BSGo API integration & OpenBanking PolishAPI services

OpenData · OpenFinance · PolishAPI · BLIK · BSGo Junior

Wire BSGo cooperative-bank accounts, BLIK and deposits into your stack — without breaking PSD2

BSGo is the shared mobile front-end built by Asseco Poland for the country's cooperative-bank network (banki spółdzielcze) and used by individual, business and Junior (13+) clients. Our team turns its public flows — together with each underlying bank's PolishAPI surface — into a clean integration: account login, balance and statement queries, PLN and FX transfers, BLIK initiation, deposit lifecycle, and MojeID identity confirmation. We deliver runnable Python and Node.js source plus an OpenAPI specification that an internal team can extend.

Login and SCA bridge — Map BSGo's mobile authorization (PIN, fingerprint biometrics, push approval) onto an OAuth-style token your back-end can refresh. Useful for ERP connectors and finance dashboards that need persistent, consent-bound sessions.

Statement and balance APIs — Pull current and historical transaction data with date-range and IBAN filters, paginated and ready to emit JSON, Excel or PDF. Covers PLN, FX, deposits and BLIK lines so reconciliation does not need to merge feeds manually.

Payment initiation (PLN, FX, BLIK) — Trigger transfers to own and external accounts, including same-day FX and BLIK to a phone number, all via the PSD2 PIS path where supported by the cooperative bank.

Junior parent panel hooks — Surface the BSGo Junior allowance schedule, piggy-bank top-ups and instant push/SMS transfer requests so kid-banking events feed family-finance products and edtech partners.

Feature modules we package

1. Authentication & multi-context login

Mirror BSGo's authorization chain — PIN entry, biometric unlock, and push-notification approval — and switch between the personal and business profile that BSGo exposes inside one logical session. Output is an opaque bearer token plus a refresh routine that respects 90-day SCA re-authentication windows under PSD2.

2. Balance preview & pre-login widget

BSGo lets users glance at a balance before logging in, expressed either as an amount or as a percentage of the limit. We expose the same primitive as a webhook so an in-house treasury board can show the same number alongside other accounts without forcing a full login.

3. Transactions, statements, and FX history

Statement queries with paging, date filters and currency split. Transactions are emitted with counterparty IBAN, narrative, BLIK reference where applicable, and a normalised transaction type ("BLIK_P2P", "SEPA_OUT", "INTERNAL_TRF", "DEPOSIT_INT"). Output writers cover JSON, Excel (XLSX), CSV and PDF.

4. PLN, FX and BLIK payment initiation

Submit ELIXIR, Express Elixir, SORBNET and SEPA transfers; initiate BLIK transactions to phone numbers and merchants; cancel pending instructions. We handle SCA delegation back to the BSGo app or to fall-back SMS where the bank still supports it.

5. Deposit lifecycle & product catalogue

Open, top up, partially withdraw, close — plus a read-only product catalogue with current rate, term and capitalisation rules. This is the same flow BSGo offers in-app and is essential for personal-finance aggregators that want to recommend a higher-rate cooperative-bank deposit.

6. Junior & Kids events

Stream BSGo Junior events — allowance run, request-to-parent, piggy-bank goal hit — to a partner system. Asseco confirmed in 2024 that the BSGo Kids app automatically transitions to Junior when the child turns 13 and to the adult version at 18, so the integration stays valid as the user ages.

Data available for integration

The table below catalogues the structured records that surface in BSGo and that an authorised partner can pull through PolishAPI plus documented mobile flows. Each row is named explicitly to keep scope conversations grounded.

Data type	Source screen / feature	Granularity	Typical use
Account list & balances	Home screen, pre-login glance widget	Per-account, current and available balance, PLN + FX	Treasury dashboards, multi-bank consolidation
Transaction history	"History" tab, statement export	Per-transaction with IBAN, narrative, currency, BLIK ref	Reconciliation, expense categorisation, audit
BLIK events	BLIK code, P2P-by-phone, BLIK at merchant	Per-event with merchant ID, amount, status	Real-time merchant settlement, fraud scoring
Outgoing transfer instructions	"New transfer", FX transfer, defined recipients	Per-instruction with type (ELIXIR / SEPA / SORBNET)	Accounts-payable automation, ERP postings
Deposit positions	"Deposits" module	Per-deposit: principal, rate, term, capitalisation date	Yield analytics, treasury rollover planning
Credit history	"Credits" tab	Outstanding balance, schedule, next instalment	Loan-book analytics, debt-to-income models
Junior parent-panel data	BSGo Junior app, Parent Panel	Allowance schedule, piggy-bank goals, request-to-parent	Family-finance and edtech integrations
MojeID identity events	MojeID confirmation flow	Per-confirmation, claim set, signed assertion	e-government, KYC re-use, public services
Notification stream	Account-event push / SMS	Per-event: login, transaction, limit change	Anti-fraud monitoring, ops alerting

