Mi Pass API & Open Finance Integration
Protocol analysis and Open Data integration for Banco de Chile and Banco Edwards | Citi: authorization flows, movements, balances, and payment APIs—compliant delivery under Chile’s Fintec Law
Connect Mi Pass–protected banking data to your systems
Mi Pass is Banco de Chile’s mobile authorization app: users authorize operations from their smartphone with a 6-digit PIN and bank-validated identity. It works across Banco de Chile, Banco Edwards | Citi, and BanChile Inversiones—transactions on mobile apps, bancochile.cl, Webpay, and document signing. In 2025 Banco de Chile launched ApiStore, an API platform that has already processed over $660 billion in payments and offers Movimientos y Saldos, Notificaciones, and Pagos APIs; Mi Pass is the authorization layer for these digital channels. We deliver protocol analysis and runnable API implementations so you can integrate authorization flows, account movements, balances, and payment notifications in line with Chile’s Open Finance System (SFA) and CMF regulations.
- Authorization and identity validation — Session and device binding, operation-type metadata for audit and compliance.
- Account movements and balances — Transaction history and balance data via ApiStore or aggregators (e.g. Floid) for reconciliation and reporting.
- Payment and transfer notifications — Real-time transfer and payment events for ERP, treasury, and dashboards.
Screenshots
Click any image to view full size.
Data available for integration
From protocol analysis and Banco de Chile’s ApiStore and open-banking aggregators, the following data types can be exposed or orchestrated. Mi Pass secures the authorization step for digital channels; account and transaction data is available via ApiStore (Movimientos y Saldos, Notificaciones, Pagos) or through aggregators such as Floid (products, balances, transactions, income). Granularity and use cases are indicative; actual scope depends on contract, consent, and CMF SFA rules.
| Data type | Source (screen / feature) | Granularity | Typical use |
|---|---|---|---|
| Authorization events | Mi Pass login, PIN validation, operation approval | Per event, operation type, device/session | Audit, compliance, fraud detection |
| Account movements | ApiStore Movimientos y Saldos; aggregator APIs | Per account, date range, transaction list | Reconciliation, reporting, ERP |
| Balances | ApiStore; Floid/Khipu product and balance endpoints | Per account, snapshot or real-time | Dashboards, treasury, risk |
| Transfer and payment notifications | ApiStore Notificaciones, Movimientos notificaciones | Per transfer/payment, real-time or batch | Treasury, ERP, cash-flow visibility |
| Payment initiation metadata | ApiStore Pagos, Abono en línea | Per payment/deposit, status, amount, date | Automation, audit trail, supplier payments |
| Product and identity (consent-based) | Aggregator APIs (e.g. Floid); Khipu Banco de Chile docs | Products, accounts, optional income/ID | Onboarding, affordability, Open Finance |
Typical integration scenarios
Corporate reconciliation and ERP
Companies using Banco de Chile for operations need movements and balances inside their ERP. We deliver an API layer that consumes ApiStore Movimientos y Saldos (with client ID/secret and Mi Pass–backed authorization where required), returning transaction lists and balance snapshots. Data maps to Open Finance: structured movements with date, amount, type, and account; you feed your reconciliation engine or general ledger. Consent and retention follow Chile’s SFA and your policies.
Real-time treasury and notifications
Treasury teams need immediate visibility of incoming and outgoing transfers. We implement webhook or polling consumption of ApiStore Notificaciones and Movimientos notificaciones so your system receives transfer and payment events in real time. Fields typically include amount, date, counterparty, and status—suitable for cash positioning and liquidity dashboards.
Payment and deposit automation
Automating payments to suppliers and deposits via ApiStore Pagos and Abono en línea reduces manual work and errors. We deliver request/response integration and error-handling patterns (e.g. idempotency, retries) so your back office can initiate payments and deposits programmatically, with full audit trails aligned with local regulations.
Open Banking aggregation (Floid-style)
Where direct ApiStore access is not in scope, aggregators like Floid provide standardized access to Banco de Chile accounts, transactions, and income data. We can implement or document the consent and API flow (products, balances, transactions) so your app offers a unified view across Banco de Chile and other Chilean banks (Santander Chile, Scotiabank, BCI, etc.) under the SFA.
Compliance and audit reporting
Banks and regulated entities need exportable authorization and transaction logs. Our protocol analysis documents Mi Pass authorization events and session handling; combined with ApiStore or aggregator data, you get a coherent trail for CMF and internal audit—always with explicit consent and minimal retention.
Technical implementation
Below are illustrative request/response shapes and auth flows. Actual endpoints and fields depend on ApiStore documentation and protocol analysis.
