The Bank of East Asia

Open API

Account information retrieval
 
 
Personal customers
 
Q1 What is Open API?
   
  Application programming interface (API) is a computer programming approach for facilitating exchange of information and executing instructions between different computer systems. Open API allows banks providing their internal IT systems and data for programmatic access by third-party service providers (TSPs) in an open and documented manner. Implementation of Open API enables, information of different banks’ products and services to be aggregated under the same website / application for comparison and financial planning by users with ease. BEA (“the Bank”) has been providing its Open API to TSPs since January 2019.

For Open API implementation of Hong Kong, please refer to HKMA website.

For “Education on Using Banking Services under Open APIs”, please click here.
   
   
Q2 What are the different phases of Open API services provided by BEA?
   
  According to the implementation roadmap stipulated in the Open Application Programming Interface (“Open API”) Framework for the Hong Kong banking sector by Hong Kong Monetary Authority (“HKMA”) in 2018, the Bank has launched Open API services by four phases as follows:

Phase 1: Access to product and service information
Phase 2: Apply for products and services
Phase 3: Retrieve account information
Phase 4: Pay FPS merchants (app-to-app/web-to-app)
   
   
Q3 What type of services does BEA offer for Open API Phase 3?
   
  The Bank launched Open API Phase 3 function for retail customers in June 2022. Customers could grant and revoke their consent to access their specified BEA accounts’ information with the eligible TSPs which partnered with the Bank through the website or Mobile Apps provided by TSP.
   
   
Q4 What are the eligibilities to use the Open API (Phase 3) service?
   
  In order to use the Consent Management Service, you are required to hold an active Cyberbanking account registered with a valid mobile phone number and email address. Also, you are required to have a valid account linked with the Cyberbanking, including current account, all-in-one account or any account as prescribed by the Bank from time to time.

Please note that Youth i-account, WMC account, MPF account, Kid master, credit card accounts and private banking customer are not eligible for the services currently.
   
   
Q5 Does it incur any service charges to share my account information to TSP?
   
  The service is free of charge. However, you may check with the individual TSP if any service charge may be incurred.
   
   
Q6 I have not registered my mobile phone number and email address, what should I do to grant consent to TSP?
   
  Please visit any of our branches to register your mobile number and email address with Cyberbanking and grant consent to TSP afterward.
   
   
Q7 How can I grant consent to TSP for accessing my account information?
   
 

The steps for granting consent to share account information with TSP are as follows:

  1. Log in to the TSP’s website or mobile app and select the Bank to initiate the grant consent request. Review the consent details including purpose of data for access, types of data to be accessed and consent expiry date. The TSP will then redirect you to the Bank’s Open API webpage for authentication.
  2. Log in with your Cyberbanking credentials in the Bank’s Open API webpage and complete the two-factor authentication via SMS OTP (one-time password).
  3. Review the consent details including the TSP’s name, consent expiry date, consent renewal frequency and types of data to be accessed.
  4. Select the available accounts for data sharing from the designated list.
  5. Read and acknowledge the relevant Terms & Conditions and the Personal Data (Privacy) Ordinance - Personal Information Collection (Customers) Statement (PICS) of the Bank, and confirm to provide consent to the Bank to share the account information with the TSP.
  6. Confirm and redirect to the TSP’s website or mobile app to complete the process.

Upon completion, the Bank will send the notifications to your registered mobile phone number and email address through SMS and email.
   
   
Q8 How can I extend the duration of providing account information to TSP?
   
 

TSPs would send renewal notification to you prior to the consent expiry date. TSPs may have different arrangements for sending renewal notifications, please check with the individual TSP for details. You may renew your consent following the steps below:

  1. Log in to the TSPs website or mobile app and follow the instructions to renew consent to the Bank. Review the consent details including purpose of data for access, types of data to be accessed and consent expiry date. The TSP will then redirect you to the Bank’s Open API webpage for authentication.
  2. Log in with your Cyberbanking credentials in the Bank’s Open API webpage and complete the two-factor authentication via SMS OTP (one time password).
  3. Review the consent details including the TSP’s name, consent expiry date, consent renewal frequency and types of data to be accessed. The details should be the same as the previously granted consent except for the expiry date.
  4. Read and acknowledge the relevant Terms & Conditions and the Personal Data (Privacy) Ordinance - Personal Information Collection (Customers) Statement (PICS) of the Bank, and confirm to provide consent to the Bank to share the account information with the TSP.
  5. Confirm and redirect back to the TSPs website or mobile app to complete the process.

