PeoPay API integration & Bank Pekao OpenBanking services

OpenData · OpenFinance · PolishAPI · PSD2 · BLIK

Connect PeoPay accounts, BLIK payments and Bank Pekao statements to your stack — under PSD2

PeoPay is the mobile front-end of Bank Pekao S.A., one of Poland's largest commercial banks. Behind it sits a regulated treasure-trove of structured data: PLN and FX account balances, BLIK transactions, Express Elixir transfers, card metadata, PekaoTFI fund positions and scheduled payments. We expose this data to your back-office, ERP, accounting suite or analytics warehouse using the PolishAPI 3.x and Berlin Group NextGenPSD2 standards.

Why PeoPay data is valuable: multi-account coverage (personal, business and FX) in a single mobile flow, BLIK code and request streams, Apple Pay tokenisation events, and full Express Elixir instant-transfer history with ledger granularity.

OpenBanking-aligned: we work on top of Bank Pekao's published developer portal at developer.pekao.com.pl, the PolishAPI standard maintained by the Polish Bank Association, and the EU PSD2 / DORA framework supervised by KNF.

Two engagement models: source-code delivery from $300 (you receive runnable Python or Node.js code, OpenAPI spec and tests; pay on acceptance), or pay-per-call against our hosted API gateway (no upfront fee).

What we deliver

Every project ships as a self-contained bundle so your team can run, audit and extend it without further dependency on us. Source files compile out of the box, tests cover both happy and adverse paths, and the compliance memo is written so that an internal reviewer can sign-off without re-reading the entire PSD2 specification.

Deliverables checklist

OpenAPI 3.1 specification for every exposed endpoint
Protocol & auth flow report (OAuth2, SCA decoupled flow, eIDAS certificate handling)
Runnable Python (FastAPI) and Node.js (Fastify) reference clients
Postman collection plus pytest / vitest contract tests
Sample MT940 / CAMT.053 / CSV exporters
Compliance memo aligned with PSD2 RTS, PolishAPI 3.x and GDPR
Deployment guide for Docker and AWS Fargate

Technical implementation — sample snippets

Below are three representative payloads exercised against our gateway. Field names mirror the PolishAPI 3.0 specification.

// 1) Initiate AIS consent (PolishAPI v3 style)
POST /v3_0/auth/authorize
Content-Type: application/json
X-Request-ID: 4c6f3a87-b1f2-4c3e-90e2-9b0d1e7c4a01

{
  "scope": "ais",
  "scopeDetails": {
    "consentId": "CNS-20260509-PEO-7741",
    "scopeUsageLimit": "multiple",
    "privilegeList": [
      {"accountList": [{"transactionHistory": true, "scaRequired": true}]}
    ]
  },
  "redirectUri": "https://client.example.com/cb"
}

// 200 OK
{
  "tokenType": "Bearer",
  "expiresIn": 3600,
  "accessToken": "eyJhbGciOi..."
}

// 2) Statement query — PeoPay PLN account, last 30 days
POST /api/v1/peopay/statement
Authorization: Bearer <ACCESS_TOKEN>
X-Request-ID: 21a09b14-aa4c-4f5e-bb98-4dd4e8a2f9aa
Content-Type: application/json

{
  "accountIban": "PL61124000000000000000000000",
  "fromDate": "2026-04-09",
  "toDate":   "2026-05-09",
  "currency": "PLN",
  "channels": ["BLIK", "EXPRESS_ELIXIR", "CARD", "ATM"]
}

// 200 OK (truncated)
{
  "transactions": [
    {
      "transactionId": "TX-2026050912331",
      "bookingDate": "2026-05-08",
      "amount": {"value": -42.50, "currency": "PLN"},
      "channel": "BLIK",
      "counterparty": {"name": "BIEDRONKA 0421", "mcc": "5411"}
    }
  ],
  "pagination": {"nextCursor": "eyJ0Ij..."}
}

// 3) Webhook — BLIK request-for-transfer event
POST https://client.example.com/hooks/blik
X-Signature: sha256=2c4b...
Content-Type: application/json

{
  "event": "blik.request.completed",
  "occurredAt": "2026-05-09T11:42:18Z",
  "request": {
    "id": "REQ-9912",
    "amount": {"value": 120.00, "currency": "PLN"},
    "from": "+48555111222",
    "to": "+48555333444",
    "status": "ACCEPTED"
  }
}

// On signature failure return 401, on duplicate eventId return 200.

