In June 2025, JPMorgan Chase told its largest data aggregators it would start charging them to pull consumer account data through its APIs. The bank said it had received 1.89 billion data requests in a single month, most of them from aggregators. By September, Plaid had signed an agreement to pay for that access, and by November JPMorgan had updated contracts with Plaid and its other major aggregators covering more than 95% of its open banking data requests. CNBC estimated the Plaid bill could reach $300 million a year.
That sequence tells you more about choosing an open banking API provider in 2026 than any bank-count comparison. The criteria that older guides lead with, coverage maps and documentation polish, still matter, but they have become the entry ticket rather than the differentiator. The questions that now separate a good provider choice from an expensive mistake are about who pays whom for data, which payment rails are actually live in your market, and whether the regulatory ground under your chosen provider is going to move in the next eighteen months.
This guide is organized the way the decision actually works in 2026: regional reality and access economics first, then the engineering checks that confirm a shortlist, then per-provider notes and a condensed comparison table. For the full directory with bank coverage per provider, the Open Banking Tracker providers directory tracks more than 50 companies with developer-portal links. This piece is about how to read that directory in light of what changed.
Last updated: June 2026.
At a glance: typical fit by developer profile
No row below is a universal winner. Verify every name against your top banks in sandbox, and read the regional sections for why the picks differ from a year ago.
| Profile | Commonly shortlisted | Strong when you need |
|---|---|---|
| EU/UK solo dev or side project | Enable Banking, Yapily Connect | Self-serve signup, restricted production on your own accounts, AIS/PIS without your own TPP licence |
| US solo dev or side project | Teller.io, SimpleFIN Bridge | Free or low-cost live connections; read-only personal tools without the enterprise fee fight |
| EU/UK startup, payments-led | TrueLayer, Volt, Token.io | Pay by Bank, payouts, and a credible commercial VRP path as the UKPI scheme goes live |
| EU/UK startup, data-led | Tink, Salt Edge, Enable Banking | AIS, enrichment, and verification on one platform |
| US startup | Plaid, MX, Finicity | Broad US coverage and hosted auth; plan for sales-led production pricing and data-access fees |
| Enterprise or regulated TPP | Token.io, Salt Edge, Akoya (US) | VRP at scale, global breadth, or a clean US regulatory posture |
The US: a regulated data right being rewritten while you build on it
The Section 1033 rule was supposed to settle US open banking. The CFPB finalized the Personal Financial Data Rights rule in October 2024, and it took effect on January 17, 2025, with the largest institutions originally required to comply by April 1, 2026. The rule barred data providers from charging third parties for access to consumer data through required interfaces.
Then the agency changed direction. The CFPB filed a motion in May 2025 to vacate its own rule, arguing it exceeded the Bureau's statutory authority. In July it shifted again, asking the court to pause the litigation so it could rewrite the rule, and the court granted a stay. In August the CFPB published an advance notice of proposed rulemaking, reopening four questions including whether data providers should be allowed to charge fees to recover costs. As of early 2026, the compliance deadlines beginning June 30, 2026 technically remained in place, but PYMNTS put it accurately: the April 2026 date is no longer a safe planning assumption.
What this means for a developer choosing a US provider is concrete. The fee question that the original rule answered (banks cannot charge) is now open, and JPMorgan did not wait for the answer. Its deals with the major aggregators establish that data access in the US has a price, and that price flows down through aggregator pricing eventually, whatever Plaid says today about absorbing it. When you evaluate Plaid, MX, Finicity, or Akoya for a US build, you are no longer only comparing bank coverage and Link-style auth. You are taking a position on a cost structure still being negotiated between the largest banks, the aggregators, and a regulator that has reversed itself twice.
Three practical consequences follow.
The case for a provider abstraction layer is stronger than it was a year ago. If you build directly against Plaid's data endpoints and the economics shift, switching providers is a rewrite. Plaid says it connects roughly 12,000 financial institutions across the US, Canada, and Europe, which makes it the breadth default, but breadth does not protect you from repricing.
Akoya's positioning reads differently in this environment. It is bank-owned and built around regulated, agreement-based data access rather than the screen-scraping legacy that fee disputes are partly about. For a regulated US fintech that wants its data-access chain to be clean and contractually explicit, that matters more in 2026 than it did when fastest time to first call was the headline.
