Some apps like expense trackers can connect to your bank to pull your information for you. Unfortunately, this is done in an insecure way: by giving the expense tracking site your bank user name and password. This is very dangerous since the site can do anything, like transferring your money to them. And both the expense tracking site and the bank will have fine print in their terms disclaiming any responsibility. People who know enough about security would be hesitant to use such sites.
The solution is OAuth, which lets the third-party site authenticate to your bank without you having to trust them with your bank password. OAuth can also support different access levels like read-only.
Actually, when it comes to money, we need finer levels of access than just read-only and read-write. For example, if I use a third-party app to make investments, I may want to permit it only to make additional investments, not liquidate my existing investments. Or if I use a peer-to-peer money transfer service to receive money from a friend, I may want to permit it only to deposit money in my account, not withdraw money.
Another kind of financial API would be to transmit information about purchases. Going back to the problem of tracking expenses, it’s easy to figure out how much money you’re spending at M.K.Retail, say, but hard to figure out how much you’re spending on fruits as opposed to vegetables or beverages or something else. Actually, it’s the items you’re spending your money on that matters more than the name of the shop you’re buying from. But this information is hard to access in an automated way.
The solution to this is as follows. First, let’s say you’re paying using an app, like Paytm or Apple Pay, rather than a card or cash. In exchange for the payment, the shop should give Paytm an itemised digital bill, in some standard format like JSON or XML. Paytm then aggregates your information for you across all your purchases and tells you, at the end of the month, how much money you spent on fruits, no matter if those fruits were bought from M.K.Retail, Westside or Big Basket.
We need more financial APIs to make our financial products and services work together better, smoother and more securely.