BKS Bank App API integration & PSD2 OpenBanking services

OpenData · OpenFinance · PSD2 XS2A · Berlin Group NextGenPSD2

Connect BKS Bank App accounts, SEPA payments and card data to your stack — under PSD2

BKS Bank AG (package at.bks.mbanking) is the mobile face of MyNet, the bank's online channel for retail and business customers across Austria, Slovenia, Croatia and Slovakia. Beyond classic balances and SEPA transfers, the app aggregates savings, credit-card, custody and currency-exchange data, plus Maestro card controls. That makes it a high-value source for accounting tools, ERP systems, treasury platforms and consent-driven personal-finance apps.

We deliver protocol analysis, OAuth/SCA login flows and OpenBanking-style endpoints that mirror what the BKS Bank App and the BKS Security App already expose to the end user. The result is a documented, source-code-level integration you can run on your own infrastructure or consume from our hosted gateway.

Account & portfolio overview API — Read current accounts, savings accounts, credit cards and securities custody balances; reconcile against ledger entries in your back office.

SEPA transfer & standing orders API — Initiate single SEPA transfers, manage standing orders, replay payments from the order archive, and read confirmations for treasury reporting.

Statement export API — Pull paged transaction history for any IBAN, with date filters, MT940 / camt.053 / JSON output, and Excel-friendly column mapping.

Maestro card & GeoControl API — Read and update POS / ATM limits and toggle GeoControl for cross-border cash withdrawals inside the EU.

Data available for integration

The following inventory maps each screen of the BKS Bank App to the data set that can be exported through PSD2 XS2A endpoints (AISP/PISP) or, with explicit user consent, through private mobile endpoints recovered during protocol analysis. We follow Berlin Group NextGenPSD2 message shapes wherever the bank publishes them; for fields that are app-only (e.g. GeoControl flag) we expose a parallel JSON model.

Data type	Source screen / feature	Granularity	Typical use
Account overview	Finanzen / accounts dashboard	IBAN, balance, currency, product type	Cashflow dashboards, balance reconciliation
SEPA transactions	Order status / Umsatzliste	Per-transaction with booking date, value date, counter-IBAN, end-to-end ID	Bookkeeping import, audit, anti-fraud monitoring
Standing orders	Daueraufträge archive	Frequency, next execution, amount, beneficiary	Subscription reconciliation, treasury forecasting
Custody portfolio	Securities ordering (added May 2024)	ISIN, quantity, market value, P/L	Wealth-management dashboards, MiFID reports
Credit card data	Card overview & limits	Outstanding balance, due date, transaction list	Expense management, corporate-card analytics
Maestro card controls	Card management screen	POS limit, ATM limit, GeoControl flag	Travel-mode automation, fraud risk control
FX rates & country info	Currency converter, country info	Daily rates, card acceptance metadata	Travel apps, multi-currency invoicing
Branch & ATM directory	Branches & ATMs finder	Geo coordinates, opening hours, services	Maps integrations, store-locator widgets

What we deliver

Deliverables checklist

OpenAPI / Swagger specification aligned with Berlin Group NextGenPSD2 v1.3
Protocol and SCA flow report (BKS Security App pairing, SecurityCard release)
Runnable Python and Node.js source for login, balance and statement endpoints
MT940 / camt.053 export adapter and Excel-ready CSV converter
Automated test harness with sandbox or replayed responses
Compliance binder (PSD2 + GDPR consent records, data-minimization notes)

Engagement models

Source-code delivery from $300 — runnable code, tests and docs handed to your team; pay after delivery upon satisfaction.
Pay-per-call API — call our hosted gateway and pay only per successful request; no upfront fee.
NDA & private deployment — for banks, accounting vendors and large enterprises that need on-prem deployment.
Maintenance retainer — covers certificate rotations (BKS issued a new certificate in May 2025) and BerlinGroup spec upgrades.

