necessary information about the end-user. This must be done by sending additional headers with every request triggered on behalf of the end-user.

At the moment, the following headers are supported by the API:
• \"PSU-IP-Address\" - the IP address of the user's device.
• \"PSU-Device-OS\" - the user's device and/or operating system identification.
• \"PSU-User-Agent\" - the user's web browser or other client device identification.


Is there a finAPI SDK?
Currently we do not offer a native SDK, but there is the option to generate a SDK for almost any target language via OpenAPI. Use the 'Download SDK' button on this page for SDK generation.

How can I enable finAPI's automatic batch update?
Currently there is no way to set up the batch update via the API. Please contact for this.

Why do I need to keep authorizing when calling services on this page?
This page is a \"one-page-app\". Reloading the page resets the OAuth authorization context. There is generally no need to reload the page, so just don't do it and your authorization will persist.

For more information, please visit

Installation & Usage


PHP 7.3 and later. Should also work with PHP 8.0 but has not been tested.


To install the bindings via Composer, add the following to composer.json:

  "repositories": [
      "type": "vcs",
      "url": "https:////.git"
  "require": {
    "/": "*@dev"

Then run composer install

Manual Installation

Download the files and include autoload.php:


Getting Started

Please follow the installation procedure and then run the following:

require_once(__DIR__ . '/vendor/autoload.php');

// Configure OAuth2 access token for authorization: finapi_auth
$config = OpenAPIAccess\Client\Configuration::getDefaultConfiguration()->setAccessToken('YOUR_ACCESS_TOKEN');

// Configure OAuth2 access token for authorization: finapi_auth
$config = OpenAPIAccess\Client\Configuration::getDefaultConfiguration()->setAccessToken('YOUR_ACCESS_TOKEN');

$apiInstance = new OpenAPIAccess\Client\Api\AccountsApi(
    // If you want use custom http client, pass your client which implements `GuzzleHttp\ClientInterface`.
    // This is optional, `GuzzleHttp\Client` will be used as default.
    new GuzzleHttp\Client(),
$id = 56; // int | Identifier of the account to delete
$x_http_method_override = 'x_http_method_override_example'; // string | Some HTTP clients do not support the HTTP methods PATCH or DELETE. If you are using such a client in your application, you can use a POST request instead with this header indicating the originally intended HTTP method. POST Requests having this  header set will be treated either as PATCH or DELETE by the finAPI servers.
$x_request_id = 'x_request_id_example'; // string | With any API call, you can pass a request ID. The request ID can be an arbitrary string with up to 255 characters. Passing a longer string will result in an error. If you don't pass a request ID for a call, finAPI will generate a random ID internally. The request ID is always returned back in the response of a service, as a header with name 'X-Request-Id'. We highly recommend to always pass a (preferably unique) request ID, and include it into your client application logs whenever you make a request or receive a response (especially in the case of an error response). finAPI is also logging request IDs on its end. Having a request ID can help the finAPI support team to work more efficiently and solve tickets faster.

try {
    $apiInstance->deleteAccount($id, $x_http_method_override, $x_request_id);
} catch (Exception $e) {
    echo 'Exception when calling AccountsApi->deleteAccount: ', $e->getMessage(), PHP_EOL;

