maibank API integration & Moldova OpenBanking services

OpenData · OpenFinance · Berlin Group XS2A · MIA Instant Payments

Connect maibank accounts, transactions and MIA payments to your stack — under Moldova OpenBanking law

maibank is the mobile app of maib (BC Moldova Agroindbank S.A.), Moldova's largest bank with more than one million customers and the only domestic institution offering fully digital onboarding. We deliver a clean integration layer on top of maib's account, statement and payment flows, exposing them as predictable JSON APIs that your finance, accounting or risk system can consume immediately.

Account & consent APIs — Mirror maibank authorization (OAuth2 + SCA challenge) so your backend can bind end-users, refresh tokens, and persist explicit Berlin Group XS2A consents with audit trails.

Statement & balance APIs — Paged MDL/EUR/USD transaction history with date ranges and category filters, plus interim and booked balances exported as JSON, Excel or signed PDF.

MIA QR & instant payments — Static, dynamic and hybrid QR generation, payment-status polling, refund initiation and webhook callbacks aligned with the National Bank of Moldova MIA scheme.

Cards, deposits & loans — Issue and freeze instant digital cards, query deposit accruals, and pull amortisation schedules for personal loans into your CRM or core ledger.

What we deliver

Each engagement ships an opinionated, runnable integration rather than a stack of slides. The package below is what most clients receive on day one of their maibank build, with extensions added as scope grows.

Deliverables checklist

OpenAPI 3.0.1 specification aligned with Berlin Group XS2A v1.3.x
Protocol report covering OAuth2, mTLS, eIDAS QWAC/QSEAL handling and SCA redirect/decoupled flows
Runnable source for login, statements, MIA QR and webhook handlers (Python + Node.js)
Postman collection, sandbox seed data and integration test suite
Compliance brief: Moldova Law 209/2022, NBM Open Banking circulars, GDPR alignment

Engagement models

Two pricing tracks — pick whichever maps to your finance team's preference. Both include a sandbox environment, written acceptance criteria and a 30-day stabilisation window.

Source-code delivery (from $300): full ownership of the API source, deployable inside your VPC; pay on satisfactory acceptance.
Pay-per-call hosted API: we host the gateway, you pay only for successful calls — useful for proof-of-concepts and bursty workloads.

Data available for integration

The table below maps the most useful maibank-side data to the screens or services they live behind, the granularity you can expect, and the typical downstream workload that consumes them. Use this as a sizing reference for your own backend design.

Data type	Source (screen / service)	Granularity	Typical use
Customer profile & KYC status	maibank onboarding + profile screen	Per user, structured fields	Onboarding sync, sanctions screening, ERP customer master
Account list & balances	"Accounts" tab (current, savings, multi-currency)	Per IBAN / per currency, interim & booked	Cash-position dashboards, treasury, liquidity reporting
Transaction history	Statement & account detail views	Per transaction, ISO 20022 fields	Reconciliation, ERP posting, expense management
Card metadata & status	"Cards" tab incl. instant digital cards	Per PAN reference, masked	Card lifecycle automation, fraud alerts
MIA Instant Payments & QR	QR scanner + "Send via MIA"	Per payment, with payer phone alias	POS settlement, e-commerce checkout, invoice clearance
Loan & deposit positions	"Loans" / "Deposits" sections	Per contract, with schedules	Credit risk, IFRS 9 staging, customer 360
Utility & bill payments	"Bills" catalogue (700+ providers in MD)	Per provider, per invoice	Subscription billing apps, accounting automation

Typical integration scenarios

1. ERP cash reconciliation for Moldovan SMEs

An accounting platform syncs end-of-day MDL/EUR balances and the day's transactions from the SME's maibank current account. Each booking flows into the journal with the original ISO 20022 endToEndId, so VAT-relevant rows reconcile against issued invoices. The XS2A account-information endpoint provides booked vs. interim balances and the consent is renewed every 90 days under Berlin Group rules.

