Plaid has registered as an AISP ('Account Information Service Provider'), which means that they can register for and use the Open Banking APIs provided by UK banks.
These APIs use an authorisation flow similar to what you see when you 'Login with Google' or 'Login with Facebook'. At some point in that flow, you are redirected to your bank's web site to allow access, and to select the account(s) for which you are allowing access. At this point, you are on your bank's web site, you can check the URL to make sure you're not being phished.
On the face of it, it seems like any company that's building on top of bank transaction data should just register as an AISP themselves, as the integration with Open Banking APIs doesn't look that complicated. But Plaid is one of a number of third parties that insert themselves in between.
In general these services suggest some combination of (i) easier integration, i.e. less development and maintenance, (ii) additional intelligence on top of the raw data, e.g. categorisation of transactions, (iii) no need for maintenance.
There's one obvious con: the AISP's logo has to be shown in the authorisation flow. So, even if your users know you, they might not be willing to share their information with 'Plaid' or whichever third party AISP you've chosen.
I don't know how real the development/maintenance/integration issues are. I could imagine that registering with 30+ banks and testing your code against all of them might be a hassle. But if their API backends all behave in the same way, then maybe you just need configuration parameters for the endpoint and token(s). If their backends have slightly different behaviour, though, then perhaps you need to branch your code based on the bank.
One thing that's encouraging about Plaid entering this space: their free tier appears to support up to 100 bank accounts for free. This should be enough for anyone who wants to set up their own self-hosted Mint equivalent. And, if all the accounts are in the UK, then you're giving Plaid just read-only access to your accounts, which is much less of an issue than providing your login credentials to them or another party.
These APIs use an authorisation flow similar to what you see when you 'Login with Google' or 'Login with Facebook'. At some point in that flow, you are redirected to your bank's web site to allow access, and to select the account(s) for which you are allowing access. At this point, you are on your bank's web site, you can check the URL to make sure you're not being phished.
On the face of it, it seems like any company that's building on top of bank transaction data should just register as an AISP themselves, as the integration with Open Banking APIs doesn't look that complicated. But Plaid is one of a number of third parties that insert themselves in between.
In general these services suggest some combination of (i) easier integration, i.e. less development and maintenance, (ii) additional intelligence on top of the raw data, e.g. categorisation of transactions, (iii) no need for maintenance.
There's one obvious con: the AISP's logo has to be shown in the authorisation flow. So, even if your users know you, they might not be willing to share their information with 'Plaid' or whichever third party AISP you've chosen.
I don't know how real the development/maintenance/integration issues are. I could imagine that registering with 30+ banks and testing your code against all of them might be a hassle. But if their API backends all behave in the same way, then maybe you just need configuration parameters for the endpoint and token(s). If their backends have slightly different behaviour, though, then perhaps you need to branch your code based on the bank.
One thing that's encouraging about Plaid entering this space: their free tier appears to support up to 100 bank accounts for free. This should be enough for anyone who wants to set up their own self-hosted Mint equivalent. And, if all the accounts are in the UK, then you're giving Plaid just read-only access to your accounts, which is much less of an issue than providing your login credentials to them or another party.
In case you're curious to see which other companies have registered as AISPs or PSPs (payment service providers), the full list of third party providers is available here: https://www.openbanking.org.uk/provider-categories/third-par...