Typical integration scenarios

Scenario A — Polish SME accounts payable

A small business runs Comarch ERP and pays suppliers from a cooperative-bank account through BSGo. Our connector picks up new ELIXIR-Out and SEPA-Out instructions every 15 minutes, matches them to ERP invoices by counterparty IBAN and reference, and writes back the cleared status. Mapping uses the PolishAPI /v3.0/accounts/{accountId}/transactions endpoint where the bank exposes it, with the BSGo statement export as a fall-back.

Scenario B — Multi-bank personal-finance dashboard

A PFM aggregator needs to pull balances and last-30-days transactions from BSGo plus other Polish banks (IKO, mBank, ING, Pekao). We deliver a single normalised feed: each transaction carries institution_id="bsgo", currency, and a category resolved from BSGo's own narrative plus the user's local rules.

Scenario C — BLIK merchant reconciliation

An e-commerce platform that already accepts BLIK at checkout wants to confirm settlement against the merchant's BSGo account. Our integration consumes BLIK acceptance events, joins them to the next-day statement entry, and emits a webhook on mismatch. This shortens the typical day-end reconciliation cycle and reduces unmatched-payment tickets.

Scenario D — Family finance with BSGo Junior

An edtech / family-finance partner subscribes to BSGo Junior parent-panel events. When a child sends a request-to-parent for an extra 50 PLN, the parent receives the push and approves; the partner records the lesson outcome ("user practiced budgeting"), then mirrors a small chart back into the Junior UI through the partner's own surface.

Scenario E — Cross-border treasury for a Polish exporter

A mid-cap exporter holds PLN in BSGo and EUR in another EU bank. Our service pulls both feeds, builds a unified cash-position table by currency and value-date, initiates an FX transfer through BSGo when the EUR buffer drops below a threshold, and emits a SWIFT MT940-shaped statement for the group treasury.

Technical implementation

Statement query (REST)

POST /api/v1/bsgo/statement
Content-Type: application/json
Authorization: Bearer <ACCESS_TOKEN>
X-Consent-Id: a8c9-…-2f31

{
  "iban": "PL61109010140000071219812874",
  "from_date": "2026-04-01",
  "to_date":   "2026-04-30",
  "currency":  "PLN",
  "include":   ["BLIK_P2P","SEPA_OUT","DEPOSIT_INT"],
  "page":      1,
  "page_size": 200
}

Response 200:
{
  "items": [
    { "id":"tx_…", "ts":"2026-04-12T10:14:08Z",
      "amount":-120.00, "currency":"PLN",
      "type":"BLIK_P2P", "counterparty_phone":"+48…",
      "narrative":"Lunch — split" }
  ],
  "next_page": 2
}

BLIK payment initiation (PSD2 PIS)

POST /api/v1/bsgo/blik/initiate
Content-Type: application/json
Authorization: Bearer <ACCESS_TOKEN>
PSU-IP-Address: 203.0.113.21
TPP-Redirect-URI: https://partner.example/cb

{
  "debtor_iban": "PL61109010140000071219812874",
  "amount":      49.90,
  "currency":    "PLN",
  "creditor": {
    "blik_phone": "+48501234567",
    "narrative":  "Birthday gift"
  }
}

Response 201:
{
  "payment_id": "pay_…",
  "status": "PENDING_SCA",
  "sca_link": "bsgo://approve?ref=…"
}

Webhook: Junior allowance run

POST {partner_callback}
X-OFL-Signature: sha256=…

{
  "event":  "junior.allowance.scheduled",
  "child":  { "id":"chld_…", "age":14 },
  "parent": { "id":"prnt_…" },
  "amount": 30.00,
  "currency":"PLN",
  "next_run":"2026-05-15"
}

Signed with HMAC-SHA256; replay window is 5 minutes; retries with exponential back-off up to 24 hours.

