Boubyan App API integration & OpenBanking Kuwait

OpenData · OpenFinance · OpenBanking · Protocol analysis · WAMD

Connect Boubyan accounts, cards, deposits and instant payments to your stack — under authorization

The Boubyan App from Boubyan Bank — named "World's Best Islamic Digital Bank" by Global Finance — keeps a rich layer of structured customer data behind its login: account balances, dated transaction history, card metadata and PIN-change state, deposit and Islamic finance schedules, WAMD instant-payment records, Western Union remittances, cardless-withdrawal codes and bill/eVoucher receipts. We turn that surface into documented, OpenBanking-style APIs your reconciliation, reporting or risk systems can call.

Account & transaction history API — Pull dated, categorised transaction lines per account with running balance, then feed accounting or expense tools. Useful for month-end reconciliation and cash-flow dashboards.

WAMD instant-payment API — Initiate and track KNET WAMD transfers keyed to a recipient's mobile number, plus the payment-link receive flow for any Kuwaiti debit card holder. Useful for payout automation and refund disbursement.

Cards & deposits API — Read card list and status, manage card PIN change requests, list fixed deposits and Islamic finance instalments with due dates. Useful for treasury views and collections reminders.

Statement export API — Generate account and card statements in PDF and Excel for any date range, with paging and filters. Useful for audit packs and bookkeeping handoff.

OpenData & OpenBanking context for The Boubyan App

Boubyan Bank is the second-largest Islamic bank in Kuwait and has built its franchise around the mobile channel: more than 15 services launched "for the first time in Kuwait" and roughly 99% of all financial transactions now flowing through the app. In 2024 the bank moved its retail, corporate and private banking onto a cloud-native, API-first core (a publicly announced Temenos modernisation programme), and it has plugged in transaction-enrichment partners such as Snowdrop to give customers cleaner merchant names and categories. That direction of travel — API-first core, enrichment partners, an AI assistant ("Msa3ed", described as Kuwait's first banking chatbot) — is exactly what makes an OpenData integration layer practical: the data is structured, server-side and already exposed to internal services.

Our job is to bridge that internal richness to the outside world in a controlled way. We perform mobile app protocol analysis and reverse engineering of the authorized client-server exchange, then re-express the useful flows — login and session refresh, account list, transaction history, statement export, card operations, deposit and finance schedules, WAMD send/receive, remittance status — as a clean REST or GraphQL surface with OpenAPI docs. Where Boubyan or the Central Bank of Kuwait publishes sanctioned interfaces, we prefer those; where only the app channel exists, we work strictly under your written authorization. Throughout this page we use long-tail terms such as "Boubyan transaction history API", "WAMD instant payment integration", "Kuwait OpenBanking statement export" and "Islamic finance schedule sync" because those are the real jobs teams hire this work for.

For background on the institution behind the app, see Boubyan Bank on Wikipedia and the Central Bank of Kuwait's overview of national payment systems including the WAMD real-time scheme at cbk.gov.kw.

What we deliver

Deliverables checklist

API specification (OpenAPI / Swagger) for every modelled Boubyan flow
Protocol and auth-flow report: device binding, OTP/login, token refresh, cookie/header chain
Runnable source for login, account list, transaction history and statement export (Python and Node.js)
WAMD send/receive client plus webhook receiver for settlement events
Automated test suite, Postman collection and a deployment guide
Compliance pack: consent records, data-minimisation notes, retention guidance, PCI DSS handling for card fields

Two engagement models

Source-code delivery from $300 — you receive runnable API source and full documentation; pay after delivery once you are satisfied.
Pay-per-call hosted API — call our managed endpoints and pay only per request, no upfront cost; good for teams that want usage-based pricing and no maintenance.
Both models include a scoping call, a sandbox walkthrough and 30 days of integration support.

Data available for integration (OpenData perspective)

The table below maps the most useful data objects inside The Boubyan App to the screen or feature that produces them, the granularity you can expect, and the typical downstream use. Rows are derived from the app's published feature set and public reporting; exact field availability is confirmed during the scoping call.

