Hey everyone, I made this tool as a hobby project, I would love to hear your thoughts. The tool allows connecting personal and business accounts from over 1,000 banks in Europe. It uses Nordigen’s free open banking API. For full disclosure, I am one of the founders of Nordigen.
If you want to import banking data for tracking your personal finances or small business, there's also GnuCash, which you can run locally. https://gnucash.org/
I haven't used its online data-fetching features, but instead save manually save OFX and QFX files periodically from banking Web sites, and later import them into GnuCash (which includes transaction matchup features). I also use the statement reconciliation features.
I save all the OFX, QFX, and PDF files separately, in case I ever want to do something different with the data. (One of my financial services won't let you download transaction data older than 90 days, and most of my services won't let you download data or statements more than 1-2 years old.)
If you're up to investing time in GnuCash, and tuning it to your needs, there's some nice UI/HCI details, though some is still rough.
But the GnuCash out-of-box UX definitely isn't contemporary tech industry polish nor style. (Though that heritage also means that GnuCash isn't selling out the user a dozen different ways like we tend to do in tech industry right now.)
(Examples of tuning GnuCash: I replaced the default account hierarchy with one I evolved, switched to displaying only leaf account names instead of the colon path ones, and color-coded the accounts to distinguish liquid/non-liquid/liabilities/receivables.)
There's also a big list of alternatives to GnuCash at https://alternativeto.net/software/gnucash/ which you can filter down by various tags (open source or not, operating system, etc).
I built uFincs (https://ufincs.com) basically because I got fed up with GnuCash's UX. It only supports importing CSVs right now, but I'm open to adding other formats. It's also a web app rather than a desktop app, but you're free try it out/use it without an account (https://ufincs.com/noaccount) and all of your data will just be kept in your browser.
Is there any existing Free software project that aims to grab OFX files via banks' web interfaces? Obviously for banks that don't allow Direct Connect.
Another option in this space is Tiller (https://www.tillerhq.com/). They seem well-established, and offer some spreadsheet templates for plug-and-play solutions to some common budgeting scenarios.
If you don't care about spreadsheets specifically -- if you're just looking for scriptable access to your financials -- Lunch Money (https://lunchmoney.app) has a public API. They'll also be opening the beta of rollover budgeting any day now, which has me excited!
Good interoperable APIs for banks, and ways for people to be able to access and use their own data: +10000 better future points
Connecting my bank account to google sheets: -1000000
I do see the intention and the utility - people should be able to easily access and make sense of their data from whatever source and in whatever form. That you are enabling that and showcasing examples is admirable.
Google services in particular are so deeply exposed across people's devices and accounts, past and present, that they have for a long time been one of the largest attack surfaces:
- for incidental or targeted fraud from a distance
- for intrusion by personal contacts: stalking, coercive control
- for relinquishing control of personal data unintentionally: to an employer, to a state, or to arbitrary contacts by oversight because it's incredibly hard to track the myriad dimensions of sharing permissions
In general I applaud what you're doing. I would love to see an example of how to have insight into and oversight of your banking data on your own machine, with a focus on privacy - that's missing from the ecosystem I think.
haha, sure, because google needs more of your data, and whatever this nordigen thing is... laughable
from this nordigen's information handling section in TOS
> 2.3. As the Services also allow User to upload Information and/or obtain Account Information and personal data therein, User further acknowledges and agrees that by uploading or entering any Information for the Services and by using the Services, User grants Nordigen permission to make anonymized data based on personal and non-personal data collected from User or through User's use of the Services, and combine such anonymized data with that of other Users in order to make anonymized aggregate data. Nordigen may use the anonymized data and anonymized aggregate data for various business purposes and legitimate interests of Nordigen, including but not limited to improving the Services, developing and improving other Nordigen products and services, and distributing or licensing such data to third parties with whom Nordigen has a business relationship.
Every time the word "anonymized" is mentioned here you have to understand that everything in software is at risk of bugs or mistakes. But even if, they'll definitely sell your data.
Such ToS always have a clause like "we can change these terms at any time". I'm surprised that these data miners bother to declare their intent at all.
Please forgive me if I don't take your word for it when TOS allows it.
> including but not limited to improving the Services, developing and improving other Nordigen products and services, and distributing or licensing such data to third parties with whom Nordigen has a business relationship.
That means if you don't now, you might do it in the future. If if you don't, you might sell the whole thing to another company who will do this.
I have been toying with this idea and my solution is to use email.
Everytime I made purchase my bank (BankOfAmerica) send me an email, I parse that email and write data to a google sheet.
It's great because I don't need to give credential to service like Plaid.
I used webhook of service like https://hanami.run and configure my bank to send email notification to name@domain.com (my own domain). Hook it up with hanami.run webhook (or any email to webhook service) and voila, now you can parse the email body and do whatever you want with it, in real time. Bank sends email pretty quick.
Where is this setting? I just created a BofA account a few days ago because BBVA is a hellhole of despair (Simple acquisition victim) so this sounds much better.
