It's encouraging to see Plaid making this level of effort to be accurate. It seems like it could be a viable alternative to Mint using something like <a href="https://github.com/yyx990803/build-your-own-mint" rel="nofollow">https://github.com/yyx990803/build-your-own-mint</a> (written by the author of Vue.js).<p>It's scary to think what would happen if one of these services (Mint, Personal Capital, Plaid) had a backend data breach. If they can log in to your financial sites, a breach would mean the attacker would be able to as well.
This mostly seems to be required because banks don't provide usable data properly. There should be a way to tie together authorisations and finalized transactions. Any API/interface that doesn't permit this is just broken.<p>Monzo's API includes a unique transaction ID as well as a timestamp to indicate when (if it has happened) the transaction 'settled'. The open banking APIs implemented by the CMA9 include a BookingDateTime and Status (Booked or Pending) and an immutable transaction ID. It's surely just common sense to do this.<p>Why is there no regulation to require banks expose a <i>usable</i> API in NA?
Reminder that most banks still don’t provide an oauth api for granting read only access to your account info, so we end up with scraping data and problems like this to solve. Plus there is a ton of completely unnecessary risk created here by forcing users to furnish full access credentials to their bank accounts. It’s beyond stupid.