ApiStore auth (pseudo)
// ApiStore uses client_id + client_secret (pseudo)
POST /oauth/token
Content-Type: application/x-www-form-urlencoded
grant_type=client_credentials
&client_id=<CLIENT_ID>
&client_secret=<CLIENT_SECRET>
Response 200: { "access_token": "...", "expires_in": 3600 }
Response 401: { "error": "invalid_client" }
// Mi Pass / user auth may be required per product
Movimientos y Saldos (pseudo)
// Movements and balances (pseudo, ApiStore)
GET /api/movimientos-saldos?account_id=xxx&from=2025-01-01&to=2025-03-12
Authorization: Bearer <ACCESS_TOKEN>
Response: {
"account_id": "xxx", "balance": { "amount": 1234567, "currency": "CLP" },
"movements": [ { "date": "...", "amount": 1000, "type": "TRANSFER", "description": "..." } ]
}
Error 429: rate limit; retry with backoff
Webhook / notification (pseudo)
// Incoming transfer/payment notification (pseudo)
POST <YOUR_WEBHOOK_URL>
Content-Type: application/json
X-Signature: <HMAC or similar>
{
"event": "transfer.received",
"account_id": "xxx", "amount": 50000, "currency": "CLP",
"date": "2025-03-12T10:00:00Z", "counterparty": "..."
}
// Verify signature; respond 200 quickly; process async
Compliance and privacy
Chile’s Fintec Law (Law No. 21,521), enacted in January 2023, establishes the Open Finance System (SFA) under the Financial Market Commission (CMF). In July 2024 the CMF published NCG Nº514, regulating the SFA (perimeter, operation, security, information standards), with entry into force 24 months after publication. Data exchange requires customer consent; personal data must be explicitly authorized. We implement only authorized or publicly documented flows (ApiStore, aggregator APIs) and recommend consent records, minimal retention, and audit trails. Banco de Chile’s ApiStore and aggregators such as Floid operate within this framework; Mi Pass authorization aligns with the bank’s security standards for digital channels.
Data flow and architecture
A typical pipeline: (1) Your backend or client app obtains access via ApiStore (client credentials) or an aggregator (user consent and OAuth-like flow). (2) Mi Pass–backed user authorization may be required for certain operations (e.g. high-value or first-time). (3) Our delivered API layer handles token refresh, request signing, and optional webhook ingestion for notifications. (4) Data is stored in your environment and can feed ERP, treasury dashboards, or analytics. We do not store end-user credentials; you control retention and access.
Market positioning and user profile
Mi Pass serves individual and business customers of Banco de Chile, Banco Edwards | Citi, and BanChile Inversiones in Chile. It is the main mobile authorization method for digital operations—replacing physical DigiPass devices—and is used to authorize transactions on mobile apps, bancochile.cl, Webpay, and to sign BanChile Inversiones documents. In 2025 Banco de Chile expanded its digital offering (Cuenta Corriente Digital, Cuenta FAN growth to 2.4 million accounts, Banchile Pagos acquiring network), increasing the role of Mi Pass and ApiStore. Related players in the Chilean banking and auth space include Santander Chile (mobile app with biometrics), Scotiabank Chile (Scotia GO and KeyPass for transaction authorization), and Floid as an open-banking aggregator connecting Banco de Chile and other banks. Our integration work targets firms that need programmatic access to Banco de Chile data and authorization flows where ApiStore or aggregators are the conduit.
What we deliver
Deliverables
- API specification (OpenAPI / Swagger) for movements, balances, notifications, payments
- Protocol and auth flow analysis (Mi Pass, ApiStore client credentials, aggregator consent)
- Runnable API source code (Python / Node.js) for the agreed endpoints
- Test scripts and interface documentation
- Compliance notes (Chile Fintec Law, CMF SFA, consent, retention)
Key integration areas
Authorization protocol (Mi Pass), Movimientos y Saldos, Notificaciones and webhooks, Pagos and Abono en línea, and optional aggregator integration (e.g. Floid). We support Android and iOS protocol analysis and deliver source code you can host and extend.
About us
We are a technical service studio specializing in app interface integration and authorized API integration. We provide protocol analysis, interface refactoring, Open Data integration, and third-party interface integration, plus automated data scripting and interface documentation. Our team has years of experience in mobile and fintech; we serve global clients with compliant, professional solutions. Services start at $300, with an option to deliver results first and pay upon satisfaction.
- Banking and fintech: transaction records, statement queries, payment integration
- Compliant, lawful implementations to meet local and privacy requirements
- Android and iOS; ready-to-use API source code, docs, and test plans
Contact
For inquiries, quotes, or to submit your target app and requirements, please use the link below:
Process
- Confirm requirements: integration scenario and interface needs (e.g. movements, balances, notifications, payments).
- Protocol analysis and interface design (2–5 business days, depending on complexity).
- Development and internal validation (3–8 business days).
- Delivery of documentation, examples, and test cases (1–2 business days).
- Typical first delivery: 5–15 business days; complex or multi-party approval may take longer.
FAQ
What do I need to provide?
How long until delivery?
How do you ensure compliance?
📱 Mi Pass official app overview (appendix)
Mi Pass is the fastest and simplest way to authorize operations from your smartphone using Banco de Chile’s digital channels. Through a secure registration process, the app validates your identity; from then on you can use your smartphone to authorize operations from anywhere. Mi Pass meets the highest banking security standards for handling information, authorizing operations, and identity validation. If your phone is stolen or lost, you can block the device by calling Banca Telefónica or by registering on a new phone—the previous registration is automatically removed. Download Mi Pass, register once, create a 6-digit code to authorize operations and/or activate your mobile applications. Mi Pass works with Banco de Chile and Banco Edwards | Citi applications.
- Authorize transactions via mobile apps, bancochile.cl, or Webpay
- Sign BanChile Inversiones documents
- 6-digit PIN; one-time registration; device binding and remote block