Sulfah سلفة API integration & OpenBanking export

OpenData · OpenFinance · OpenBanking · Protocol analysis

Connect سلفة loan applications, repayment schedules and statements to your stack — under authorization

Sulfah is the first SAMA-regulated fintech in Saudi Arabia offering small, fast personal finance (1,000–25,000 SAR over 3–18 months) and now runs a peer-to-peer financing marketplace approved in the SAMA Regulatory Sandbox in June 2024. That makes the app a rich source of structured financial data — loan amounts and tenor, Murabaha profit and APR breakdowns, installment calendars, contract terms and KYC outcomes — which lenders, accounting tools, credit-scoring engines and investor dashboards increasingly need to pull programmatically.

Account & identity APIs — Mirror the app's login and OTP authorization to bind a user, refresh sessions and read the verified profile (national ID status, employer, salary band) used for eligibility — useful for re-running affordability checks.

Loan & offer APIs — Query active and historical loans: principal, tenor, Murabaha profit, 1% processing fee, 15% VAT on the fee and the APR (capped at 89.59%) — each as a separate field for reconciliation and disclosure.

Repayment schedule & statement APIs — Pull the installment calendar, paid/unpaid status, late fees and a date-ranged transaction statement; export to Excel, JSON or PDF for bookkeeping and audit.

P2P marketplace & investor APIs — For the financing marketplace, read funded notes, expected monthly returns and portfolio positions so an investor dashboard can roll up exposure across loans.

What we deliver

Every سلفة engagement ships as a complete package, not a script: a documented API surface, a protocol report describing how the mobile app authenticates and signs requests, runnable reference code, and the compliance notes a Saudi-regulated lending integration needs. You can take the source and run it yourself, or let us host it and bill per call.

Deliverables checklist

API specification in OpenAPI / Swagger form, with example payloads
Protocol & auth-flow report (OTP login, token refresh, request signing, cookie/JWT chain)
Runnable source for login, loan-status, repayment-schedule and statement APIs (Python & Node.js)
Webhook receiver sample for installment-paid and loan-status-changed events
Automated test suite + Postman collection + API documentation
Compliance guidance: SAMA microfinance rules, Murabaha disclosure fields, PDPL data-minimization & retention

API example: loan repayment schedule (pseudocode)

// Fetch a user's active loan and installment calendar
POST /api/v1/sulfah/loans/active
Content-Type: application/json
Authorization: Bearer <ACCESS_TOKEN>

{
  "customer_ref": "cus_8f21a0",
  "include": ["schedule", "fees", "contract"]
}

// Response (trimmed)
{
  "loan_id": "ln_20445",
  "principal_sar": 20000,
  "tenor_months": 18,
  "processing_fee_sar": 200,
  "vat_on_fee_sar": 30,
  "apr_pct": 75.32,
  "total_profit_sar": 9990,
  "monthly_installment_sar": 1666.11,
  "total_repayment_sar": 29990,
  "schedule": [
    {"n": 1, "due_date": "2026-06-01", "amount_sar": 1666.11, "status": "paid"},
    {"n": 2, "due_date": "2026-07-01", "amount_sar": 1666.11, "status": "due"}
  ]
}

Key integration scenarios at a glance

Affordability re-checks, installment reminders and dunning, loan-book reconciliation, investor portfolio roll-ups across P2P notes, bureau / credit-engine feeds, and SAMA Open Banking account-information consent flows. Multi-account aggregation for finance teams and brokers is supported through batched, paginated reads.

Data available for integration (OpenData perspective)

The table below maps the structured data that the سلفة app surface exposes (subject to authorization or SAMA Open Banking consent) to where it originates in the product and what teams typically do with it. Granularity reflects what the app screen actually shows.

