What is Open Banking?

Open Banking is a regulatory framework enabling bank data to be shared securely with licensed third-party providers (TPPs) via APIs. In Turkey, TCMB GEÇİT governs this; in Europe, PSD2/PSD3 directives apply.

How does a fintech access the TCMB GEÇİT Open Banking API in Turkey?

A YÖS (Innovative Payment Service Provider) or HHS (Account Service Provider) authorization from TCMB is required. io40 provides the technical infrastructure and application documentation support.

How quickly can open banking integration be completed?

With io40's pre-built TCMB GEÇİT and Berlin Group adapter libraries, a basic integration can be completed in 2–4 weeks. Full-scale project timelines vary.

Is the platform compliant with GDPR and Turkish KVKK data protection laws?

Yes. Consent management, data minimization, and deletion request handling are built into the platform natively, covering both GDPR and KVKK requirements.

Open Banking Solutions

Strengthen Your Financial Infrastructure with Open Banking

Integrate ASPSP (Account Servicing Payment Service Provider) and PISP (Payment Initiation Service Provider) API bridges in TCMB (GEÇİT) and European (PSD2 / Berlin Group) standards into your application today with io40 API.

Open Banking API Types

AISP — Account Information Services

Customer-consented access to bank account data:

Real-time and historical account balances
Transaction history (12–24 months)
Account metadata (IBAN, currency, account type)
Multi-bank, single-pane view

Use cases:

Personal finance management (PFM) apps
Corporate cash management dashboards
Credit scoring and financial analytics
Automated bookkeeping integration

PISP — Payment Initiation Services

Initiate payments directly from customer bank accounts:

“Pay by Bank” instant payment flow
Lower-cost alternative to card payments (no interchange)
FAST / SEPA Instant payment initiation
Standing order and recurring payment mandates

Use cases:

E-commerce checkout alternative
Invoice payment automation
B2B supplier payments
Subscription billing

Turkey: TCMB GEÇİT Integration

Turkey’s Central Bank (TCMB) GEÇİT infrastructure has been live since 2023. io40 provides ready-to-use adapter layers:

YÖS (Innovative Payment Service Provider)

Authorization enabling fintechs to access bank APIs
Payment initiation, account information, and consent services
Technical infrastructure support for TCMB application process

HHS (Account Service Provider)

Mandatory API exposure obligation for banks
io40 provides HHS API testing and integration infrastructure for bank clients

Europe: PSD2 / Berlin Group

For institutions targeting European markets or working with European banks:

Berlin Group NextGenPSD2 standard compliance
Single adapter integration across all EU member state banks
SCA (Strong Customer Authentication) / OAuth2 identity flows
eIDAS certificate support (QWAC, QSealC)

Technical Architecture

io40’s Open Banking Hub operates in three layers:

[Your Application]
      ↓ REST API
[io40 Open Banking Hub]
  ├── Turkey Adapter   (TCMB GEÇİT)
  ├── Europe Adapter   (Berlin Group / PSD2)
  └── Unified Data Model
      ↓
[Bank APIs]

Unified Data Model: Normalizes bank-specific formats into a single standard response
OAuth2 / OpenID Connect: Customer consent lifecycle management
Webhooks: Real-time balance change and transaction notifications

Security & Compliance

TLS 1.3 encrypted API communication
Short-lived Access Tokens: 15-minute validity
Refresh Token rotation: Long-lived secure access
KVKK/GDPR compliance: Customer consent records and deletion request management
Audit Log: Every API call is logged and queryable

Start your open banking integration →