Typical integration scenarios

The five scenarios below reflect real requests we receive from accounting vendors, fintechs, treasury teams and corporate customers operating across BKS Bank's footprint in Austria, Slovenia, Croatia and Slovakia.

1. Accounting & ERP statement sync

Context: an Austrian SME on a SaaS bookkeeping product wants daily statements imported automatically. Data: GET /accounts/{id}/transactions from PSD2 XS2A returns booked SEPA items with end-to-end ID and structured remittance. Mapping: Berlin Group bookingDate → ERP posting date, creditorId → vendor master.

2. Multi-bank treasury dashboard

Context: a finance team consolidates BKS Bank, Erste George and Bank Austria positions into a single cash dashboard. Data: balances and limits via AISP scope; intraday refresh every 4 hours respecting PSD2 polling caps. OpenFinance: BKS data joins Erste Open Banking output through a normalized account model.

3. SEPA payment initiation in a procurement portal

Context: a procurement tool releases supplier payments as a batch of SEPA transfers. Data: POST /payments/sepa-credit-transfers with SCA redirect to the BKS Security App; status polled until ACSC. OpenFinance: payment confirmation webhook feeds the procurement audit trail.

4. Travel-mode card automation

Context: a corporate-travel app temporarily raises Maestro POS / ATM limits and toggles GeoControl when staff fly inside the EU. Data: card management endpoint returns and updates the geoControlEnabled flag; changes propagate within seconds, mirroring the in-app behaviour described in the BKS Bank App.

5. Compliance & AML feed

Context: a regulated fintech needs a near-real-time feed of transactions for transaction monitoring. Data: webhook on new postings + paginated reconciliation pull every hour, signed with HMAC and stored per FMA recordkeeping rules. OpenFinance: the same pipeline can fan out to multiple AML engines.

Technical implementation

Our implementations follow the Berlin Group NextGenPSD2 XS2A framework, which BKS Bank exposes through the Banksoft PSD2 API stack — a stack independently rated highly by the European Banking Authority and Austria's Finanzmarktaufsicht (FMA). Below are three representative request/response shapes from the integration. They are illustrative; field names match the published BerlinGroup OpenAPI v1.3 unless noted.

Consent & SCA login

POST /v1/consents
Content-Type: application/json
PSU-IP-Address: 203.0.113.10
TPP-Redirect-URI: https://app.example.com/cb

{
  "access": {
    "balances": [{"iban": "AT00 1700 ..."}],
    "transactions": [{"iban": "AT00 1700 ..."}]
  },
  "recurringIndicator": true,
  "validUntil": "2026-08-09",
  "frequencyPerDay": 4
}

// 201 Created
{
  "consentId": "f4c8...",
  "consentStatus": "received",
  "_links": { "scaRedirect": { "href": "https://psd2.bks.at/sca/..." } }
}

Statement export

GET /v1/accounts/{accountId}/transactions
  ?dateFrom=2026-04-01
  &dateTo=2026-04-30
  &bookingStatus=booked
Authorization: Bearer <ACCESS_TOKEN>
Consent-ID: f4c8...

// 200 OK (truncated)
{
  "transactions": {
    "booked": [{
      "transactionId": "BKS-20260415-0007",
      "bookingDate": "2026-04-15",
      "valueDate": "2026-04-15",
      "transactionAmount": {"amount": "-249.90","currency":"EUR"},
      "creditorName": "ACME GmbH",
      "creditorAccount": {"iban": "AT00 1100 ..."},
      "remittanceInformationUnstructured": "INV-2026-0041"
    }]
  }
}

SEPA payment initiation + webhook

POST /v1/payments/sepa-credit-transfers
{
  "debtorAccount": {"iban": "AT00 1700 ..."},
  "instructedAmount": {"amount": "150.00","currency":"EUR"},
  "creditorAccount": {"iban": "AT00 1100 ..."},
  "creditorName": "Lieferant GmbH",
  "remittanceInformationUnstructured": "Order 7821"
}
// 201 → status: RCVD → ACSP → ACSC