API Endpoints

All URIs are relative to

Class Method HTTP request Description
AccountsApi deleteAccount DELETE /api/v1/accounts/{id} Delete an account
AccountsApi deleteAllAccounts DELETE /api/v1/accounts Delete all accounts
AccountsApi editAccount PATCH /api/v1/accounts/{id} Edit an account
AccountsApi getAccount GET /api/v1/accounts/{id} Get an account
AccountsApi getAndSearchAllAccounts GET /api/v1/accounts Get and search all accounts
AccountsApi getDailyBalances GET /api/v1/accounts/dailyBalances Get daily balances
AuthorizationApi getToken POST /oauth/token Get tokens
AuthorizationApi revokeToken POST /oauth/revoke Revoke a token
BankConnectionsApi connectInterface POST /api/v1/bankConnections/connectInterface Connect a new interface
BankConnectionsApi deleteAccessData DELETE /api/v1/bankConnections/{id}/aisConsent Delete a consent
BankConnectionsApi deleteAllBankConnections DELETE /api/v1/bankConnections Delete all bank connections
BankConnectionsApi deleteBankConnection DELETE /api/v1/bankConnections/{id} Delete a bank connection
BankConnectionsApi editBankConnection PATCH /api/v1/bankConnections/{id} Edit a bank connection
BankConnectionsApi getAllBankConnections GET /api/v1/bankConnections Get all bank connections
BankConnectionsApi getBankConnection GET /api/v1/bankConnections/{id} Get a bank connection
BankConnectionsApi importBankConnection POST /api/v1/bankConnections/import Import a new bank connection
BankConnectionsApi removeInterface POST /api/v1/bankConnections/removeInterface Remove an interface
BankConnectionsApi updateBankConnection POST /api/v1/bankConnections/update Update a bank connection
BanksApi getAndSearchAllBanks GET /api/v1/banks Get and search all banks
BanksApi getBank GET /api/v1/banks/{id} Get a bank
CategoriesApi createCategory POST /api/v1/categories Create a new category
CategoriesApi deleteAllCategories DELETE /api/v1/categories Delete all categories
CategoriesApi deleteCategory DELETE /api/v1/categories/{id} Delete a category
CategoriesApi editCategory PATCH /api/v1/categories/{id} Edit a category
CategoriesApi getAndSearchAllCategories GET /api/v1/categories Get and search all categories
CategoriesApi getCashFlows GET /api/v1/categories/cashFlows Get cash flows
CategoriesApi getCategory GET /api/v1/categories/{id} Get a category
CategoriesApi trainCategorization POST /api/v1/categories/trainCategorization Train categorization
ClientConfigurationApi editClientConfiguration PATCH /api/v1/clientConfiguration Edit client configuration
ClientConfigurationApi getClientConfiguration GET /api/v1/clientConfiguration Get client configuration
LabelsApi createLabel POST /api/v1/labels Create a new label
LabelsApi deleteAllLabels DELETE /api/v1/labels Delete all labels
LabelsApi deleteLabel DELETE /api/v1/labels/{id} Delete a label
LabelsApi editLabel PATCH /api/v1/labels/{id} Edit a label
LabelsApi getAndSearchAllLabels GET /api/v1/labels Get and search all labels
LabelsApi getLabel GET /api/v1/labels/{id} Get a label
MandatorAdministrationApi changeClientCredentials POST /api/v1/mandatorAdmin/changeClientCredentials Change client credentials
MandatorAdministrationApi createIbanRules POST /api/v1/mandatorAdmin/ibanRules Create IBAN rules
MandatorAdministrationApi createKeywordRules POST /api/v1/mandatorAdmin/keywordRules Create keyword rules
MandatorAdministrationApi deleteIbanRules POST /api/v1/mandatorAdmin/ibanRules/delete Delete IBAN rules
MandatorAdministrationApi deleteKeywordRules POST /api/v1/mandatorAdmin/keywordRules/delete Delete keyword rules
MandatorAdministrationApi deleteUsers POST /api/v1/mandatorAdmin/deleteUsers Delete users
MandatorAdministrationApi getIbanRuleList GET /api/v1/mandatorAdmin/ibanRules Get IBAN rules
MandatorAdministrationApi getKeywordRuleList GET /api/v1/mandatorAdmin/keywordRules Get keyword rules
MandatorAdministrationApi getUserList GET /api/v1/mandatorAdmin/getUserList Get user list
MocksAndTestsApi checkCategorization POST /api/v1/tests/checkCategorization Check categorization
