Multibanking via the MIS Connect API empowers financial institutions and fintechs to securely access and aggregate data from multiple bank accounts across various institutions within Saudi Arabia. This functionality enables seamless management of diverse financial accounts, providing users with a unified view of their financial landscape. Built in compliance with Saudi Central Bank (SAMA) regulations, our API ensures robust security, user consent management, and data privacy, adhering to the highest standards of the Kingdom’s Open Banking framework. With MIS Connect, developers can create innovative solutions that enhance financial transparency and user control over personal finance.

Connectivity via the MIS Connect API

The MIS Connect API offers access to financial data within Saudi Arabia, aligning with local banking systems and regulations. The API supports various account types relevant to the Saudi financial market, ensuring compliance with SAMA's guidelines.

Available Account Types:

Current Accounts: These are standard accounts used for day-to-day financial transactions, commonly referred to as current or checking accounts in Saudi banks.

Savings Accounts: These accounts are designed to help users save money, often providing interest on the deposited amount, and are compliant with Islamic banking principles.

Credit Cards: Access credit card account information, including balances, transaction history, and credit limits, following SAMA's consumer protection standards.

Prepaid Cards: These cards allow users to load a specific amount of money to be used for transactions, making them a flexible alternative to traditional credit or debit cards.

E-Money Accounts: Digital wallets or e-money accounts that store funds electronically, allowing for seamless online transactions and payments.

Charge Cards: Similar to credit cards but typically requiring the balance to be paid in full at the end of each billing cycle, often used for specific purposes or by corporate clients.

How it Works

User Agent Opens Partner App: The process begins when the user agent (e.g., a user’s browser or mobile app) opens the partner’s application.
Partner Creates Widget Link:The partner generates a WidgetLink which includes important parameters such as state and redirect_uri that are chosen by the partner to maintain session state and specify the redirect destination after the widget completes.
Partner Opens Widget Location: The partner app opens the location provided by the WidgetLink. This typically involves directing the user to a web page or in-app view where the widget is hosted.
User Selects Financial Sources via Widget:The user interacts with the widget provided by the Open Banking provider (finX in this case) to select the financial accounts they want to connect. This step involves choosing accounts from various banks.
Redirect to redirect_uri:After the user selects their financial sources, they are redirected to the partner’s specified redirect_uri. Along with the redirect, the response includes state, success, and an authorization code.
Exchange Authorization Code: The partner exchanges the received authorization code for an Access Token and Refresh Token.
List Accounts (Initial Data Fetch):The partner uses the access token to fetch the list of accounts linked by the user. The account data is returned and can be displayed or processed by the partner app.
Ongoing Access Loop:If ongoing access is required, the partner will periodically exchange the Refresh Token for a new Access Token, ensuring continued access to the user’s account information. The partner can use this new access token to fetch updated account data as needed.
List Accounts (Subsequent Data Fetches): This step repeats the process of listing accounts, using the refreshed access token to retrieve updated information.

This sequence enables partners to securely integrate multibanking functionality, allowing users to connect and manage multiple bank accounts through the partner's application, while adhering to the required security and compliance standards.

Data-Access Types

Ongoing Account Access

Ongoing account access is typically used when customers need to access information over an extended period.

For ongoing account access, MIS Connect automatically adds newly connected bank accounts to a background service that runs an automatic synchronization process (“autosync”) up to 4 times a day until the user’s consent expires. In accordance with local regulations, consent usually expires after a maximum of 1 year. This allows the customer to fetch updated financial data for their users up to 4 times a day from MIS Connect’s database without any manual interaction. After the consent period ends, users need to renew their consent by providing a Second Factor for Strong Customer Authentication (SCA), such as a TAN (Transaction Authentication Number).

To activate the autosync, users must save their credentials during the login process. This is done via a checkbox in the Widget's UI or by setting the save_secrets parameter to true in the ongoing access API call. The credentials are stored in an encrypted database that can only be accessed and decrypted by the MISConnect API when communicating with the banks.

MIS Connect will not delete any financial data of the end user until the customer has sent a DELETE request via the MIS Connect API.

Prerequisites

API Access & Authentication

The MIS Connect API is a RESTful API that is accessed using HTTP Basic Authentication, where a Client ID is used as the username and a Client Secret as the password. Each customer receives a unique Client ID and Client Secret from MIS Connect during the onboarding process to access the API, with specific Scopes attached to it. Scopes define the usage rights of each Client ID on the MIS Connect platform.

If you want to get started with your dedicated credentials, please reach out to us!

Widget Integration

Before continuing with the implementation guide, please view our Widget Integration best practices.