Banking has changed so much in the last ten years that it’s barely recognizable. The needs of personal users and businesses alike have drastically changed due to the proliferation of mobile technology, constant connectivity, and an increasingly globalized workplace. Customers don’t need to queue in a physical bank lobby anymore. Across the globe, challenger banks are becoming increasingly common in light of shifting needs.

Challenger banks are banks intended to be entirely digital. They offer customers greater choice and transparency over how their savings are used, as challenger banks tend to be less beholden to their shareholders. They also have reduced operating expenses due to not having to maintain as many physical spaces, offering the opportunity to pass these savings onto their customers in various ways.

The DACH region of Germany, Austria, and Switzerland have been avid adopters of every form of fintech, including challenger banks, in all manner of innovative ways. In this environment, APIs provide the infrastructure that enables this digital transformation. To give you some ideas of how DACH-based challenger banks are using APIs, we’ve analyzed seven different challenger banks and their API-first strategies.

7 Examples of How DACH-Based Challenger Banks Are Using APIs

1. N26

N26 is a German challenger bank that offers personal banking via a clean, slick mobile banking app. They provide tools for everything from managing savings to monitoring stocks, ETFs, and crypto holdings. They also offer an API for integration for third-party providers if they have a PISP license to use open banking.

Like most DACH-based challenger banks on our list, N26 follows the second Payment Services Directive APIs (PSD2) to ensure their financial transactions are transparent and secure. Only institutions licensed by a national regulatory authority, like the Bundesanstalt für Finanzdienstleistungsaufsicht (BaFin) in Germany, can access the N26 PSD2 interfaces, however. Users also need a qualified certificate (QWAC), which also grants access to N26’s dedicated API interface, which is configured to conform to the Berlin Group Implementation Guidelines version 1.3.6 using the 0Auth 2.0 standard for authorization. They also provide a sandbox for API testing.

2. Anadi Bank

Anadi Bank is an Austrian challenger bank. They provide personal banking services in addition to numerous corporate banking services. Like other DACH-based challenger banks, Anadi makes many services available via APIs, such as initiating a payment or accessing an account. APIs also allow users a comprehensive overview of different accounts and the ability to share data with third-party providers. Like all DACH-based challenger banks, Anadi’s APIs adhere to open banking regulations.

3. Bitwala

Bitwala is another challenger bank based in Germany. Unlike the other challenger banks on our list, which replicate traditional banking services in addition to their digital tools, Bitwala is designed for trading cryptocurrency. Towards this end, they partnered with Striga to use their API to provide secure financial transactions in over 30 countries.

4. Northmill

Stockholm’s Northmill combines traditional mobile banking services with several solutions designed for specific industries. Most impressively, Northmill offers extensive support for third-party providers via their RESTful API. They also use APIs innovatively, making their products even better, like their partnership with Twilio to improve customer experiences.

5. Holvi

Holvi is a challenger bank and fintech provider based out of Helsinki, operating in Germany and Austria. Like Northmill, they also provide traditional banking services, but they’re particularly geared towards freelancers, entrepreneurs, and small business owners. Their financial tools offer everything from invoicing to payment processing, making it a convenient solution for anyone looking for all of their financial tools in one platform.

Also like Northmill, Holvi easily integrates with third-party platforms via their API interface, allowing users to retrieve account information, send invoices, and initiate payments using a mixture of RESTful web APIs, PSD2, Electronic Banking Internet Communication Standard (EBICS), and Secure File Transfer Protocols (SFTPs). Holvi even offers credit and debit cards and real-time financial overviews.

6. Fidor

Established in 2009, Munich-based Fidor is one of the longest-running challenger banks in Germany. They’re also an official bank, as they have an official banking license and use their own custom-built software, making them one of the more secure DACH-based challenger banks we investigated. Fidor was acquired by Sopra Banking Solutions in 2021, but they’ve remained an independent entity that still maintains their own API.

7. Kontist

Kontist is a banking app based out of Germany that offers traditional banking services in addition to numerous specialized financial services. They provide a German IBAN, Mastercard, integration with accounting software like FastBill or Debitdoor, and deposit insurance. They also partnered with Solarisbank, who have a full banking license, offering the best of all worlds.

Kontist also offers some of the most robust API support of all the DACH-based challenger banks we surveyed. They have an API Playground for developers to experiment with the Kontist API. Kontist also boasts a GraphQL API, giving users greater control over their queries and data. There’s even an SDK, making the Kontist API one of the easiest challenger bank services for developers to engage with.

Final Thoughts on DACH-Based Challenger Banks

Legacy institutions like traditional banks aren’t necessarily set up to make the most of emerging technologies. Even if they thought to optimize their customers’ finances with an AI assistant, they might have decades, if not centuries, of precedent to contend with. Traditional banks might be unable to pivot as quickly as modern business requires. With more people seeking control and transparency over how their savings are managed and invested, it seems likely that we’ll see more challenger banks in the DACH area and other regions as time progresses.

This rapid growth brings its own challenges, though. The sudden surge in interest in open banking APIs doesn’t automatically guarantee all banks are following best security practices. While APIs are incredibly powerful, they can also be highly vulnerable.

Without the proper planning, API development can quickly get out of control. This can result in API sprawl and cause API endpoints to fall outside the scope of security requirements. Improper API governance can increase the risk of Broken Object Level Authorization (BOLA), which was named the #1 OWASP Security Risk in 2023, due to inconsistent security practices, improper API documentation, and lapses in security coverage.

Therefore, financial services will require strong customer identity and access management protocols to ensure they know not only who’s accessing the API but also what they’re accessing.