Pocztowy API integration & PolishAPI PSD2 services

OpenData · OpenFinance · PolishAPI · PSD2

Connect Bank Pocztowy accounts, BLIK and statements to your stack — under PolishAPI

Bank Pocztowy holds a rich slice of Polish retail-banking data: BLIK code lifecycle, instant Elixir Express transfers, deposit and savings balances, motorway-toll auto payments and 3D Secure card events. We turn that into a clean API surface — login, balance, statement, transfer, BLIK confirmation — that your accounting, ERP, lending, or analytics stack can consume directly.

Account login & session APIs — OAuth2 flows aligned with the PolishAPI 2.1.4 / 3.0.1 standard, refresh tokens, and authorized fallback sessions for fields PSD2 does not expose.

Statement & transaction APIs — Pocztowy24 transaction history with paging, date ranges, debit/credit split (the new 2024 history view), and export to JSON, CSV, XLSX or PDF.

BLIK lifecycle — Generate BLIK codes, post BLIK na telefon transfers (24/7 since 2024), and capture confirmation/rejection events for reconciliation.

Transfers & recovery — Standard and instant transfers, the new one-click "return transfer to sender" formatka, plus standing orders and direct debits.

Data available for integration

Below is the practical data inventory we can expose for Pocztowy. Each row maps a banking surface in the app to a programmable feed and the kind of work it unlocks. Field names follow the PolishAPI conventions where they apply.

Data type	Source (screen / feature)	Granularity	Typical use
Account balance	Dashboard · pre-login balance peek	Per account, near real-time	Cash-position dashboards, treasury alerts
Transaction history	Pocztowy24 history (debit/credit split)	Per leg, with title, counterparty IBAN, amount, date, MCC	Accounting auto-entry, reconciliation, AML screening
BLIK events	BLIK code, BLIK na telefon, ATM withdrawals	Per code lifecycle (created, used, expired, rejected)	POS reconciliation, fraud monitoring, refund audit
Card transactions	Cards · 3D Secure confirmations	Per authorisation, with merchant + 3DS outcome	Spend analytics, chargeback evidence
Savings & deposits	Konto Oszczędnościowe · lokaty	Per product, with rate, term, maturity	Net-worth views, deposit-renewal automation
Standing orders & direct debits	Stałe zlecenia · polecenia zapłaty	Per mandate, with frequency and next-run date	Subscription management, dunning workflows
Motorway / e-TOLL	Automatyczne opłaty autostradowe	Per gantry crossing	Fleet expense reporting, driver reimbursement
Phone top-ups	Doładowania telefonu	Per top-up, with operator and amount	Telco-spend analytics, employee benefit tracking

Typical integration scenarios

1. SMB accounting auto-entry

A Polish micro-business uses Pocztowy as its operating account and a SaaS bookkeeping tool (Wfirma, iFirma, Comarch ERP XL) for invoicing. We pull the last 90 days from PolishAPI /accounts/{id}/transactions, classify each leg with its remittanceInformationUnstructured + counterparty IBAN, and post double-entry lines to the bookkeeping API. New legs land hourly via webhook. Maps to OpenBanking AIS.

2. BLIK reconciliation for a marketplace

A marketplace accepts BLIK at checkout. We mirror the BLIK code lifecycle — generated, presented, used, expired, refunded — and emit a webhook per state change. The marketplace settles per merchant nightly, with a CSV of matched BLIK references. This combines PolishAPI PIS notifications with authorized session reads for the long-tail fields PSD2 does not return.

3. Lending pre-decision data pull

A consumer-lending platform asks the applicant to consent to read Pocztowy account history. Under the AIS consent (typically 90 days, renewable), we fetch transactions, classify income vs. recurring expenses, and feed a scoring model. Output is a single JSON: {income_avg_3m, recurring_outflows, overdraft_days, pep_match}.

4. Treasury & multi-bank dashboard

An SME holds accounts at Pocztowy plus mBank and ING. We unify all three feeds into one schema (iban, currency, booked_balance, available_balance, tx[]) and post to a Looker / Metabase warehouse. Each connector uses its respective PolishAPI deployment; the consumer sees one dashboard.

5. e-TOLL fleet expense rollup

For fleets that use Pocztowy's automatic motorway-toll payment, we capture every gantry charge as a structured event with timestamp, gantry ID and amount, attach the driver assignment from the customer's HR system, and produce a monthly per-driver expense PDF for reimbursement.

Technical implementation

The snippets below show what a typical wiring against Pocztowy looks like. Authorization is OAuth2 with the redirect-and-decoupled flows defined in the PolishAPI specification; long-lived access tokens are 90-day-bounded for AIS consents.