Data available for integration

The matrix below summarises the structured data PeoPay exposes once consent has been granted. Granularity reflects what the AIS endpoints return today; we add server-side enrichment (categorisation, FX normalisation) on top when the project requires it.

Data type	Source (screen / feature)	Granularity	Typical use
Account list & balances	"Moje produkty" / accounts dashboard	Per IBAN, current + available + booked	ERP cash-position dashboards, treasury reconciliation
Transaction history	History of operations	Per booking, with channel, MCC, counterparty	Accounting sync, expense categorisation, audit trails
BLIK events	BLIK code, BLIK transfers, request-for-transfer	Per code or per request, with status & phone	Marketplace settlement, peer-to-peer reimbursements
Express Elixir transfers	Domestic instant transfer flow	Real-time, per payment instruction	Pay-on-delivery, gig-worker payouts, fast supplier settlement
FX and multi-currency wallets	Currency exchange screen	Per currency pair, preferential rate flag	Cross-border invoicing, international e-commerce
Card metadata & Apple Pay	Card management, Apple Pay enrolment	Per PAN-suffix + token reference	Card-on-file analytics, fraud screening
PekaoTFI fund positions	Investment / brokerage section	Per fund, daily NAV snapshot	Wealth dashboards, portfolio aggregators
Scheduled payments & standing orders	Calendar of scheduled payments	Per instruction, next-execution date	Cash-flow forecasting, churn prediction

Typical integration scenarios

The following five scenarios are the patterns we ship most often for Bank Pekao customers and Polish fintech partners. Each is described as an end-to-end flow rather than an isolated API call.

1. Accounting & ERP reconciliation

A Polish SME running on Comarch Optima or SAP Business One pulls its PeoPay business-account transactions every 30 minutes. We map each booking into a journal entry, normalise FX legs against NBP fixings, and push CAMT.053 files into the ERP. Endpoints involved: AIS account list, AIS transactions, plus a daily MT940 export.

2. Marketplace BLIK collection

A merchant marketplace generates a BLIK request-for-transfer per order. The buyer accepts in PeoPay, the funds settle in seconds, and our webhook informs the marketplace ledger. The OpenFinance pattern is PIS for outgoing refunds plus an event stream for incoming credits.

3. Multi-currency e-commerce payouts

Cross-border sellers using PeoPay's FX wallets settle in EUR, USD or GBP without round-tripping through PLN. The integration reads balance per currency, executes Express Elixir or SEPA payouts, and reconciles against the marketplace order book — fully covered by PSD2 PIS scopes.

4. Personal finance management (PFM)

A consumer-facing PFM aggregates PeoPay alongside other Polish banks. The AIS consent yields a 90-day transaction history that feeds the PFM's categorisation model; OpenData enrichment (MCC tables, NIP lookups) is layered on top to produce spending insights.

5. Investment dashboards (PekaoTFI)

Wealth-tech apps surface a unified portfolio view by combining PeoPay PekaoTFI fund holdings with brokerage positions held elsewhere. Daily NAV pulls plus event hooks on subscriptions and redemptions deliver intraday-fresh dashboards for retail investors.

Compliance & privacy

Regulatory baseline

Poland implements PSD2 through the Act on Payment Services and the domestic PolishAPI standard alongside Berlin Group NextGenPSD2. Bank Pekao is supervised by the Polish Financial Supervision Authority (KNF). Our integrations register the client as a third-party provider (AISP / PISP / CBPII), use eIDAS QWAC and QSeal certificates, and apply Strong Customer Authentication via the decoupled or redirect flow as published on developer.pekao.com.pl. Since 17 January 2025 incident reporting falls under DORA — our compliance memo reflects this transition.

