Open Banking API Integration Guide UK — 2025

🏦 TrueLayer🔗 OBIE Standard⚖️ FCA AISP/PISP💳 22 UK Banks🆓 Free Assessment
July 202511 min readJames Whitmore, CTO

Direct Answer

UK Open Banking allows third-party providers (TPPs) to access bank account data (AISP — Account Information Service Provider) and initiate payments (PISP — Payment Initiation Service Provider) via standardised APIs. The UK Open Banking Implementation Entity (OBIE) mandates the API standard for the 9 largest UK banks. ClickMasters has built 12+ Open Banking applications using TrueLayer and direct OBIE integration.

Open Banking Provider Comparison — TrueLayer vs Yapily vs Plaid UK

AISP vs PISP — Which FCA Authorisation Do You Need?

Service Type

What It Does

FCA Authorisation Required

Typical Use Cases

AISP

Read-only access to bank account data (balances, transactions, account details)

FCA AISP authorisation (or use a regulated AISP like TrueLayer)

Budgeting apps, credit scoring, expense management, cashflow forecasting

PISP

Initiate payments from a customer's bank account directly

FCA PISP authorisation (or use a regulated PISP like TrueLayer)

Account-to-account payments, salary advances, direct payment checkout

Both AISP + PISP

Combined access and payment initiation

Both AISP and PISP authorisations

Comprehensive financial management apps

Agent of a TPP

Use a regulated TPP's (TrueLayer, Yapily) authorisation under their FCA permission

No direct FCA authorisation — contract with TPP

Most FinTech startups — fastest route to market

Provider

UK Bank Coverage

AISP

PISP

UK Pricing (indicative)

ClickMasters Assessment

TrueLayer

22+ UK banks, best coverage

~£0.10–£0.30/connection/month

✅ ClickMasters default — best UK coverage + developer experience

Yapily

18+ UK banks

Per API call pricing

Good — strong EU coverage, slightly less UK-focused

Plaid

US-primary, UK banks added

Limited UK PISP

US pricing model

US-focused — use TrueLayer for UK

Moneyhub Enterprise

UK focus, strong analytics

Enterprise pricing

Strong analytics layer — good for wealth management

Direct OBIE connection

9 mandatory banks (direct)

No API fee — but FCA auth required

Complex — only for FCA-authorised firms at scale

Technical Implementation — TrueLayer Integration

OAuth 2.0 bank authorisation: user selects their bank → TrueLayer initiates bank OAuth flow → user consents → TrueLayer returns access token.

TrueLayer Data API: GET /accounts (list bank accounts), GET /accounts/{id}/transactions (90-day history), GET /accounts/{id}/balance (real-time balance).

90-day re-authorisation: Open Banking mandates re-authorisation every 90 days — application must handle re-auth gracefully (prompt user before expiry).

Variable Recurring Payments (VRP): TrueLayer supports VRP (Open Banking sweeping — automated savings transfers) — requires additional PISP permission.

UK GDPR consent: explicit consent required for Open Banking data access. TrueLayer consent record satisfies UK GDPR Article 7 documentation requirement.

TrueLayer is the most common Open Banking provider for UK FinTech applications. Key integration steps:

Open Banking Use Cases — UK Market

Use CaseAPI TypeUK RegulationClickMasters Experience
Personal finance/budgeting appAISPUK GDPR, PECR, FCA Consumer DutyClickMasters has built 3 UK budgeting apps
SME cashflow forecastingAISPUK GDPR, FCA Consumer Duty (voluntary)ClickMasters built challenger bank cashflow platform
Credit affordability checkAISPCONC 5 affordability, UK GDPRBNPL and lending platform integration
Account-to-account paymentsPISPFCA PSDS2, PSD2 SCAPayment checkout alternative to card
Invoice verificationAISPUK GDPR, MLRs 2017 (AML)Invoice finance marketplace
Rent reference checkingAISPUK GDPR, Equalities ActPropTech rental platform

Frequently Asked Questions

Common questions about open banking api integration guide uk — 2025.

If you use TrueLayer, Yapily, or another FCA-regulated TPP as the intermediary (acting as their agent under contract), you do not need your own FCA AISP/PISP authorisation. The TPP's FCA authorisation covers the regulated activity. Most UK FinTech startups take this route — it avoids the 6–18 month FCA authorisation process. If you want to hold data directly (not via a TPP intermediary) and access bank APIs directly, you need your own FCA authorisation.

PSD2 Strong Customer Authentication (SCA) requires users to re-authenticate with their bank every 90 days for Open Banking data access. Best practice: send the user a re-authorisation prompt at 80 days (10-day warning), with a single-tap re-auth flow. Never surprise the user with a broken connection. Variable Recurring Payments (VRP/sweeping) has longer authorisation duration — worth considering for use cases where 90-day expiry is disruptive.

About the Author

James Whitmore, CTO Open Banking and UK FinTech specialist ClickMasters has built 12+ UK Open Banking applications. TrueLayer is our default provider for UK market coverage.

Free Open Banking Architecture Review ClickMasters...

Free Open Banking Architecture Review ClickMasters will review your Open Banking use case and recommend the right provider and architecture. → clickmasterssoftwaredevelopmentcompany.co.uk/contact/

Book a Free Consultation