// Webhook (our gateway → your endpoint)
POST https://erp.example.com/hooks/bks
X-Signature: sha256=...
{ "paymentId":"...","status":"ACSC","executedAt":"2026-04-15T08:12:00Z" }

Data flow / architecture

A typical pipeline reads: BKS Bank App / MyNet (client) → PSD2 XS2A or hardened private endpoint (ingestion) → our normalization layer (AT/SI/HR/SK currency & locale) → encrypted storage with per-tenant keys → outbound REST API or webhook to your stack. Logs are kept in EU regions only; consent and SCA artefacts are stored separately from financial data with shorter retention.

Compliance & privacy

Regulations we align with

Integrations align with PSD2 (Directive (EU) 2015/2366), the EBA Regulatory Technical Standards on strong customer authentication, the Berlin Group NextGenPSD2 XS2A framework, GDPR, and Austrian FMA supervisory guidance. For Slovenia, Croatia and Slovakia we mirror the locally transposed rules under HNB, NBS and Banka Slovenije.

What this means in practice

Strong customer authentication via the BKS Security App or SecurityCard release
Consent recorded, scoped and revocable per IBAN and per data type
Data minimisation: we do not pull fields the use case does not require
EU-region storage; access logs kept for the regulatory minimum
No bypass of SCA, no credential harvesting, no scraping of the security pattern

Market positioning & user profile

BKS Bank is an Alpine-Adriatic regional bank headquartered in Klagenfurt, Austria, serving retail customers, SMEs, corporate clients and private banking households across four countries. The BKS Bank App targets both MyNet account holders (retail and business) and non-customers who use the service features such as the FX converter and branch finder. Primary user segments are German-speaking retail clients in Carinthia, Styria and Vienna, plus cross-border SMEs in the Alpine-Adriatic region. Platform focus is Android 8.0+ and recent iOS, with regular incremental releases — including securities ordering (May 2024), an FX online-shop for currency delivery (March 2024), a financial planner (December 2023), an in-app customer chat, and a refreshed app certificate in May 2025.

Screenshots

Click any thumbnail to see a larger view of the BKS Bank App interface. These are the screens our protocol analysis maps to the API endpoints described above.

Similar apps & integration landscape

Many teams that build with BKS Bank also work with other Austrian and pan-European banking apps. The list below frames the broader ecosystem; each app is a separate consent and integration project, and our normalization layer can join them under one account model.

Erste Bank George

Flagship Austrian banking app from Erste Bank und Sparkassen, with PFM widgets and PSD2 XS2A endpoints via Erste Open Banking. Teams unifying BKS and Erste data typically need shared transaction and account schemas.

Bank Austria MobileBanking

UniCredit Bank Austria's app, offering Face/Touch ID, QR code transfers and a published developer portal. Useful counterpart for treasury and corporate-cash dashboards alongside BKS data.

Raiffeisen ELBA

Raiffeisen's long-running Austrian banking platform, widely used by SMEs. Integration patterns mirror the BerlinGroup XS2A standards used by BKS Bank.

BAWAG Banking App

BAWAG P.S.K.'s mobile app, part of the Austrian top-tier digital banking landscape. Often paired with BKS data when consolidating salary and operational accounts.

easybank App

Direct-bank arm of BAWAG, popular with retail users. Works in the same regulatory frame as BKS, so consent UX and SCA flows are highly comparable.

N26

Pan-European neobank with around seven million customers across the EU and a strong Austrian user base. Common cross-app scenario: unified personal-finance views joining N26 spending and BKS savings.

Revolut

Multi-currency app with cards, investments and rewards. Frequently pulled in alongside BKS Bank for travel-mode and FX dashboards across Austrian users.

bunq

Dutch mobile bank with quick onboarding and savings sub-accounts (money pots). Joining bunq data with BKS gives a complete view of household and business accounts.

