Yapily FAQs

A range of frequently asked questions and answers.

What API specifications do Yapily APIs follow?

Yapily operates as an Open Banking gateway to connect with banks which support Open Banking different standards across UKI and Europe. In order to provide the best experience for our customers, Yapily provides its own specification abstracting the nuances of each specification and normalising the data sent and received to and from an Institution.

How visible is Yapily to the end consumer?

As an Open Banking gateway, Yapily does not enforce any UI on its customers. Yapily provides some consent guidelines to guide its SafeConnect customers to prevent authorisation drop-off. Other than this, Yapily's goal is to remain invisible and to allow its clients to push their brand. For customers who have their own Open Banking licenses, Yapily is completely invisible in the entire journey whereas customers using our SafeConnect licenses will be briefly redirected to Yapily's auth service to handle the response from the Institution.

Does Yapily store any customer data?

As an Open Banking gateway, Yapily does not store or resell any PSU information. The exception to this is for our customers using our SafeConnect license where an audit must be kept.

Can I use Yapily without being regulated?

There are several options for using Yapily APIs without having the required Open Banking licenses:

  • Use a preconfigured sandbox - If you want to test our APIs, we offer pre-configured sandboxes which allow you to develop your applications with sample data with a few minutes of setup.
  • Use Yapily's regulated entity (SafeConnect) - SafeConnect is Yapily's subsidiary which is regulated as both an AISP and PISP.

One advantage of using either approach is that the developer experience is homogenous across live and sandbox testing. Many of our customers have a least one dedicated live Yapily application with only live integrations and others dedicated purely to testing using sandboxes. This trivialises the switching from sandbox to live environments.

Get in contact with our team for more information.

How do I get access to live Institutions?

Once a live agreement has been signed:

  • If regulated as an AISP/PISP, Yapily will guide you through the registration process for each type of Institution available on the platform
  • If using Yapily's regulated entity (SafeConnect), Yapily will configure and provide access to each Institution to your team

What security precautions does Yapily implement?

  • Sensitive data encrypted in transit and at REST
  • Cryptographic encryption for logs, messages and sensitive fields in the database kept in Google Cloud and AWS KMS
  • Optional support for MTLS if requested
  • Encrypted application secrets with restricted access to the application owner
  • Vault for securely storing Open Banking certificates

How do I raise an issue?

Please check Yapily's support guide