SNB Mobile API integration & SAMA OpenBanking services

OpenData · OpenFinance · SAMA OpenBanking · Protocol analysis

Connect SNB Mobile accounts, transactions and transfers to your stack — under SAMA rules

SNB Mobile (com.snb.alahlimobile) is the digital banking app of The Saudi National Bank, the kingdom's largest lender by assets. We deliver focused integrations on top of it: account login mirroring, IBAN-aware statement export, transfer status tracking, savings and standing-order data, and consent-aware data feeds for downstream ERP and analytics systems.

High-value data: retail and corporate transactions, IBAN balances, FX transfer states, Musaned salary payouts, savings pocket events.
Regulated channel: aligned with the SAMA Open Banking Framework launched in November 2022 (Account Information and Payment Initiation services live).
Two pricing models: source-code delivery from $300, or hosted pay-per-call APIs with no upfront fee.

Account login APIs — Mirror the in-app authorization flow (device binding, biometric step-up, OTP) so backend services can keep a fresh session without re-prompting users on every job.

Statement & transaction APIs — Paginated transaction history with date ranges, channel filters (POS, ATM, transfer, salary, standing order) and export to JSON, CSV, Excel or PDF for accounting reconciliation.

Transfer lifecycle APIs — In 2024 SNB shipped the ability to cancel and modify local and international transfers based on transaction eligibility; we expose those state transitions as webhook events your back office can subscribe to.

NEO multi-currency support — SNB launched NEO in September 2024 as a lifestyle digital banking brand whose debit card supports up to 20 currencies; we wire its FX events and rewards ledger into a single normalized schema.

What we deliver for SNB Mobile

Deliverables checklist

OpenAPI 3.1 specification covering login, accounts, transactions, transfers, statements, savings.
Protocol & auth flow report (TLS pinning posture, device-binding, refresh-token rotation, OTP step-up).
Runnable source in Python or Node.js with retry, idempotency keys, and pagination helpers.
Postman collection, integration test harness, and synthetic data fixtures.
Compliance memo: SAMA Open Banking principles, KSA Personal Data Protection Law (PDPL) data-minimization, retention defaults.
Operational runbook for token rotation, error codes, and IBAN-format edge cases.

Engagement options

Source-code delivery from $300 — receive runnable client code, schemas, and docs; pay after acceptance.
Hosted pay-per-call API — call our endpoints, pay only for what you use; ideal for variable workloads such as month-end statement pulls.
Embedded engineer — short-term retainer for teams that need protocol analysis support during their own build.

Data available for integration

The table below summarises the data points we typically expose. Coverage depends on the customer's authorization scope and the regulatory channel used; multi-account corporate clients usually unlock the richest set.

Data type	Source (screen / feature)	Granularity	Typical use
Account profile & IBAN list	Accounts overview, profile	Per account, per holder	KYC reuse, customer onboarding sync
Balance & available funds	Home tile, account detail	Real-time on pull, snapshot on schedule	Treasury dashboards, liquidity monitoring
Transaction history	Latest Transactions, statement download	Per transaction (date, channel, amount, narration)	Reconciliation, ERP ledger sync, expense reporting
Local & international transfers	Transfers module (cancel/modify supported in 2024)	Per transfer leg with status events	Treasury ops, FX cost analytics, dispute handling
Savings Pocket events	Savings Pocket service	Per round-up / fixed-amount transfer	Behavioural analytics, customer segmentation
Standing orders & scheduled payments	Standing-order setup, My Family allowances	Per schedule with next-run timestamp	Cash-flow forecasting, retention analytics
Cards & spending controls	Cards module, Private Card design	Card masked PAN, channel-level limits	Fraud signals, expense-policy enforcement
Mutual fund & investment positions	Investment Mutual Funds detail	Per holding with NAV timestamp	Wealth aggregation, advisor dashboards
Musaned salary payments	Musaned service	Per worker, per pay cycle	HR payroll automation, compliance evidence
NEO multi-currency card events	NEO mobile app	Per FX trade with rate & fee	Cross-border spend analytics, traveller reporting

Typical integration scenarios

1. ERP and accounting reconciliation

A Riyadh-based trading group with a SAP backend wants daily SAR transaction feeds for ten SNB corporate accounts. Our connector pulls statement and balance data via the Account Information channel, normalises narration fields, and posts journal entries through SAP S/4HANA's API. Maps directly to the SAMA Open Banking AIS use case.