1. AIS consent + login (PolishAPI flow)

POST https://api.pocztowy.pl/v3_0/auth/v3_0_1/authorize
Content-Type: application/json
X-JWS-SIGNATURE: <eIDAS QSeal signed JWS>

{
  "scope": "ais",
  "scope_details": {
    "privilegeList": [{"accountInfo": {"scopeUsageLimit": "multiple"}}],
    "consentId": "c-2b1f...",
    "scopeTimeLimit": "2026-08-04T00:00:00+02:00"
  },
  "redirect_uri": "https://app.example.com/callback",
  "state": "abc123"
}

→ 200 { "authorization_url": "https://login.pocztowy.pl/...&code=...", "expires_in": 600 }

2. Statement query

GET /v3_0/accounts/PL{IBAN}/transactions/done?
    dateFrom=2026-04-01&dateTo=2026-04-30&
    pageSize=200&type=Booked
Authorization: Bearer <ACCESS_TOKEN>
X-Request-ID: 8f1e9b...

→ 200 {
  "transactions": [{
    "itemId": "tx_...",
    "amount": {"value": "-129.90", "currency": "PLN"},
    "creditorAccount": {"iban": "PL61 1090 ..."},
    "remittanceInformationUnstructured": "Faktura 2026/04/0123",
    "tradeDate": "2026-04-12",
    "transactionType": "BLIK"
  }],
  "links": {"next": "/v3_0/accounts/.../transactions/done?page=2"}
}

3. BLIK confirmation webhook (our hosted layer)

POST https://your-app.example.com/webhooks/blik
X-OpenFinanceLab-Signature: t=1746360000,v1=4ad6c...

{
  "event": "blik.code.used",
  "code_ref": "blk_01HY...",
  "merchant_ref": "ORDER-29841",
  "amount": {"value": "59.00", "currency": "PLN"},
  "result": "OK",
  "occurred_at": "2026-05-04T08:14:22+02:00",
  "auth_session_hash": "sha256:..."
}

// Errors are RFC 7807 problem+json:
//   {"type":"/errors/blik-rejected","title":"BLIK rejected","status":409,"code":"BLIK_TIMEOUT"}

Compliance & privacy

Bank Pocztowy operates under EU PSD2 (Directive 2015/2366) and the technical PolishAPI standard maintained by the Polish Bank Association. The standard's most recent revisions — versions 2.1.4 and 3.0.1, published in June 2025 — align the Polish payment industry with the ISO 20022 message format. Where third-party-provider (TPP) access is in scope, we use eIDAS QWAC + QSeal certificates and follow the AIS / PIS / CAF privilege model exactly as the bank publishes it. See the PolishAPI standard and the PSD2 directive for the regulatory backbone.

Beyond PSD2, every integration is GDPR-aware: consent artefacts are persisted, access logs are timestamped and IP-stamped, and we apply data minimization — we do not request fields the customer did not ask for. EU-region hosting is the default so personal data does not cross the border unnecessarily, and we honour the Polish "Ustawa o ochronie danych osobowych" supervisory regime.

Data flow / architecture

A typical pipeline is intentionally short:

Pocztowy app / Pocztowy24 — source of truth, authenticated by the end user.
OpenFinance Lab connector — PolishAPI client + authorized-session fallback, signs requests with eIDAS QSeal, persists consent.
Customer storage — Postgres / S3 / your warehouse, with per-tenant isolation.
Output channel — REST/JSON, CSV/XLSX exports, or webhooks fanning out to ERP, accounting, or analytics.

Each hop has its own retry, idempotency key (X-Request-ID), and audit log so reconciliation against the bank's own statements is straightforward.

Market positioning & user profile

Bank Pocztowy SA is a Polish commercial bank co-owned by Poczta Polska. Its app, listed on Google Play under pl.envelobank.aplikacja and on the App Store as Pocztowy, primarily serves Polish retail customers — including a large segment of older and rural users who reach the bank through Poczta Polska post offices — plus micro and small enterprises. The integration sweet spot is therefore Polish-resident SMBs, fintechs serving the Polish market (lending, accounting, treasury), and pan-EU TPPs that already cover larger Polish banks (PKO BP IKO, mBank, ING Moje ING, Pekao PeoPay) and want full Pocztowy coverage. Both Android and iOS clients are kept on a unified release train; the 2024 redesign refreshed the BLIK surface and added the transfer-return shortcut and the debit/credit history split.

Screenshots

Click any thumbnail to view a larger version. These are the surfaces our connectors mirror — login, dashboard, BLIK, history, transfers, and savings.

Similar apps & the Polish open-banking landscape

Pocztowy sits inside a dense Polish mobile-banking ecosystem. Users and businesses we work with often need their data unified across more than one app — and most of the apps below also expose AIS / PIS endpoints under the same PolishAPI standard, so adding a second or third connector is incremental work, not a rebuild.

