Developers

Create an API key, export credentials.json, and make your first decrypted call in minutes.

API keys

Create your API key

Authenticate with your key

Send the key in the X-Api-Key header. It grants the same access you have to your own data.

bash

curl -H "X-Api-Key: $OBIO_API_KEY" http://localhost:36179/api/accounts

Use the SDK

Package: @open-banking-io/client

npm

Install

Requires Node ≥ 20 (built-in WebCrypto + fetch, no runtime deps).

npm

yarn

pnpm

bash

npm install @open-banking-io/client

Connect & call

Point the client at your credentials.json — every request is authenticated and every response decrypted in-process.

index.ts

import { OpenBankingClient } from "@open-banking-io/client";

// Load the credentials.json you exported from the app (API key + private key).
const client = OpenBankingClient.fromCredentials("credentials.json");

for (const account of await client.getAccounts()) {
  const booked = account.balances.find((b) => b.type === "ITBD");
  console.log(`${account.displayName ?? account.ownerName} ${account.iban}: ${booked?.amount} ${account.currency}`);

  const page = await client.getTransactions(account.id, { limit: 50 });
  for (const t of page.items) {
    console.log(`  ${t.bookingDate}  ${t.creditorName ?? t.debtorName}  ${t.amount} ${t.currency}`);
  }
}

Methods

getAccounts()

List your accounts with decrypted balances.

getTransactions(accountId, …)

Page an account's transactions (date range, limit, offset).

getConnections()

List your connected banks.

sync(accountId)

Refresh one account from the bank (decrypts the session uid locally).

syncAll()

Refresh every account that has an active session.

Deploy to Kubernetes

Server-to-server only

The credentials bundle contains your private key. Keep it server-side only — never ship it to a browser, mobile app, or public repo.

Create the Secret

The credentials.json= key renames your dated download to a clean filename inside the cluster.

bash

kubectl create secret generic obio-credentials \
  --from-file=credentials.json=./open-banking.io-credentials-2026-06-16.json

Mount it in a Deployment

Mount the Secret read-only and load it in your code, e.g. fromCredentials("/etc/obio/credentials.json").

deployment.yaml

apiVersion: apps/v1
kind: Deployment
metadata:
  name: reporting-job
spec:
  replicas: 1
  selector:
    matchLabels: { app: reporting-job }
  template:
    metadata:
      labels: { app: reporting-job }
    spec:
      containers:
        - name: app
          image: ghcr.io/acme/reporting:latest
          env:
            - name: OBIO_CREDENTIALS
              value: /etc/obio/credentials.json
          volumeMounts:
            - name: obio-credentials
              mountPath: /etc/obio
              readOnly: true
      volumes:
        - name: obio-credentials
          secret:
            secretName: obio-credentials