i-ONE Bank API integration & Korean MyData services

OpenData · OpenFinance · Korean OpenBanking · MyData

Connect i-ONE Bank accounts, transactions and MyData assets to your stack — under Korean rules

i-ONE Bank from IBK (Industrial Bank of Korea) is the bank's flagship retail application and the 2024 Finovate Awards "Best Financial Mobile App" winner — the first Korean bank to take that category. We turn its public-facing flows into a clean integration surface: pattern, fingerprint or face login mirrored as token endpoints, KRW transfer initiation aligned with KFTC Open Banking, statement export, and MyData asset aggregation across savings, loans, insurance and investment accounts.

Authentication APIs — Mirror the six-digit PIN, pattern, fingerprint and FIDO biometric flows used by the IBK app; refresh tokens and bind individual or enterprise customer IDs.

Statement & balance APIs — KRW deposit, time-deposit and loan history with paging, date ranges and counterparty filters; export to JSON, Excel or PDF for accounting and reconciliation.

Transfer initiation — Single, multiple, TokTok-shake and photo-transfer flows brought into a single REST endpoint, routed through the KFTC Open Banking rails available across all 18 Korean banks.

MyData asset aggregation — Pull the My Assets, My Expenditures, My Reports and Credit Management views into one consent-driven feed for advisory dashboards.

What we deliver

Deliverables checklist

OpenAPI 3.1 specification covering login, balance, statement, transfer and MyData endpoints
Protocol and authentication report — token chain, device-binding, certificate pinning, root-detection signals
Runnable source for Python, Node.js or Go (your choice) with retry, idempotency and webhook receivers
Pytest / Jest integration tests against an IBK or KFTC sandbox profile
PIPA-aligned data-handling guide: consent text, retention windows, deletion endpoints

API example: statement query (pseudocode)

POST /api/v1/ibk/ione/statement
Content-Type: application/json
Authorization: Bearer <ACCESS_TOKEN>
X-Consent-Id: 8c2f1a-mydata-2026

{
  "account_no": "010-12345-67-890",
  "from_date": "2026-04-01",
  "to_date":   "2026-04-30",
  "tran_type": "ALL",
  "page": 1,
  "page_size": 50
}

200 OK
{
  "account_no": "010-12345-67-890",
  "currency": "KRW",
  "balance_after_last_tran": 5320140,
  "items": [
    {"tran_dt":"2026-04-29T11:21:03+09:00","amount":-12500,"counterparty":"GS25","memo":"Convenience","balance":5320140},
    {"tran_dt":"2026-04-28T18:02:11+09:00","amount":1800000,"counterparty":"PAYROLL","memo":"Salary","balance":5332640}
  ],
  "next_page": null
}

API example: KFTC-style transfer (pseudocode)

POST /api/v1/ibk/ione/transfer
Authorization: Bearer <ACCESS_TOKEN>
Idempotency-Key: 6f3b8d-2026

{
  "from_account": "010-12345-67-890",
  "to_bank_code": "088",
  "to_account":   "110-9876-5432-10",
  "amount":       50000,
  "memo_to":      "Rent April",
  "memo_from":    "Rent April",
  "biometric_token": "fido2:ey..."
}

201 Created
{
  "tran_id": "IBK20260504-9981",
  "status":  "COMPLETED",
  "fee":     0,
  "kftc_ref":"KFTC-2026050412345"
}

Data available for integration

The table below maps i-ONE Bank surfaces (described in the official Google Play listing and IBK developer materials) to the integration shape we ship. Each row pairs a data type with its in-app source, the granularity we can guarantee and the typical downstream use.

Data type	Source surface	Granularity	Typical use
KRW deposit transactions	Banking → Statement screen	Per-transaction, timestamp, counterparty, memo	Reconciliation, ERP feeds, audit exports
Account balances	Home dashboard, Assets tab	Real-time, per account	Cash-position dashboards, treasury alerts
Time-deposit & loan accounts	Products module	Principal, rate, maturity	Wealth advisory, repayment scheduling
MyData asset aggregation	My Assets / My Reports	Cross-institution: savings, insurance, investment	360° net-worth and portfolio views
Spending categories	My Expenditures, card management	Per-merchant, per-category, monthly	Budgeting tools, lifestyle banking apps
Credit score & history	Credit Management module	Score, change history, factors	Lending decisions, financial-health scoring
Stock home & expert picks	Stocks tab, IBK Investment Magazine	Watchlists, themed quotes, editorial picks	Investor dashboards, research aggregation
Push event metadata	Notifications system	Topic, timestamp, account reference	Real-time settlement alerts, fraud workflows
i-ONE Guard signals	Antivirus / Smartphone Diagnosis	Device-risk flags (root, remote control, malicious URL)	Risk scoring for partner apps

Typical integration scenarios

1. Cross-border payroll reconciliation

A Seoul-based subsidiary of a multinational pays staff in KRW from an IBK corporate sub-account. Our connector calls the statement endpoint each morning, matches each tran_id against the parent ERP's payroll batch and posts a reconciliation row. Maps to KFTC Open Banking inquiry APIs — the same rail that exposes balances and history across all 18 Korean banks.

