Brankas
Brankas Technical Briefing
Published March 2, 2021
Supported by Shopify and Brankas
Overview
Brankas is an open banking platform across Southeast Asia — Philippines, Indonesia, Thailand, Vietnam, Singapore. CPO Mike and Senior PM Luis demo Direct, the Brankas bank-transfer product that aggregates transfers across multiple banks via API with the end-user's explicit consent. Brankas never holds funds (no Stripe-style settlement); it exposes consent, authentication, and routing over open-banking rails. The demo walks through the two-endpoint Direct API (payment initiation, transaction retrieval), a live 100-peso payment from a BPI account in the Philippines through Brankas's IDP (identity provider) consent flow, per-bank authentication (username/password, TFA, OAuth 2 where banks support it), a biometric in-app authorization step on the BPI mobile app, and the final redirect + callback webhook that tell the integrator the payment settled. Production use cases include e-wallet top-up, lender collection, marketplace checkout, and bill payment.
0:00 Introduction to Brankas — open banking across SEA
Mike, CPO of Brankas, introduces the company — an open banking startup across Southeast Asia with teams in Singapore, Manila, Indonesia, Thailand, and Vietnam. Brankas ships APIs between banks and businesses in markets where you cannot launch a fintech without bank partners.
0:30 Direct — bank transfer product
Luis, Senior PM on Direct, will demo the flagship bank-transfer product. In SEA, bank transfers still dominate transaction volume (Philippines, Indonesia, Thailand) — Direct aggregates transfers across banks via API, with the end-user's explicit consent.
1:00 Not a payment gateway — Brankas never holds funds
Brankas never settles into its own accounts — no Stripe-style holding, no Adyen-style settlement. The rails stay on the banks; Brankas exposes the consent, authentication, and routing over open banking APIs.
1:30 Use cases: e-wallet top-up, lending, marketplaces, bill pay
Production use cases for Direct: e-wallet top-up in Indonesia, lender collection in Indonesia and the Philippines, marketplace checkout on Lazada or Shopee, and bill-payment flows — all via consented bank transfers.
2:30 Payment initiation endpoint — one API across banks
Direct is two endpoints: payment initiation and transaction retrieval. Payment initiation takes a base set of fields (amount, destination account ID, reference, optional end-user info) — the rest of the complexity is hidden behind bank-specific adapters.
4:30 Brankas IDP — end-user consent flow
A successful initiate returns a redirect URI for the Brankas IDP, the secure end-user consent layer. The IDP walks the payer through explicit consent to Brankas' permissions, terms, and privacy policy before any bank credentials change hands.
5:30 Why emerging-market banks lack proper APIs
Banks in the region often have first-party-only APIs or none at all. Brankas partners with them to securely expose those APIs to third parties — accelerating digital banking rollout without each bank needing to build an OAuth 2 gateway.
6:30 Live PHP 100 payment into BPI
Luis kicks off a live 100-peso payment. The Brankas IDP renders a bank selector (a slice of integrated Philippine banks), selects BPI (second-largest bank in the Philippines), and routes the end user through bank-specific authentication.
9:30 Per-bank auth (username/password, TFA, OAuth2)
The IDP automatically adjusts to whatever authentication flow each bank requires — username/password for BPI, TFA for others, OAuth 2 where available. No third party sees credentials; Brankas just forwards them to the bank's own endpoints.
11:30 BPI biometric in-app authorization
Back on the IDP: transaction summary, confirm, and BPI prompts biometric in-app authorization on the mobile banking app. Once the bank responds, the IDP redirects to the integrator's return URL with the Brankas transaction ID and final status as query parameters.
Topics: Open Banking, Payments