IKO (PKO BP) — Poland's most-installed banking app. Holds the deepest national footprint; shared keyword: BLIK, IKO transfers, statement export.
mBank — Strong English-language coverage; a frequent secondary account for SMBs that also bank with Pocztowy.
Moje ING — Clean PolishAPI deployment; popular among expats. Useful for multi-bank treasury views alongside Pocztowy.
PeoPay (Pekao) — Large business-banking footprint; companies often need unified transaction exports across PeoPay and Pocztowy.
Santander mobile — Pan-European group with a Polish PSD2 endpoint; useful where consolidated EU reporting is required.
Bank Millennium — Established retail base; transfers and BLIK confirmations integrate the same way.

Alior Mobile — Adds Autopay parking / fuel feeds; pairs naturally with Pocztowy's e-TOLL feed for fleet workflows.
VeloBank — Newer entrant with VeloKantor FX; relevant for multi-currency rollups together with Pocztowy PLN data.
Credit Agricole Polska — In-app FX and standing orders; same PolishAPI patterns apply.
BNP Paribas GOmobile — Strong corporate banking; common in dual-bank SME setups with Pocztowy.

If your roadmap is "Pocztowy first, then a second Polish bank," we keep the consumer-side schema identical so you do not refactor downstream consumers when the next connector lights up.

What we deliver

Deliverables checklist

OpenAPI 3.1 specification for every endpoint we expose
Protocol & auth flow report (PolishAPI scopes, OAuth2, eIDAS, fallback session chain)
Runnable source for login, statement, transfer, BLIK confirmation (Python and Node.js)
Postman / Bruno collection plus pytest / Jest test suite
Compliance memo (PSD2 + GDPR + Polish UODO references)

Engagement workflow

Scope confirmation: which surfaces (login, BLIK, statement, transfers, savings).
Protocol analysis & API design — 2 to 5 business days.
Build & internal validation — 3 to 8 business days against sandbox or authorized account.
Documentation, samples, test cases — 1 to 2 business days.
Typical first delivery: 5 to 15 business days end to end.

About OpenFinance Lab

We are an independent studio focused on fintech and open-data API integration. Our team draws from banks, payment gateways, mobile-protocol analysis and EU compliance — including hands-on experience with PolishAPI, Berlin Group NextGenPSD2, and the UK Open Banking standard. We ship end-to-end financial APIs under security and regulatory constraints, not generic scrapers.

Polish retail & SME banking integrations (PolishAPI, BLIK, Express Elixir)
Cross-border and pan-EU PSD2 connectors
Custom Python / Node.js / Go SDKs and test harnesses
Full pipeline: protocol analysis → build → validation → compliance memo
Source code delivery from $300 — runnable code and full documentation; pay after delivery.
Pay-per-call API billing — use our hosted endpoints with no upfront cost; ideal for usage-based pricing.

Contact

For quotes or to submit your target app and requirements, open our contact page:

Contact page

Mention "Pocztowy / pl.envelobank.aplikacja" in your message and which surfaces you need (login, statement, BLIK, transfers, savings, e-TOLL).

FAQ

Do you use the official PolishAPI PSD2 endpoints?

Yes. Where the bank exposes AIS, PIS, or CAF endpoints under PolishAPI 2.1.4 or 3.0.1, we wire the integration through those documented OAuth2 flows. Where a customer needs richer data than PSD2 grants (for example richer transaction memos, BLIK code lifecycle, or savings product details), we fall back to authorized session flows under the customer's own credentials.

How long does delivery take for Pocztowy?

A first delivery for login plus statement export usually lands in 5 to 10 business days. Adding BLIK confirmation, savings products, and standing orders typically extends the timeline to two or three weeks. Sandbox availability and TPP certificates can shift these numbers.

How do you handle GDPR and Polish data law?

We process data under the customer's authorization, log every access with timestamp and IP, store consent artefacts, and apply data minimization (we do not pull fields the customer did not request). Hosting region is configurable so personal data can stay inside the EU under GDPR.

What do I need to provide to start?

The target use case (for example: pull last 90 days of transactions for accounting), an authorized test account or TPP certificate, and the destination format you want (JSON, CSV, Excel, webhook). We take it from there.

📱 Original app overview (appendix)

Bank Pocztowy Mobile App lets customers manage money quickly and conveniently from a smartphone or tablet. The app is published on Google Play under the package pl.envelobank.aplikacja and on the App Store as "Pocztowy". It is a simple and secure way to do everyday banking.

Key features:

BLIK payments in stores, online and at ATMs
BLIK na telefon — transfers via phone number, available 24/7 since the 2024 update
Standard and instant transfers, with one-click "return transfer to sender"
Mobile phone top-ups in moments
Opening savings accounts and term deposits
Secure online card payments with 3D Secure
Automatic motorway-toll payment (e-TOLL)
Pre-login balance peek
Transparent transaction history with debit/credit split (introduced in the 2024 redesign)
Personalized dashboard with favourite features
Unified access to accounts, cards, savings and loans

Why is it worth it? Simple and intuitive use; 24/7 access to finances; high level of security, with security improvements in the 2024 release such as restricting transfer-confirmation emails to the user's own address or PDF-only export, and a CapsLock warning on the Pocztowy24 web login screen.