Upon completion, the Bank will send the notifications to your registered mobile phone number and email address through SMS and email.
   
   
Q9 How can I stop sharing my account information with TSP?
   
 

You can revoke your consent in the channels as follows:

  1. Through the TSP’s website or mobile app
  2. Through Cyberbanking or BEA App
    1. Log in to Cyberbanking or BEA App.
    2. Go to “Settings” and select “Third Party Consent Management” to retrieve the records and details of the consent including TSP name, consent expiry date, selected accounts for data access, data accessible by TSP, consent status etc.
    3. Select the desired consent record(s) and click “Revoke Consent” to proceed further.

Before revoking your consent, you should contact the TSP directly to understand the implications / consequences of doing so. Upon completion, the Bank will send the notifications to your registered email address.
   
   
Q10 Can I renew expired consent?
   
  No, you cannot renew expired consent. Please grant consent to TSP again.
   
   
Q11 Can I edit my consent details during the renewal process?
   
  No, all consent details would be renewed as per the existing consent. If you need to amend the consent details, please revoke the existing consent and grant a new consent to the TSP again.
   
   
Q12 What can I do if my mobile device crashed or my internet connection disconnected when granting, renewing and revoking consent to TSP?
   
  The consent management processes may be suspended. You may enquire about the status of the consent through the following channels or call our customer services hotline at (852) 2211 1321.
  1. TSP;
  2. BEA App or Cyberbanking
   
   
Q13 How can I enquire the details of my granted consents?
   
  You can check the records and details of consent through Cyberbanking or BEA App. Please go to “Settings” and select “Third Party Consent Management” after log in.
   
   
Q14 How do I know if the TSP is partnered with the Bank?
   
 

The list of partnering TSPs and the corresponding specific products and services provided in partnership with the respective TSPs will be published on the Bank’s corporate website with timely updates.

Please refer to Bank’s corporate website for the latest list of partnering TSPs and the corresponding products and services. If you have any doubts about the TSP, please do not access to the TSP’s website or mobile app.
   
   
Q15 Do I need to share my login credentials or OTP to TSP to enquire my account information?
   
  No. To safeguard your interest, never disclose your Cyberbanking login name or password to anyone under any circumstances. Do not share any OTP sent to your mobile phone with anyone.
   
   
Q16 What kind of information would be accessed by TSP?
   
  Once you granted the consent, the TSP will have access to your account information as specified in the consent details, which includes account availability, account status, account balance, account transactions through the Bank’s Open API service.

Before granting consent to TSP, you should understand from the TSP the scope and the usage of your account information and be aware of the associated risks.
   
   
Q17 How can I change the accounts information to be shared with TSP?
   
  To change the account or the details of granted consent, you are required to revoke the existing consent and grant a new consent to the TSP again.
   
   
Q18 Would TSP be able to access my account information permanently?
   
  No. An expiry date to the consent granted will be specified by both the TSP and the Bank during the grant consent and renewal process, i.e. the consent will only be valid for a specific duration. Such duration may vary across different TSPs. Your account information will no longer be shared with the TSP after the expiry date. Please contact the TSP directly about the handling of historical customer data, including but not limited to the data retention period, the data retention purpose and the handling process when the data is no longer required.

If you would like to continue to use the Open API service, please renew your consent through the TSP prior to the expiry date.
   
   
Q19 What can I do, if I have any enquiries or feedback on the TSP/ Open API service?
   
  You can contact the TSP directly or call our customer services hotline at (852) 2211 1321. Also, you can complete the Enquiry Form via our corporate website.
   
   
Q20 What should I do if I received suspicious email, SMS or phone calls from the Bank or TSP?
   
  You should be cautious whenever receiving email, SMS messages, phone calls, letters, or communications through any other channels that claim to be the Bank or TSP looking for your Open API consent detail and account information. If you have suspicions about the identity of any callers or senders who promote BEA products or services, you should immediately call our 24-hour Customer Service Hotline (852) 2211 1333 to verify or visit any BEA branches for assistance.

