Alatau City Bank Business API & OpenBanking integration

OpenData · OpenFinance · OpenBanking · Kazakhstan SME

Connect Alatau City Bank Business accounts, payments and TOLE QR settlement to your stack — under documented authorization

Alatau City Bank Business (formerly First Heartland Jusan Bank, renamed on 16 June 2025) is the SME mobile bank from Alatau City Bank, serving roughly 2.5 million clients across 42 cities of Kazakhstan. We deliver protocol analysis, API design and runnable source for its account, payment, statement and TOLE QR flows, framed in OpenBanking patterns aligned to the NPCK Open API roadmap.

Multi-currency account APIs — Open and read accounts in KZT, USD, EUR, RUB and KGS; expose balance, IBAN, currency and status to ERP and accounting systems.

Payment authorization APIs — Mirror the in-app SMS-code authorization flow used to sign and release payments, with idempotent request IDs and status callbacks.

Statement & reconciliation APIs — Paged transaction exports, account statements and certificates, output as JSON, Excel or PDF for finance teams and auditors.

TOLE QR merchant integration — Generate dynamic QR invoices, capture instant settlement events, and feed customer bonus / installment data into loyalty systems.

Data available for integration

The following inventory is derived from the published feature set of the Alatau City Bank Business app (package kz.jysan.business, latest version 3.11.0, December 2025) and from the bank's documented business API page. Each row maps a data type to the in-app screen that produces it, the granularity exposed under customer authorization, and the typical downstream use.

Data type	Source feature	Granularity	Typical use
Account ledger	Online account opening (KZT/USD/EUR/RUB/KGS)	Per-account balance, IBAN, currency, opening date	Treasury dashboards, multi-currency reconciliation
Transactions	Payments, P2P transfers, push notifications	Per-transaction amount, counterparty, MCC, status, currency	Accounting sync, AML monitoring, cash-flow analytics
Payment authorizations	SMS-code sign & release flow	Authorization ID, signer, timestamp, hash	Audit trail, four-eyes ERP approvals
Invoice scan	Scan-to-pay invoice capture	Vendor, invoice number, due amount, IBAN target	Accounts payable automation
Statements & certificates	Generated statements / certificates	Date-ranged, per-account, signed PDF/JSON	Tax filings, loan applications, audit packs
FX conversions	In-app currency conversion	Pair, rate, amount, fee, settlement time	FX reporting, hedge accounting
TOLE QR settlements	TOLE merchant acquiring	Order ID, terminal ID, gross/net, fee, payout time	POS reconciliation, loyalty & installment tracking
Tariff plan	Selected tariff & fee schedule	Plan code, included volume, overage	Cost allocation, finance forecasting

Typical integration scenarios

1. Daily statement sync into 1C / SAP

Context: Kazakhstan SMEs running 1C:Бухгалтерия or local SAP rollouts need every morning's bank movements posted into the GL. Data: /statements?from=…&to=… returning per-account JSON lines with currency, counterparty IBAN, narrative and document number. OpenData mapping: end-of-day account information service (AIS) pattern from the NPCK Open Banking System pilot, feeding the booking currency directly into the ERP.

2. Approval workflow for SME payments

Context: a CFO and accountant must both sign a vendor payout. Data: payment-initiation request, dual-signatory authorization tokens, SMS confirmation hash, and settlement webhook. OpenData mapping: a payment-initiation service (PIS) flow that reuses the in-app SMS-code authorization, exposed as POST /payments + POST /payments/{id}/sign with status callbacks.

3. TOLE QR reconciliation for retail chains

Context: cafés and delivery operators using Alatau City Bank TOLE need per-shift POS totals tied back to bank settlement. Data: QR order ID, terminal, gross, fee, settlement timestamp, and customer bonus / installment flags. OpenData mapping: a merchant-acquirer feed exposed over GET /tole/settlements, joined to the storefront's order ledger for shrinkage and loyalty analytics.

4. Multi-currency cash position for trading firms

Context: an importer in Almaty operating KZT, USD, EUR and RUB accounts wants intraday net positions. Data: balances and pending transfers across all five supported currencies, plus FX rate snapshots. OpenData mapping: aggregated AIS endpoint GET /accounts with currency facets, refreshed via signed webhook on every booking.

5. Compliance & audit pack generator

Context: a quarterly external audit requires statements, certificates and counterparty books for several legal entities. Data: signed PDF statements per account, payment authorization audit trail, and tariff plan history. OpenData mapping: a regulator-ready evidence bundle, packaged as a single ZIP through POST /audit-bundle for the auditor's secure portal.