Data type	Source screen / feature	Granularity	Typical use
Account list & balances	Accounts dashboard	Per account: IBAN, type (current / savings / finance), available & ledger balance, currency	Cash position dashboards, multi-account treasury views
Transaction history	Account transactions, "Account Statements" (new look, 2024)	Per line: date, amount, direction, counterparty, enriched merchant name & category, running balance	Reconciliation, expense management, cash-flow forecasting
Statement document	Statement export (PDF + Excel, added 2024)	Per period: full transaction list, opening/closing balance, account holder block	Audit packs, bookkeeping handoff, loan applications
Card metadata & status	Cards screen, PIN change, lost-card / new-card request	Per card: masked PAN, scheme, status, request state, multi-currency card flag	Card lifecycle automation, fraud/risk signals
WAMD instant payments	WAMD send/receive, payment-link receive	Per transfer: amount, recipient mobile/alias, status (pending/settled/returned), reference	Payout automation, refund disbursement, P2P reconciliation
Cross-border remittances	International transfer, Western Union	Per remittance: amount, FX rate, beneficiary, corridor, status, MTCN where applicable	Treasury FX tracking, compliance screening logs
Deposits & Islamic finance	Deposits manager, finance payments	Per instrument: principal, profit rate, tenor, maturity date, instalment schedule	Maturity calendars, collections reminders, portfolio analytics
Bills & eVouchers	Bill payments (telecom, education), eVoucher store, beIN renewal	Per receipt: biller, amount, voucher code, timestamp, channel	Spend analytics, procurement records, reward reconciliation
Cardless withdrawal codes	Cardless withdrawal at Boubyan ATMs	Per request: amount, 4-digit + SMS code state, expiry, ATM redemption status	Cash logistics, disbursement to unbanked recipients

Typical integration scenarios

1 · Month-end reconciliation for a Kuwaiti SME

Business context: a trading company keeps its operating accounts at Boubyan and closes books monthly in an ERP. Data/API involved: POST /v1/boubyan/auth for a consented session, then GET /v1/boubyan/accounts and GET /v1/boubyan/transactions?from=&to= with paging. OpenBanking mapping: this mirrors a PSD2-style "account information service" — read-only access to balances and dated transactions, scoped by explicit user consent, returned as normalised JSON the ERP ingests nightly.

2 · WAMD payout automation

Business context: a marketplace refunds sellers and gig workers who only share a mobile number. Data/API involved: POST /v1/boubyan/wamd/transfers with recipient_mobile, amount, reference; settlement arrives via webhook: wamd.transfer.settled. OpenBanking mapping: this is a "payment initiation service" pattern on top of Kuwait's KNET WAMD real-time rail — the integrator never touches card data, only initiates and reconciles credit transfers.

3 · Statement export for lending & KYC

Business context: a fintech underwrites consumer finance and needs six months of verified statements. Data/API involved: POST /v1/boubyan/statements returning a signed PDF + structured Excel for the requested period; transactions are also streamed as JSON for scoring. OpenBanking mapping: account verification and affordability checks built on consented, machine-readable statements rather than uploaded screenshots — auditable and tamper-evident.

4 · Cross-border remittance dashboard

Business context: a corporate treasury sends supplier payments abroad and via Western Union from Boubyan. Data/API involved: GET /v1/boubyan/remittances with corridor, FX rate, status and MTCN; status updates via webhook: remittance.status.changed. OpenBanking mapping: an OpenFinance "transaction data" feed extended to international flows, feeding an FX and compliance dashboard with screening logs.

5 · Card lifecycle & deposit maturity automation

Business context: a wealth app wants to remind users before a fixed deposit matures and surface card issues. Data/API involved: GET /v1/boubyan/cards, POST /v1/boubyan/cards/{id}/pin (change request), GET /v1/boubyan/deposits with maturity dates and instalment schedules. OpenBanking mapping: product-data plus a limited "action" surface — read product state, raise a card request or PIN change, never store sensitive material beyond the session.

