YAP (Nexi) API integration & OpenBanking services
Authorized protocol analysis and production-ready APIs for the Italian prepaid Mastercard app — IBAN, statements, top-ups, peer transfers, and PSD2-aligned data flows.
Connect YAP accounts, prepaid Mastercard data and SEPA flows to your stack — compliantly
YAP, owned by Nexi Payments (Italy), serves over 850,000 users with a free prepaid Mastercard, an Italian IBAN to receive SEPA transfers, peer-to-peer money requests, Google Pay support and cash top-ups at Mooney points and tobacconists. Our team delivers authorized API implementations that surface this data to your back office, ERP, accounting tools, or analytics platform under PSD2 and GDPR rules.
Why YAP data is valuable for OpenData / OpenFinance
YAP is one of Italy's largest youth-focused prepaid card products and a meaningful source of micro-payment behavior — 850,000+ active customers, an Italian IBAN that receives SEPA transfers, a virtual Mastercard linked to Google Pay, and peer-to-peer money requests across families and friend groups. As a regulated Nexi product, YAP data sits inside the PSD2 perimeter and can be surfaced through authorized account-information services, while the in-app activity and notification streams expose granular spend signals that traditional banks do not. In 2024 and into 2025 the app received iterative updates (latest noted on March 3, 2025) covering refreshed onboarding, Apple Pay/Google Pay flows, and improved transaction lists — making it a moving target that benefits from a maintained protocol-analysis layer rather than a one-off scrape.
For a finance team or a fintech platform, the practical question is simple: can you turn a YAP user's account into a structured feed of transactions, balances, and top-ups that flows into a parent dashboard, an accounting system, or a compliance archive? That is exactly what an authorized YAP API integration delivers — without forcing the customer to download CSVs by hand or screenshot the in-app history.
Data available for integration
The table below summarizes the data types most commonly requested by clients building on top of YAP. Each row reflects what is observable in the app today and how it maps to a typical OpenData / OpenFinance integration.
| Data type | Source (screen/feature) | Granularity | Typical use |
|---|---|---|---|
| Mastercard prepaid card transactions | Activity / Movements list | Per-transaction: amount, merchant, MCC, currency, timestamp, status | Reconciliation, expense reports, AML monitoring |
| SEPA inbound transfers | IBAN credits | Per-credit: payer name, IBAN, amount, value date, reference | Income tracking, reconciliation against invoices |
| Card top-ups | Top-up flow (Visa / Mastercard / VPay / Postepay / Maestro-PagoBancomat) | Per-event: source card mask, amount, fee, status | Funding-source ledger, fraud signals |
| Cash top-ups | Mooney bars / tobacconists | Per-event: location code, amount, timestamp | Cash-in audit trail, regional usage analytics |
| Peer-to-peer transfers | "Send money" / "Ask money" between YAP users | Per-event: counterparty handle, note, amount, status | Group expense apps, bill-split reconciliation |
| Account profile & KYC state | Onboarding / Profile | Verification status, age band, document type | Eligibility gates for parent-controlled accounts, partner offers |
| Real-time spend notifications | Push notification stream | Per-payment event with merchant + amount | Live dashboards, parental controls, instant alerts |
| Google Pay / contactless events | NFC tap at POS | Per-tap with terminal ID, location hint | Loyalty, in-store analytics |
Typical integration scenarios
1. Family budgeting & parental oversight
YAP is widely used by parents and teens (minimum age 12 with parental consent). A budgeting app can authorize the parent's child account, pull the prepaid card transactions and weekly top-ups, and render a shared spending plan. The integration touches the statement API, peer-to-peer transfer events (parent → child), and the notification webhook so guardians see purchases live.
2. Accounting export for self-employed users
A solopreneur using YAP for low-volume client receipts via SEPA can connect their account to an accounting tool. The integration consumes inbound IBAN credits, tags them by counterparty, and generates Italian-format invoices and quarterly summaries. The same flow exposes Mastercard purchases for input-VAT capture where eligible.
3. Group expense and bill-split apps
YAP's "Send" and "Ask money" features are widely used to split pizza bills, manage holiday funds, and collect group gifts. A travel or roommates app can normalize these P2P events into shared ledgers, settle imbalances, and reconcile against external apps such as Splitwise, Tricount, or Settle Up via an OpenFinance-style pipeline.
