Kontomatik

Kontomatik Account Information Service API

PSD2-regulated Account Information Service for connecting end-user bank accounts across Poland, Czech Republic, Spain, Portugal, Romania, Lithuania, Latvia, and Estonia. Supports Single Access (one-time fetch), Multiple Access (up to 180-day consent tokens), and Mixed Access. Includes redirection SignIn Flow, background import commands, consent revocation, and a KontoBank mock-bank sandbox.

Kontomatik Account Information Service API is one of 4 APIs that Kontomatik publishes on the APIs.io network, described by a machine-readable OpenAPI specification.

This API exposes 1 machine-runnable capability that can be deployed as REST, MCP, or Agent Skill surfaces via Naftiko and 3 JSON Schema definitions.

Tagged areas include Open Banking, PSD2, AIS, and Bank Data. The published artifact set on APIs.io includes API documentation, an OpenAPI specification, a JSON-LD context, 1 Naftiko capability spec, and 3 JSON Schemas.

GitHub OpenAPI

Documentation

📖
Documentation
https://developer.kontomatik.com/first-steps/api-overview/
📖
Documentation
https://developer.kontomatik.com/docs/

Specifications

OpenAPI
https://raw.githubusercontent.com/api-evangelist/kontomatik/refs/heads/main/openapi/kontomatik-ais-api-openapi.yml

Schemas & Data

📊
JSONSchema
https://raw.githubusercontent.com/api-evangelist/kontomatik/refs/heads/main/json-schema/kontomatik-owner-schema.json
📊
JSONSchema
https://raw.githubusercontent.com/api-evangelist/kontomatik/refs/heads/main/json-schema/kontomatik-account-schema.json
📊
JSONSchema
https://raw.githubusercontent.com/api-evangelist/kontomatik/refs/heads/main/json-schema/kontomatik-transaction-schema.json

Other Resources

🔗
JSONLD
https://raw.githubusercontent.com/api-evangelist/kontomatik/refs/heads/main/json-ld/kontomatik-context.jsonld
🔗
NaftikoCapability
https://raw.githubusercontent.com/api-evangelist/kontomatik/refs/heads/main/capabilities/ais-account-information.yaml