For side projects and read-only tools, the indie options still work and still sidestep the enterprise fee fight. Teller.io offers a developer tier with 100 free live connections per its pricing page, plus an unrestricted sandbox. SimpleFIN Bridge charges $15 a year for read-only access to thousands of US institutions with daily refresh, which suits self-hosted budgeting tools rather than card-style fintech. Neither is a production fintech platform, and Teller's access method can break when a bank changes behaviour, so plan a fallback.
Europe and the UK: rails going commercial, rulebook being rewritten
Europe's 2026 story runs opposite to the US one. Where the US is arguing about whether open banking data should cost money, the UK and EU are turning open banking payments into commercial products with real pricing and real volume.
The clearest signal is variable recurring payments. The UK regulator reports that VRPs now account for 16% of all open banking payments, and 31 firms, including aggregators like Yapily and TrueLayer alongside banks and card networks, committed to fund a new UK Payments Initiative to run a commercial VRP scheme. The FCA expects the first live payments under the UKPI scheme in the first quarter of 2026, expanding into utility, financial services, and government use cases. If your product collects recurring or variable payments in the UK, commercial VRP support stops being a roadmap question and becomes a current-quarter capability check.
The framework underneath all of this is also changing. The European Parliament and Council reached provisional agreement on PSD3 and the Payment Services Regulation on 27 November 2025. Final texts are expected in the Official Journal in the first half of 2026, with entry into force anticipated in 2027 after a transition period that pushes real compliance to late 2027 or 2028. PSD3 and the PSR matter for developers because they include clearer standards for API performance and the removal of obstacles to open banking access, plus a mandatory IBAN-name check. Separately, the Financial Data Access regulation (FIDA) would extend open-banking-style access beyond payment accounts to assets like investments, pensions, and mortgages, but FIDA was still in trilogue as of April 2026, with the compensation mechanism between data holders and data users as the most contested item and an operational date that may not arrive before 2029.
For provider selection, the European picture splits by what you are building. Teams that need broad EU plus UK data and payments on one platform usually land on Tink or TrueLayer, with production gated behind sales. Tink, owned by Visa, publishes 3,400-plus institutions across 18 markets and background refresh up to four times a day on connected accounts. TrueLayer's Console exposes a filterable supported-providers table by country and product (Data, Payments, VRP), which is the per-bank detail you actually need before committing engineering time.
Solo developers and small teams face the biggest change: the old free default is gone. GoCardless has stopped onboarding new customers to its Bank Account Data product, the service formerly known as Nordigen that GoCardless acquired in 2022. Existing integrations may continue, but you cannot start a new project on it. The practical replacement is Enable Banking, which offers self-serve signup, a JWT-based REST API, native SDKs, and a Restricted Production mode that whitelists your own accounts for live testing before you pay to scale. Yapily Connect is the backup path when you want hosted auth under an aggregator's TPP licence without holding your own eIDAS certificates.
Enterprises running payments at scale or across many markets look at Token.io and Volt on the payments side, with certificate-based header signing and KYC gates that mean a fast sandbox does not imply a fast go-live. Salt Edge competes on global breadth. None of these publish production pricing, so budget the sales cycle into your timeline.
Latin America and APAC stay separate spikes
There is still no point treating a European vendor evaluation and a Latin American one as the same exercise. Belvo and Pluggy lead on sandbox-friendly onboarding for Mexico, Brazil, and other regional Open Finance markets, with Belvo's API reference among the cleaner ones in the category. Fintoc covers Chile and Mexico. In Asia-Pacific, the directory tracks regional specialists like Basiq in Australia, Finverse across several APAC markets, and Brankas in Southeast Asia. The Open Banking Tracker companies guide maps these by region so you can see where a single provider's coverage actually ends, rather than where its marketing map suggests it does.
Map your countries before you compare APIs
Start by listing where your users hold accounts, not where your company is registered. Open banking coverage is geographic: a provider strong in Germany is not automatically strong in Poland or Portugal, and UK open banking behaves differently from EU PSD2 rails after Brexit. Document four things before any demo call: every customer country on the current and 12-month roadmap; the ten institutions that cover most of your volume; whether one API contract and one consent flow cover both UK and EU if you need both; and where coverage thins out in CEE and the Nordics, verified per bank rather than per region label.
