Open Banking, Under the Hood

When you connect your bank account in Flatly, several important things do not happen:

– We never see your banking password.

– We never store your credentials.

– We never hold or move your money ourselves.

Instead, here’s what’s going on behind the scenes.

Step 1 – Redirect to Your Bank via BlinkPay

Tapping “Connect Bank” takes you out of Flatly entirely. BlinkPay, our Open Banking partner, handles the secure redirect using industry-standard OAuth 2.0 and OpenID Connect flows. There’s no embedded browser or fake login screen—your authentication happens only inside your own bank’s environment.

Step 2 – Authenticate Within Your Bank

You log in using whatever your bank requires—biometrics, MFA, or app-based confirmation. Credentials stay between you and your bank; neither Flatly nor BlinkPay ever see or store them.

Step 3 – Granular Consent Authorisation

After authentication, your bank presents a regulated consent screen describing exactly what Flatly (through BlinkPay) is requesting—perhaps access to account balances or the ability to initiate payments on your behalf.

This consent is:

– Explicit — you approve it directly at your bank.

– Scoped — it’s limited to defined data or actions.

– Time-bound — it expires when you want it to.

You can revoke it at any point directly in your bank app.

Step 4 – Tokenised Access, Never Credentials

Once consent is granted, your bank issues short-lived, encrypted access tokens to BlinkPay. These tokens are exchanged with Flatly through secure APIs, not raw credentials.

The data we receive is limited to:

– balance and transaction confirmations,

– status of initiated payments, and

– authorised identifiers required for reconciliation.

What we do not receive: passwords, full login sessions, or any ability to move funds without both your permisison/authorisation and an active consent.

Step 5 – Payments Between Flatmates

When your flat’s rent or shared expense is due, Flatly calculates who owes what. Once you confirm the transfer, Flatly instructs BlinkPay to initiate the payment using those same consented APIs.

From there:

– BlinkPay securely passes the instruction to your bank.

– Your bank executes the transfer directly.

– Confirmation flows back through BlinkPay → Flatly.

Funds move bank-to-bank, never held by Flatly. We simply coordinate logic, permissions, and reconciliation. The actual money movement remains with your bank—the regulated custodian.

Why This Architecture Matters

Traditional money-handling apps often store credentials or pool user funds. Open Banking eliminates that middle layer of trust.

With Flatly:

– Your credentials stay with your bank.

– Your money stays in your account until the bank moves it.

– Your consent controls every access and payment scope.

Flatly provides the orchestration layer; banks provide the execution layer. Together, that’s shared finance infrastructure built on regulated APIs rather than shared trust.

— Team Flatly