Privat24 for business — API integration & OpenBanking

Source-code package

• OpenAPI / Swagger specification covering statements, payments, FX, SmartID and webhooks
• Auth flow report: AutoClient Token + merchant ID, OAuth refresh and PSD2 consent objects
• Runnable Python and Node.js clients with retry, idempotency and rate-limit guards
• Pytest / Jest suites against a sandbox; replay fixtures for offline CI
• Deployment recipes for Docker, AWS Lambda and Cloud Run
• Compliance pack: data-retention notes, consent record templates, NBU and GDPR mapping

Engagement options

• Source-code delivery from $300 — runnable adapter plus full documentation; you only pay after acceptance.
• Pay-per-call hosted API — call our managed endpoints, pay per request, no upfront fee; ideal for finance teams that want a clean SLA without operating the bridge.
• Embedded engineer — a senior backend joins your sprint to wire Privat24 data into Odoo, BAS, 1C, NetSuite or a bespoke ERP.

1. ERP cash-flow sync for a Ukrainian SMB

A Kyiv-based agency with twelve UAH and three USD accounts wants the night-before reconciliation gap closed. We schedule AutoClient pulls every fifteen minutes, normalise the responses into ISO 20022-style records, and post them into Odoo's account.bank.statement with idempotent imports. The bank-side fields OPER, OSND and REF map to Odoo references so the controller does not lose context.

2. Multi-entity payroll & ESV filings

For groups running salary projects across two or more legal entities, we batch payroll registers from your HRIS, dispatch them to Privat24 for business, and surface a SmartID approval queue for the CFO. Once signed, the bank's confirmation flows back to HR with a per-employee status and the ESV (Unified Social Contribution) report is generated and queued for filing.

3. Currency exchange automation for exporters

Ukrainian IT exporters typically convert FX revenues within set windows. We subscribe to the trading-session-start notification, fetch indicative rates, run your conversion policy (e.g. convert 30% above 41.0 UAH/USD), and submit a deal via the FX endpoint. Confirmed deals close back into your treasury system with rate, fee and counter-value fields.

4. Real-time webhook bus for finance ops

Every credit on the operating account opens a Slack thread with the counterparty, amount and reference; every debit over a threshold triggers a four-eyes review. This uses the notification stream plus signed webhooks to your ingress; payloads are deduplicated with the bank's UNIQ_ID and replayed for 72 hours after an outage.

5. PSD2 AISP/PISP under Ukraine OpenBanking

Since August 2025, Ukrainian banks expose Accounts, Funds Confirmation and Payments APIs to licensed third parties. For accounting platforms holding a PSD2-aligned licence, we wire the consent flow, refresh long-lived AIS consents, and fall back to AutoClient when business-only features (salary projects, tax filings) sit outside the regulated surface.

1. Pull a daily statement (AutoClient)

POST /api/p24b/statements
Content-Type: application/json
Authorization: Bearer <ACCESS_TOKEN>
X-Merchant-Id: <MERCHANT_ID>

{
  "acc": "UA213996220000026007233566001",
  "startDate": "2026-05-01",
  "endDate":   "2026-05-04",
  "limit": 200,
  "cursor": null
}

200 OK
{
  "balances": { "open": "184320.55", "close": "201480.12", "currency": "UAH" },
  "transactions": [
    {
      "ref": "PB-2026-7781201",
      "uniqId": "a13c8e...",
      "amount": "12480.00",
      "currency": "UAH",
      "direction": "credit",
      "counterparty": { "name": "TOV PROMTECH", "iban": "UA20...0011" },
      "purpose": "Invoice 2026/204 dd 02.05.2026, incl. VAT 20%",
      "postedAt": "2026-05-03T09:14:12+03:00"
    }
  ],
  "nextCursor": "eyJvZmZzZXQiOjIwMH0="
}

2. Submit a payment + queue SmartID signing

POST /api/p24b/payments
Authorization: Bearer <ACCESS_TOKEN>
Idempotency-Key: 9f2c-7733-2026-05-04

{
  "from": "UA213996220000026007233566001",
  "to":   "UA763515330000026005000412345",
  "amount": "9450.00",
  "currency": "UAH",
  "purpose": "Payment for IT services per contract 17/2026",
  "taxCode": "40912233",
  "signing": { "method": "smartid", "user": "+380671112233" }
}

201 Created
{ "id": "pmt_01HZ...", "status": "AWAITING_SIGN", "signUrl": "https://p24-sign/..." }

# Webhook (signed): payment finalised
POST /webhooks/p24b
{ "id":"pmt_01HZ...", "status":"EXECUTED", "signedAt":"2026-05-04T11:02:55+03:00",
  "signature": { "type":"QES", "issuer":"PrivatBank SmartID", "hash":"sha256:..." } }

3. Subscribe to inbound notifications

PUT /api/p24b/webhooks
{
  "events": ["payment.credited", "payment.debited", "fx.deal.confirmed", "tax.filing.accepted"],
  "url": "https://erp.example.com/ingest/p24b",
  "secret": "whsec_***",
  "retry": { "max": 6, "backoff": "exponential" }
}