The figures below come from providers' own public pages. Treat them as a starting point for an RFP, then validate your actual banks in each provider's console. Headline totals often blend bank counts with branches and non-bank data sources, so a "50,000-plus" count from one vendor is not comparable to a "3,400 institutions" count from another without reading each definition.
| Provider | Public coverage signal | Typical fit when |
|---|---|---|
| Tink | 3,400+ institutions, 18 European markets | You need broad AIS plus payments on one platform |
| Yapily | 19 countries, 2,000+ banks (strong UK and Germany) | Developer-focused infrastructure across UK and core EU |
| Enable Banking | 2,700+ ASPSPs across 30 countries (provider claim) | EU/UK indie or small team; PSD2-native AIS/PIS, self-serve |
| Token.io | 21 countries including UK, Nordics, and CEE | Enterprise payments and multi-market PIS |
| TrueLayer | Filterable provider table in Console (country, PIS/AIS/VRP) | UK-strong payments plus EU data |
| Plaid | 12,000+ institutions (US, Canada, Europe; provider claim) | US/Canada-first; EU/UK production is sales-contracted |
Free tiers and indie-friendly APIs in 2026
Solo developers need a path to live traffic without a sales call, not only an unlimited sandbox. What you can use in production without negotiating varies sharply by region, and the EU picture changed materially when GoCardless closed Bank Account Data to new signups.
| Provider | Region | Free or low-cost live access | Notes |
|---|---|---|---|
| Enable Banking | EU/UK | Restricted Production on your own accounts | Self-serve signup; the common Nordigen replacement |
| Yapily Connect | EU/UK | Free starter tier in sandbox | Operate under Yapily's TPP licence; no eIDAS certs needed |
| Teller.io | US | 100 free live connections (developer tier) | Unrestricted sandbox; access method can break per bank |
| SimpleFIN Bridge | US | $15/year, read-only, daily refresh | Self-hosted PFM, not production fintech |
| GoCardless BAD | EU/UK | Legacy only | Closed to new customers; do not start new projects |
| Plaid Sandbox | US/EU/UK | Free, unlimited (sandbox) | Learn Link patterns; production is sales-led |
For verification-heavy AIS such as IBAN and name matching, coverage is per bank rather than per aggregator brand, so confirm your specific institutions before committing.
Pricing and onboarding friction developers feel first
Most production pricing sits behind sales, and that opacity is the single largest developer-experience gap in open banking. In the US, the new variable on top of that is data-access fees: the JPMorgan deals mean the cost of reaching a given bank is no longer just your aggregator's margin. Plan your spike around who publishes enough numbers to budget without a call.
| What you can plan without sales | What still requires a call |
|---|---|
| Plaid pay-as-you-go tiers (partial US; EU/UK custom-only) | TrueLayer, Tink, Yapily, Volt, Token.io production |
| Teller free tier (100 live connections) | MX, Finicity, Akoya production access |
| SimpleFIN ($15/yr read-only) | Most enterprise EU merchant pricing |
| Enable Banking restricted production then paid scale | GoCardless BAD (closed to new signups) |
Third-party analyses cite rough per-link Auth costs for Plaid in the region of $1.50 to $2.00 at low volume, falling toward $0.30 to $0.60 at scale. Treat those as directional only and get a quote before modelling unit economics, especially now that bank-level data-access fees feed into the picture. Onboarding friction often matters more than docs polish: certificate setup, eIDAS QWAC and QSEAL for regulated TPPs, KYC for production with Volt and many US aggregators, and minimum contract terms with some platforms. A fast sandbox signup does not mean a fast go-live.
Sandbox quality that predicts production
A sandbox that only returns the happy path teaches the wrong lessons. Before comparing providers, run the flows you expect in production, consent redirect, payment status, webhooks, and revocation, against test banks in each target country. What good looks like: institution parity, so sandbox banks exist for every live market and not only one domestic mock; signed webhooks with production-shaped payloads and idempotent retries; unhappy paths including timeouts, partial AIS payloads, and failed payment statuses; request IDs that appear in the provider dashboard when production breaks at 2 a.m.; and documented error codes for every failure mode you can produce in sandbox.
Plan for the production gates that a clean sandbox hides. Akoya offers self-serve sandbox but production requires Data Recipient Hub agreements. Regulated EU payments need eIDAS QWAC and QSEAL certificates. Budget four to twelve weeks after sandbox sign-off for security review, contracting, and bank certification, and run legal and engineering in parallel, because the critical path is usually bank-specific certification rather than your application code.