I don't recall where it is on BofA's website, but most banks have some feature along the lines of "send me an email when a transaction over X amount happens". I just set that value to $0 or $0.01 so I get emails for every transaction made.
Gotcha, I'll poke around, thanks! What do you use for inbound mail processing? Do you run your own mail server? I was looking to process TheOCC.com inbound emails for some options trading stuff I was doing but never decided on a solution.
Maybe I'm misunderstanding - how are the first 2 plans "0 SMTP emails per day", aren't all emails going through SMTP? Sorry not an email expert, just trying to understand.
But thanks for the explanation on the AWS/Sendgrid side, appreciate the information. Still curious about your service though, it looks promising.
Ah SMTP is the protocol that we used to send email over internet.
The term SMTP server is used when you are the person who send out email.
The term MX server is used when you are the person who is received email. As in, someone use an SMTP server to send you an email, by connect to MX server list on your domain. You can find MX server by doing a `MX DNS query` on the domain such as `dig hanami.run mx +short` or `dig github.com mx +short`
SMTP email limit only apply for users who want to use our SMTP service. Think sendgrid/mailgun SMTP service. It means when you want to send email through your own domain.
For incoming and email forwarding(someone send you an email and we forward to your domains) then it unlimited.
The reason is that when you use SMTP service, you can just write a simple loop and send lots of email using our SMTP server. We don't want that, our service is only for daily email, not marketing(newsletter, promotion) or transaction email(password reset etc).
Incoming email, on other hand is send out by other people to your service, and we will happily forward as many as possible.
Thanks so much, this clears up a lot of vernacular I haven't needed to know before - I really appreciate it. Will keep your service in mind for my immediate + future work!
Cool idea, awesome tool, maybe helpful for some, but hearing google and some third party in context of my bank account makes me want to wrap up in tin foil.
Feedback : my time from registering to getting data from my account was insanely fast. Super easy to get started .
I strongly agree on putting a list of supported banks before signing up though. I've had experiences with other providers where sign up and verification takes time, and then after spending 24h being verified it doesn't support your bank anyway... So that up front is good
On this topic, I tried to do a Jan 1st to Dec 31st transaction dump from Chase Bank into a CSV and the whole thing failed -- "too many records." Then I broke it up to half year segments and the second half failed, again "too many records." Finally broke it up to three 4-month segments and realized Chase has a -- clearly arbitrary -- limit of 2500 txns (IIRC) per CSV dump.
I understand the need for limits, but 2500 rows x 7 columns?! This isn't exactly "Big Data."
I can't reply on @robertsbernans's comment for some reason, but his previous comment definitely did not mention that he's a cofounder of this Nordigen, so he deleted it and made a new one to make it seem "transparent" only after being called out, which makes this whole thing even shadier.
IDK why you cannot tag me in the comments, but there was only one comment in the first place mentioning me being the co-founder. You can check when was the post posted and my comment. Sorry you got that impression.
I didn't "get that impression". You made sure people got that impression by first not mentioning it in your "hi i made this toy" comment, then you deleted it, then you made a new one without acknowledging being called out.
The gulf between "google the company is willing to provide customer service to you" and "a google dev will scrape your data and attempt to monetize it" is extraordinarily vast. Ever moreso that this thread exists and we've got somebody showing off how easy it is to link your bank account...
Wait until you hear about this company called Plaid (valued at ~13B$) which is used by a lot of FinTech companies to access your bank account. They take your username/password in cleartext and go ahead and scrape and do as they please with the data to prevent fraud (oh and if 2fa blocks them from scraping, they'll ask you to disable it).
How is this even remotely acceptable blows my mind. My alternatives to transfer money into these fintech companies are checks (are we in the 90s?) or wire transfer (20$ each).
In Europe, all 6,000 retail banks have working APIs and it's possible to connect to banks without username/password sharing. The APIs are completely free to use under the PSD2 regulation. This approach of regulated open banking (i.e. regulator asking banks to build APIs) should eventually eradicate any password sharing in Europe. I hope to see this in US at some point as well.
while this is helpful for software acting in users agency (excel sheets), it's used for risk assessment elsewhere - and I'm not sure about credentials: Firms like Klarna ask your credentials (XS2A) to extract insights, before approving even a SEPA payment. While you're informed what details are fetched, it can be substantial - all accounts, balances, transaction history. Their credit business couldn't be happier for PSD2.
This MITM sounds like what Sofort payment in Germany did. Absolutely bonkers.
You know what's funny? Polish banks also have wire-transfer online payments roughly like Sofort since forever, but without MITM - Przelewy24, PayU et al. They seem to use proper methods to pre-fill wire transfer forms and dedicated accounts in each participating bank to settle the payment immediately.
I am obviously just such a low roller that I can't even imagine downloading a spreadsheet of recent transactions from my bank's website being a genuine pain point.
My bank makes me download or at least electronically acknowledge (through a button in the online banking) the bank statements it generates every few weeks. If those go unchecked for too long they're sent to me in the post, charging me for it.
As ridiculous as that seems I am completely unsurprised that your bank extracts near-random charges while playing with your money. I can't see how tools like this solve that problem, though...