2. Treasury dashboard for SAR/USD/AED positions

A multi-entity group with SNB Mobile (Saudi) and SNB UAE accounts needs one liquidity view. We aggregate IBAN-level balances and FX-converted USD totals, push them to a Looker dashboard, and feed exception rules (negative balance, unexpected outflow) into Slack and Microsoft Teams. The flow uses the bank's transfer status events to detect in-flight SWIFT legs.

3. Musaned payroll evidence pipeline

HR teams that pay domestic workers via SNB's Musaned service must keep auditable evidence of each transfer. Our integration captures the Musaned event (worker ID, amount, status), stores it in object storage with a hash and timestamp, and exposes a search API for labour-ministry inspections. This maps to compliance use cases under PDPL data-retention rules.

4. Fintech onboarding with consent reuse

A licensed Third-Party Provider under the SAMA Open Banking Framework wants to skip duplicate KYC. We exchange the customer consent token, fetch profile + 12-month transaction history, and produce a risk score and verified-income summary. The handover follows the framework's customer-experience guidelines for consent screens and revocation flows.

5. NEO cross-border spend analytics

Travel-tech operators using the NEO multi-currency card request a granular spend feed. Our pipeline normalises FX trades into a single ledger with merchant category, original currency, settlement currency and SNB rate, then drives traveller-by-traveller reporting and policy alerts.

Technical implementation

Authorization & session

POST /api/v1/snb/auth/session
Content-Type: application/json
X-Idempotency-Key: 2cf1-91b3-a4d2

{
  "channel": "snb-mobile",
  "device_binding": "ed25519:pubkey...",
  "consent_id": "cnst_01HW9...",
  "scope": ["accounts:read","transactions:read","transfers:read"]
}

200 OK
{
  "session_id": "sess_01HXA...",
  "expires_at": "2026-05-08T11:42:00Z",
  "refresh_after": 1500,
  "step_up_required": false
}

Statement query (paged)

POST /api/v1/snb/statements
Authorization: Bearer <ACCESS_TOKEN>
Content-Type: application/json

{
  "iban": "SA0380000000608010167519",
  "from_date": "2026-04-01",
  "to_date":   "2026-04-30",
  "channels":  ["TRANSFER","POS","SALARY"],
  "page":      1,
  "page_size": 200
}

200 OK
{
  "page": 1,
  "total_pages": 3,
  "currency": "SAR",
  "transactions": [
    {
      "id": "txn_01HX...",
      "ts": "2026-04-03T08:14:12Z",
      "amount": -245.00,
      "channel": "POS",
      "merchant": "PANDA HYPERMARKET RIYADH",
      "narration": "POS SAR 245.00",
      "balance_after": 9821.55
    }
  ]
}

Transfer-status webhook

POST https://your-backend.example/webhooks/snb
X-Signature: t=1715168400,v1=9f2a...
Content-Type: application/json

{
  "event": "transfer.status_changed",
  "transfer_id": "trf_01HX...",
  "old_status": "PENDING",
  "new_status": "CANCELLED_BY_CUSTOMER",
  "reason_code": "USER_CANCEL",
  "occurred_at": "2026-05-08T09:11:03Z"
}

# Recommended handling:
# 1. Verify HMAC signature against rotating secret.
# 2. Idempotency by transfer_id + new_status.
# 3. Reconcile against your in-flight ledger and emit
#    a 'TRF_CANCELLED' event downstream.

Error model

Errors follow a structured envelope with code, http_status, retryable, and guidance. Common cases include CONSENT_EXPIRED (re-authorize), STEP_UP_REQUIRED (push to mobile OTP), RATE_LIMIT (back off with jitter), and IBAN_NOT_OWNED (consent scope mismatch). Each error is mapped to a SAMA-aligned remediation message your client can surface to end users.