GDPR & data minimisation

Consent is captured per-scope with a unique consentId, stored encrypted at rest, and revocable at any time. We strip PAN data to last-four digits unless your legal basis demands otherwise, and we keep raw responses only for the audit window agreed in the SOW. By design, no personal data leaves the EEA without an Article 46 transfer mechanism in place.

Consent records and audit logs ready for KNF inspection
Data minimisation defaults: only fields requested are persisted
Retention policies aligned with Polish AML statute (typically 5 years)
Pen-test report available on request before go-live

Data flow / architecture

The reference pipeline is intentionally small: each node is replaceable and each hop is logged.

1. Client app or backend — initiates the consent flow and stores the customer's consentId.
2. OpenFinance Lab gateway — terminates eIDAS mTLS, signs PolishAPI requests, handles SCA challenges, retries on 429/503.
3. Bank Pekao PolishAPI endpoints — production at developer.pekao.com.pl/api/, sandbox at developer.pekao.com.pl/sandbox/.
4. Storage & analytics — Postgres for normalised transactions, S3 (or Azure Blob) for raw responses, ClickHouse for ad-hoc analytics.
5. API output — REST and webhook surfaces for your downstream apps; optional Kafka topic for real-time consumers.

Market positioning & user profile

PeoPay serves Bank Pekao's retail and SME clientele — a base spanning Polish individuals, micro-entrepreneurs and corporate users on a single mobile surface. Primary regions are Poland and EU expats banking with Pekao; the app supports Android and iOS only, with Apple Pay enrolment available since the rollout of in-app card provisioning. According to BLIK published statistics, BLIK transfers and BLIK request-for-transfer have been free of charge since 1 November 2025, accelerating peer-to-peer volumes flowing through PeoPay. In 2024–2025 Bank Pekao also expanded the request-for-BLIK feature with split-bill controls — a concrete signal that the integration surface keeps evolving and that any data model built on top must keep pace with new event types.

Screenshots

Tap any thumbnail to enlarge. The data points highlighted in the screenshots — account list, BLIK code panel, transaction history, scheduled payments — are exactly the surfaces our APIs mirror.

Similar apps & integration landscape

Most PeoPay integrators do not stop at one bank — they aggregate the wider Polish and European OpenBanking landscape. The apps below appear regularly in the same scope-of-work conversations; we list them so teams searching for any one of them can quickly understand how a multi-bank stack is delivered.

IKO (PKO Bank Polski)Poland's most-downloaded mobile banking app. Holds personal and SME account history, BLIK and IKO blue-pin payments — clients often ask for unified PKO + Pekao transaction exports.

mBank PL — Twój bank i finanseLong-running mobile banking app from mBank S.A. Strong feature parity for transactions, FX wallets and cards; combined with PeoPay it covers most retail Polish customers.

Moje ING mobileING Bank Śląski's app, popular among salaried users. Aggregating Moje ING with PeoPay is a common request from PFM and credit-decisioning teams.

BNP Paribas GOmobileMobile banking from BNP Paribas Bank Polska, with a strong corporate client base. Useful counterpart for cross-bank treasury dashboards alongside PeoPay business accounts.

Bank Millennium mobileProvides retail accounts, cards and BLIK; in multi-bank PFMs it sits next to PeoPay as a parallel data source via PolishAPI.

Santander mobile (Polska)Polish arm of Santander; the OpenBanking pattern is identical to Pekao's, making joint AISP integrations straightforward.

Velo (VeloBank)Digital-first bank serving retail and SME segments; relevant for clients that want a neobank counterpart to a traditional Pekao account.

RevolutCross-border wallet, multi-currency cards and stock investing. Often paired with PeoPay for FX-heavy users splitting balances between a domestic bank and an EMI.

WiseMulti-currency account focused on cheap FX. Consolidating Wise transactions with PeoPay statements is a typical use-case for freelancers invoicing internationally.

PayU MobileMajor Polish payment processor; merchant-side data complements PeoPay AIS feeds in marketplace reconciliation projects.