4. AML, fraud, and risk control
Compliance teams at lenders or marketplaces can ingest YAP transaction histories and top-up sources to score risk: detect rapid card-to-card cycling, flag mismatched merchant categories, or monitor cross-border MCCs. The integration combines statement queries, top-up provenance and KYC state through a consent-based PSD2 channel.
5. Loyalty & cashback engines
Retailers and cashback platforms can correlate YAP purchases (merchant, MCC, geolocation hint from contactless taps) with their loyalty IDs, granting in-app rewards in near real time. The pipeline relies on the notification webhook plus the statement API for periodic reconciliation.
What we deliver
Deliverables checklist
- OpenAPI / Swagger specification for the YAP-facing endpoints
- Protocol and auth flow report (token / OTP / biometric step-up chain)
- Runnable source code in Python or Node.js for login, statement, top-up reconciliation
- Webhook receiver template for real-time spend events
- Postman collection, sample CSV / JSON exports and replay logs
- Compliance notes: PSD2 SCA, GDPR retention, Italian Garante guidance
- Two engagement models: source-code delivery from $300 or pay-per-call hosted API
API example: statement query
// 1) Fetch prepaid card statement for a YAP user (pseudocode)
POST /api/v1/yap/statement
Content-Type: application/json
Authorization: Bearer <ACCESS_TOKEN>
{
"account_id": "yap_user_8f2c",
"iban": "IT60X05428...",
"from_date": "2026-03-01",
"to_date": "2026-03-31",
"type": ["CARD","SEPA_IN","P2P","TOPUP"],
"page": 1,
"page_size": 100
}
// Response (truncated)
{
"items": [
{"id":"tx_001","ts":"2026-03-04T19:21:11Z","amount":-12.40,
"currency":"EUR","merchant":"PIZZERIA NAPOLI","mcc":"5812",
"channel":"GOOGLE_PAY","status":"SETTLED"},
{"id":"tx_002","ts":"2026-03-05T08:00:02Z","amount":+50.00,
"currency":"EUR","counterparty":"Mario Rossi","channel":"SEPA_IN"}
],
"page":1,"total":237
}
API example: webhook + auth refresh
// 2) Real-time spend webhook delivered to your endpoint
POST https://your-app.example/yap/events
X-Yap-Signature: t=1714291200,v1=4d0...
Content-Type: application/json
{
"event":"card.transaction.authorized",
"account_id":"yap_user_8f2c",
"amount":-2.50,
"currency":"EUR",
"merchant":"BAR CENTRO",
"ts":"2026-04-02T08:14:55Z"
}
// 3) Refresh the YAP session when access expires
POST /api/v1/yap/auth/refresh
{ "refresh_token":"<REFRESH>" }
=> { "access_token":"...","expires_in":1800 }
// On 401 from the upstream YAP service, re-trigger SCA via OTP
// plus biometric step-up before retrying the original call.
Data flow / architecture
A typical YAP integration follows a clean four-stage pipeline:
- Client App / SDK — End-user authorizes access with SCA (OTP + biometric).
- Ingestion / API gateway — Our bridge calls login, statement, balance, P2P and top-up endpoints, normalizes payloads.
- Storage — Encrypted at rest (AES-256), partitioned by account; PII fields tokenized.
- Output — Customer-facing REST API, webhook stream, or scheduled JSON / CSV / Parquet drop to S3.
Compliance & privacy
YAP is regulated under European rules. Our integrations operate under explicit user authorization and respect:
- PSD2 / SCA — Strong Customer Authentication, 90-day re-consent, AISP-style scoping.
- GDPR — Lawful basis, data minimization, retention policies, right to erasure.
- Italian Garante della Privacy — Local guidance on financial data handling for resident users.
- Banca d'Italia / EBA RTS — Logging, traceability, and customer consent records.
- PCI-DSS-aligned handling — Card metadata is masked at the boundary; full PANs are never stored.
Market positioning & user profile
YAP is a youth- and family-oriented Italian prepaid Mastercard app from Nexi Payments, with more than 850,000 users, a strong concentration in Italy, and onboarding from age 12 with parental consent. Its main competitive set in the Italian market includes Hype, Postepay, Tinaba, Revolut and N26; users frequently combine YAP with one of these for cash top-ups, international transfers, or salary domiciliation. The platform is mobile-first (Android and iOS) and most of its activity flows through the smartphone — Google Pay taps, in-app top-ups, and peer transfers — which makes a clean API integration far more useful than any manual export workflow.