BKS Wallet

Companion app from BKS Bank's payment partner (PSA Payment Services Austria), focused on tokenised card payments. Complements the BKS Bank App in card-control and digital-wallet flows.

BKS Security App

Sister app used for SCA on BKS Bank App and MyNet. Any BKS integration must respect the Security App's challenge/response so that authorization remains compliant under PSD2.

About us

OpenFinance Lab is an independent studio focused on protocol analysis, OpenData and OpenFinance integration. Our team has shipped XS2A connectors, mobile-app reverse engineering reports and PSD2 sandboxes for banks, accounting platforms and fintech aggregators across the EU and beyond.

Practitioners with backgrounds in retail banking, AML, and payments engineering
Hands-on with Berlin Group NextGenPSD2, MT940/camt.053 and ISO 20022
Custom Python / Node.js / Go SDKs and CI-friendly test harnesses
Full pipeline: protocol analysis → build → validation → compliance review
Source-code delivery from $300 — runnable code and full documentation; pay after delivery upon satisfaction
Pay-per-call API billing — access our hosted endpoint and pay only per request

Contact

To request a quote, share an NDA, or submit a sandbox onboarding request for BKS Bank App integration, please reach us through our contact page.

Contact page

Engagement workflow

Scope confirmation: list the BKS Bank App screens and data types you need (e.g. statements, SEPA initiation, card limits).
Protocol analysis and API design (2–5 business days), aligning to BerlinGroup NextGenPSD2 v1.3 where applicable.
Build and internal validation (3–8 business days), including SCA simulation and recorded sandbox traffic.
Documentation, sample clients and test cases (1–2 business days).
Typical first delivery: 5–15 business days; sandbox onboarding or extra Maestro card flows can extend the timeline.

FAQ

Which BKS Bank App data can be exposed via API?

Account overviews, savings accounts, credit-card and custody portfolios, SEPA transaction history, standing orders, Maestro card limits and GeoControl status. We map these to PSD2 XS2A endpoints (AISP/PISP) and to private app endpoints when authorized by the account holder.

How long does delivery take?

A first source-code drop covering login, balances and statement export is typically delivered in 5 to 12 business days. SCA flows that require BKS Security App pairing or sandbox onboarding can extend the timeline.

How do you handle PSD2 and GDPR compliance?

We work under the Berlin Group NextGenPSD2 specification and Austrian FMA guidance. Every consent is recorded, scopes are minimized, audit logs are retained, and data residency follows EU rules under GDPR. Customers can opt for a TPP-style flow or a documented private-API flow with explicit user consent.

📱 Original app overview (appendix)

With the BKS Bank App you can monitor your accounts 24/7, anywhere. The app gives MyNet customers full access to internet-banking functions and offers practical service tools for non-customers as well.

Finances: Overview of accounts, savings, credit cards and custody accounts with detailed sales information.
Transfers: Execute SEPA transfers; QR code and IBAN reader avoid manual entry.
Internal transfer: Move money between your own accounts quickly.
Order status: Archive of all SEPA transfers including a repeat function.
Card management: Increase or decrease the POS / cash-withdrawal limit on the Maestro card; deactivate GeoControl when travelling within the EU.
Service features: latest news, branch & ATM finder with opening hours, currency converter, country info, lost-card contacts, and Help & Feedback (FAQ + customer chat).
Maximum security: Login with internet-banking user number and PIN; transfers released via SecurityCard or BKS Security App; a personal security pattern protects in-app sessions.
Requirements: Smartphone or tablet running Android 8.0 or higher (and recent iOS).

Recent updates have added securities ordering (May 2024), a foreign-currency online-shop (March 2024), a financial planner (December 2023), an in-app customer chat under Contact & Feedback, and a refreshed certificate in May 2025.