2. SME accounting sync

An SME using a SaaS bookkeeping product wants daily auto-import of i-ONE Bank deposit history. The integration polls the statement API, normalises counterparty names against Korean business-registration data, and surfaces the result as standard accounting double-entry rows — no manual CSV exports.

3. MyData wealth dashboard

A robo-advisor consolidates a customer's IBK deposit, time-deposit and stock account positions through MyData consent. We carry the consent token across calls, refresh it before expiry, and present every position in a unified /portfolio response so the advisor's risk engine sees one source of truth.

4. Real-time settlement alerts

An e-commerce merchant accepting bank-transfer payouts from KRW customers needs a sub-second confirmation. We translate IBK push events into a webhook on the merchant side, signed with HMAC and replay-protected by Idempotency-Key; the merchant flips the order to "paid" the moment the credit lands.

5. Risk & fraud overlay

A digital lender wants device-risk telemetry alongside transaction history. Through i-ONE Guard signals — root detection, remote-control detection, malicious URL flags — and the regular statement feed, the lender's model gets both behavioural and device features in one schema.

Compliance & privacy

Korean regulatory frame

Korea operates one of the most prescriptive open-finance regimes in Asia. Open Banking has run through the Korea Financial Telecommunications & Clearings Institute (KFTC) since December 2019, and Financial-Sector MyData launched fully on 5 January 2022 under the Financial Services Commission. Every i-ONE Bank integration we ship rides those rails — there is no scraping, no credential replay.

For personal data we follow the Personal Information Protection Act (PIPA). Recent 2026 amendments raised potential administrative fines to 10% of total revenue for severe breaches, so consent capture, data minimisation and breach-notification hooks are baked into every endpoint we deliver.

Operational controls

Consent tokens recorded with timestamp and scope; revocation honoured within one polling cycle.
Storage limited to the smallest field set the use case actually needs (no raw KRW account numbers in logs).
ISMS-P-aligned controls: encryption at rest, key rotation, segregated audit trails.
Optional residency: deploy the integration runtime inside your KR-region cloud account.
Sandbox-first: every endpoint is verified against an IBK / KFTC sandbox profile before production cutover.

Data flow & architecture

A typical i-ONE Bank integration follows a four-stage pipeline:

Client app or backend initiates a request carrying the user's consent token (login, statement query or MyData pull).
Ingestion layer — our hosted gateway or your self-hosted container — translates the call into the right IBK / KFTC Open Banking endpoint, manages token refresh and applies rate-limit budgets.
Storage — encrypted, field-level masked, retention windows aligned with PIPA. Only the fields your use case requires are persisted.
Analytics or downstream API — your dashboards, ERP, robo-advisor or risk engine consume a clean REST or webhook surface. Every step emits a structured audit event.

The pipeline is observable end-to-end: each request is tagged with tran_id, consent_id and kftc_ref so support can trace any single transaction across the four stages in seconds.

Market positioning & user profile

i-ONE Bank — 개인고객용 (com.ibk.android.ionebank) is IBK's retail Android client and one of the highest-ranked finance apps on Korean iOS and Android stores. It serves a broad domestic base — SME owners (IBK's policy mandate), salaried professionals, military personnel via the dedicated club, and parents using the children-and-pregnancy services — across Android and iOS. International remittance flows through the sister i-ONE Bank Global app, while this consumer app focuses on KRW banking, MyData, stocks and lifestyle services. Our integrations target B2B teams in Korea (fintech, accounting SaaS, robo-advisors, embedded-finance partners) and overseas firms onboarding Korean customers who rely on IBK as their primary KRW relationship.

Screenshots

Each thumbnail opens a larger preview. The screens show the home dashboard, asset views, transfer flows and MyData modules referenced in the integration scenarios above.

Similar apps & the Korean integration landscape

Korea has the densest banking-app market in Asia: Toss alone counted nearly 20 million users in early 2024, KakaoBank around 16.5 million. Teams that integrate i-ONE Bank usually want unified flows across several of the apps below, and the same KFTC Open Banking + MyData rails apply.

KB Star Banking (Kookmin)The flagship app of KB Kookmin Bank, exposing KRW deposit and credit-card data through KFTC; teams often need a single statement view across IBK and KB.

Shinhan SOLShinhan Bank's all-in-one app with extensive product catalogues; common pairing for cross-bank transaction analytics.

Hana 1Q BankHana Bank's consumer app with strong FX and remittance flows; useful when integrating both KRW and multi-currency books.

Woori WON BankingWoori Bank's retail app supporting English and Simplified Chinese; relevant for foreigner-facing fintech that also covers IBK customers.

NH Smart Banking (Nonghyup)NongHyup's banking app with rural and agricultural-finance reach; pairs with IBK for SME-and-cooperative reconciliation.

