Platform overview

The Neonomics platform provides our customers with access to end-users' bank account data and payment initiation through banks' PSD2 APIs.

Portal

To access the Neonomics API, you first need to create an account in the Neonomics Portal.

The Neonomics Portal allows you to create and manage your account and select what services offered by the Neonomics platform you would like to use.

To start using the Neonomics API, you will need to create an application in the Neonomics Portal.

An application represents a client of the Neonomics API who has access to certain services. Each service represents a logical subset of the Neonomics API - e.g. accounts. For each application you create, you will get a dedicated Client ID and Secret ID, which should be used by the client of the Neonomics API to generate an access_token. To learn more, read our guide on how to authenticate with the Neonomics API.

Authentication

The Neonomics API gateway enforces access control based on an access_token, as mentioned in the Portal section above. If the incoming request has a valid access_token, the request is passed through to the Neonomics API. Otherwise, specific error response(s) are generated and passed back to the client.

The Neonomics platform uses standard OAuth 2.0 Client Credentials Grant flow to generate an access_token. This flow involves several steps that need to be performed by the Neonomics API client, described in our authentication guide.

Once you have the access_token, you can perform calls towards the Neonomics API – as specified by the services which are assigned to corresponding "application Client ID / Secret ID".

Neonomics API

All the functionality of the Neonomics platform is offered via the Neonomics API.

We provide a generic and standard API (API standardization group agnostic), which exposes the operations towards the banks integrated with the Neonomics platform. Currently, those operations focus on the following main areas of functionality:

  • Accounts data
  • Payments

There are some common principles for working with the Neonomics API, regardless of which area of functionality you are interacting with.

Prior to calling any other API, the client application needs to determine which bank identifier will be used in subsequent calls (e.g. bank to list user accounts). A specific Neonomics API endpoint provides a list of banks currently available for your application. Data returned by this endpoint reflects the list of currently pre-integrated banks along with some additional information.

Session

In the Neonomics API, a session maintains a context for all the operations towards the bank for a specific end-user / Neonomics client. A session needs to be created for interaction with a given bank. This functionality is provided by a dedicated endpoint in the Neonomics API.

In order to associate the session with a specific end-user / Neonomics client, the client needs to pass a deviceId as part of the session creation. In all subsequent operations with Neonomics API, the client application needs to pass both the sessionId and the deviceId. For all these subsequent operations, the Neonomics API checks that the deviceId sent in the request matches the deviceId of the session with the given sessionId. This helps with monitoring and preventing session hijacking.

Read our quickstart guide to see an example of how to create a sessionIdwith the Neonomics API.

Consent and scope

In order to use operations (such as GET accounts, GET balances etc.) of a particular user, the PSD2 directive requires that the end-user authorizes the bank to grant access to his/her data to the third party (in this case Neonomics and Neonomics clients). This authorization is called consent. It can require a Strong Customer Authentication.

Consent is granted for a well-defined purpose (commonly also referred to as "scope") and for a pre-determined time. It is explicitly mandated that the end-user shall be able to revoke the consent at any time. The scope of the consent is determined by the bank and typically matches one or several operation areas (accounts, account balances, transactions, etc.). See our consent guide for more information on the mechanics of interacting with consent.

Banks

Banks are pre-integrated into the Neonomics platform.

As part of the integration, the Neonomics platform complies with all the security requirements required by each bank (e.g. eIDAS certificates, and other security measures). Some of these requirements are implicitly passed on to Neonomics clients (e.g. X-User-IP header). For more details, refer to API References.

Not all of the banks in the Neonomics platform support all of the functionality that the platform supports. This mapping is captured in the metadata repository on the Neonomics platform. You can find more information about which capabilities a specific bank supports, as well as what banks are available to the client in the platform, by using the dedicated bank endpoints in the platform.

We are continuously improving the platform's bank coverage.