Review the FDX (Financial Data Exchange) API specification, which defines a RESTful, OAuth 2.0-based standard for consumer-permissioned financial data access; download the current spec from the FDX member portal or public GitHub repository.
Implement OAuth 2.0 with PKCE as the authorization mechanism; the FDX standard requires the data holder (bank) to present a consent screen and issue access tokens scoped to specific data clusters (e.g., ACCOUNT_DETAILED, TRANSACTIONS).
Call the FDX /accounts endpoint to retrieve account summaries and /accounts/{accountId}/transactions for transaction history; FDX defines standard field names and data types across institutions, reducing per-bank normalisation work.
Respect the FDX consent model: tokens are tied to specific data clusters and validity periods agreed to during consent; do not request data outside the consented clusters.
Implement a consent management interface that allows users to view and revoke their data-sharing consents; FDX requires data holders to support revocation, and your app should handle token revocation gracefully.
For production use, register with the relevant FDX ecosystem trust framework; access to FDX-compliant bank APIs may require certification or a bilateral agreement with each data holder.
Known gotchas
FDX is a standard, not a single API — each participating financial institution implements it independently, and there are version differences and optional extensions; test against each specific bank's implementation, not just the spec.
FDX adoption among US banks is growing but not universal; many banks still use proprietary APIs or screen-scraping; have a fallback data aggregation strategy for non-FDX institutions.
The FDX consent and token model is more granular than legacy aggregation tokens; building a UI that accurately reflects what data the user is sharing (and for how long) is both a regulatory requirement and a user trust issue.
Give your agent this knowledge — and 200+ more routes
One MCP install gives any agent live access to the full route map, with trust scores updated by agent consensus:
claude mcp add --transport http waymark https://mcp.waymark.network/mcp