The list of partnering TSPs and the corresponding specific products and services provided in partnership with the respective TSPs will be published on the Bank’s corporate website with timely updates. Please refer to Bank’s corporate website for the latest list of partnering TSPs and the corresponding products and services. If you have any doubts about the TSP, please do not access to the TSP’s website or mobile app or contact the Bank for assistance.
 
Corporate and SME customers
 
Q1 What is Open API?
   
  Application programming interface (API) is a computer programming approach for facilitating exchange of information and executing instructions between different computer systems. Open API allows banks providing their internal IT systems and data for programmatic access by third-party service providers (TSPs) in an open and documented manner. Implementation of Open API enables, information of different banks’ products and services to be aggregated under the same website / application for comparison and financial planning by users with ease. BEA (“the Bank”) has been providing its Open API to TSPs since January 2019.

For Open API implementation of Hong Kong, please refer to HKMA website.

For “Education on Using Banking Services under Open APIs”, please click here.
   
   
Q2 What are the different phases of Open API services provided by BEA?
   
  According to the implementation roadmap stipulated in the Open Application Programming Interface (“Open API”) Framework for the Hong Kong banking sector by Hong Kong Monetary Authority (“HKMA”) in 2018, the Bank has launched Open API services by four phases as follows:

Phase 1: Access to product and service information
Phase 2: Apply for products and services
Phase 3: Retrieve account information
Phase 4: Pay FPS merchants (app-to-app/web-to-app)
   
   
Q3 What type of services does BEA offer for Open API Phase 3?
   
  The Bank launched Open API Phase 3 function for corporate and SME customers in December 2022. Customers could grant and revoke their consent to access their specified BEA accounts’ information with the eligible TSPs which partnered with the Bank through the website provided by TSP.
   
   
Q4 What are the eligibilities to use the Open API Phase 3 service?
   
  In order to enjoy the Open API Phase 3 service, you are required to be an Authorized Person of an active BEA Corporate Online account with a valid mobile phone number and email address. Also, you are required to have a valid account linked with the BEA Corporate Online, including CorporatePlus account or any account as prescribed by the Bank from time to time.
   
   
Q5 Does it incur any service charges to share my account information to TSP?
   
  The service is free of charge. However, you may check with the individual TSP if any service charge may be incurred.
   
   
   
Q6 How can I grant consent to TSP for accessing my account information?
   
 
  1. Log in BEA Corporate Online
  2. Go to “Others > Open API > Open API Service – Set Up” to enable the Open API Service.
  3. Log in to the TSP’s website and select the Bank to initiate the grant consent request. Review the consent details including purpose of data for access, types of data to be accessed and consent expiry date. The TSP will then redirect you to the Bank’s Open API webpage for authentication.
  4. Log in with your BEA Corporate Online credentials in the Bank’s Open API webpage and complete the two-factor authentication via SMS OTP (one-time password).
  5. Review the consent details including the TSP’s name, consent expiry date, consent renewal frequency and types of data to be accessed.
  6. Select the available accounts for data sharing from the designated list.
  7. Confirm and redirect to the TSP’s website to complete the process.

Upon completion, the Bank will send the notifications to your registered mobile phone number and email address (includes company email address) through SMS and email.
   
   
Q7 How can I extend the duration of providing account information to TSP?
   
 

TSPs would send renewal notification to you prior to the consent expiry date. TSPs may have different arrangements for sending renewal notifications, please check with the individual TSP for details. You may renew your consent following the steps below:

  1. Log in to the TSPs website and follow the instructions to renew consent to the Bank. Review the consent details including purpose of data for access, types of data to be accessed and consent expiry date. The TSP will then redirect you to the Bank’s Open API webpage for authentication.
  2. Log in with your BEA Corporate Online credentials in the Bank’s Open API webpage and complete the two-factor authentication via SMS OTP (one time password).
  3. Review the consent details including the TSP’s name, consent expiry date, consent renewal frequency and types of data to be accessed. The details should be the same as the previously granted consent except for the expiry date.
  4. Read and acknowledge the relevant Terms & Conditions and the Personal Information Collection (Customers) Statement (PICS) of the Bank, and confirm to provide consent to the Bank to share the account information with the TSP.
  5. Confirm and redirect back to the TSPs website to complete the process.

Upon completion, the Bank will send the notifications to your registered mobile phone number and email address (includes company email address) through SMS and email.
   
   
Q8 How can I stop sharing my account information with TSP?
   