2. MIA QR checkout for online merchants

An e-commerce store generates a dynamic MIA QR at checkout, polls payment status and issues a receipt the moment funds clear. Webhook callbacks update order state in under two seconds, which matches maib's real-time crediting promise. Refunds are issued through the same interface, so finance staff never need to log into the maibank app to settle disputes.

3. Treasury & FX reporting for a regional group

A multi-entity group operating across MD and RO consolidates EUR/USD/MDL positions every morning. The integration pulls all account balances, normalises to a base currency, and writes the result into a treasury data warehouse. Consent management uses Berlin Group's recurring consent profile, so the daily pull is fully unattended.

4. Loan-origination decisioning

A consumer-credit app reads 12 months of paged transaction history through XS2A to build affordability and stability scores. Salary credits, utility-bill cadence and gambling outflows are detected from the MCC/category fields, mapped to a decision-ready feature vector, and stored only for the regulator's mandated retention window.

5. Card-issuance lifecycle automation

An HR-payroll app issues maibank instant digital cards to new hires, then watches their status (active, frozen, closed) through the card-metadata API. When a contractor leaves, the card is auto-frozen. This compresses a 3-day manual workflow into a single API call sequence.

Technical implementation

maib runs its OpenBanking estate on the open-source Open Bank Project (OBP) platform aligned with the Berlin Group NextGenPSD2 specification. Our wrappers preserve the underlying XS2A semantics — consents, SCA challenges, idempotency keys — but flatten the verbose envelope into a developer-friendly JSON shape. Below are three representative endpoints from a typical delivery.

1. Initiate consent + fetch transactions

POST /api/v1/maibank/consents
Content-Type: application/json
X-Request-ID: 4f9a-2c1e-...

{
  "access": {"balances": "all-accounts", "transactions": "all-accounts"},
  "recurringIndicator": true,
  "validUntil": "2026-08-04",
  "frequencyPerDay": 4
}
=> 201 { "consentId": "c8d2...", "scaRedirect": "https://..." }

GET /api/v1/maibank/accounts/MD24AG000000022500900000/transactions
  ?dateFrom=2026-04-01&dateTo=2026-04-30&bookingStatus=booked
Authorization: Bearer <ACCESS_TOKEN>
Consent-ID: c8d2...

2. Create a MIA QR & receive a webhook

POST /api/v1/maibank/mia/qr
{
  "type": "dynamic",
  "amount": {"currency": "MDL", "value": "129.50"},
  "orderId": "INV-2026-0042",
  "expiresIn": 300
}
=> 200 { "qrId": "Q7...", "qrPayload": "00020101...", "deepLink": "mia://..." }

# Webhook (server -> your endpoint)
POST /your-app/mia/callback
{ "qrId":"Q7...", "status":"PAID", "paidAt":"2026-05-04T08:14:11Z",
  "payerAlias":"+3736...", "endToEndId":"E2E20260504..." }

3. Export a signed statement (PDF)

POST /api/v1/maibank/statements/export
{
  "iban": "MD24AG000000022500900000",
  "from": "2026-01-01",
  "to":   "2026-04-30",
  "format": "pdf-signed"
}
=> 202 { "jobId": "exp_91x...", "etaSec": 12 }

GET /api/v1/maibank/statements/exports/exp_91x...
=> 200 (application/pdf, with eIDAS-grade signature block)

Compliance & privacy

Regulatory anchors

Moldova transposed the European PSD2 framework into national law via Law 209/2022, which amends Law on Payment Services and Electronic Money No. 114/2012. The National Bank of Moldova set February 2025 as the firm deadline for banks — including maib — to expose Open Banking endpoints. We design every integration to clear that bar by default.