Compliance & privacy

All SNB Mobile work runs under explicit customer authorization or documented public/regulated channels. We design every client to fit the SAMA Open Banking Policy, which has been live since the framework launch in November 2022 and is part of the Vision 2030 Financial Sector Development Program. Account Information Services (AIS) and Payment Initiation Services (PIS) are the two regulated surfaces we lean on. Data handling also aligns with the Saudi Personal Data Protection Law (PDPL) — minimization by default, retention windows declared up front, and data-subject access surfaces ready for audit.

Where customers operate cross-border, we map the same controls to GDPR, the UK FCA Open Banking model, and the UAE Central Bank's Open Finance Regulation, so a single client can serve Saudi, UAE and European deployments without behavioural drift.

Security defaults

TLS 1.3 with certificate pinning observed at the mobile-app layer.
Short-lived access tokens, refresh-token rotation, and device-bound keys.
Webhook signing with rotating shared secrets and replay protection.
Per-tenant secret isolation in HashiCorp Vault or AWS Secrets Manager.
Structured audit log retained for the SAMA-recommended period, hash-chained for tamper evidence.

Data flow & architecture

The reference pipeline keeps the moving parts small and inspectable: SNB Mobile client → SAMA-aligned API gateway → Normalisation worker → Object & warehouse storage → Customer API or webhook. The gateway terminates TLS, validates consent tokens and applies rate limiting. The worker converts bank-side schemas to a normalised form (ISO 20022-friendly fields, ISO 4217 currencies, IBAN canonicalisation) and writes immutable raw payloads to object storage for replay. Curated tables land in a warehouse such as BigQuery or Snowflake, while a thin customer-facing API serves real-time queries and outbound webhooks.

Ingestion: auth, statements, transfers, savings, NEO FX events.
Normalisation: field mapping, currency conversion, deduplication.
Storage: raw object store + curated warehouse, both with PDPL retention tags.
Outputs: REST API, webhook, scheduled CSV/Excel exports for finance teams.

Market positioning & user profile

SNB Mobile users are predominantly Saudi residents — retail customers, expatriate workers using Musaned, family account holders using the My Family feature, and SME/corporate operators of bulk-transfer accounts. Following the 2021 merger of NCB and Samba into the Saudi National Bank, the app inherited a very large customer base, making it one of the most installed finance apps in the kingdom on both Android and iOS. SNB has also been recognised in Global Finance's 2025 World's Best Digital Banks regional awards, and its NEO digital sub-brand (launched September 2024) targets younger, multi-currency users with a lifestyle banking proposition. The integration audience for this page is therefore split between three groups: corporate clients with multi-account treasury needs, fintech Third-Party Providers licensed under SAMA, and cross-border product teams covering both SNB Mobile and SNB UAE.

Screenshots

Click any thumbnail to view a larger version. Screenshots are sourced from the public Google Play listing.

Similar apps & integration landscape

Customers building on SNB Mobile usually also need data from neighbouring apps in the Saudi and broader GCC banking ecosystem. The list below is intended as an integration map, not a ranking — each app holds different data shapes that frequently appear in the same reconciliation, treasury or KYC pipeline.

Al Rajhi Bank — The world's largest Islamic bank by assets; its retail app is the most common counter-party for inbound transfers and salary credits, so unified transaction exports across SNB and Al Rajhi are a frequent ask.

Riyad Bank — Strong in corporate banking; teams reconciling supplier payments often need both Riyad Bank and SNB statement feeds in one ledger view.

Alinma Bank — Shariah-compliant retail and SME bank; its data is typically combined with SNB for integrated Islamic-finance dashboards.

Bank Albilad — Active in remittance and SME services; its FX flows pair naturally with SNB international transfers in cross-border reporting.

Saudi Awwal Bank (SAB) — HSBC's Saudi affiliate after the SABB merger; popular with multinationals that also bank with SNB for local SAR settlement.

STC Pay — One of the largest digital wallets in Saudi Arabia, ranked among the top finance apps in the kingdom; many integrations need to consolidate SNB bank balances with STC Pay wallet activity.

urpay — Stand-alone wallet from STC Bank with QR payments and remittance; appears alongside SNB in employee-spend and freelancer payout flows.

Mobily Pay — Telco-driven wallet; recurring top-up and bill-pay events frequently sit next to SNB salary credits.

