A consented feed from Triodos can carry current-account balances, every transaction, and card spend — but only for 90 days before the customer has to approve it again (per Triodos's Open Banking pages). That renewal window, more than the data itself, shapes most of the work here.
The dependable way in is FCA Open Banking account-information access, granted by the customer, returning the structured account data a third party would want to mirror. The richer in-app material — Triodos's Insights spending categories, the impact views on savings and investments — sits behind the app's own session, reachable by authorized interface integration against a consenting account. We build and hand over the running code for both.
What the Triodos app holds
Each row below maps a real surface of the app to where it originates and what an integrator does with it. The current-account rows come through account-information access; the Insights and impact rows live in the app session.
| Data domain | Where it shows in the app | Granularity | Integrator use |
|---|---|---|---|
| Account balances | Account list — “check your balance” | Per account, current value | Dashboards, low-balance triggers |
| Transactions | “View all of your transactions” | Per line: amount, date, counterparty | Ledger sync, reconciliation |
| Card spend | Insights — card information and card transactions | Per card transaction | Spend analytics, merchant enrichment |
| Spending categories | Insights (Utilities, Groceries, Travel) | Categorised income vs expense over time | Budgeting, cashflow models |
| Savings & investment impact | “personalised impact of your savings and investments” | Per fund / per holding view | Portfolio and ESG-impact reporting |
| Payments & transfers | “make payments and transfer money” | Per payment, passcode auth up to £20,000 | Payment initiation where in scope |
Insights is Triodos's own analysis layer: it reads balances, transactions, card information and card transactions and sorts the spend into named categories (per Triodos). Treat that as the high-value target — it is not exposed by the plain account-information feed.
Ways in, and which one carries the load
Three authorized routes apply to this app. They differ in what they reach and how much upkeep they take.
1 · Regulated account-information access (the backbone)
Under the UK's Payment Services Regulations 2017, an FCA-authorised Account Information Service Provider can read a customer's balances and transaction detail once they consent (regulation 33). Reachable: balances, transactions, standing orders, direct debits and beneficiaries on the current account. Durable — it is a regulated interface, not a moving target. Onboarding through an authorised AISP, or working under a client's existing AISP permissions, is arranged with you as part of the build. This is what we run as the primary feed.
2 · Authorized interface integration of the app session
Insights categorisation and the savings-and-investment impact views do not come down the account-information pipe. We reach them by analysing the app's own authorized traffic against a consenting account — more effort, and it tracks app releases, but it is the only way to mirror the impact data and the categorised spend the way customers see it.
3 · User-consented session access (fallback)
Where a one-off pull is all that is needed, a user-consented session can capture the same surfaces without a standing AISP connection. Lower setup, less suited to a continuous sync.
For most briefs the answer is a pairing: account-information access for the everyday ledger, with route 2 layered on only for Insights and impact. We say which split fits once we see what you need from the data.
What lands at handover
The headline deliverable is code that runs, not a folder of documents:
- A runnable client in Python and Node.js for the consented endpoints — accounts, balances, transactions — with the consent grant and renewal handled in code.
- A reconciliation worker that maintains a local mirror against the 90-day window, pulling deltas by booking date and flagging balance drift.
- An automated test suite over recorded consent and transaction fixtures, so a changed field or header is caught before it reaches your live feed.
- Webhook / event handler scaffolding for the Open Banking notification surface where Triodos supports it.
- Secondary, but included: an OpenAPI description of the surfaces we wrap, an auth-flow note covering the OAuth consent token and the SCA handshake, and a short data-retention memo.
A consented pull, in code
Illustrative shape of the account-information path and the reconciliation loop. Exact endpoint paths and headers are confirmed during the build, against a consenting Triodos Personal Current Account.