MocksAndTestsApi mockBatchUpdate POST /api/v1/tests/mockBatchUpdate Mock batch update
NotificationRulesApi createNotificationRule POST /api/v1/notificationRules Create a new notification rule
NotificationRulesApi deleteAllNotificationRules DELETE /api/v1/notificationRules Delete all notification rules
NotificationRulesApi deleteNotificationRule DELETE /api/v1/notificationRules/{id} Delete a notification rule
NotificationRulesApi getAndSearchAllNotificationRules GET /api/v1/notificationRules Get and search all notification rules
NotificationRulesApi getNotificationRule GET /api/v1/notificationRules/{id} Get a notification rule
PaymentsApi createDirectDebit POST /api/v1/payments/directDebits Create direct debit
PaymentsApi createMoneyTransfer POST /api/v1/payments/moneyTransfers Create money transfer
PaymentsApi getPayments GET /api/v1/payments Get payments
PaymentsApi submitPayment POST /api/v1/payments/submit Submit payment
SecuritiesApi getAndSearchAllSecurities GET /api/v1/securities Get and search all securities
SecuritiesApi getSecurity GET /api/v1/securities/{id} Get a security
TPPCertificatesApi createNewCertificate POST /api/v1/tppCertificates Upload TPP certificate
TPPCertificatesApi deleteCertificate DELETE /api/v1/tppCertificates/{id} Delete a TPP certificate
TPPCertificatesApi getAllCertificates GET /api/v1/tppCertificates Get all TPP certificates
TPPCertificatesApi getCertificate GET /api/v1/tppCertificates/{id} Get a TPP certificate
TPPCredentialsApi createTppCredential POST /api/v1/tppCredentials Upload TPP credentials
TPPCredentialsApi deleteTppCredential DELETE /api/v1/tppCredentials/{id} Delete a set of TPP credentials
TPPCredentialsApi editTppCredential PATCH /api/v1/tppCredentials/{id} Edit a set of TPP credentials
TPPCredentialsApi getAllTppCredentials GET /api/v1/tppCredentials Get all TPP credentials
TPPCredentialsApi getAndSearchTppAuthenticationGroups GET /api/v1/tppCredentials/tppAuthenticationGroups Get all TPP Authentication Groups
TPPCredentialsApi getTppCredential GET /api/v1/tppCredentials/{id} Get a set of TPP credentials
TransactionsApi deleteAllTransactions DELETE /api/v1/transactions Delete all transactions
TransactionsApi deleteTransaction DELETE /api/v1/transactions/{id} Delete a transaction
TransactionsApi editMultipleTransactions PATCH /api/v1/transactions Edit multiple transactions
TransactionsApi editTransaction PATCH /api/v1/transactions/{id} Edit a transaction
TransactionsApi getAndSearchAllTransactions GET /api/v1/transactions Get and search all transactions
TransactionsApi getTransaction GET /api/v1/transactions/{id} Get a transaction
TransactionsApi restoreTransaction POST /api/v1/transactions/{id}/restore Restore a transaction
TransactionsApi splitTransaction POST /api/v1/transactions/{id}/split Split a transaction
TransactionsApi triggerCategorization POST /api/v1/transactions/triggerCategorization Trigger categorization
UsersApi createUser POST /api/v1/users Create a new user
UsersApi deleteAuthorizedUser DELETE /api/v1/users Delete the authorized user
UsersApi deleteUnverifiedUser DELETE /api/v1/users/{userId} Delete an unverified user
UsersApi editAuthorizedUser PATCH /api/v1/users Edit the authorized user
UsersApi executePasswordChange POST /api/v1/users/executePasswordChange Execute password change
UsersApi getAuthorizedUser GET /api/v1/users Get the authorized user
UsersApi getVerificationStatus GET /api/v1/users/verificationStatus Get a user's verification status
UsersApi requestPasswordChange POST /api/v1/users/requestPasswordChange Request password change
UsersApi verifyUser POST /api/v1/users/verify/{userId} Verify a user




  • Type: OAuth
  • Flow: password
  • Authorization URL: ``
  • Scopes:
    • all: no limitations


  • Type: OAuth
  • Flow: application
  • Authorization URL: ``
  • Scopes:
    • all: no limitations


To run the tests, use:

composer install


About this package

This PHP package is automatically generated by the OpenAPI Generator project:

  • API version: 1.143.1
  • Build package: org.openapitools.codegen.languages.PhpClientCodegen