KakaoBankInternet-only bank with around 16.5M active users; a frequent counterparty in Korean P2P transfer flows tracked alongside IBK.

TossThe top finance app in Korea by users; integrating Toss Bank and Toss Securities data complements IBK for full-stack personal-finance tools.

K BankKorea's first internet-only bank, popular for crypto-exchange settlement; useful for fintech mapping IBK accounts against K Bank flows.

KakaoPayMobile wallet and payments arm of Kakao; the wallet ledger sits alongside i-ONE Bank for spend analytics.

Naver PayE-commerce-led wallet and BNPL service; integrating Naver Pay tokens with IBK transfers gives merchants a unified payout view.

About OpenFinance Lab

We are an independent technical studio working at the intersection of mobile-app protocol analysis and OpenFinance integration. The team has shipped fintech infrastructure for banks, payment gateways and cross-border remittance products, with deep experience around KFTC Open Banking, Korean MyData, PSD2, UPI and Open Data initiatives in Southeast Asia.

For i-ONE Bank in particular we combine readings of the public Google Play listing, the KFTC Open Banking specification and the Financial Services Commission's MyData guidance to design APIs that match how the app actually behaves — not how a marketing brochure describes it.

Protocol analysis, reverse engineering, sandbox replay and contract-test harnesses
Custom Python, Node.js, Go or Kotlin SDKs with first-class typings
End-to-end pipeline: scoping → analysis → build → validation → compliance review
Source-code delivery from $300 — runnable APIs and full documentation, paid after acceptance
Pay-per-call hosted API — no upfront cost, billed only on usage

Contact

Send us the target app and the integration scope (e.g. "i-ONE Bank statement export and MyData asset sync for our wealth dashboard") and we'll come back with a fixed-fee proposal within one business day.

Contact page

Engagement workflow

Scope confirmation: which i-ONE Bank surfaces (login, statement, transfer, MyData, stocks) and which downstream system.
Protocol analysis and API design (2–5 business days, scope-dependent).
Build and internal validation against IBK / KFTC sandbox (3–8 business days).
Documentation, runnable samples and pytest / jest test cases (1–2 business days).
Production cutover with monitoring dashboards and on-call hand-off.

FAQ

What do you need from me to start an i-ONE Bank integration?

The target app name (i-ONE Bank), a concrete scope such as transaction history export, MyData asset sync or KRW transfer initiation, and any existing IBK or KFTC sandbox credentials you already hold. We work from authorized or documented public APIs only.

How long does an i-ONE Bank API delivery take?

A first delivery covering login, balance and statement endpoints typically lands in 5 to 12 business days. Deeper MyData asset aggregation, stock account flows or i-ONE Guard checks may extend the schedule by another one to two weeks.

How do you handle Korean compliance and PIPA?

All flows route through the Korea Financial Telecommunications and Clearings Institute (KFTC) Open Banking framework or documented IBK channels. We follow PIPA consent, retention and security rules, log every request, and minimise the personal data each integration touches.

Can you deliver MyData asset aggregation as well as transactions?

Yes. Korea's MyData regime, fully active since January 5, 2022, covers savings, loans, insurance and investment data. We mirror the consent screens used by i-ONE Bank's My Assets module and surface the data through a single REST endpoint your stack can consume.

📱 Original app overview (appendix)

i-ONE Bank — 개인고객용 (package com.ibk.android.ionebank) is the personal-customer Android app from IBK Industrial Bank of Korea. The app's tagline — "Start easily, and complete your finances in your own way" — reflects a strategy of letting users explore services without an account and onboard later.

Sign-up and exploration without opening a bank account; product browsing while logged out.
Login via pattern, fingerprint or face; six-digit PIN and biometric confirmation for transactions.
Home themed across Assets, Products, Banking, Benefits and Stocks; personalised welcome and menu.
Stock home with topic-by-topic quotes, expert picks and IBK Investment Magazine.
Dark-mode UI, consistent finance-oriented UX, aimed at users new to banking apps.
TokTok shake-to-send transfer, multi-recipient transfer, photo-based transfer, and grouped favourites.
i-ONE Guard integrated security platform: anti-virus, smartphone diagnosis, e-finance login management.
MyData: My Assets aggregation, My Expenditures analytics, My Reports (net worth / returns / debt), Credit Management, Real Estate insights, Asset accumulation challenges.
Customised product mall with big-data recommendations and demographic-similar reports.
Generation / occupation lounges: military, parents, office workers; matched products and benefits.
Public+ bridge to government services, document issuance, travel and automotive.
Lifestyle features: group buys, games, gifting, and extras outside core finance.
AI assistant chatbot — curation, in-chat banking and voice-driven menu search.
Permissions: Phone (required); Address Book, Camera, Storage, Notifications, Location and Microphone (optional, with graceful degradation when not granted).
Customer Centre 1588-2588, Mon–Fri 9:00 AM – 6:00 PM (KST).