# FCA Open Banking AIS — read path under a customer's consent (reg. 33)
# 1. Exchange the granted AIS consent for an access token
POST {aspsp}/token
grant_type=client_credentials scope=accounts
-> access_token, expires_in
# 2. List the accounts the customer consented to
GET {aspsp}/open-banking/v3.1/aisp/accounts
Authorization: Bearer {access_token}
x-fapi-interaction-id: {uuid}
-> [{ AccountId, Currency, AccountType, Nickname }]
# 3. Page transactions; cursor = last seen booking time
GET {aspsp}/.../accounts/{AccountId}/transactions
?fromBookingDateTime={cursor}
-> { Transaction[], Links.Next }
# 4. Reconcile, then watch the consent clock
for tx in page.Transaction:
upsert(local_ledger, key=tx.TransactionId)
cursor = max(tx.BookingDateTime for tx in page.Transaction)
if consent.age_days >= 83: # 90-day cap — start renewal early
queue_reauth(consent.id)
Normalizing the records
We flatten the Open Banking shapes into a small, stable schema so your side does not carry Triodos-specific field names. Two of the core records:
// account — normalized from the AIS /accounts response
{
"account_id": "string", // AccountId
"type": "current|online_saver|online_saver_plus",
"currency": "GBP",
"display_name": "string", // Nickname
"balance": { "amount": "0.00", "as_of": "ISO-8601" }
}
// transaction
{
"tx_id": "string", // TransactionId (primary key)
"account_id": "string",
"booked_at": "ISO-8601", // BookingDateTime — the sync cursor
"amount": "-12.34",
"counterparty": "string",
"category": "groceries|utilities|travel|...", // mirrors Insights buckets
"source": "aisp|app_session"
}
Keeping the mirror current
Triodos caps a single open-banking consent at 90 days; after that the customer re-authorises or the feed stops (per Triodos). The sync we build treats that clock as a first-class object. Each consent carries its grant date, the worker pulls deltas by booking time between renewals, and a re-authorisation prompt is queued roughly a week before the cap, so a live integration carries through renewals rather than blanking out.
Balances get a second check. The running total we hold is compared against the balance the account-information endpoint returns on each pass, and any drift is flagged for a fuller re-pull instead of being left to compound. That keeps a long-lived mirror honest without re-fetching the whole history every night.
Consent, the FCA, and where UK open finance is heading
Access rests on the customer's explicit consent, not on anything we assert about Triodos. The Payment Services Regulations 2017 — the rules that carried PSD2 into UK law — let an FCA-authorised AISP read account data once the customer approves it, for a one-off pull or continuous access of up to 90 days (per Triodos and the FCA). Triodos Bank UK is listed as a regulated provider on the Open Banking directory, and Moneyhub was among the first third parties to connect to it, back in 2021 (per Moneyhub). Strong Customer Authentication still gates each grant — biometrics or passcode in the app, a QR-code handshake for Internet Banking.
Where this is heading is set out in the FCA's Open Finance Roadmap, published 14 April 2026, which maps a path to 2030 for data sharing beyond payment accounts, with SME lending and mortgages named as the first use cases (per the FCA). The Data (Use and Access) Act 2025 gives the Smart Data schemes their legal footing, and a discussion paper on the first open finance scheme is due later in 2026. None of that is settled rule yet, so the integration we ship today rides the consent basis that already works, and is built to extend when the open finance schemes arrive.
What we plan around
Two things about this app drive design decisions, and we handle both rather than hand them back to you.
Account coverage is not uniform
The app serves Personal Current Account holders plus Online Saver and Online Saver Plus customers who opened through it — not business accounts (per the app's description and Triodos's help pages). Account-information access returns the current-account balances and transaction detail cleanly; the savings and investment impact views sit deeper in the app session. We scope the feed per account type, so a savings-only customer and a current-account customer each get the surfaces that actually apply to them.
Authentication and data residency
SCA gates every consent — biometric or passcode in the app, a QR handshake when the app authorises an Internet Banking session — so the re-authorisation step is part of the worker, and onboarding to a consenting account or a sponsor sandbox is set up with you while we build. Insights data is third-party-held and stored within Europe (per Triodos); we keep the normalized store data-minimised, scoped to the consenting customer, with consent and access logs retained under UK GDPR, and the studio works under NDA where a build touches live account data.