Technical implementation

Below are representative request/response shapes. Field names are illustrative and finalised during scoping; authentication follows the app's own authorized flow (device binding plus OTP, exchanged for short-lived bearer tokens with rotating refresh tokens).

Login & session (pseudocode)

POST /v1/boubyan/auth
Content-Type: application/json

{
  "civil_id": "2890XXXXXXXX",
  "device_id": "bnd-7f3c...",
  "otp": "481920"
}

200 OK
{
  "access_token": "eyJhbGci...",      // ~15 min TTL
  "refresh_token": "rt_9a2b...",       // rotated each use
  "consent_id": "cns_3d1e...",
  "scopes": ["accounts.read","tx.read","statements.read","wamd.write"]
}

// Errors: 401 invalid_otp · 423 device_not_bound · 429 too_many_attempts

Transaction history (pseudocode)

GET /v1/boubyan/transactions?account_id=KW81BBYN...&from=2026-04-01&to=2026-04-30&page=1&page_size=100
Authorization: Bearer <ACCESS_TOKEN>
X-Consent-Id: cns_3d1e...

200 OK
{
  "account_id": "KW81BBYN...",
  "currency": "KWD",
  "page": 1, "page_size": 100, "has_more": true,
  "items": [
    {
      "txn_id": "t_88f1",
      "booked_at": "2026-04-27T11:04:00+03:00",
      "amount": -12.500,
      "direction": "debit",
      "counterparty": "TALABAT KUWAIT",
      "category": "food_delivery",          // enriched
      "running_balance": 842.375,
      "channel": "card_pos"
    }
  ]
}

WAMD transfer + webhook (pseudocode)

POST /v1/boubyan/wamd/transfers
Authorization: Bearer <ACCESS_TOKEN>
Idempotency-Key: 5b1f-...

{
  "from_account": "KW81BBYN...",
  "recipient_mobile": "+9655XXXXXXX",
  "amount": 25.000,
  "currency": "KWD",
  "reference": "refund-INV-3391"
}

202 Accepted
{ "transfer_id": "wamd_a91c", "status": "pending" }

// Later, to your endpoint:
POST https://your-app/webhooks/boubyan
{ "event": "wamd.transfer.settled",
  "transfer_id": "wamd_a91c", "status": "settled",
  "settled_at": "2026-04-27T11:05:12+03:00" }
// Verify HMAC in X-Signature header before processing.

Statement export (pseudocode)

POST /v1/boubyan/statements
Authorization: Bearer <ACCESS_TOKEN>

{ "account_id": "KW81BBYN...",
  "from": "2025-11-01", "to": "2026-04-30",
  "formats": ["pdf","xlsx","json"] }

200 OK
{
  "statement_id": "st_44de",
  "pdf_url":  "https://files.../st_44de.pdf?exp=...",
  "xlsx_url": "https://files.../st_44de.xlsx?exp=...",
  "json": { "opening_balance": 1320.000, "closing_balance": 842.375, "lines": [ ... ] }
}
// 404 account_not_found · 422 range_too_large · 409 statement_pending

Error handling & resilience notes

Every write endpoint requires an Idempotency-Key; replays return the original result, not a duplicate transfer.
Token refresh is automatic in the SDK; a 401 with token_expired triggers one silent refresh before surfacing an error.
Rate limits are returned in X-RateLimit-* headers; the client backs off with jitter on 429.
Webhook receivers must verify the HMAC signature and treat delivery as at-least-once (dedupe on transfer_id + event).

Compliance & privacy

Regulatory alignment

We operate only under customer authorization or documented, authorized interfaces. Boubyan is supervised by the Central Bank of Kuwait, whose digital-payment guidance and the KNET-operated WAMD real-time scheme rules govern instant transfers. Personal data handling follows Kuwait's CITRA Data Privacy Protection Regulation; any card data touched in scope is handled per PCI DSS; cross-border remittances respect AML/CFT screening obligations. Where applicable to non-resident or UK-linked flows (for example via Boubyan's Nomo digital bank), we also align with UK FCA and UK GDPR expectations.

