Hacker News new | more | comments | ask | show | jobs | submit login
Show HN: I made a simple personal finance API (like Yodlee)
12 points by gabelerner on Oct 12, 2010 | hide | past | web | favorite | 13 comments
It's at http://finkin.com. The goal is to allow a developer to sign up in seconds, and within minutes begin querying data. It runs under https and stores no access information.

From http://news.ycombinator.com/item?id=1431583, I realized that all those types of sites are not tailored to developers like the other simple APIs around the web are (i.e. flickr). I made mine as simple as I thought possible.

From http://news.ycombinator.com/item?id=1676458, I realized that eventually it should be a scalable model where you pay pennies per the # of requests you make.

Right now it supports many institutions (not as many as Yodlee, as I don't scrape) but given enough demand, more will be added. I am currently beta testing the functionality before moving to a dedicated machine and having a SLA.

In the future, I plan to support more API functions such as getting a bank's routing number, being able to push user credentials up to the server where they will be encrypted and available for things like push notifications, bill pay API, etc.


Two questions:

(1) How can we trust you with our bank login credentials?

(2) What is the current list of banks you support?

Would a call to https://api.finkin.com/v1.0/InstitutionSearch give me the full list?

(1) The toughest part is to build credibility but somehow mint.com did it. Other than getting a few users who have communicated with me privately to act as references, I haven't figured that part out. It does take some trust on the part of the users but the risks are alleviated by the fact that the money is insured and even if I had your credentials, your bank should not allow me to log in as I'm accessing it from a different computer.

(2) Good question. I had to restrict the query as it was over 1MB in size for the full list, but I'll run it and make the xml file available for people that don't want to query each time. I created the list from a couple of sources and have only tested it with my and my family's accounts so it is hard to tell how much of the data is valid and how much is stale.

edit: http://finkin.com/InstitutionSearch.xml

It does take some trust on the part of the users but the risks are alleviated by the fact that the money is insured and even if I had your credentials, your bank should not allow me to log in as I'm accessing it from a different computer.

If you mean FDIC insurance, that's only if the bank fails; identity theft type losses are probably not covered (you may want to research and confirm this).

Also, I don't think it matters from which computer/ip address someone logs in. If you know my login credentials, you can do anything to the account (though this might vary from bank to bank).

I think you need to be more proactive about security and fraud before people will be comfortable.


Thanks, I'll take a look.

Have you considered a different solution to credibility?

Like charging for an open source commercial license for "embedded" use only and you retain the rights to be the sole general api provider?

I was thinking that if it doesn't take off, I'd just release the whole thing as an open source project since most of the work did not come from writing the code, but rather acquiring and maintaining the list of institutions, servers to query, and eventually websites to scrape.

From your idea, perhaps I can release the code completely free (or small one time fee) but charge for use of my up to date databases. Thanks for the help!

Also besides my comment about OFX being inaccurate I wanted to say I think what you've done is really great. OFX is a beast no doubt. I'd add account discover next, that was one pain point with working with OFX is the account numbers the ofx used were different or expected to be formatted in some specific way. Luckily OFX has account discovery built in.

Once I find some time, I was going to let people register for their key, then add a routing number search, but your idea is great for the next todo. For some institutions it's easy (etc. CC#) but for others I had to push my way through the account not found messages so this would definitely help with that.


I tried this with my Chase account and I can't seem to sign in. I'm guessing you either need to have the OFX api feature enabled for your bank account or you need to be with a bank that allows all users to get their OFX data for free. I think Chase charges something like $15/mon to each user who wants to get their data via OFX.

I haven't look too closely at this space, but someone here at HN made the claim that bank APIs are sometimes inaccurate, which is why Yodlee scrapes in the first place.

Can you confirm/rebut?

I've never had a problem with them - granted I only tested with accounts I had access to through family/friends. That said, it is up to the bank to maintain their end of the API and make sure that their server has the uptime and correct code to parse the request and return the response, so when that doesn't happen, the only resort is to scrape. Do you have a link to the thread where the claim occurred?

That claim was probably made by me, and I still stand by it. Let me guess, you are using OFX?

edit: here is my original comment -> http://news.ycombinator.com/item?id=1537982

I am not disagreeing with your claim and am using OFX, for now.

My initial goal was to provide a simple and cheap API that one can get started with in minutes vs. having to gather a server list, maintain it, read through the OFX docs, etc. In my testing, I have never had a problem with stale data, but that doesn't mean that it doesn't exist. Going forward, I am not opposed to scraping if there's a demand for it.

Yup. You're the guy.

Applications are open for YC Summer 2019

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact