Unlocking Financial Innovation: A Complete Guide to Our Open Banking APIs

The financial services industry is experiencing a digital transformation, and we at BCB (Bermuda Commercial Bank) are proud to be at the forefront of this evolution with our comprehensive Open Banking API platform - the first of its kind in Bermuda. Designed for developers who want to build powerful financial applications, our APIs offer secure, RESTful endpoints that provide access to essential banking functions while maintaining the highest security standards.

What Makes Our Open Banking APIs Stand Out?

Our API platform is built with developers in mind, offering a robust set of tools that enable the creation of sophisticated financial applications. As Bermuda's first Open Banking API platform, we're pioneering digital financial services in the region by combining enterprise-grade security with developer-friendly documentation and comprehensive functionality. This makes our platform an ideal choice for fintech startups, established financial institutions, and developers looking to integrate banking capabilities into their applications.

Our APIs are designed around REST principles, ensuring they're intuitive to use and integrate seamlessly with modern development workflows. Whether you're building a personal finance app, a corporate treasury management system, or a payment processing solution, our APIs provide the building blocks you need.

Core API Capabilities

Account Management and Information

The foundation of any financial application is access to account information. Our APIs excel in this area with two key endpoints:

‍

Account Details API (/v1/accounts/{accountNumber}) provides comprehensive information about specific accounts, including current balances, ownership details, and account attributes. This endpoint is perfect for building dashboard views or account summary features in your application.

‍

List Accounts API (/v1/accounts) gives you access to all accounts associated with an authenticated user's profile. This is essential for applications that need to provide users with an overview of their financial portfolio or allow them to select from multiple accounts.

Money Movement and Transfers

Our transfer capabilities are split into two powerful APIs:

‍

Internal Transfers API (/v1/internal-transfers) enables secure movement of funds between accounts belonging to the same customer. This endpoint supports idempotency to prevent duplicate transactions and includes comprehensive validation to ensure transfers are processed safely. It's ideal for applications that need to support savings goals, bill pay functionality, or general account-to-account transfers.

‍

SWIFT Payments API (/v1/payments/swift) takes your application global by enabling international wire transfers via the SWIFT network. This endpoint includes comprehensive payment details, beneficiary information, and support for intermediary agents. It handles complex international payment scenarios, currency conversion, and detailed settlement information, making it suitable for business applications that need to handle international transactions.

Foreign Exchange Services

Our FX Quotes API (/v1/fx-quotes) provides real-time foreign exchange rates for currency conversion between any supported currency pairs. This service automatically integrates with internal transfers and SWIFT payments, applying quoted rates when transactions involve different currencies. For high-value exchanges exceeding 100,000 BMD equivalent, requests are routed to our treasury desk for manual processing to secure the most competitive rates available.

Transaction History and Analytics

Understanding transaction patterns is crucial for most financial applications. The Transactions API (/v1/accounts/{accountNumber}/transactions) provides access to detailed transaction history with sophisticated filtering and pagination support. The API can return up to 1,000 records per request and supports date range filtering with a maximum range of one year. A key feature is our globally unique transaction ID system - the same ID appears across both debit and credit entries for internal transfers, making reconciliation straightforward while maintaining complete audit trails.

Payment Status and Tracking

Payment transparency is essential for user experience and compliance. We provide two endpoints for comprehensive payment tracking:

‍

Payment Status API (/v1/payments/{paymentId}/status) offers detailed status information for specific payments, allowing your application to provide real-time updates to users about their transaction progress including processing status, settlement details, and any applicable charges.

‍

List Payment Statuses API (/v1/accounts/{accountNumber}/payments) provides a comprehensive view of all payments associated with an account, perfect for building payment history views or reconciliation tools with full pagination support for handling large payment datasets.

API Client Management

We provide sophisticated credential management capabilities:

‍

Credentials API (/v1/credentials) enables programmatic management of API client credentials including creation of new credentials that inherit permissions from existing clients, secret rotation (PATCH /v1/credentials/{clientId}) for security maintenance, client deactivation (DELETE /v1/credentials/{clientId}), and permission auditing (/v1/credentials/{clientId}/permissions). All operations include comprehensive IP restriction management and immediate token revocation for enhanced security.

Security is paramount in financial applications, and our authentication system reflects this priority. The platform uses JWT-based authentication with several security features:

• 40-minute token validity ensures that tokens don't remain active indefinitely, reducing security risk
• IP restrictions add an additional layer of security by limiting where authenticated requests can originate
• OAuth 2.0 compliance ensures the authentication flow follows industry standards
• Granular permission system with feature-specific permissions embedded in JWT tokens
• Automatic credential management including secret rotation and immediate token revocation

‍

The Authentication API (/auth/token) makes it straightforward to generate secure JWT tokens for API access, with clear documentation to guide implementation.

Developer Experience Features

Flexible Response Formats

Our APIs support both JSON and CSV response formats, using standard HTTP Accept headers. This flexibility means you can choose the format that best fits your application's needs - JSON for web applications and mobile apps, or CSV for data analysis and reporting tools.

Comprehensive Rate Limiting

The platform includes thoughtful rate limiting to ensure fair usage while maintaining performance. The rate limiting is designed to accommodate legitimate use cases while preventing abuse.

Advanced Pagination

All list endpoints use cursor-based pagination with server-side result-set management for optimal performance when handling large datasets. The pagination system supports customizable page sizes (up to 1,000 records) and maintains pagination context through secure page tokens.

Idempotency Support

Critical operations like payments and transfers support idempotency through UUID-based headers, preventing duplicate transactions and ensuring safe retry operations in distributed systems.

Extensive Documentation

Each endpoint comes with comprehensive documentation that includes request/response examples, parameter descriptions, and integration guides. This reduces development time and helps ensure successful implementations.

Getting Started: A Simple Three-Step Process

BCB has streamlined the onboarding process into three simple steps:

1. Apply for API Access: Complete our straightforward application form to request access to the APIs
2. Authenticate: Generate your JWT token using the OAuth 2.0 flow
3. Make API Calls: Start integrating the comprehensive endpoints into your application

This streamlined approach means you can go from idea to implementation quickly, without getting bogged down in complex onboarding procedures. Our average time from requesting an API key to going live in 5 days.

‍