Technical implementation

Auth handshake (OAuth 2.0 + SMS step-up)

// Step 1 — token exchange under customer authorization
POST /api/v1/alatau-business/oauth/token
Content-Type: application/x-www-form-urlencoded

grant_type=authorization_code
&code=<CONSENT_CODE>
&client_id=<PARTNER_ID>
&client_secret=<PARTNER_SECRET>
&redirect_uri=https://partner.example/cb

// 200 OK
{
  "access_token": "eyJhbGciOi…",
  "refresh_token": "rt_…",
  "expires_in": 1800,
  "scope": "accounts statements payments tole"
}

Statement query (paged, multi-currency)

POST /api/v1/alatau-business/statement
Authorization: Bearer <ACCESS_TOKEN>
Content-Type: application/json

{
  "account_iban": "KZ86JSAN…",
  "currency": "KZT",
  "from_date": "2026-04-01",
  "to_date":   "2026-04-30",
  "cursor":    null,
  "page_size": 200
}

// Response (truncated)
{
  "items": [
    {"id":"tx_91…","booked_at":"2026-04-02T09:14:00+05:00",
     "amount":"-184500.00","currency":"KZT",
     "counterparty":{"name":"TOO Astana Logistics","iban":"KZ58HSBK…"},
     "narrative":"Invoice 2026/041","status":"BOOKED"}
  ],
  "next_cursor": "c_4f9a…"
}

TOLE QR settlement webhook

POST https://partner.example/hooks/tole
X-OFL-Signature: sha256=… (HMAC over raw body)
Content-Type: application/json

{
  "event": "tole.settlement.posted",
  "merchant_id": "ACB-7741",
  "terminal_id": "TOLE-2210-A",
  "order_id": "QR-2026-05-03-000812",
  "gross": "12990.00",
  "fee":   "129.90",
  "net":   "12860.10",
  "currency": "KZT",
  "settled_at": "2026-05-03T11:02:14+05:00",
  "loyalty": {"bonus_kzt":"259.80","installment":false}
}

// Recommended handler: verify HMAC, ack 2xx within 5s,
// then enqueue for downstream POS reconciliation.

Compliance & privacy

Regulatory alignment

Integrations are built under documented customer authorization and the Concept for the Development of Open API and Open Banking 2023–2025 approved by the National Bank of the Republic of Kazakhstan, jointly with the Agency for Regulation and Development of the Financial Market. Where applicable we follow the NPCK Open Banking System patterns piloted with second-tier banks (Bank RBK, Altyn Bank, Home Credit Bank, Bank CenterCredit, Otbasy Bank) for current-account information exchange.

Data protection & controls

Personal financial data is handled under the Republic of Kazakhstan Law on Personal Data and its Protection. Concrete controls we ship: short-lived access tokens, scope-bound consent records, immutable consent and access logs, encrypted credential vaults, IP allow-listing on partner gateways, and data-minimization on statement and TOLE feeds (we expose only the fields the use case actually needs).

Data flow & architecture

A typical pipeline is intentionally short: Alatau City Bank Business (Android/iOS or web) → Authorized capture / OAuth bridge → Normalization & storage (Postgres + object store for PDFs) → Partner API + webhooks. Push events from the bank trigger near-real-time cache invalidation, while a scheduled job runs nightly statement reconciliation for accounts that lack push. The same architecture serves both source-code delivery and pay-per-call hosted endpoints.

Market positioning & user profile

The user base is Kazakhstan-focused B2B: small and medium businesses, individual entrepreneurs (ИП / ТОО) and chain merchants using TOLE acquiring. Primary regions are Almaty, Astana and 40+ regional cities, with the bank reporting roughly 2.5 million clients across its digital ecosystem. Cross-border activity skews to Russia, Kyrgyzstan and the EU, mirroring the supported currencies (KZT / USD / EUR / RUB / KGS). Both Android and iOS are first-class; the app's December 2025 release (v3.11.0) shows active monthly iteration, consistent with the bank's June 2025 rebrand from First Heartland Jusan Bank.

What we deliver

Deliverables checklist

OpenAPI / Swagger specification per module (accounts, statements, payments, TOLE)
Protocol & auth flow report covering OAuth, SMS step-up and request signing
Runnable reference implementation in Python (FastAPI) and Node.js (NestJS)
Postman collection, contract tests and a Dockerized sandbox
Compliance pack: consent template, retention policy, audit-log schema

Engagement workflow

Scope confirmation: which modules (e.g. statement only, or full PIS + TOLE)
Protocol analysis & API design (2–5 business days)
Build & internal validation against test accounts (3–8 business days)
Docs, samples and contract tests (1–2 business days)
Hand-off + 30-day support window for hot-fixes

Screenshots

App screens we reviewed during protocol mapping. Click any thumbnail to enlarge.