Data type	Source (screen / feature)	Granularity	Typical use
Verified customer profile	Login / KYC onboarding	Per user: ID status, employer, salary band, eligibility flag	Affordability re-check, fraud / risk control
Loan application & status	Apply for finance flow	Per application: requested amount, tenor, decision, timestamps	Funnel analytics, ops dashboards, SLA monitoring
Loan pricing breakdown	Loan contract / offer screen	Per loan: principal, profit, 1% processing fee, 15% VAT, APR (≤89.59%)	Regulatory disclosure, accounting, audit
Repayment schedule	My loan / installments screen	Per installment: due date, amount, paid/unpaid, late fee	Reminders, dunning, cash-flow forecasting
Transaction statement	Statement / history screen	Date-ranged ledger: disbursement, repayments, fees	Bookkeeping, reconciliation, statement export
Contract & T&C records	Terms acceptance step	Per loan: contract version, acceptance timestamp, document hash	Compliance evidence, dispute handling
P2P marketplace positions	Financing marketplace (investor view)	Per funded note: amount, expected monthly return, status	Investor portfolio roll-up, return reporting

Typical integration scenarios

These are the end-to-end flows clients ask us to build around سلفة. Each names the business context, the data or API involved, and how it maps to OpenData / OpenFinance / OpenBanking thinking.

1 · Loan-book reconciliation for a finance team

Context: a multi-entity accounting team needs every Sulfah disbursement, repayment and fee in their ledger weekly. Data/API: GET /loans + GET /loans/{id}/statement?from=&to= with pagination. OpenData mapping: a scheduled pull writes normalized statement rows into a warehouse — the same pattern OpenBanking AIS uses to push account transactions into an aggregator, just scoped to one lender.

2 · Installment reminders & dunning

Context: reduce missed payments by nudging users before the monthly due date and escalating after. Data/API: GET /loans/active for the schedule, plus an installment.due_soon / installment.overdue webhook. OpenFinance mapping: event-driven repayment data feeding a CRM/notification engine — payment-status signalling rather than payment initiation.

3 · Affordability re-check before a new offer

Context: before extending a follow-on loan, re-verify income band and current obligations. Data/API: profile + active-loans read; optionally a SAMA Open Banking AIS consent to read the customer's bank transactions for income verification. OpenBanking mapping: the AIS consent journey is the canonical pattern — customer authorizes, you read 90 days of transactions, you score.

4 · Investor dashboard for the P2P marketplace

Context: an individual funding other individuals wants one view of all funded notes and expected returns. Data/API: GET /marketplace/positions + GET /marketplace/returns?period=. OpenFinance mapping: portfolio aggregation — pulling investment positions from a regulated platform into a wealth dashboard.

5 · Credit-engine / bureau feed

Context: a scoring service wants loan-performance signals (on-time vs late installments, outstanding balance). Data/API: repayment schedule + statement reads, delivered as a daily flat-file or webhook stream. OpenData mapping: structured, consented loan-performance data exported for downstream analytics — exactly what SAMA's Open Banking program is meant to enable for better risk evaluation.

Technical implementation

We treat the سلفة integration as three layers — authentication, resource reads, and event delivery. Below are representative request/response shapes, the auth method, and how errors surface. Field names are illustrative; the delivered spec is pinned to the live behaviour we observe during protocol analysis.

Auth: OTP login & token refresh

POST /api/v1/sulfah/auth/start
{ "mobile": "+9665XXXXXXXX" }            // triggers OTP

POST /api/v1/sulfah/auth/verify
{ "mobile": "+9665XXXXXXXX", "otp": "123456" }
-> 200 { "access_token": "...", "refresh_token": "...",
         "expires_in": 1800 }

POST /api/v1/sulfah/auth/refresh
{ "refresh_token": "..." }
-> 200 { "access_token": "...", "expires_in": 1800 }
-> 401 { "error": "refresh_expired" }    // re-run OTP login

Resource read: statement export

GET /api/v1/sulfah/loans/ln_20445/statement?from=2026-01-01&to=2026-03-31&format=json
Authorization: Bearer <ACCESS_TOKEN>

-> 200 {
  "loan_id": "ln_20445",
  "currency": "SAR",
  "entries": [
    {"date":"2026-01-05","type":"disbursement","amount":20000},
    {"date":"2026-02-01","type":"installment","amount":-1666.11},
    {"date":"2026-03-01","type":"installment","amount":-1666.11}
  ],
  "next_cursor": null
}
-> 429 { "error":"rate_limited", "retry_after": 30 }   // honour backoff

Events: installment & loan-status webhooks

POST https://your-app.example/webhooks/sulfah
X-Sulfah-Signature: sha256=...        // verify HMAC before trusting

{
  "event": "installment.paid",
  "loan_id": "ln_20445",
  "installment_no": 2,
  "amount_sar": 1666.11,
  "paid_at": "2026-03-01T08:14:22Z"
}
// also: "loan.status_changed", "loan.disbursed", "installment.overdue"
// Return 2xx within 5s or the event is retried with exponential backoff.