Documentation and developer experience
Documentation is where your team spends the first four to eight weeks. Score providers on what you can verify in a two-day spike, not on portal polish.
| Area | What to test |
|---|---|
| Onboarding | Sandbox keys, environment URLs, and a first successful call without a sales call |
| Reference | OpenAPI or Postman collection; every error code you hit in sandbox documented |
| Auth | OAuth or token flow explained with copy-paste examples |
| SDKs | Official client for your stack, or a clear REST-only path |
| Versioning | Changelog, deprecation policy, and breaking-change notice period |
| Operations | Status page, incident history, and a support channel for integration blockers |
Plaid Sandbox, Teller, Enable Banking Quick Start, and Belvo all get you to a first call in well under an hour. TrueLayer ships Console plus Postman and Insomnia collections; Yapily routes developers to its docs and an API Console; Enable Banking documents working SDK samples in Java, JavaScript, and Python. If a single consent flow needs three support tickets to complete in sandbox, factor that into total cost of ownership.
API surface beyond the REST tour
Match API products to the job, pay-in, payout, onboarding, or lending signals, before admiring endpoint counts.
Payment initiation (PIS) covers Pay by Bank checkout, wallet top-ups, invoice collection, and disbursements. Ask about redirect versus app-to-app versus decoupled flows per bank, final payment status semantics per institution, SEPA Instant support where you need sub-minute settlement, and stable payment references for reconciliation.
Account information (AIS) powers verification, affordability checks, and treasury views. Tink publishes background refresh up to four times a day on connected accounts; confirm refresh rules and re-consent UX for your use case, and check rate limits and pagination, since some banks cap daily calls per account.
Verification and VRP increasingly travel together. Variable recurring payments are the UK and EU stickiness battleground for subscriptions and sweeping, and per-bank VRP support varies, so confirm it in the provider's console. In the US, Section 1033 and FDX alignment favour aggregators investing in regulated data access alongside Plaid.
Hosted Link versus raw bank APIs is the last call. Hosted widgets such as Plaid Link, TrueLayer hosted payment pages, Belvo Connect, and Yapily Hosted Pages absorb bank-specific SCA and redirect quirks, saving weeks against a raw PSD2 integration. Use raw APIs when you are a regulated TPP shipping a custom UX, or when a provider expects your own eIDAS certificates.
Providers developers evaluate in 2026
No single aggregator wins every use case, and your sandbox results override the notes below.
Enable Banking Pan-European AIS and PIS, self-serve Control Panel, Restricted Production for your own accounts. The default fit for EU/UK indie developers after the GoCardless BAD closure.
Tink Visa-owned platform, 3,400-plus institutions across 18 markets. Fits VC-backed EU fintechs and data-heavy products; production is enterprise-gated.
TrueLayer UK and EU payments and data, VRP and Pay by Bank, with a filterable bank list in Console. A core option for payments-led teams as commercial VRP goes live.
Yapily White-label REST infrastructure across 19 countries, with Yapily Connect for unregulated teams operating under its licence.
Plaid The US and Canada default for breadth and unlimited free sandbox; EU/UK production is custom sales. Build a thin provider-abstraction layer early if you may add MX, Finicity, or Akoya later, and price in the JPMorgan-style data-access fees now flowing through US aggregation.
Akoya Bank-owned, agreement-based US data access with self-serve sandbox since 2022 and vetted production. The cleanest regulatory posture for a regulated US fintech.
Teller.io US indie option with 100 free live connections; reverse-engineered access that is fast until a bank changes behaviour, so plan a fallback.
Token.io Enterprise PIS and VRP across Europe, certificate signing, reseller and TPP tooling.
Belvo Mexico, Brazil, and Colombia, with a self-serve sandbox and strong API reference.
Volt, Salt Edge, Trustly A2A payments, global breadth, or merchant-scale Pay by Bank; confirm sector acceptance and country lists in sandbox.
Sandbox, signup, and free production tier (condensed)
| Provider | Region | Sandbox | Self-serve signup | Free prod tier |
|---|---|---|---|---|
| Plaid | US/CA/EU/UK | Free, unlimited | Yes (US); EU/UK prod sales | Limited free product calls |
| TrueLayer | UK/EU | Free | Yes | No |
| Tink | EU/UK | Free | Dev account | No |
| Yapily | EU/UK | Free | Yes | Starter/sandbox only |
| Enable Banking | EU/UK | Free | Yes | Restricted prod (own accounts) |
| GoCardless BAD | EU/UK | Legacy | Closed to new | Legacy only |
| Teller.io | US | Free | Yes | 100 live connections |
| SimpleFIN | US | Demo token | Yes | $15/yr read-only |
| Akoya | US | Self-serve | Sandbox yes; prod vetted | No |
| Belvo | LatAm | Free | Yes | Sales for prod |
| Token.io | EU/UK | Notional banks | TPP signup | No |
| Salt Edge | Global | Fake banks | Yes | No |
| Volt | UK/EU/global | Free | Yes plus KYC | No |
How to narrow the list without wasted cycles
You do not need a six-week bake-off across eight vendors. Most teams already know their constraints, countries, banks, PIS versus AIS, sector, before they open a comparison spreadsheet. The work is matching those constraints to the right few names, not rediscovering basics from ten identical sales decks.
