Erste Bank Polska API integration (OpenBanking & BLIK)

Accounts & balances

Full read access to current accounts, savings, cards and Mini Firma sole-proprietorship accounts. Includes available balance, accounting balance, blocked amounts and Smart Account fee progress as shown in Price advisor. Designed for treasury dashboards and reconciliation jobs that need a single source of truth for a Polish entity.

Transfers & standing orders

Domestic ELIXIR, Express ELIXIR instant transfers, SEPA and standing orders. The adapter mirrors the in-app two-factor mobile authorisation, so a backend caller still confirms each operation with a PIN, fingerprint or face challenge — keeping the integration aligned with PSD2 strong customer authentication (SCA).

BLIK & contactless

Generate BLIK codes, accept phone transfers via alias, withdraw cash from BLIK-enabled ATMs and pay in stores without a card. For Mini Firma customers, the same surface unlocks merchant-side BLIK acceptance, which is the cheapest acquiring path on the Polish market today.

Tickets, parking & tolls

Pay for motorway tolls, public transport tickets and parking, and top up games, music or office software directly from the customer's Erste account. The adapter normalises receipts so expense-management systems can attach them automatically to the right cost centre.

Insurance vault

Pull policy numbers and coverage periods that the app shows in the Insurance section. Useful for brokers building a single dashboard across multiple banks, or for B2B platforms that need to renew or cross-sell against existing coverage data.

Financial Coach & Subscriptions

Programmatic access to the spend chart and the Subscriptions tray, so analytics products can show monthly recurring spend per merchant without re-deriving categories from raw text. Pairs naturally with PSD2 AIS data from other Polish banks.

1. Accounting sync for Mini Firma owners

A Polish sole-proprietorship platform pulls daily ELIXIR transactions from Erste through PSD2 AIS, attaches Mini Firma BLIK receipts via the protocol adapter, and posts journal entries to the customer's accounting backend. Fields used: booking_date, amount, currency, counter_iban, category, blik_ref. Maps to OpenBanking AIS plus an authorised value-added overlay.

2. BLIK checkout for e-commerce

A Polish marketplace uses the BLIK initiation endpoint to convert a guest cart into a paid order in under 8 seconds. The customer enters the one-time 6-digit code from the Erste app; the adapter forwards the code to PSP, confirms the transaction and emits an Alerts24-style webhook back to the shop. OpenFinance angle: instant pay-by-bank without card rails or 3DS friction.

3. Cross-CEE treasury dashboard

A regional CFO consolidates accounts across Erste Bank Polska, Erste Bank Croatia (Erste Open Banking) and Česká spořitelna using the shared Erste Developer Portal entry point. We deliver a normalised /accounts and /transactions contract on top, so each subsidiary feeds the same SAP dashboard.

4. PFM with Subscriptions and Financial Coach

A personal-finance app ingests Subscriptions and Financial Coach metrics through the protocol adapter, then overlays them on PSD2 transactions from mBank, ING and PKO IKO. The user sees a single spend chart across all Polish banks, with subscription-cancellation deep links back into Erste.

5. Compliance audit trail for fintech onboarding

An EMI onboarding flow uses the AIS endpoint to fetch 90 days of Erste statements, verifies salary credits, and stores a hashed PDF of the original statement as evidence. Our adapter ships the audit log fields (consent_id, scope, expiry, IP, SCA method) so compliance teams can answer regulator queries without re-pulling data.

Auth: mobile-authorised login

POST /api/v1/erste/auth/login
Content-Type: application/json

{
  "login_id": "12345678",
  "device_fingerprint": "<app-issued>",
  "sca_method": "fingerprint"
}

201 Created
{
  "access_token": "eyJhbGciOi...",
  "refresh_token": "rt_8f2c...",
  "expires_in": 900,
  "consent_id": "cns_2026_05_10_a1",
  "scopes": ["accounts.read", "transactions.read", "blik.initiate"]
}

Statement export with paging

POST /api/v1/erste/statement
Authorization: Bearer <ACCESS_TOKEN>
X-Consent-Id: cns_2026_05_10_a1

{
  "iban": "PL61109010140000071219812874",
  "from_date": "2026-04-01",
  "to_date":   "2026-04-30",
  "page": 1,
  "page_size": 100,
  "include": ["blik_ref","category","counter_party"]
}

200 OK
{ "items": [ { "booking_date":"2026-04-12",
               "amount":-129.90, "currency":"PLN",
               "category":"subscriptions",
               "counter_party":"Spotify AB",
               "blik_ref": null } ],
  "next_page": 2 }

BLIK code initiation

POST /api/v1/erste/blik/code
Authorization: Bearer <ACCESS_TOKEN>

{ "amount": 49.00, "currency": "PLN",
  "purpose": "ecommerce_checkout",
  "merchant_id": "M-77821" }

200 OK
{ "blik_code": "468123",
  "ttl_seconds": 110,
  "tx_id": "blik_tx_9912" }

# Webhook (Alerts24-style):
POST <your-callback>
{ "tx_id":"blik_tx_9912",
  "status":"CONFIRMED",
  "sca_method":"pin" }

Regulatory frame

Every Erste integration we ship is built against the Revised Payment Services Directive (PSD2) and its successor work (PSD3 / PSR currently in trilogue). On the Polish side we observe the Polish Banking Act, the Act on Payment Services, and the KNF (Polish Financial Supervision Authority) guidance for TPPs. GDPR Article 5 (data minimisation) and Article 6 (lawful basis) are part of the delivery checklist.

What we never store

Raw PINs, fingerprint templates and face-recognition vectors stay on the customer's device, exactly as the Erste app handles them. Our backend keeps only what is needed to honour the active consent: token hashes, consent metadata and the data the customer explicitly requested to retain. NDAs and DPAs are signed where requested.

mBank

mBank's app — historically a Polish UX benchmark — exposes detailed transaction history, the Mia spending assistant, mBroker brokerage and an internal FX exchange. Teams that integrate Erste often need parallel mBank exports so their PFM dashboards show a unified Polish view.

ING Bank Śląski (Moje ING)

Moje ING is known for minimalist flows and the 2026-added "Goals" savings automation. Its PSD2 AIS feed pairs naturally with Erste's, especially for cross-bank salary-credit verification used by Polish EMIs.

PKO Bank Polski — IKO

IKO holds the highest user count among Polish banking apps and integrates mObywatel, ePUAP, ZUS and e-prescription flows. Combining IKO and Erste data unlocks "single-citizen" dashboards for govtech and HR-tech vendors.

Pekao — PeoPay

PeoPay's 2026 redesign added spending analytics and tighter BLIK flows. As a peer of Erste in the top-tier of Polish banks, it's frequently the second feed treasury teams ask for after Erste.

Millennium Bank

Millennium added a lock-screen financial summary widget and Apple Watch BLIK in 2026. Often paired with Erste in PFM aggregators that target the urban under-35 segment.

Alior Bank

Alior — one of the six founding BLIK shareholders alongside the original Bank Zachodni WBK / Santander / Erste lineage — exposes consumer lending data and is a common counter-party for credit-aggregator products built on top of Erste statements.

BNP Paribas — GOonline / GOmobile

BNP's Polish app is widely used by SMEs and freelancers. Pairing it with Erste's Mini Firma data is a typical setup for accounting-automation vendors operating across mid-market segments.

Revolut Poland

Revolut runs as an EMI in Poland and is the dominant non-bank wallet. Customers usually want unified statements that merge Revolut spend with their primary Erste current account, including FX P&L from Erste Exchange.

BLIK (Polski Standard Płatności)

BLIK is the dominant Polish payment scheme — six-digit codes, P2P by phone number, ATMs and merchants. Erste's BLIK endpoint plugs straight into the same rails, so an integration here is also an integration with the wider BLIK ecosystem.

What we are

We're an independent engineering studio focused on app protocol analysis and authorised API integration. Our engineers have shipped fintech back ends in Polish, German and pan-EU banks, run AIS/PIS sandboxes against the Erste Developer Portal and PolishAPI, and built BLIK-acceptance integrations for e-commerce platforms.

• PSD2 AIS / PIS adapters for CEE and Western European banks
• BLIK initiation and acceptance pipelines, with PSP-compatible code handling
• Protocol adapters that mirror official app flows under user consent
• Custom Python, Node.js and Go SDKs plus pytest / vitest test harnesses
• End-to-end pipeline: research → protocol analysis → build → validation → compliance handover
• Source code delivery from $300 — runnable API source code and full documentation; pay after delivery upon satisfaction
• Pay-per-call API billing — access our hosted endpoints and pay only per call, no upfront cost; ideal for teams that prefer usage-based pricing

Contact

For a quote on the Erste app or any of the similar apps listed above, send us the target slug and your concrete requirements (data types, expected QPS, region, hosting model). We'll respond within one business day.

Open contact page

Deliverables checklist

• OpenAPI 3.1 specification covering accounts, transactions, BLIK and webhooks
• Protocol & auth flow report — token chain, SCA challenge format, error catalogue
• Runnable source for login, statement, BLIK and Alerts24 endpoints (Python and Node.js)
• Pytest / Vitest test harness plus a Postman collection
• Compliance pack: PSD2 alignment notes, GDPR data-minimisation matrix, KNF references
• One-on-one handover session with the customer's engineering team

Engagement workflow

1. Scope confirmation — which Erste surfaces, which volumes, which hosting model (1-2 days).
2. Protocol analysis & API design against the Erste Developer Portal and the current app build (2-5 days).
3. Build & internal validation in our sandbox (3-8 days).
4. Docs, samples, test cases and security review (1-2 days).
5. Typical first delivery: 5-15 business days; multi-bank or PSD3-readiness work can extend the timeline.