NEO (by SNB) — SNB's own lifestyle digital bank launched in September 2024; some clients run NEO and the legacy SNB Mobile flows side by side and need unified card and FX feeds.

SNB UAE / Emirates NBD — Cross-border SNB customers in the UAE and groups with Emirates NBD relationships often consolidate both feeds for a single GCC liquidity view.

About OpenFinance Lab

We are an independent technical studio focused on mobile fintech, OpenData and OpenFinance API integration. Our team brings hands-on experience from retail banks, payment processors, mobile-protocol analysis and cloud infrastructure, and we regularly work with clients in the GCC, EU and Southeast Asia.

Saudi National Bank, NEO, Al Rajhi, Alinma and other GCC banking integrations.
Statement, transfer and balance APIs, plus reconciliation and exports for finance teams.
Custom Python, Node.js and Go SDKs with test harnesses and Postman collections.
End-to-end pipeline: protocol analysis → build → validation → SAMA / PDPL compliance review.
Source-code delivery from $300 — receive runnable client code and full documentation; pay after delivery upon satisfaction.
Pay-per-call hosted API — call our endpoints, pay only per call, no upfront fee; ideal for variable workloads.

Contact

Send us the target app (already SNB Mobile), the data you need, and the regions involved. We respond within one business day with scope and a fixed-price quote.

Contact page

Engagement workflow

Scope confirmation: target accounts (retail, corporate, NEO), data needs, region (Saudi or SNB UAE).
Protocol analysis and API design (2–5 business days, complexity-dependent).
Build and internal validation against synthetic and authorized live data (3–8 business days).
Documentation, sample apps, integration tests, and compliance memo (1–2 business days).
Typical first delivery: 5–15 business days; SAMA-related approvals or third-party sandboxes may extend timelines.

FAQ

What do you need from me to start an SNB Mobile integration?

The target app name (already SNB Mobile), a written description of the data you need (transactions, statements, balances, transfer status), the regions and account types involved (Saudi retail, corporate, or SNB UAE), and any sandbox or third-party provider credentials you already hold under the SAMA Open Banking Framework.

How long does delivery take for an SNB Mobile API package?

Most first deliveries land in 5 to 12 business days for account login, statement export and balance sync. Multi-account corporate flows, NEO multi-currency reconciliation, and high-throughput webhook stacks usually take longer because of additional validation.

How do you handle SAMA compliance and customer privacy?

We work only on documented or authorized APIs, follow the SAMA Open Banking Framework principles of explicit consent, data minimization and strong authentication, and align with the Saudi Personal Data Protection Law. All access is logged, consent records are retained, and we hand over data-retention guidance with the delivery.

Do you support both SNB Mobile (Saudi) and SNB UAE?

Yes. The Saudi app (com.snb.alahlimobile) and SNB UAE share the same underlying brand and several common flows. We can deliver a unified client that routes per region, with separate auth domains and statement schemas for each entity.

📱 Original app overview (appendix)

SNB Mobile is the official digital banking application of The Saudi National Bank (SNB), the kingdom's largest bank, formed in 2021 by the merger of National Commercial Bank (NCB / AlAhli) and Samba Financial Group. The app delivers core retail and SME banking services — account opening, balance and statement queries, local and international transfers, card management, bill payments, savings products, mutual-fund investments and Musaned domestic-worker payments — all designed to remove the need for branch visits.

Account login with biometric, OTP and device-binding step-up.
Latest Transactions feed with date-range statement download (PDF) at no fee.
Local and international SAR / FX transfers with cancel and modify support added in 2024.
Savings Pocket round-up and standing-order tooling for behavioural saving.
My Family feature for adding family members, opening minor accounts and scheduling allowances.
Investment Mutual Funds detail screens, Private Card design, and exclusive offers page.
NEO digital banking sub-brand launched September 2024 with multi-currency debit card (up to 20 currencies) and lifestyle rewards.
Push-notification channel for real-time confirmation of financial transactions.
SNB UAE companion app for cross-border customers, sharing common flows with the Saudi build.

Operationally, SNB participates in the SAMA Open Banking Framework launched in November 2022, which positions Account Information and Payment Initiation services as a regulated channel for Third-Party Providers under the kingdom's Vision 2030 financial-sector modernization.