 

You can revoke your consent in the channels as follows:

  1. Through the TSP’s website or mobile app
  2. Through BEA Corporate Online
    1. Log in to BEA Corporate Online.
    2. Go to “Others > Open API > Third Party Service Provider Consent Management” to retrieve the records and details of the consent including TSP name, consent expiry date, consent status etc.
    3. Select the desired consent record(s) and click “Revoke Consent” to proceed further.

Before revoking your consent, you should contact the TSP directly to understand the implications / consequences of doing so. Upon completion, the Bank will send the notifications to your company and consent owner’s email address.
   
   
Q9 What would happen if I disable the Open API Service?
   
  If the Open API service is disabled through BEA Corporate Online, the third-party service provider will not be able to access your account information even the granted consent(s) is/are still active. You can enable the service again and the account information access will resume.
   
   
Q10 Can I renew expired consent?
   
  No, you cannot renew expired consent. Please grant consent to TSP again.
   
   
Q11 Can I edit my consent details during the renewal process?
   
  No, all consent details would be renewed as per the existing consent. If you need to amend the consent details, please revoke the existing consent and grant a new consent to the TSP again.
   
   
Q12 What can I do if my mobile device crashed or my internet connection disconnected when granting, renewing and revoking consent to TSP?
   
  The consent management processes may be suspended. You may enquire about the status of the consent through the following channels or call our customer services hotline at (852) 2211 1321.
  1. TSP;
  2. BEA Corporate Online
   
   
Q13 How can I enquire the details of my granted consents?
   
  You can check the records and details of consent through BEA Corporate Online. Please go to “Others > Open API > Third Party Service Provider Consent Management” after log in.
   
   
Q14 How do I know if the TSP is partnered with the Bank?
   
 

The list of partnering TSPs and the corresponding specific products and services provided in partnership with the respective TSPs will be published on the Bank’s corporate website with timely updates.

Please refer to Bank’s corporate website for the latest list of partnering TSPs and the corresponding products and services. If you have any doubts about the TSP, please do not access to the TSP’s website or mobile app.
   
   
Q15 Do I need to share my login credentials or OTP to TSP to enquire my account information?
   
  No. To safeguard your interest, never disclose your BEA Corporate Online login name or password to anyone under any circumstances. Do not share any OTP sent to your mobile phone with anyone.
   
   
Q16 What kind of information would be accessed by TSP?
   
  Once you granted the consent, the TSP will have access to your account information as specified in the consent details, which includes account availability, account status, account balance, account transactions through the Bank’s Open API service.

Before granting consent to TSP, you should understand from the TSP the scope and the usage of your account information and be aware of the associated risks.
   
   
Q17 How can I change the accounts information to be shared with TSP?
   
  To change the account or the details of granted consent, you are required to revoke the existing consent and grant a new consent to the TSP again.
   
   
Q18 Would TSP be able to access my account information permanently?
   
  No. An expiry date to the consent granted will be specified by both the TSP and the Bank during the grant consent and renewal process, i.e. the consent will only be valid for a specific duration. Such duration may vary across different TSPs. Your account information will no longer be shared with the TSP after the expiry date. Please contact the TSP directly about the handling of historical customer data, including but not limited to the data retention period, the data retention purpose and the handling process when the data is no longer required.

If you would like to continue to use the Open API service, please renew your consent through the TSP prior to the expiry date.
   
   
Q19 What can I do, if I have any enquiries or feedback on the TSP/ Open API service?
   
  You can contact the TSP directly or call our customer services hotline at (852) 2211 1321. Also, you can complete the Enquiry Form via our corporate website.
   
   
Q20 What should I do if I received suspicious email, SMS or phone calls from the Bank or TSP?
   
  You should be cautious whenever receiving email, SMS messages, phone calls, letters, or communications through any other channels that claim to be the Bank or TSP looking for your Open API consent detail and account information. If you have suspicions about the identity of any callers or senders who promote BEA products or services, you should immediately call our 24-hour Customer Service Hotline (852) 2211 1333 to verify or visit any BEA branches for assistance.

The list of partnering TSPs and the corresponding specific products and services provided in partnership with the respective TSPs will be published on the Bank’s corporate website with timely updates. Please refer to Bank’s corporate website for the latest list of partnering TSPs and the corresponding products and services. If you have any doubts about the TSP, please do not access to the TSP’s website or mobile app or contact the Bank for assistance.