Add open-banking.io as a native data provider#1330
Conversation
open-banking.io (https://open-banking.io) is an affordable, certificate-free EU open banking API. This adds it as a first-class Data Importer provider (flow key "obio"), a fit for users affected by GoCardless shifting away from Bank Account Data. The provider is credential-based (an exported credentials.json bundle: API key + private key), modelled on the Lunch Flow provider. API responses are zero-knowledge encrypted and decrypted locally with the user's private key (ECDH P-256 -> HKDF- SHA256 -> AES-256-GCM); the decryptor is ported in-tree from the official open-banking.io PHP client so no new Composer runtime dependency is added. Transactions map onto Firefly III with external_id de-duplication, IBAN-based transfer detection (guarded against A->A self-transfers), API pagination and per-record decrypt resilience. Includes unit tests (crypto wire-format interop against shared vectors, Guzzle- mocked Request decryption + pagination, transfer-guard) and a fake_data feature test. Disclosure: I maintain open-banking.io. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
|
Tick the box to add this pull request to the merge queue (same as
|
|
Hi there! This is an automated reply. You triggered an automated reply, because it seems you removed or changed the AI assistance disclosure from the PR template. Without a valid disclosure, your PR cannot be processed. Even if you did not use AI, this disclosure must be present. Please reply to your PR and explain your use of AI in any or all of the following areas:
There cannot be interaction with your PR without this disclosure. If the disclosure is present but the bot did not pick up on it, please accept my apologies for the intrusion. Contrary to other bots, this one is just a simple `bash` script and it may be wrong. |
|
Thanks — and apologies: I replaced the template with my own description and dropped the AI usage disclosure, which tripped the bot. I've restored it in the PR description with all four boxes checked, honestly:
I also noticed the template asks contributors to talk to you first before adding a new third-party provider / for PRs over 25 lines — sorry for jumping ahead. Please treat this purely as a complete, tested starting point. I maintain open-banking.io and I'm glad to do this however you prefer: review it, hand it over, or move to a discussion/email — and I can give you a staging account + a test |
Reference issues and PRs
Addresses the recurring request for a GoCardless/Nordigen automated-import alternative (e.g. discussion firefly-iii/firefly-iii#11875). Matching docs PR: firefly-iii/docs#247.
What does this implement/fix? Explain your changes.
Adds open-banking.io as a native Data Importer provider (flow key
obio), alongside GoCardless, Enable Banking, SimpleFIN and Lunch Flow.open-banking.io is an affordable, certificate-free open-banking API covering the EEA and the UK (2,600+ banks). It's a fit for the seat GoCardless is vacating ("shifting away from their Bank Account Data products") — self-hosters who can no longer open new GoCardless accounts can point Firefly III at open-banking.io instead.
How it works
credentials.jsonbundle (API key + a private key) and pastes it on the authenticate screen. Modelled on the Lunch Flow provider (conversion_before_mapping), so it reuses the generic account-selection + date-range configure steps.ECDH P-256 → HKDF-SHA256 → AES-256-GCM). The decryptor (App\Services\OpenBankingIo\Crypto\Envelope) is ported in-tree from the official open-banking.io PHP client, so there is no new Composer runtime dependency (usesext-openssl, already required).external_idde-duplication;creditDebitIndicatorsets deposit/withdrawal; a counterparty IBAN matching one of the user's other asset accounts becomes a transfer (guarded againstsource == destination). The statement is paged (offset loop + safety cap), and a record that fails to decrypt or has an unusable direction/amount is skipped with a warning rather than aborting the import.Surface: new module
app/Services/OpenBankingIo/**, newconfig/obio.php, registered inconfig/importer.php, and wired into the flow like the existing providers (ConversionRoutineFactory, ImportJobRepository, ImportServiceAccount, CollectsAccounts, MergesAccountLists, Configuration, the authenticate/service/validation/upload/configure/map controllers, theflowenum inresources/schemas/v3.json, and theenlanguage strings).Tests: crypto wire-format interop (
EnvelopeTest); the realencfixtures through the actual Request classes with mocked HTTP, covering decryption, pagination and skip-bad-record (RequestDecryptionTest); the transfer/self-transfer guard (GenerateTransactionsTest); and thefake_datademo flow (DemoModeTest). PHPStan (.ci/phpstan.neon) and php-cs-fixer are clean; phpmd is advisory-clean. Verified end-to-end against a live staging environment: a real 262-transaction account imported into a real Firefly III, pagination exercised,external_idde-dup confirmed on re-run.AI usage disclosure
I used AI assistance for:
This PR was written with heavy AI assistance (Claude), directed and reviewed by me. It follows the existing Lunch Flow provider's structure, ships with the tests described above, and I verified it end-to-end against a live open-banking.io staging environment before submitting.
Any other comments?
Disclosure: I maintain open-banking.io. I'm happy to do this however works best for you — treat it purely as a reviewable starting point, hand it over entirely, or move the conversation to a discussion/email. I can provide a staging account + a test
credentials.jsonwith a connected bank so you can review against real (decrypted) data end to end.@JC5