# Verify in your handler
HMAC_SHA256(secret, raw_body) == header["X-P24B-Signature"]

# On 5xx the bridge replays for 72h with jitter; duplicates are filtered by uniqId.

Regulatory alignment

Integrations follow Ukraine's Law on Payment Services (which transposes the EU's PSD2) and the National Bank of Ukraine's Open Banking technical specification that became binding in August 2025. Where personal data crosses borders we layer GDPR controls — lawful basis, data-subject rights and processor agreements — on top of Ukrainian privacy law (Law No. 2297-VI). For digital identity, work involving SmartID and Diia.Signature respects Cabinet of Ministers Resolution No. 689 (June 2025) on digital identification wallets aligned with eIDAS.

Operational controls

• Tokens and merchant IDs stored in HSM-backed secret managers; never logged in plaintext
• Per-tenant data isolation; tenant keys rotated on a rolling 90-day basis
• Audit log of every API call, signed payload and SmartID confirmation, retained for the longer of seven years or your local rule
• Consent records aligned with PSD2 AIS/PIS lifecycle (granted, revoked, expired)
• Data-minimisation defaults: only the fields you ask for are returned; PII is masked in non-production environments

Monobank Business

Ukraine's branchless mobile-first bank for sole proprietors and small companies. Customers using Monobank typically want a unified statement export so UAH/USD/EUR transactions across both banks land in the same ledger.

Oschadbank — Oschad 24/7

The state savings bank's online platform serves private, MSB and corporate clients. Integrations are common for entities with public-sector contracts that route payments through Oschadbank but reconcile in the same ERP as their Privat24 flow.

Raiffeisen Business Online (Raiffeisen Bank Ukraine)

Strong with mid-market and corporate clients; offers cards, deposits, FX and loan management. Many groups keep payroll in Privat24 for business and treasury in Raiffeisen, so a normalised feed is high value.

FUIB (Pumb) Business

One of Ukraine's largest private banks with a polished business app for SMEs. Pumb users often need a parallel statement and FX feed that matches the field set we expose for Privat24.

Sense Bank Business (formerly Alfa-Bank Ukraine)

Rebranded mid-market bank with payments, salary projects and corporate cards. It tends to appear in groups where Privat24 holds operating accounts and Sense holds subsidiary or FX accounts.

UKRSIBBANK BNP Paribas Business

Subsidiary of BNP Paribas, popular with exporters and trading companies for SEPA/SWIFT volume. Integration usually focuses on cross-border payments alongside Privat24 for domestic flows.

Ukreximbank Business

State-owned bank specialised in trade finance and large-ticket corporate banking. Often integrated for letters of credit and FX deals to complement Privat24's day-to-day operations.

LiqPay (PrivatBank)

PrivatBank's online payment processor used for e-commerce and merchant acquiring. Customers frequently combine LiqPay's settlement reports with Privat24's account statements for end-to-end revenue recognition.

OneSafe

Neobanking platform focused on Ukrainian businesses with both fiat and crypto needs. Integration patterns mirror Privat24's: statements, payments and a webhook bus into the customer's data stack.

Diia Business / Diia.Signature

Ukraine's state digital wallet for businesses, including the Diia.Signature qualified electronic signature. Increasingly relevant alongside SmartID for cross-app document signing flows.

About OpenFinance Lab

We are a small, senior studio focused on app interface integration and authorised API delivery for the OpenData, OpenFinance and OpenBanking space. The team has shipped fintech and SME-banking integrations across Ukraine, the EU, the UK, India, Brazil and Southeast Asia, with deep familiarity with PSD2-style consent models and the Ukrainian SmartID and Diia.Signature stacks.

• Banking, payments, payroll and tax-filing integrations
• Protocol analysis where public APIs do not yet cover a needed feature
• Production hand-off with documentation, runbooks and on-call notes
• Pricing models: source-code delivery from $300, or pay-per-call hosted endpoints

Contact

Send us the target app name (already covered for this page) and your concrete needs — accounts, payments, statements, FX, payroll, taxes — and we will scope a build.

Contact page

Engagement workflow

1. Scope confirmation: list the Privat24 for business surfaces you need (statements, payments, FX, salary, tax) and the target system (Odoo, BAS, 1C, SAP, custom).
2. Access provisioning: AutoClient Token + merchant ID, OpenBanking sandbox credentials, SmartID test profile (2–4 business days).
3. Adapter build and internal validation against the bank's sandbox (3–8 business days).
4. Documentation, sample payloads and pytest/Jest harness (1–2 business days).
5. Customer acceptance, hand-off and warranty period; first delivery typically lands in 5–15 business days.

FAQ

Do I need to be a PrivatBank business client to use the AutoClient API?

Can the integration sign payments and tax reports without a manual click?

How does this relate to Ukraine's August 2025 Open Banking rollout?

How long does delivery take and what does it cost?