

Show HN: I made a simple personal finance API (like Yodlee) - gabelerner

It's at http://finkin.com.  The goal is to allow a developer to sign up in seconds, and within minutes begin querying data.  It runs under https and  stores no access information.<p>From http://news.ycombinator.com/item?id=1431583, I realized that all those types of sites are not tailored to developers like the other simple APIs around the web are (i.e. flickr).  I made mine as simple as I thought possible.<p>From http://news.ycombinator.com/item?id=1676458, I realized that eventually it should be a scalable model where you pay pennies per the # of requests you make.<p>Right now it supports many institutions (not as many as Yodlee, as I don't scrape) but given enough demand, more will be added.  I am currently beta testing the functionality before moving to a dedicated machine and having a SLA.<p>In the future, I plan to support more API functions such as getting a bank's routing number, being able to push user credentials up to the server where they will be encrypted and available for things like push notifications, bill pay API, etc.
======
dpapathanasiou
Interesting.

Two questions:

(1) How can we trust you with our bank login credentials?

(2) What is the current list of banks you support?

Would a call to <https://api.finkin.com/v1.0/InstitutionSearch> give me the
full list?

~~~
gabelerner
(1) The toughest part is to build credibility but somehow mint.com did it.
Other than getting a few users who have communicated with me privately to act
as references, I haven't figured that part out. It does take some trust on the
part of the users but the risks are alleviated by the fact that the money is
insured and even if I had your credentials, your bank should not allow me to
log in as I'm accessing it from a different computer.

(2) Good question. I had to restrict the query as it was over 1MB in size for
the full list, but I'll run it and make the xml file available for people that
don't want to query each time. I created the list from a couple of sources and
have only tested it with my and my family's accounts so it is hard to tell how
much of the data is valid and how much is stale.

edit: <http://finkin.com/InstitutionSearch.xml>

~~~
dpapathanasiou
_It does take some trust on the part of the users but the risks are alleviated
by the fact that the money is insured and even if I had your credentials, your
bank should not allow me to log in as I'm accessing it from a different
computer._

If you mean FDIC insurance, that's only if the bank fails; identity theft type
losses are probably _not_ covered (you may want to research and confirm this).

Also, I don't think it matters from which computer/ip address someone logs in.
If you know my login credentials, you can do anything to the account (though
this might vary from bank to bank).

I think you need to be more proactive about security and fraud before people
will be comfortable.

 _<http://finkin.com/InstitutionSearch.xml> _

Thanks, I'll take a look.

------
maxdemarzi
Have you considered a different solution to credibility?

Like charging for an open source commercial license for "embedded" use only
and you retain the rights to be the sole general api provider?

~~~
gabelerner
I was thinking that if it doesn't take off, I'd just release the whole thing
as an open source project since most of the work did not come from writing the
code, but rather acquiring and maintaining the list of institutions, servers
to query, and eventually websites to scrape.

From your idea, perhaps I can release the code completely free (or small one
time fee) but charge for use of my up to date databases. Thanks for the help!

------
djb_hackernews
Also besides my comment about OFX being inaccurate I wanted to say I think
what you've done is really great. OFX is a beast no doubt. I'd add account
discover next, that was one pain point with working with OFX is the account
numbers the ofx used were different or expected to be formatted in some
specific way. Luckily OFX has account discovery built in.

~~~
gabelerner
Once I find some time, I was going to let people register for their key, then
add a routing number search, but your idea is great for the next todo. For
some institutions it's easy (etc. CC#) but for others I had to push my way
through the account not found messages so this would definitely help with
that.

Thanks!

------
anemitz
I tried this with my Chase account and I can't seem to sign in. I'm guessing
you either need to have the OFX api feature enabled for your bank account or
you need to be with a bank that allows all users to get their OFX data for
free. I think Chase charges something like $15/mon to each user who wants to
get their data via OFX.

------
DevX101
I haven't look too closely at this space, but someone here at HN made the
claim that bank APIs are sometimes inaccurate, which is why Yodlee scrapes in
the first place.

Can you confirm/rebut?

~~~
gabelerner
I've never had a problem with them - granted I only tested with accounts I had
access to through family/friends. That said, it is up to the bank to maintain
their end of the API and make sure that their server has the uptime and
correct code to parse the request and return the response, so when that
doesn't happen, the only resort is to scrape. Do you have a link to the thread
where the claim occurred?

~~~
djb_hackernews
That claim was probably made by me, and I still stand by it. Let me guess, you
are using OFX?

edit: here is my original comment ->
<http://news.ycombinator.com/item?id=1537982>

~~~
gabelerner
I am not disagreeing with your claim and am using OFX, for now.

My initial goal was to provide a simple and cheap API that one can get started
with in minutes vs. having to gather a server list, maintain it, read through
the OFX docs, etc. In my testing, I have never had a problem with stale data,
but that doesn't mean that it doesn't exist. Going forward, I am not opposed
to scraping if there's a demand for it.