Security posture

Authorization uses OAuth2 with PKCE; transport is mTLS with eIDAS QWAC certificates where the bank requires them. Strong Customer Authentication follows the Berlin Group's redirect or decoupled SCA profile. Sensitive payloads (PAN, IBAN, SCA challenges) are kept out of logs by default, and consent records are written to an append-only audit store.

Data minimisation

We only request the smallest XS2A consent scope your use case actually needs. For example, a reconciliation tool gets balances + booked transactions but never card data, while a card-issuance flow gets card metadata but no historical statements. This satisfies GDPR Art. 5(1)(c) and the NBM's local equivalent on personal-data minimisation.

Data flow / architecture

A standard maibank integration is intentionally short: maibank app / maib XS2A gateway → OpenFinance Lab API layer (consent + normalisation) → your storage (Postgres / data warehouse / S3 archive) → your analytics or business endpoint (BI, ERP, scoring).

Ingestion: scheduled pulls (every 1–15 min) plus on-demand calls. MIA payments arrive via push webhooks for sub-second latency.
Normalisation: ISO 20022 transaction fields map to a flat, vendor-neutral schema so you can switch banks later without rewrites.
Storage: warm rows in Postgres, cold statements archived in S3-compatible object storage with retention tags.
Output: REST + webhooks; optional GraphQL gateway for product teams that prefer it.

Market positioning & user profile

maibank is used predominantly by retail and SME customers across the Republic of Moldova, with a growing diaspora userbase across the EU (notably Romania, Italy and Germany) who continue to operate MDL and EUR accounts remotely. Both Android and iOS are first-class. In 2024–2025 maib accelerated adoption of MIA Instant Payments and QR-based merchant acquiring, while Open Banking endpoints came online in time for the NBM's February 2025 deadline. The integration audience for this page is primarily B2B: fintechs, SaaS vendors, ERP integrators and accounting platforms who need authorised, compliant programmatic access to Moldovan banking data.

Screenshots

Tap any thumbnail to enlarge. The screenshots below come from the public Google Play listing for the maibank app and illustrate the surfaces we typically integrate against — login, accounts, transactions, payments and onboarding.

Similar apps & integration landscape

Most clients we work with use maibank alongside other Moldovan or pan-European mobile banks. Below is the wider ecosystem we frequently see in integration briefs — listed for context, not as a ranking. Treat each as another likely source of unified transaction exports, MIA flows or Berlin Group XS2A endpoints.

MICB Mobile Banking — Moldindconbank's app: balances, transaction history, P2P, billing payments to 700+ providers; common counterpart in MDL reconciliation flows.

Victoriabank Mobile — Victoriabank is a top-3 Moldovan bank with a strong digital push; clients regularly need joint maibank + Victoriabank statement exports.

OTP Bank Moldova (formerly Mobiasbanca) — Backed by OTP Group; popular for personal current accounts and consumer loans where users want a single API across both banks.

EximBank Moldova — Trade-finance focus and strong correspondent network; integrations typically pull SWIFT-style payment metadata alongside maib XS2A data.

ProCredit Bank Moldova — SME and SME+ specialist; co-existence with maibank is common for businesses that split current accounts between the two.

EnergBank — Mid-tier Moldovan retail bank; appears in personal-finance dashboards aggregating multiple MDL accounts.

Maib Pay — maib's own P2P micro-app; useful when client flows mix maibank account state with stand-alone P2P transfers.

Salt Edge — Open Banking aggregation provider that already covers Moldovan banks; sometimes used as an alternative source when direct XS2A keys are unavailable.

Revolut — Heavily used by Moldovan diaspora customers; frequent ask is to join Revolut card spend with maibank salary credits.

N26 — EU-licensed neobank used by users in DE/AT/IT; appears in cross-border consolidations next to maib accounts.

About OpenFinance Lab

We are an independent studio focused on fintech, OpenBanking and protocol-analysis work. The team includes engineers with hands-on experience at retail banks, payment processors and security labs across Eastern Europe and the EU. We know the Berlin Group XS2A specification, the NBM Open Banking circulars and Romania/Moldova KYC expectations, and we ship end-to-end financial APIs under tight security and compliance constraints.