What we build in by default

Explicit consent capture with a consent_id stamped on every read; consents are revocable and time-boxed.
Data minimisation — only the fields you scoped are returned; PANs stay masked unless a justified, logged exception applies.
Immutable audit log of every API call (who, when, which consent, which records).
Retention windows you control, plus a documented deletion path; NDAs and a DPA on request.

Data flow / architecture

The pipeline is deliberately short: Boubyan App client / authorized channel → our Integration & Auth API (protocol adapter, token broker, rate limiter) → normalisation & storage (consent store, transaction warehouse, document vault) → your output (REST/GraphQL responses, Excel/PDF statements, webhooks to your ERP, accounting tool or risk engine). Reads are cached briefly and invalidated on new events; writes (WAMD, card requests) bypass cache and are idempotent. You can consume the hosted API directly, or take the source and run the same pipeline inside your own VPC.

Market positioning & user profile

The Boubyan App is primarily a B2C retail and private-banking app for customers in Kuwait — salaried residents, expatriates remitting abroad, small businesses running operating accounts, and affluent users managing deposits and Islamic finance — with Android and iOS as the focus platforms and a heavy mobile-first bias (around 99% of the bank's transactions occur in-app). It has won "World's Best Islamic Digital Bank" from Global Finance and "Best Customer Service in Kuwait" from Service Hero, and sits alongside the bank's broader ecosystem: the AI assistant Msa3ed, the rewards programme, and Nomo — the Boubyan-majority-owned UK Islamic digital bank that was the first to bring Apple Pay to Kuwait. Integration demand therefore clusters around two profiles: Kuwaiti businesses wanting their own bank data in their tools, and regional fintechs / accounting platforms wanting Boubyan as one connector among many GCC banks.

Screenshots

Tap any screenshot to view it larger.

Similar apps & the Kuwait integration landscape

Teams rarely integrate one bank in isolation. The apps below sit in the same Kuwaiti / GCC digital-banking space; we list them only to describe the ecosystem and to help anyone researching these names find this page. We do not rank or criticise them.

Kuwait digital banking apps

Weyay Bank — NBK's digital-only neobank for younger users; holds account, card and instant-payment data. Customers who use Boubyan and Weyay often want one unified transaction export across both.
NBK Mobile Banking — National Bank of Kuwait's flagship app with accounts, cards, loans and WAMD; a common second connector in corporate reconciliation projects.
KFH Online — Kuwait Finance House's feature-rich Islamic banking app (payments, QR, KFH Pay over KNet); similar deposit and finance-schedule data shapes to Boubyan.
Tam (by KFH) — KFH's youth-focused neobank; balances, cards and P2P transfers that map cleanly onto the same OpenData schema.
Gulf Bank Mobile Banking — strong digital platform with accounts, cards and a WAMD phone-number transfer feature; another GCC connector for treasury dashboards.

More banking apps in the ecosystem

Warba Bank app — digital-first Islamic bank in Kuwait; current accounts, finance products and instant transfers that benefit from the same statement-export tooling.
Burgan Bank app — retail and corporate banking with WAMD instant payments; frequently bundled into multi-bank cash-management integrations.
KIB (Kuwait International Bank) app — Islamic banking with accounts, cards and bill payments; comparable data inventory for reconciliation use cases.
Nomo Bank — Boubyan-majority-owned UK Islamic digital bank (GBP/USD accounts, Mastercard debit, Apple Pay); relevant when a customer needs Kuwait and UK balances in one view.
boubyan Boonus — the bank's rewards/loyalty companion; loyalty-point and redemption data that pairs with transaction data for spend analytics.

If you work with any combination of these — say, Boubyan transaction history plus Weyay and KFH balances — we can deliver a single normalised schema so downstream tools do not care which bank a row came from.

About us

We are an independent technical studio focused on mobile app interface integration and authorized API integration, with a fintech and open-data specialism. Our engineers come from banks, payment processors, protocol-analysis backgrounds and cloud platforms, and we have shipped account, card, statement and payment APIs for clients across the GCC and beyond.