Adjacent UK banking and savings apps
If Triodos is one node in a multi-bank picture, these are the names that tend to show up alongside it. The integration approach is the same consent route across them.
- Co-operative Bank — current accounts, savings and cards from a UK bank with a long-standing ethical policy; its app exposes the same balance-and-transaction shape over Open Banking.
- Nationwide Building Society — the UK's largest building society; member current accounts and savings read through the same FCA consent route.
- Starling Bank — app-only UK current accounts with detailed transaction and card data, a common node in any multi-bank sync.
- Tandem Bank — a digital savings-and-lending challenger positioned on green finance; account data reachable under the same consent regime.
- Charity Bank — savings that fund charities and social enterprises; holds deposit and statement records rather than current-account flows.
- Ecology Building Society — savings accounts and sustainable-housing mortgages; balances and statements an integrator would pull for a full picture.
- Wise — multi-currency balances and cross-border transfers, transaction data often reconciled alongside a primary UK bank.
What the app screens show
Store screenshots, opened to confirm the surfaces named above. Tap to enlarge.
Questions integrators ask about Triodos
Which Triodos accounts can a consented feed cover?
The app serves Personal Current Account customers and Online Saver or Online Saver Plus customers who opened through it, not business accounts (per the app's description). Account-information access returns current-account balances and full transaction detail; the savings and investment impact views are richer inside the app session, and we reach those by authorized interface integration against a consenting account.
How does Triodos's 90-day consent window affect a long-running sync?
A single consent lasts up to 90 days before the customer must re-authorise (per Triodos). The sync we build tracks each consent's grant date, pulls transaction deltas by booking time between renewals, and queues the re-authorisation prompt before the window closes, so the feed keeps running across renewals instead of expiring quietly.
What is in the Insights data, and can you mirror its categories?
Insights analyses account balances, transactions, card information and card transactions, sorting spend into categories such as Utilities, Groceries and Travel (per Triodos). We map those buckets into the normalized transaction schema we deliver, so your side keeps the same categorisation; the underlying Insights data is third-party-held and stored within Europe, which we account for in retention and scope.
Do you integrate against the Open Banking interface or the app itself?
Both, depending on what you need. The FCA Open Banking account-information interface is the backbone for balances, transactions and standing orders; the app session is where Insights and the savings-and-investment impact views live, reached by authorized interface integration under the customer's consent. We usually run the consent route as the primary feed and add the app-session work only for the surfaces it does not carry.
What this draws on
Checked in early June 2026 against Triodos's own help and Open Banking pages, the UK Open Banking provider directory, and the FCA's open finance material. The account types, Insights contents, SCA mechanics and the 90-day consent cap come from Triodos; the regulatory framing and forward-looking roadmap from the FCA and the Open Banking directory.
- Triodos Bank — Open Banking (consent, 90-day window)
- Triodos Bank — mobile app help (Insights, features)
- Open Banking directory — Triodos Bank UK Limited
- FCA — Open Finance Roadmap (April 2026)
Compiled by OpenFinance Lab — Triodos interface assessment, 8 June 2026.
Triodos Bank UK — app profile
Developer: Triodos Bank UK Ltd. Package id com.triodos.bankinguk (per its Google Play listing). Platforms: iOS 15 or higher, Android 7.0 or higher (per Triodos). Accounts served by the app: Personal Current Account, Online Saver, Online Saver Plus (opened through the app); not currently business accounts. Registered office Deanery Road, Bristol BS1 5AS; registered in England and Wales no. 11379025; FRN 183366; authorised by the Prudential Regulation Authority and regulated by the FCA and PRA (per the app's own regulatory notice). Triodos positions itself as a sustainable bank and the app surfaces the impact of savings and investments alongside everyday banking.
Triodos work runs on the same terms as the rest of the desk. We can hand over runnable source for the consented endpoints from $300, billed only after delivery once it is working for you — or stand the same logic up as a hosted endpoint you call and pay per request, with nothing upfront. A first build lands in one to two weeks. Tell us what you need from Triodos data and we will scope it: start a brief at /contact.html.