Data flow / architecture

The shape stays deliberately small so it can be reasoned about end-to-end:

BSGo client / cooperative-bank PSD2 surface — the regulated origin. PolishAPI endpoints emit AIS data; mobile flows fill the gaps for Junior and MojeID.
Ingestion gateway — eIDAS-signed calls, consent caching, rate-limit handling, and a retry budget per bank.
Normalisation layer — schema mapping, currency normalisation, BLIK reference parsing, transaction-type enrichment.
Storage and outbound API — append-only event log + a query API and webhooks the partner consumes; exports to JSON, Excel and PDF live here.

Compliance & privacy

Polish and EU regulation

Every BSGo integration is shaped by three regulatory anchors. PSD2 (Directive 2015/2366), implemented in Poland via the Payment Services Act, governs AIS / PIS access and SCA. The PolishAPI standard, maintained by the Polish Bank Association and operated through KIR's PSD2 hub, is the technical interface used by cooperative banks. GDPR (Regulation 2016/679) governs personal-data handling; the Polish Financial Supervision Authority (KNF) oversees licensing of TPPs.

For background reading we recommend the PSD2 Wikipedia entry, which is kept current on regulatory amendments and PSD3 progress.

How we operate

Access only with explicit, revocable customer consent — recorded with timestamp, scope and purpose.
eIDAS QWAC and QSEAL certificates for PolishAPI calls; mTLS everywhere else.
Data minimisation under GDPR Article 5 — we read only the fields a scenario needs.
Hashed audit log retained 12 months by default, longer when the bank's policy requires.
NDAs and data-processing agreements (DPA) when the partner is a controller and we are a processor.

Market positioning & user profile

BSGo is the unified mobile front-end for Polish cooperative banks (banki spółdzielcze) — historically the rural and SME-leaning segment of the country's banking system. Users tend to fall into three clusters: individual customers in regional and rural Poland, family-owned SMEs and farms that need a switch between personal and business profiles inside one app, and — since the BSGo Junior launch — children aged 13+ supervised through a parent panel. Asseco confirmed in 2024 that 20 cooperative banks had committed to BSGo Junior and 7 had already gone live, with Skierniewice, Brodnica and Barlinek among the first. The app runs on Android and iOS and is co-branded by each cooperative bank, so a partner integrating with "BSGo" is in practice integrating with hundreds of small banks that share the same Asseco core.

Screenshots

Click any thumbnail to view it full-size.

Similar apps & integration landscape

Polish mobile banking is a dense market; the apps below frequently appear next to BSGo in a partner's "list of accounts to support". Each entry is part of the same OpenBanking ecosystem and is named here to help you find the right surface for your project.

IKO (PKO Bank Polski) — Top-ranked Polish finance app and a primary BLIK origin. Customers who use IKO alongside BSGo often need a unified statement export covering both rails.

mBank PL — Digital-first retail bank with a long-running mobile app. Comes up whenever a partner wants a single PFM view of cooperative-bank and challenger-bank balances.

ING Mobile (Moje ING) — Strong SME presence, often paired with BSGo for businesses that hold both a cooperative-bank account and an ING operating account.

PeoPay (Bank Pekao) — Pekao's mobile app, used by larger corporates; pairs well with BSGo for partners building cross-bank treasury views.

Santander Mobile (Santander Bank Polska) — Common in cross-border scenarios; relevant for FX reconciliation alongside BSGo's PLN/FX flows.

Millennium Mobile (Bank Millennium) — Retail-leaning Polish bank with a popular mobile interface; appears often in family-finance multi-bank stacks.

Citi Mobile (Citi Handlowy) — Used by larger corporates and individuals with international exposure; BSGo + Citi covers many SME export flows.

Velo (VeloBank) — Newer entrant that re-uses PolishAPI like the cooperative-bank stack; helpful when a partner wants to test the same connector against multiple BaaS hosts.

BLIK — Universal Polish payment scheme rather than a single bank app; integrating BSGo without BLIK awareness is rarely useful in 2026.

BS API portals (e.g. Bank Spółdzielczy w Brodnicy / Skierniewicach) — Each cooperative bank publishes its own developer portal under PolishAPI; BSGo is the shared mobile entry-point on top.

