How can I download information from bank accounts? - api

There are a number of free finance tracking sites out there like mint.com, wesabe.com etc.. .
I've tried all of them and all seem to miss the mark in one way or another. I'm interested in creating my own website, or possibly just a stand alone windows program for tracking my finances in ASP.NET or C#.NET.
I'm assuming the answer is no, but is there any way that a personal developer can download transactions from financial websites like these? I know once you login to most financial sites you can download a CSV or Quicken file. Yet I really like how I can log-in to my Mint.com account and update all my accounts with one click.

Popular applications (like Quicken) and most major US banks support Open Financial Exchange (OFX). If a bank can connect to Quicken, it probably supports OFX (though not guaranteed).

I doubt very many banks have public APIs for this. More likely than not, you will need to send HTTPS requests to the various banking websites, and you will probably have to have custom code for each bank that you wish to support, tailored to the structure of their websites and their form elements.

Related

Create Bloomberg Buyer and Seller Trade Tickets in a web application

I have a requirement where I need to develop a web application in which two application users negotiate with each and later after agreeing on terms they are to trade illiquid bonds via Bloomberg. For this I need to generate the BXT and SXT Trade Tickets through my application. The question really is that is this even possible without the Terminal?
A white paper on Bloomberg API's website says
Other applications are possible, for example submissions of trade orders
But I am not able to find any reference or example how this can be achieved using Bloomberg API or any other service provided by Bloomberg.
I'd be surprised if you are able to do this, by definition a web application is hosted on server x and interacted with from device y. Bloomberg's entire business model is based around having a Bloomberg terminal on device y.
I'd recommend you look at other bond trading platforms not just Bloomberg, e.g. TradeWeb, MarketAxess or even the large brokers e.g. ICAP, Tullett who may have a more suitable API.
This might come a little bit late but you might want to have a look into Bloomberg's FIX API. I am working on a similar project and I have implemented this functionality in a web application that creates and sends Trade Tickets via FIX. You do not have to have a Bloomberg terminal installed. Your FIX session will connect directly to a Bloomberg FIX endpoint.
Bloomberg has a test environment for this. You have to contact one of their representatives and ask for a Beta FIX Session.
FIX is a publicly available protocol for exchanging financial information. A good starting point would be https://en.wikipedia.org/wiki/Financial_Information_eXchange

Does an open source login system which provides personal pages to the user exist?

He everyone, thank you for taking you time to have a look at my question.
Im relatively new to website programming, and was wondering if there are any open source login systems which provide the user the ability that when they log on they will have their own page containing their personal details.
The same concept as for example facebook or yahoo email, when the user enters credentials they are taken to their own space, not a generic members only section of the website.
Would appreciate any comment or suggestion!
This might be a bit late but i hate unanswered questions. (Most frustrating)
I'm not much of a guru when it comes to this style of thing but there are many open source content management systems (CMS) applications out there that can handle this type of thing.
My personal preference would be Drupal, as i find it is quite intuitive, has quite a large support base and many features and plugins\modules that can handle user accounts, login redirects, shopping carts, etc.
I would also look at Wordpress and Joomla as they're also well supported open source CMS applications. All three of these CMS's have great tutorials that can be found by Googling or heading to Youtube.

Design an API for a web service without "selling the farm"?

I'm going to try to phrase this as a generic question.
A company runs a website that has a lot of valuable information on it. This information is queried from an internal private database. So technically, the information in the database is the valuable part.
If this company wished to develop an API that developers could use to access their database of valuable & useful information, what approach should the company take?
It's important to give developers what they need. But it is also important to keep competing websites from essentially using the API to steal everything and essentially steal all traffic from the company's website.
Is there was some way the API could be used in a way that drives traffic back to the original company's website somehow? Something that gives users a reason to keep going there.
This is a design consideration that my company is struggling with that I can imagine other web-based services have come across before.
Institute API keys - don't make it public. Maybe make the signup process more complex than "anyone with an e-mail address".
Rate limit the API based on keys. If you're running more than X requests a minute, you're likely mining the database.
Don't provide a "fetch everything" API. Make the users know something to get information on it. Don't reveal what you know.
I've seen a lot of companies giving out API keys and stating a TOS that all developers must adhere to. For example, any page that uses data from the API must include your logo and a link back to your website. If any developer is found breaking the rules, the API key can be cancelled and your data is safe again.
Who is meant to use the API?
A good general method of solving this problem is to limit access to the data to end users (rather than allow applications or developers at it). Provide applications and users with identification, each, and make sure that to access a subset of the data, a combination of both user and application key is required.
Following this pattern, each user will have access to a very limited subset of the data (presumably, the data that they require for their own specific use), and you can put measures in place to enforce this. Any attempts at data-mining will become obvious.
This type of approach meshes well with capability-type security models on the server side.