Digital banking, payments, remittances, insurtech and cross-border clearing
Enterprise API gateways, SDKs (Python / Node.js / Go) and security reviews
End-to-end delivery: protocol analysis → build → validation → compliance pack
Source-code delivery from $300 — runnable API source plus full docs; pay after delivery upon satisfaction
Pay-per-call hosted API — usage-based pricing, no upfront cost, no maintenance burden on your side

Contact

To request a quote or submit your target app and requirements, open our contact page. Tell us which Boubyan data you need (transactions, balances, statements, WAMD, deposits) and your preferred engagement model.

Contact page

Engagement workflow

Scope confirmation — which Boubyan flows you need (login, accounts, transactions, statements, WAMD, cards, deposits) and the engagement model.
Protocol analysis and API design — device binding, auth, token refresh, endpoint mapping (2–5 business days, complexity-dependent).
Build and internal validation against sandbox / authorized access (3–8 business days).
Documentation, Postman collection, sample apps and automated tests (1–2 business days).
Handover and 30 days of support; first delivery typically 5–15 business days, longer for real-time webhooks or multi-account corporate flows.

FAQ

What do you need from me to start a Boubyan App integration?

The target app name (The Boubyan App, provided), the concrete data you need (e.g. account transactions, balances, card details, WAMD transfer status, deposit list), and any sandbox credentials, corporate banking access or written authorization you already hold.

How long does delivery take?

Usually 5 to 15 business days for a first API drop with documentation. Login plus statement export is on the short end; real-time WAMD webhooks, multi-account corporate flows or full reconciliation pipelines take longer.

How do you handle compliance and privacy?

We work only under customer authorization or documented, authorized interfaces, aligned with Central Bank of Kuwait digital payment guidance, Kuwait's CITRA Data Privacy Protection Regulation, PCI DSS for card data, and KNET WAMD scheme rules. We ship consent logging, data-minimization guidance and audit trails, and sign NDAs on request.

Can you cover WAMD instant payments and Western Union transfers?

Yes. We model the WAMD send/receive flow keyed to a mobile number, the payment-link receive flow for Kuwaiti debit card holders, and cross-border remittance status tracking, exposed as REST endpoints with webhooks for settlement events.

📱 Original app overview — The Boubyan App (appendix)

The Boubyan App is the mobile banking application of Boubyan Bank, the second-largest Islamic bank in Kuwait. With more than 15 services launched "for the first time in Kuwait", it positions itself as the standard-setter for digital banking in the country, and the bank reports that around 99% of all financial transactions now happen in the app. It has been recognised as "World's Best Islamic Digital Bank" by Global Finance and for "Best Customer Service in Kuwait" by Service Hero.

What customers can do in the app, per Boubyan's own description and recent updates:

View accounts and transactions instantly; open a new account or a fixed deposit; manage existing deposits and Islamic finance, including making finance payments.
Change a card's PIN code, request a replacement for a lost card or a new card and pick it up at a Boubyan ATM 24/7, and add the multi-currency card to the device wallet.
Send and receive money worldwide via normal bank transfers or Western Union; send money to any Kuwaiti Civil ID holder; receive payments instantly from any Kuwaiti debit card holder by sharing a payment link; use the WAMD instant-payment service (refreshed in 2024 with more transfer capabilities).
Withdraw cash without a card at any Boubyan ATM in Kuwait — set the amount in the app, then collect it with a 4-digit code plus a 6-digit SMS code (which can be forwarded to someone else to collect on your behalf).
Pay telecom and education bills; buy eVouchers (Play Store gift cards, PlayStation, Xbox) with instant codes; renew a beIN subscription.
Newer touches include a refreshed "Account Statements" experience with PDF and Excel export, "Boubyan Playback" year-in-review summaries, the Msa3ed AI chatbot, and a 2024 core-banking modernisation onto an API-first, cloud-native platform.

Package ID: com.boubyanapp.boubyan.bank · Platforms: Android & iOS. This page is an independent technical-integration write-up; "The Boubyan App" and "Boubyan Bank" are the property of their respective owners and are referenced here for identification only.