About OpenFinance Lab

Who we are

We are an independent technical studio focused on App interface integration, OpenData, OpenFinance and OpenBanking work. Our engineers come from commercial banks, payment gateways and protocol-analysis backgrounds, with hands-on experience of PolishAPI, Berlin Group NextGenPSD2, UK OBIE and the Brazilian Open Finance stack.

Banking, payments, wealth-tech and cross-border clearing projects
Protocol analysis, eIDAS certificate management and sandbox onboarding
Custom Python / Node.js / Go SDKs, CI test harnesses, OpenAPI specs
End-to-end pipeline: scoping → analysis → build → validation → compliance memo
Source-code delivery from $300 — pay only on acceptance
Pay-per-call API billing — usage-based, no upfront commitment

Contact

For quotes, sandbox-access questions or to submit a PeoPay-specific scope, open the contact page below. Provide the target app name, the data scopes you need (AIS, PIS, CBPII), the expected call volume and any existing TPP credentials. We respond within one business day.

Contact page

Workflow & FAQ

Engagement workflow

Scope confirmation: data scopes (AIS / PIS / CBPII), target accounts, expected call volume.
Protocol & sandbox analysis at developer.pekao.com.pl (2–5 business days).
Build phase: gateway, certificate handling, contract tests (3–8 business days).
Documentation, sample clients, compliance memo (1–2 business days).
Production cut-over with KNF-aligned audit logging; typical first delivery 5–15 business days.

FAQ

What data can be extracted from PeoPay through OpenBanking integration?

Account balances across PLN and foreign-currency wallets, transaction history (including BLIK, Express Elixir, card and ATM operations), standing orders, scheduled payments, card metadata, and PekaoTFI fund holdings can be retrieved through the PolishAPI AIS endpoints once the customer grants consent.

Do you use the official Bank Pekao developer portal?

Yes. Production builds use the documented PolishAPI/Berlin Group NextGenPSD2 interfaces published at developer.pekao.com.pl, which require a registered TPP role (AISP, PISP or CBPII), eIDAS QWAC/QSeal certificates and SCA flows. Reverse-engineered flows are only used for non-PSD2 features (e.g. enriched analytics) and only with explicit client authorization.

How long does a typical PeoPay integration take?

A first usable AIS drop covering login, account list, balances and a 90-day transaction window typically takes 5 to 12 business days. Adding PIS payment initiation, BLIK request flows, Express Elixir or multi-currency reporting can extend the timeline by 1 to 3 weeks depending on sandbox approval.

Is the integration compliant with PSD2 and GDPR?

All deliveries are designed against PSD2 RTS on SCA, the PolishAPI 3.x specification and KNF supervisory expectations. Personal data handling follows GDPR principles with consent records, data minimisation and clear retention rules; we provide a compliance memo with every project.

📱 Original app overview (appendix)

PeoPay is the official mobile banking application of Bank Pekao S.A. (package id softax.pekao.powerpay). It provides quick and convenient access to Bank Pekao products: customers can pay bills, pay for purchases, withdraw cash with BLIK and even take a loan from the application.

The current version of the app includes:

Access to all customer accounts and their full history
Transaction authorisation with PIN, fingerprint or FaceID
Adding a Bank Pekao card to Apple Pay directly from the application
Express Elixir instant transfers
Domestic and foreign transfers and phone top-ups
BLIK transactions — instant transfers to phone numbers, in-store and online payments, ATM withdrawals, ATM cash deposits, QR-code payments, and the ability to copy a BLIK code to memory
Cash loan and credit card offers in a single click
Currency exchange at preferential rates (enabled by an Advisor)
Percentage or amount balance view before login
Individual and company bank-account service in one application
Transaction history search, transfer directly from the history of operations and return-transfer feature

PeoPay also enables:

Account opening and applying for products from the application level
Summary of expenses divided into categories
Internet payments directly from foreign-currency accounts (similar to multi-currency card payments)
Calendar of scheduled payments
Checking the history of operations of PekaoTFI fund regular accounts
Investment and brokerage products
Management of debit cards assigned to accounts: activation, PIN setting and changing, changing transaction limits, block / unblock / restrict the card

Are you not a Pekao client? You can open an account by selfie in PeoPay or go to a branch. More information at www.pekao.com.pl.