Filter on facts first. Geography and product fit eliminate a large share of the market: payments-only rails drop out if you need AIS, and a UK-strong stack is a poor default if your volume is in Poland and Romania. Then layer the 2026 variables on top: in the US, where a provider sits on data-access fees and regulated access; in Europe, whether it has a real commercial VRP path. Compare in one place rather than rebuilding capability matrices from PDFs and email threads, which is where weeks disappear. Once two or three providers fit on paper, spend engineering time on validation, running real consent, PIS, AIS, and webhook flows on your corridors, not on discovery.
Frequently asked questions
What are the best open banking API providers for developers in 2026?
There is no universal winner. The right provider covers your users' banks, gives you a sandbox that mirrors those markets, and ships documentation your team can integrate without constant escalations. In 2026, add two filters older guides skip: in the US, how a provider is exposed to bank data-access fees and regulated access; in Europe, whether it has a live commercial VRP path. Shortlist by country fit first, then engineering DX, then commercial terms.
Why do data-access fees matter when choosing a US provider?
Because the cost of reaching a given US bank is no longer just your aggregator's margin. After JPMorgan began charging aggregators for data access in 2025 and signed deals covering most of its request volume, the price of pulling data became a negotiated cost in the chain. Plaid has said it will not pass the JPMorgan fees to customers today, but the structure now exists, and the CFPB has reopened the question of whether banks can charge at all. Treat the fee exposure of any US provider as a live variable, not a settled one.
Is Section 1033 still in force?
The rule is final and took effect in January 2025, but the CFPB moved to vacate it, then paused litigation to rewrite it, and reopened core questions including fees. Compliance deadlines beginning June 2026 were technically in place as of early 2026, but the original April 2026 date is no longer a safe planning assumption. Build as if the regulated baseline could shift, and keep your data-access chain flexible.
Is UK open banking the same API as EU PSD2?
Often one vendor covers both, but consent flows, directories, and settlement behaviour differ. If you operate in the UK and the EU, test both corridors in sandbox and confirm whether you need separate app registrations or redirect URLs. PSD3 and the PSR, agreed in provisional form in November 2025, will change the EU baseline from 2027 onward.
Do developers need their own PSD2 licence?
Usually not at early stages. You integrate as a partner of a licensed AISP or PISP, for example through Yapily Connect or Enable Banking's Restricted Production. If you hold end-user funds or present raw account data under your own brand, legal review is mandatory, and the licensed provider's role in the chain must be explicit in contract.
Is GoCardless Bank Account Data (Nordigen) still free for new projects?
No, not for new signups. Independent reports from 2025 indicate GoCardless stopped onboarding new Bank Account Data customers while existing integrations may continue. For new EU/UK AIS builds, spike Enable Banking or Yapily Connect instead, and verify status on GoCardless official channels if you already hold credentials.
What should US developers use for a side project instead of Plaid production?
Plaid Sandbox remains the standard way to learn Link and auth patterns at no cost, while production is sales-led. Teller.io's developer tier with 100 free live connections is the mainstream indie alternative for live US traffic. SimpleFIN Bridge at $15 a year fits read-only personal finance tools with daily refresh limits, not card-style fintech products.
How long does it take to go from sandbox to production?
Typically four to twelve weeks after sandbox sign-off: security review, contract, bank certification, and your own QA. Parallelise legal and technical tracks; the critical path is usually bank-specific certification rather than your application code.
The throughline is that an API choice in 2026 commits you to a position in two regulatory transitions moving in opposite directions: a US market deciding that bank data has a price, and a European market turning open banking payments into commercial products. Read the coverage tables and run the sandbox spikes, but make the call with the access economics in front of you. To compare providers by bank coverage and region before you start spiking, the Open Banking Tracker providers directory maps more than 50 companies with links to each developer portal.