Compliance & privacy

Sulfah operates under the supervision of the Saudi Central Bank (SAMA) and its consumer-microfinance and Regulatory-Sandbox rules; account-data access in the Kingdom is governed by the SAMA Open Banking Framework (Account Information Services in the first release, Payment Initiation Services added in the February 2024 second release) and personal data is subject to Saudi Arabia's Personal Data Protection Law (PDPL). Our deliverables only use customer-authorized access or documented public / Open Banking endpoints; we keep consent records, minimise stored fields (no raw national ID retained beyond a verification flag unless contractually required), document retention windows, and keep Murabaha pricing components — principal, profit, processing fee, VAT and APR — as distinct fields so downstream disclosure stays accurate. We do not bypass app security; we document and re-implement authorized flows.

Data flow / architecture

A typical pipeline is four nodes: سلفة client / authorized API → Ingestion & auth gateway (token management, request signing, rate-limit handling) → Normalized storage (loans, schedules, statements, events in a warehouse or Postgres) → Analytics & API output (your dashboards, BI, credit engine, or a clean REST surface for partners). Webhooks short-circuit the polling path for installment and status events so reminders and reconciliation stay near-real-time.

Market positioning & user profile

Sulfah (سلفة), founded in 2018 and based in Riyadh, is a B2C consumer-finance app whose users are salaried and self-employed individuals across Saudi cities and villages seeking small, fast, Sharia-compliant financing — plus a growing set of retail investors using its peer-to-peer financing marketplace. The product is mobile-first on Android and iOS, Arabic-language, KSA-only, and AI/ML-driven to deposit approved funds in as little as 15 minutes. For integrators, that means the data is concentrated, regulator-supervised, and high-value: every record is tied to a verified identity and a SAMA-compliant contract.

Screenshots

App screens from the سلفة (Sulfah) listing. Click any thumbnail to enlarge.

Similar apps & the integration landscape

سلفة sits inside a broader Saudi and Gulf consumer-finance ecosystem. Teams that integrate one of these often want unified loan, repayment and statement exports across several of them, so we list them here purely as part of the landscape — not as a ranking.

Tamara — Buy-now-pay-later in KSA and the Gulf; holds order-level installment plans and merchant data that teams pair with consumer-loan records for a full liabilities picture.
Tabby — Pay-in-four and BNPL across e-commerce and physical retail; its split-payment schedules map naturally onto the same installment-export model used for Sulfah.
Lendo — SAMA-licensed debt-crowdfunding for SMEs (invoice and working-capital financing); investors who fund Lendo notes and Sulfah marketplace notes often need a combined portfolio view.
Tamam — Sharia-compliant consumer micro-finance; loan-pricing breakdowns (profit, fees, VAT, APR) follow the same disclosure structure, easing multi-lender reconciliation.
Quara Finance — Digital personal financing in Saudi Arabia; holds application status and repayment schedules that accounting and credit tools commonly aggregate alongside Sulfah.
Tasheel Finance — Personal finance without salary transfer or guarantor; its contract and installment data is another input for a unified Saudi consumer-credit dataset.
Emkan — One-stop financial app for online loans without salary transfer; statement and obligation data here is frequently combined with Sulfah for affordability checks.
Forus — SAMA-permitted crowdlending marketplace; like Sulfah's P2P side, it exposes funded-note positions and expected returns suited to investor dashboards.
Tameed — Purchase-order and invoice financing platform; its financing-position data rounds out a Gulf alternative-finance portfolio view.
Nayifat — Long-standing Saudi consumer finance company with a mobile app; its loan and installment records are often migrated or reconciled together with newer fintech lenders like Sulfah.

