API banking is the backbone of modern fintech infrastructure. It enables digital banks, PSPs, acquirers, wallets, super apps, marketplaces, and ERP systems to connect directly with financial institutions in real time. This glossary explains the essential terms, how they work, and how they are used in real fintech systems across Germany, Sweden, USA, Brazil, Saudi Arabia, and Oman.
1. API Banking (Application Programming Interface Banking)
API banking allows platforms to connect directly to bank or BaaS systems to perform actions such as creating accounts, generating IBANs, making payments, issuing cards, retrieving balances, fetching transaction history, validating identity, and onboarding merchants. Everything is automated and delivered in milliseconds.
Why it matters
No manual work, no bank visits, no spreadsheets. Fintechs can launch full banking features using APIs only.
2. REST API and JSON
Most banking APIs are REST-based, use HTTPS, and exchange data using JSON format.
Example API action:
POST /v1/accounts/create
REST makes integrations predictable, stable, and scalable.
3. API Keys and Authentication
Banks authenticate requests using API keys, OAuth tokens, HMAC signatures, IP whitelisting, and JWT tokens. These ensure only approved systems can access banking functions.
4. Sandbox vs Production Environments
Banks and BaaS providers offer two environments.
Sandbox
- Test mode
- Fake money
- Developers simulate transactions
Production
- Real money
- Real users
- Fully regulated
Launch always starts in sandbox, then moves to production after compliance checks.
5. Endpoints
Endpoints are the URLs where certain actions occur.
Examples:
- /accounts
- /payments
- /payouts/instant
- /cards
- /transactions
- /merchant/verify
Every banking action has its own endpoint.
6. Webhooks
Webhooks are real-time notifications sent from the bank to your platform when something happens, such as payment completed, card authorization successful, card declined, account credited, dispute opened, KYC approved, KYC rejected, or new transaction detected. They eliminate the need to constantly check the bank system.
Webhook example
{
"event": "payment.completed",
"amount": 250.00,
"currency": "EUR",
"timestamp": "2025-01-01T10:00:00Z"
}Your platform immediately updates the user’s balance.
7. Idempotency Keys
Used to prevent duplicate transactions. If a payment request is accidentally sent twice, the idempotency key ensures only one is processed.
8. Pagination, Filters, and Sorting
APIs handle large data sets by limiting results (limit=50), skipping results (offset=100), filtering (currency=EUR), and sorting (date=desc). This is critical for dashboards, accounting, and ERP systems.
9. Rate Limits
Banks define how many API calls your system can send per second. Example: 100 requests per second. This prevents system overload and protects the infrastructure.
10. Callback URLs
Merchants or PSPs set a URL where the bank sends updates.
Example:
https://yourplatform.com/webhooks/payments
This is essential for instant notifications.
11. Error Codes and Response Handling
API errors include 400 Bad request, 401 Unauthorized, 403 Forbidden, 404 Not found, 429 Rate limit exceeded, and 500 Server error. Fintech systems must handle all cases automatically.
12. Reconciliation via API
Automated reconciliation uses API data to match bank balances, match PSP payouts, verify transaction amounts, detect discrepancies, and update merchant settlement status. This is mandatory for regulated operations.
13. Batch Operations (Bulk API)
Used for bulk payroll, mass payouts, enterprise settlements, and marketplace vendor payouts. Example: send 1,000 payouts in a single API file.
14. API Versioning
Banks upgrade APIs: v1, v2, v3. Each new version improves performance, adds security, or expands capabilities. Fintechs must migrate carefully.
15. Polling vs Webhooks
Polling
System checks the bank every X seconds. Not efficient, slower, resource heavy.
Webhooks
Bank notifies instantly. Preferred for automation and real-time apps.
16. Encryption and Security Requirements
API communication requires TLS and SSL, AES encryption, HMAC signing, token rotation, and IP whitelisting. This ensures compliance with PCI-DSS, PSD2, and AML rules.
17. Transaction Webhooks (Most Used)
- payment.completed
- payment.failed
- payment.pending
- wallet.debited
- wallet.credited
- card.authorized
- card.settled
- chargeback.created
These drive real-time balance updates across fintech systems.
18. KYC and KYB API Workflows
APIs handle document upload, face match, liveness verification, business registration checks, sanctions screening results, and instant KYC or KYB status.
19. Settlement APIs
Used by PSPs and acquirers for merchant settlement creation, payout batches, reconciliation statements, T+1 or T+2 logs, fees, and MDR calculations. This is how merchants receive their money.
20. Real-Life Examples Across Countries
Example 1 — Germany (Corporate Payroll API)
A German HR system uses API banking to send 1,200 employee salaries automatically every month. Integration: HR to API to bank to instant payouts, webhook sends salary completed, ERP updates balances instantly, and there is zero manual work.
Example 2 — Sweden (Instant Wallet Top-Up)
A Swedish user tops up their wallet via bank transfer. The PSP sends a webhook to the fintech: event wallet.credited, amount 500 SEK, wallet balance updates in milliseconds.
Example 3 — USA (Card Authorization via API + Webhook)
A user pays online with a US-issued card. Acquirer performs card authorization and risk scoring, webhook sends card.authorized, and the merchant sees the payment instantly.
Example 4 — Brazil (PIX API Integration)
A Brazilian merchant uses the PIX API. Customer scans PIX code, payment processed instantly, webhook sends pix.payment.completed, and the order is confirmed immediately.
Example 5 — Saudi Arabia (Enterprise Billing API)
A large Saudi company uses API banking to collect customer invoices, issue refunds, and reconcile payments daily. All done automatically through API workflows.
Example 6 — Oman (Government e-Service Payments)
A government portal in Oman uses API connectivity to receive fee payments, send instant confirmations, generate receipts, and sync transactions with national systems. Webhooks ensure instant updates for all citizens.
21. Summary
API banking and webhooks are the core of modern financial systems: instant payments, real-time notifications, automated reconciliation, seamless card and bank workflows, fast KYC onboarding, merchant automation, national payment integration, and multi-rail ecosystem support. Every fintech in the world depends on these tools.