Hi Everyone
Does anyone know what Barclays APIs QuickFile uses? I am asking because I am wanting to build a home-made program which accesses my Barclays account on a read-only basis.
Thank you very much.
Kind regards
Tim
Unfortunately it doesn’t use any API, as is the case with most banks, Barclays don’t have an open API for 3rd party consumption.
Instead we read and iterate the HTML pages using regular expressions and form filling logic. It’s a very clunky, error prone method but unfortunately it’s all we have.
Maybe one day all banks will have free open APIs for read only statement access. At least the March Budget did allude to this prospect, although we will need to wait and see.
Hi Glenn
Thank you very much for your reply.
Do you think that there is the risk that your method may cause some security algorithm on the Barclays web server to wrongly think that it has detected “suspicious activity” and as a result freeze a user’s online banking? Have you taken measures to ensure that this does not happen?
Thank you very much.
Kind regards
Tim
We use the same method that large aggregators like Yodlee use. Ultimately it’s the bank that take the decision to freeze accounts not QuickFile, if any bank made it clear that they were unhappy, we will always comply with their wishes.
Are you a QF user already? Or just generally interested in bank APIs?
Hi Glenn
" Ultimately it’s the bank that take the decision to freeze accounts not QuickFile,"
Don’t worry, I did not at any point think that QuickFile would decide to freeze someone’s account. I was only concerned about what Barclays would do.
From your reply I am guessing that if the security algorithm that I was thinking might exist did actually exist then both you and Yodlee would know about it by now. Am I correct? Do you think that there are any risks involved with me attempting to develop something similar to your method of accessing Barclays accounts?
No, I am not a QF user yet but I am considering becoming one.
Thank you very much.
Kind regards
Tim
They do know about such systems as they’re very easy to detect, owing to the fact that all the calls are made from just a small number of IP addresses. The Chrome extension however works on the client’s machine, so doesn’t run into that particular issue. Also in the context of a Chrome extension you don’t need to entrust your credentials with a 3rd party.
I’m not sure about the scope of your project, but if you’re only ever connecting to your own account or you are providing a client side automation tool, I don’t think you’ll have too much of a problem. Then again it does very much depend on the bank.