Similar apps & integration landscape

Teams evaluating Alatau City Bank Business often need consolidated data across the wider Kazakhstan banking ecosystem. The apps below appear in the same category in the Google Play "Finance — Kazakhstan" charts and in independent reviews of digital banks in Kazakhstan, and we frame them here only as part of the broader integration landscape — not in a competitive ranking.

Halyk Bank Business — The SME side of the Halyk Super-App. Holds corporate account ledgers, payroll runs and acquiring data; users with both Halyk and Alatau City Bank Business often need a unified statement export.
Kaspi Pay (Kaspi Business) — Merchant-side companion of Kaspi.kz, focused on QR acceptance and SME loans. Integration consumers usually pair Kaspi Pay settlement with Alatau TOLE for combined POS reconciliation.
Jusan Bank / Jusan Tole — The legacy Jusan stack that fed into the 2025 Alatau City Bank rebrand; its API surface still appears in older partner integrations and is frequently mapped onto the new endpoints.
ForteBank Business — SME app covering credit products and basic transaction management; often joined to Alatau City Bank Business statements for working-capital dashboards.
Bank CenterCredit (BCC Business) — Participates in the NPCK Open Banking pilot, so partners targeting both BCC and Alatau City Bank Business benefit from a shared AIS contract shape.
Bank RBK Business — Another pilot participant; useful when a treasury team consolidates current-account information across both banks.
Altyn Bank Business — Holds corporate FX and trade-finance flows, complementing Alatau City Bank Business's KZT/USD/EUR/RUB/KGS lineup.
Home Credit Bank KZ — Mostly retail credit data; surfaces in dual-purpose ERP work where merchants need both consumer credit installments and TOLE QR settlements.
Otbasy Bank — Housing / state savings flows; relevant for partners building unified "all my accounts" dashboards.
ForteBank Business / Eurasian Bank Business — Common alternates in the SME segment, frequently integrated alongside Alatau City Bank Business for redundancy.

About OpenFinance Lab

We are an independent technical studio focused on App interface integration, OpenData and OpenFinance. The team includes engineers with experience in payment gateways, SME ERP rollouts and protocol analysis across Central Asia and beyond. We follow Kazakhstan Open API guidance, EU OpenBanking patterns and EAEU privacy practice, and we ship end-to-end financial APIs under security and compliance constraints.

SME banking, acquiring, payroll, and cross-border clearing
Enterprise API gateways and security reviews
Custom Python / Node.js / Go SDKs and test harnesses
Source code delivery from $300 — runnable API source plus full documentation; pay after delivery upon satisfaction
Pay-per-call API billing — access our hosted API and pay only per call, no upfront cost

Contact

For quotes or to submit your target app and requirements, open our contact page:

Contact page

FAQ

What do you need from me to start an Alatau City Bank Business integration?

The target app name (provided as kz.jysan.business), concrete needs (e.g. statement export, payment authorization, TOLE QR settlement, multi-currency balance sync), and any sandbox or test credentials your finance team can issue under customer authorization.

How long does delivery take for an Alatau City Bank Business API drop?

Typically 5–12 business days for the first API drop covering login, statement and payment confirmation; deeper modules such as bulk payroll, TOLE merchant settlement or webhook ingestion may take 2–3 weeks.

How do you handle compliance with Kazakhstan Open Banking and data privacy?

We work under documented customer authorization and the Concept for the Development of Open API and Open Banking 2023–2025 approved by the National Bank of the Republic of Kazakhstan, with consent records, data minimization, and audit logs aligned to the NPCK Open Banking System.

Can the integration cover multi-currency accounts in KZT, USD, EUR, RUB and KGS?

Yes. Account opening, balance and statement endpoints expose currency-tagged ledgers in KZT, USD, EUR, RUB and KGS, plus FX conversion records, so accounting and ERP systems can reconcile on the booking currency.

📱 Original app overview (appendix)

Alatau City Bank Business is the SME mobile bank from Alatau City Bank — formerly First Heartland Jusan Bank, which completed its state re-registration as Alatau City Bank on 16 June 2025. The bank operates in 42 cities of Kazakhstan and reports roughly 2.5 million digital-ecosystem clients. The Business app (Android package kz.jysan.business, iOS App ID 1536089771) reached version 3.11.0 in December 2025.

Accounts, payments, transfers — open accounts online in KZT, USD, EUR, RUB and KGS; create and authorize payments via SMS code; scan invoices and pay partners; make P2P transfers; generate account statements and certificates; receive push notifications for completed transactions.
Favorable tariffs — choose a tariff that suits the business's volume to save on payment and transfer fees.
Alatau City Bank TOLE — sell and accept payments via QR code with minimal fees and instant settlement; offer customers bonuses, installment plans and loans.
Ecosystem — sits alongside the consumer Alatau City Bank app and the Alatau City Bank Tole merchant companion app, all sharing one underlying core banking platform.