Selling software online

I am developing software which I want to sell online. The typical pay the vender, get a digital key that unlocks the application scenario.
I've never set this up before, does anyone have any info on good service providers, and things I need to know when setting this up?
Microsoft uses digital river, maybe check them out?
You can checkout a typical license acquisition flow using FastSpring
FastSpring / NetLicensing flow
This combines FastSpring e-Commerce and NetLicensing license management.
You did not say what language you are planning on using, but this is a great solution for a .net compiled language:
http://xheo.com/products/copy-protection
It provides two key features. First the ability to automatically generate your licenses based on many different ecommerce solutions so you don't have to keep paying a 3rd party a % for it. Second, it offers code protection to prevent people from using Reflection on your software to crack it / steal your intellectual rights. (note i said prevent, not completely stop)
I'm using FastSpring, you give them binary file and keys, and you setup your account to send an email that contains these two informations. you can tell them what you want and they will do it for you

How would you go about making an application that automatically retrieves your bank account balance twice a day?

I'm building a utility that will hopefully keep my wife in tune with how much money we have available.
I need a simple secure way of logging into my bank account and retrieving the balance.
Something like mechanize is the only method I can think of. I'm not even sure if that would work given the properly authenticated https that banks use.
Any ideas?
Write a perl script using LWP::UserAgent. It supports HTTPS connections. The only issue might be if the site requires javascript.
Web Client Programming with Perl has a few examples to get you started if you're not too familiar with perl.
If you really want to go there, get these extensions for Firefox: Live HTTP Headers, Firebug, FireCookie, and HttpFox. Also download cURL and a scripting language that can run cURL command-line tasks (or a scripting language like PHP or Perl that has access to cURL libraries directly).
I've started down this road for some idempotent GET tasks like getting PDFs of the S&P reports (of the stocks I track) from my online brokerage, and downloading the check images for my bank account. Both tasks are repetitive and slow ways of downloading data to my computer that the financial institutions don't provide any way of making it easier.
Here's why you shouldn't: (as a shortcut I'm going to call the archetypal large bank, brokerage, or other financial institution "BloatBank")
BloatBank is not likely to make public their API for accessing this kind of information. So it can change any time and all your hard work will be for naught. Whenever they change their mechanism, you'll have to adapt.
If BloatBank finds out you've been using automatic scripting to try to access your account information, they may ban you because you've violated their terms of service.
You might screw up, and the interaction between the hodgepodge of scripts on BloatBank's server, and your scripts that access your account, might cause a Bad Thing like closing your account. Testing this kind of script is tremendously difficult because you don't have any documentation about how their online service works, and you don't have a test account you can mess with.
(a variant of the above) You think you're safe because you're issuing GET requests. But BloatBank is just a crazy bank that doesn't know anything about REST, so there are some GET requests that can mess up your account.
If someone else does use your script to maliciously sniff your online password or mess with your account, any liability coverage from BloatBank may disappear because you've opened a security hole.
Why don't you teach your wife how to login to the bank herself? Or use Quicken (or Mint, etc) and teach her how to use the auto-download feature?
Have you checked out Watir? It is fantastic for automating web-browser actions. And since it's written in Ruby, you can take the results and store them in a DB (or email them to yourself) if needed.
If you are open to AIR, I'd say build an AIR app. I have worked with mechanize and I think it's cool. AIR gives you similar features with a richer GUI (see HTMLLoader and DOM manipulation of webpage).
If I were you, I'd simply pull the page and manipulate the DOM to suit my visual needs.
Please, if you find this easy to do for your bank please post your bank's name. If I have the same one I'll be closing my account.
More to your question. The process of loading a web page inside of your code rather than in a browser can be a black art, especially if their is any javascript involved. Your best bet would probably be embedding the IE Web Browser control in your app and then simulating key strokes and mouse clicks to arrive at your balance page. Then scrape the HTML for the balance.
I could try paying for Quicken and letting it do the balance downloading. Then I'd just need to find a way to get the number out of the software automatically.
This way I'm not violating any terms of service and I'm also reducing security risk since all "hacking" goes on locally.