OpenAPI Specification

kontomatik-ais-api-openapi.yml Raw ↑ 
openapi: 3.0.3
info:
  title: Kontomatik Account Information Service API
  version: 1.0.0
  description: |
    PSD2-regulated Account Information Service (AIS) for connecting to end-user
    bank accounts across Central and Eastern Europe. Supports Single Access
    (one-time data fetch) and Multiple Access (reusable consent token, up to
    180 days), redirection-based SignIn Flow, and mock-bank testing.
  contact:
    name: Kontomatik Support
    email: [email protected]
    url: https://developer.kontomatik.com/
  license:
    name: Commercial — see https://kontomatik.com
servers:
- url: https://api.kontomatik.com/v1
  description: Production
- url: https://test.api.kontomatik.com/v1
  description: Test
security:
- ApiKeyAuth: []
tags:
- name: SignIn
  description: Redirection-based bank authentication flow
- name: Command
  description: Background import commands and consent management
- name: Catalog
  description: Bank coverage catalog
- name: Mock
  description: Test session generation against KontoBank
paths:
  /signin/redirection:
    post:
      tags: [SignIn]
      summary: Initiate Redirection SignIn Flow
      description: Starts a redirection-based bank authentication flow and returns a redirect URL to the bank's authorization page.
      operationId: initiateRedirectionSignIn
      requestBody:
        required: true
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/RedirectionSignInRequest'
      responses:
        '200':
          description: Redirection URL issued
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/RedirectionSignInResponse'
  /signin/redirection-status:
    get:
      tags: [SignIn]
      summary: Check Redirection SignIn Status
      description: Returns the completion status of an active redirection sign-in.
      operationId: getRedirectionSignInStatus
      parameters:
      - name: sessionId
        in: query
        required: true
        schema: {type: string}
      responses:
        '200':
          description: Status returned
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/RedirectionSignInStatus'
  /command/default-import.xml:
    post:
      tags: [Command]
      summary: Start Default Data Import
      description: Initiates background import of transactions, accounts, and owner data from the authenticated session.
      operationId: startDefaultImport
      requestBody:
        required: true
        content:
          application/x-www-form-urlencoded:
            schema:
              $ref: '#/components/schemas/DefaultImportRequest'
      responses:
        '200':
          description: Command accepted
          content:
            application/xml:
              schema:
                $ref: '#/components/schemas/CommandAccepted'
  /command/{id}.xml:
    get:
      tags: [Command]
      summary: Get Command Status
      description: Polls the status of a previously issued import command and returns results when complete.
      operationId: getCommandById
      parameters:
      - name: id
        in: path
        required: true
        schema: {type: string}
      responses:
        '200':
          description: Command details
          content:
            application/xml:
              schema:
                $ref: '#/components/schemas/CommandResult'
  /command/reuse-multiple-access.xml:
    post:
      tags: [Command]
      summary: Reuse Multiple Access Token
      description: Creates a new import session using an existing Multiple Access consent token (no end-user reauthentication).
      operationId: reuseMultipleAccess
      requestBody:
        required: true
        content:
          application/x-www-form-urlencoded:
            schema:
              $ref: '#/components/schemas/ReuseMultipleAccessRequest'
      responses:
        '200':
          description: Reuse accepted
          content:
            application/xml:
              schema:
                $ref: '#/components/schemas/CommandAccepted'
  /command/delete-multiple-access.xml:
    post:
      tags: [Command]
      summary: Delete Multiple Access Consent
      description: Revokes a Multiple Access consent token, ending continuous access.
      operationId: deleteMultipleAccess
      requestBody:
        required: true
        content:
          application/x-www-form-urlencoded:
            schema:
              $ref: '#/components/schemas/DeleteMultipleAccessRequest'
      responses:
        '200':
          description: Consent revoked
  /mock-session.xml:
    post:
      tags: [Mock]
      summary: Create Mock Session
      description: Generates a test session against the KontoBank mock bank for sandbox testing.
      operationId: createMockSession
      responses:
        '200':
          description: Mock session created
          content:
            application/xml:
              schema:
                $ref: '#/components/schemas/MockSession'
  /ais-catalog:
    get:
      tags: [Catalog]
      summary: List AIS Catalog
      description: Returns the catalog of supported banks for the Account Information Service.
      operationId: getAisCatalog
      responses:
        '200':
          description: Catalog returned
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/AisCatalog'
  /health:
    get:
      tags: [Catalog]
      summary: Health Check
      operationId: getHealth
      security: []
      responses:
        '200':
          description: Service is healthy
components:
  securitySchemes:
    ApiKeyAuth:
      type: apiKey
      in: header
      name: X-Api-Key
      description: API key issued by Kontomatik; requests must originate from a whitelisted server.
  schemas:
    RedirectionSignInRequest:
      type: object
      required: [target, accessMode]
      properties:
        target:
          type: string
          description: Target bank identifier from the AIS catalog.
        accessMode:
          type: string
          enum: [SINGLE, MULTIPLE, MIXED]
        ownerExternalId:
          type: string
          description: Optional client-side owner identifier for aggregation.
        redirectUrl:
          type: string
          format: uri
    RedirectionSignInResponse:
      type: object
      properties:
        sessionId: {type: string}
        sessionIdSignature: {type: string}
        redirectUrl: {type: string, format: uri}
    RedirectionSignInStatus:
      type: object
      properties:
        sessionId: {type: string}
        status:
          type: string
          enum: [PENDING, COMPLETED, FAILED, EXPIRED]
    DefaultImportRequest:
      type: object
      required: [sessionId, sessionIdSignature]
      properties:
        sessionId: {type: string}
        sessionIdSignature: {type: string}
        since: {type: string, format: date}
        ownerExternalId: {type: string}
    ReuseMultipleAccessRequest:
      type: object
      required: [multipleAccessToken]
      properties:
        multipleAccessToken: {type: string}
        since: {type: string, format: date}
    DeleteMultipleAccessRequest:
      type: object
      required: [multipleAccessToken]
      properties:
        multipleAccessToken: {type: string}
    CommandAccepted:
      type: object
      properties:
        id: {type: string}
        status:
          type: string
          enum: [QUEUED, RUNNING]
    CommandResult:
      type: object
      properties:
        id: {type: string}
        status:
          type: string
          enum: [QUEUED, RUNNING, COMPLETED, FAILED]
        target: {type: string}
        owners:
          type: array
          items: {$ref: '#/components/schemas/Owner'}
        accounts:
          type: array
          items: {$ref: '#/components/schemas/Account'}
        multipleAccessToken: {type: string}
    Owner:
      type: object
      properties:
        externalId: {type: string}
        name: {type: string}
        email: {type: string}
        nationalId: {type: string}
    Account:
      type: object
      properties:
        number: {type: string}
        currency: {type: string}
        balance: {type: number, format: double}
        availableBalance: {type: number, format: double}
        transactions:
          type: array
          items: {$ref: '#/components/schemas/Transaction'}
    Transaction:
      type: object
      properties:
        date: {type: string, format: date}
        amount: {type: number, format: double}
        currency: {type: string}
        description: {type: string}
        counterpartyName: {type: string}
        counterpartyAccount: {type: string}
        label: {type: string}
    MockSession:
      type: object
      properties:
        sessionId: {type: string}
        sessionIdSignature: {type: string}
    AisCatalog:
      type: object
      properties:
        targets:
          type: array
          items:
            type: object
            properties:
              id: {type: string}
              country: {type: string, example: PL}
              name: {type: string}
              accessModes:
                type: array
                items: {type: string, enum: [SINGLE, MULTIPLE, MIXED]}