About us

We are an independent studio focused on fintech protocol analysis and OpenData / OpenFinance API integration. Our engineers come from banks, payment processors, lending platforms and cloud infrastructure, and we have shipped account-information, statement and repayment integrations across the GCC. We know how SAMA's microfinance rules, Open Banking specifications and the Saudi PDPL shape what a lending integration may and may not do, and we build to those constraints by default.

Consumer lending, BNPL, crowdlending, digital banking and cross-border payment integrations
Enterprise API gateways, request-signing schemes and security reviews
Custom Python / Node.js / Go SDKs, webhook receivers and test harnesses
Full pipeline: protocol analysis → build → validation → compliance handover
Source code delivery from $300 — runnable API source plus documentation; pay after delivery once satisfied
Pay-per-call API billing — call our hosted endpoints, pay only per request, no upfront cost

Contact

For a quote, or to submit سلفة (or another target app) plus your requirements — the data types you need, the volume, and whether you want source code or a hosted API — use our contact page:

Contact page

Typical first response within one business day. NDAs available on request.

Engagement workflow

Scope confirmation: which سلفة data and flows you need (login, loan status, repayment schedule, statements, P2P positions) and source-code vs hosted-API delivery.
Protocol analysis & API design — 2–5 business days depending on the number of flows.
Build & internal validation against the documented behaviour — 3–8 business days.
Docs, Postman collection, samples and test cases — 1–2 business days.
Typical first delivery in 5–15 business days; partner approvals or Open Banking onboarding can extend timelines.

FAQ

What do you need from me to start a سلفة integration?

The target app name (سلفة / com.sulfah, already provided), the concrete data you need — loan application status, repayment schedule, statements, contract terms or KYC outcome — and any authorized account, sandbox or partner credentials you can share. With written authorization we work directly against the live flows; otherwise we use documented, public, or SAMA Open Banking endpoints.

How long does delivery take?

A first API drop with login, loan status and statement export endpoints plus documentation usually takes 5 to 12 business days. Adding webhooks, repayment-event streaming or multi-account dashboards can extend this to 2 to 3 weeks.

How do you handle compliance and Sharia-finance specifics?

We work only under customer authorization or documented public and SAMA Open Banking APIs. Murabaha and Tawarruq loan structures are modelled faithfully — profit amount, processing fee, VAT and APR are returned as separate fields, never collapsed into one figure — and we ship consent logging, data-minimization guidance and retention notes aligned with SAMA rules and the Saudi Personal Data Protection Law.

Can you also deliver a pay-per-call hosted API instead of source code?

Yes. Either we hand over runnable Python/Node.js source plus documentation from $300 and you pay after delivery once satisfied, or you call our hosted endpoints and pay only per request with no upfront fee. Both options ship with OpenAPI specs and test suites.

📱 Original app overview — سلفة (Sulfah) (appendix)

Sulfah Company is a consumer-lending mobile app operating in Saudi Arabia, approved by the Saudi Central Bank (SAMA) to offer small and short loans. It was the first fintech in the Kingdom authorized to provide small, fast personal finance, and it operates a peer-to-peer financing marketplace that received SAMA Regulatory Sandbox approval in June 2024.

Loans from 1,000 SAR up to 25,000 SAR; customers choose the amount and a payback period from 3 months up to 18 months.
Users can review terms and conditions before applying, and must review and accept the full loan contract — terms, conditions and loan details — before the request proceeds; all regulations apply under SAMA supervision.
The annual percentage rate (APR) is capped at a maximum of 89.59%; the APR expresses the actual cost of funds over the term of the loan.
Loan example: borrow SAR 20,000 over 18 months — processing fee (1%) SAR 200, VAT on processing fee (15%) SAR 30, APR 75.32%, total interest SAR 9,990, monthly installment SAR 1,666.11, total repayment SAR 29,990.
AI/ML technology is used to accelerate the loan deposit to the client's bank account, in some cases within about 15 minutes.
Reference: loan pricing page sulfah.com/prices-of-financing-products · terms of use sulfah.com/terms-of-use.

This page describes technical integration positioning around the app's data; it is not affiliated with or endorsed by Sulfah Financing Company.