App screenshots
Click any thumbnail to view a larger version in the lightbox.
Similar apps & integration landscape
Teams integrating YAP often need to consolidate data across multiple Italian and European fintech apps. The list below positions YAP within its broader ecosystem; we deliver comparable protocol-analysis and API-bridge work for each of these products under the same engagement model.
About our studio
We are an independent technical studio focused on App interface integration and authorized API integration for OpenData, OpenFinance, and OpenBanking projects. Our engineers come from backgrounds in payments, mobile reverse engineering, and cloud platforms, and have shipped integrations with prepaid card products, neobanks, and merchant acquirers across Europe and beyond. Our service model is intentionally simple: tell us the target app and the data you need, and we hand back source code or a hosted API.
- Payments, digital banking, prepaid cards, and SEPA / IBAN data flows
- Protocol analysis (network capture, request signing, mobile-side flow tracing)
- Custom Python / Node.js / Go SDKs and webhook receivers
- Full pipeline: protocol analysis → build → validation → compliance → handover
- Source code delivery from $300 — runnable API source code and full documentation; pay after delivery upon satisfaction
- Pay-per-call API billing — access our hosted YAP-bridge API and pay only per call, no upfront cost
Contact
For a quote, sandbox access, or to scope a YAP integration, open our contact page and tell us which data you need (statements, IBAN credits, P2P, top-ups, notifications) and your target stack.
NDAs available on request. We work strictly under user authorization or documented public APIs.
Engagement workflow
- Scope confirmation — which YAP data (statements, IBAN inflows, P2P, top-ups, notifications) and which output format (REST, webhook, CSV drop).
- Protocol analysis and API design (2–5 business days, complexity-dependent).
- Build and internal validation against a sandbox or authorized test account (3–8 business days).
- Documentation, sample payloads, and replayable test cases (1–2 business days).
- Typical first delivery: 5–15 business days; PSD2 consent flows or third-party approvals may extend the timeline.
FAQ
What do you need from us to start?
Do you provide both source code and a hosted API?
How do you handle PSD2 and GDPR?
Can you also integrate Hype, Revolut, or Postepay for the same customer?
📱 Original app overview (appendix)
YAP is the free prepaid Mastercard app from Nexi Payments S.p.A., leader of digital payments in Italy. The product is positioned as the "right card" for everyday use, with a focus on young users and family money flows. Over 850,000 "YAPpers" have already chosen it.
Free card. Download the app, register in a few minutes, and you immediately get a prepaid Mastercard on your phone — no queues, no forms to sign, just an identity document.
Top up as you want or ask for money. From another YAP friend or relative; with Visa, Mastercard, VPay, Postepay and Maestro-PagoBancomat cards; in cash at Mooney bars and tobacconists; in 2–3 days from the current account of any bank (YAP has an IBAN); or even by people who do not have YAP.
Pay anywhere with your smartphone. Works with Google Pay, in Italy and abroad. Pay in bars, restaurants, and shops, everywhere they accept Mastercard. At the cashier, ask to pay by card and place the phone on the reader — done. A physical card can also be requested for a fee.
Pay online and in apps. Buy in e-commerce worldwide, book holidays and flights, pay for streaming movies, food delivery, car sharing, and more.
Send and ask friends for money. Split the pizza bill, collect money for a gift, manage the common holiday fund.
Everything in safety. Owned by Nexi, the Italian leader in digital payments. Payments protected by password, fingerprint, and face recognition. Instant expense notifications after each payment. Transaction history in the app. Mastercard circuit security. Peace of mind of a rechargeable.
Eligibility. YAP is a Nexi Payments S.p.A. service. To join, you must be at least 12 years old, have an Italian telephone number, social security number, and a valid identity document. To pay by phone, NFC must be enabled and the merchant must have a contactless POS; alternatively, the physical card can be requested as a paid option.
Accessibility. Nexi works to make YAP communications, content, and online resources accessible to every user, in line with WCAG 2.1 (W3C) and Appendix A of UNI CEI EN 301549. Reports can be sent to the Accessibility Team at accessibility.yap@yapapp.it.