About OpenFinance Lab

We are an independent technical studio focused on mobile-banking protocol analysis and OpenFinance API delivery. The team has shipped integrations with Polish, German, UK and APAC banking apps, with day-to-day exposure to PSD2, PolishAPI, Berlin Group NextGenPSD2 and SCA. We pair ex-bank and ex-payment-network engineers with mobile reverse-engineering specialists, so a cooperative-bank engagement gets both a regulated rail and a documented mobile fall-back.

Domain: cooperative banking, retail banking, payments, fintech, edtech-meets-banking (Junior products).
Stack: Python, Node.js, Go SDKs; OpenAPI 3.1; reproducible test harnesses.
Workflow: protocol analysis → API design → build → conformance test → compliance review.
Engagement model 1 — Source-code delivery from $300: you receive runnable source plus docs and pay after acceptance.
Engagement model 2 — Pay-per-call hosted API: no upfront fee, billed by API call with a free trial budget.

Contact

Send your target app, the data you need, and any sandbox credentials you already hold. We respond within one business day with a scoping note and a price band.

Contact page

Engagement workflow

Scope confirmation: which BSGo flows (login, statements, BLIK, deposits, Junior) and which cooperative banks are in scope.
Protocol analysis and API design (2–5 business days).
Build and internal validation against sandbox or read-only consented accounts (3–8 business days).
Documentation, runnable samples, automated tests (1–2 business days).
Acceptance — first delivery typically within 5–15 business days; bank-side approvals may add to that window.

FAQ

Can BSGo data be accessed through the PolishAPI / PSD2 standard?

Yes. BSGo runs on top of cooperative-bank back-ends that already publish PSD2 AIS and PIS endpoints under the PolishAPI standard, so consented customer accounts, balances, transactions and SEPA/PLN payment initiation can be reached by a licensed TPP. We design the integration around the regulated rail and only fall back to documented mobile flows where the PSD2 surface is missing.

What does the BSGo statement export deliverable include?

A normalised JSON schema for transactions (date, amount, counterparty IBAN, BLIK reference, transaction type), pagination with date-range filters, and writers that emit Excel (XLSX), CSV and PDF. We also include a reconciliation field map for accounting back-ends such as Comarch ERP, Symfonia and SAP.

How long does a typical BSGo integration take to deliver?

Five to twelve business days for a first drop covering OAuth/SCA, balance and statement endpoints. BLIK initiation, MojeID identity verification, and Junior parent-panel flows usually add another one to two weeks because they require sandbox access from the cooperative bank.

How do you handle Polish KNF and GDPR compliance?

All access is mediated through customer consent records, eIDAS QWAC/QSEAL certificates for PSD2 calls, and a hashed audit log retained per the bank's policy. We never store card PANs, and personal data is minimised to what each scenario requires under GDPR Article 5.

📱 Original app overview (BSGo — appendix)

BSGo is the official mobile banking app for Polish cooperative banks (banki spółdzielcze), built and maintained by Asseco Poland S.A. (package com.asseco.poland.mobile.auth.bank.prodma). It serves both individual and business customers and is co-branded by each cooperative bank that joins the platform.

Headline capabilities documented by Asseco and the participating banks include:

PLN and FX transfers between own and foreign accounts; BLIK transfers to a phone number.
Deposits — open, top up, partially withdraw and close, all from the phone.
Online identity confirmation through MojeID for e-government and partner KYC.
Multi-context use — switch between personal and business profile inside the same session.
Full account, transaction and credit history; pre-login balance preview as amount or percentage.
Push or SMS notifications on every account event.
Authorization of online and mobile operations via PIN, biometrics (fingerprint), and push approval.
BSGo Junior — a tailored experience for children 13+ with a Parent Panel that controls allowance, request-to-parent, and Piggy Bank top-ups. Asseco confirmed in 2024 that 20 cooperative banks had joined and 7 had already deployed it.
BSGo Kids — a younger-children variant that auto-transitions into Junior at age 13 and into the adult app at 18.
iOS and Android distribution through the App Store and Google Play; users are advised to install only from those stores.

The app's exact feature set varies bank by bank — each cooperative bank can enable or disable modules. Always read the developer's privacy policy and confirm the supported scope with your bank before relying on a specific feature.