Retail banking, payments and insurtech integrations across MD, RO and the wider EU
Berlin Group XS2A consent flows, SCA, mTLS + eIDAS QWAC handling
Custom Python / Node.js / Go SDKs and reproducible test harnesses
Full pipeline: protocol analysis → build → validation → compliance hand-off
Source-code delivery from $300 — runnable API source plus full documentation; pay after delivery upon satisfaction
Pay-per-call API billing — hosted endpoints with usage-based pricing for teams that prefer no upfront cost

Contact

For quotes or to submit your target app and requirements, open our contact page:

Contact page

Typical response: same business day. We sign NDAs before reviewing any sensitive credentials, sandbox keys or capture files.

Engagement workflow

Scope confirmation: integration scenarios and API needs (login, statements, MIA QR, cards).
Protocol analysis and API design (2–5 business days, depending on consent and SCA complexity).
Build and internal validation against maib's sandbox or a captured corpus (3–8 business days).
Docs, samples and test cases — Postman, OpenAPI and a quick-start README (1–2 business days).
Typical first delivery: 5–15 business days; bank-side approvals or QWAC issuance can extend timelines.

FAQ

What does maibank API integration actually cover?

Account login and OAuth2 token refresh, account and card metadata, balance queries, paged transaction history, statement export to JSON/Excel/PDF, MIA Instant Payments and QR initiation, plus utility-bill and card-management endpoints. We align flows with the Berlin Group NextGenPSD2 XS2A model used by maib for Open Banking.

How long does delivery take for a maibank integration?

Usually 5 to 12 business days for a first API drop covering login, balances and statement export. Adding MIA QR initiation, webhooks for instant settlement, or multi-account enterprise flows can extend the timeline by another one to two weeks.

How do you handle compliance for Moldova banking data?

We work strictly under customer authorization or against documented public APIs. Flows follow Moldova Law 209/2022 (the local PSD2 transposition), the National Bank of Moldova Open Banking deadline of February 2025, the Berlin Group NextGenPSD2 standard, and GDPR-aligned data minimisation. Consent records, audit logs and SCA challenge handling are part of every delivery.

Can you integrate MIA Instant Payments and QR MIA?

Yes. We can wrap MIA QR generation, payment status polling, refund flows and webhook callbacks into a clean API surface. Static, dynamic and hybrid QR codes are supported, and for SME flows we expose 0-fee transfers (up to 10,000 MDL/month per the NBM scheme).

📱 Original app overview (appendix)

maibank is the official mobile banking app of maib (BC Moldova Agroindbank S.A.), the largest commercial bank in the Republic of Moldova. The app gives retail and SME users a complete digital channel to maib services on Android and iOS, and it is the only banking app in Moldova that supports fully digital onboarding — letting a new customer open an account or card directly from the device.

Headline app capabilities, taken from the official store description and maib's own documentation:

Simple, secure and intuitive experience designed around mobile-first banking.
State-of-the-art security with advanced encryption, biometric authentication and device binding.
Effortless account and card management — current accounts, debit/credit cards and instant digital cards.
Flexible loans and deposits configurable directly from the app.
Fast and easy MIA-based payments wherever you are, including QR MIA acquiring for merchants.
Travel insurance, RCA (auto liability) insurance and other essential services, fully digital.
Utility-bill payments in seconds against 700+ Moldovan service providers.
Privacy controls such as Hide Balances for shared-screen contexts.

On the platform side, maib has implemented Berlin Group NextGenPSD2-aligned Open Banking endpoints on top of the open-source Open Bank Project (OBP) stack, in line with Moldova's Law 209/2022 and the National Bank of Moldova's February 2025 Open Banking deadline. This is the technical surface that the integration described above plugs into.