Open Banking in Spain: Technical Opportunities for 2025

The real state of banking APIs in Spain

PSD2 required European banks to open their APIs to authorized third parties (TPPs). In theory, this created an open ecosystem for financial innovation. In practice, the quality of Spanish banking APIs in 2025 remains uneven.

The large banks (Santander, BBVA, CaixaBank, Sabadell) offer reasonably functional APIs for the three basic PSD2 services: account information (AIS), payment initiation (PIS), and confirmation of funds (CoF). BBVA was the first to bet heavily on open APIs and still has the most mature technical offering. CaixaBank and Santander have improved significantly over the past 18 months.

The problem is the long tail. Mid-sized banks and savings banks often provide APIs that comply with the regulation in letter but not in spirit: response times of 8-12 seconds (where the norm should be 300-500ms), inconsistent data formats, incomplete documentation, and sandboxes that do not reflect actual production behavior. For a fintech integrating 15 banks, this means 15 different integrations with different quirks.

The standards that matter

Spain does not have a single Open Banking standard like the UK (where the OBIE defined a common standard). The Spanish ecosystem moves between:

Berlin Group NextGenPSD2. The most widespread standard in continental Europe. It defines a RESTful API with endpoints for AIS, PIS, and CoF. Most Spanish banks implement it (with variations). Its main virtue is adoption. Its main problem is that it leaves too much room for interpretation, resulting in incompatible implementations between banks.

STET (France). Some banks with French operations support it as an alternative.

Proprietary. BBVA has its BBVA API Market with proprietary APIs that go beyond PSD2. Other banks offer additional APIs outside the regulatory framework for strategic partners.

In practice, any company wanting to integrate multiple Spanish banks needs either to build its own abstraction layer (an API-first approach is critical here) or to use an aggregator like Plaid, Tink, Yapily, or Salt Edge. Aggregators simplify integration but add latency, cost, and an additional failure point. For products that need real-time access (balance verification for payments, accounting reconciliation), direct integration remains the most reliable option.

Product opportunities

The Spanish Open Banking ecosystem is maturing, and the technical opportunities go beyond basic PSD2 use cases:

Financial identity verification. Using banking data to verify identity, income, and payment capacity. This has direct application in consumer credit, rental housing, and client onboarding. A model analyzing 6 months of banking transactions can generate a more precise risk profile than traditional scoring.

Cash flow forecasting. For SMEs, predicting cash flow for the next 30-60-90 days based on historical collection and payment patterns. Connecting the company’s bank account with a predictive model that detects potential liquidity problems before they occur. There is an enormous market here: Spanish SMEs (99% of the business fabric) manage their treasury with spreadsheets or intuition.

Automatic accounting. Automated categorization of banking transactions using NLP and business rules. A bank movement reading “SEPA TRANSFER REF:INV2024-0847 SUPPLIER LTD” contains enough information for automatic bookkeeping. For an accounting firm with 200 clients, this reduces bank reconciliation work by 60-70%.

Embedded payments. PIS allows initiating payments directly from the user’s bank account, without a card. This has implications for e-commerce (lower fees than cards) and B2B payments (instant transfers with confirmation). Adoption in Spain is still low, but numbers are growing at 40% year over year.

The technical challenges

Strong Customer Authentication (SCA). Every banking data access requires strong user authentication. This interrupts the application flow: the user must confirm with their banking app every time your product needs fresh data. PSD2 consent lasts a maximum of 90 days, after which re-authentication is required. Designing user flows that absorb this friction without destroying the experience is a significant UX challenge.

Inconsistent data. Each bank returns data in slightly different formats. A transfer “reference” at one bank has 80 characters, at another 140. Transaction categories are not standardized. Account identifiers may be IBAN, internal account number, or both. Building a robust parser that handles all variants is more work than it appears.

Rate limits and availability. Banking APIs have aggressive rate limits (typically 4 requests per second per TPP) and frequent maintenance windows. A fintech querying balances for thousands of accounts needs to manage queues, caches, and retries with exponential backoff. This is not comparable to consuming the Stripe API.

Open Banking in Spain is moving from the compliance phase to the opportunity phase. Companies that invest in fintech product development on top of the open infrastructure will create real value. But the value is in the application layer, not the integration layer. Integration is the barrier to entry. The product is the competitive advantage.