How do I programmatically download my bank transactions from Chase without using a third party?

Asked 8/1, 2018 at 20:27 Answered 14/10, 2022 at 20:26

I'm interested in downloading my transactions from Chase without using a third party such as Mint, Quicken, Yodlee, Plaid, and so on. I don't trust third parties with handling my data, which is why I want to do it myself.

Evade answered 8/1, 2018 at 20:27 Comment(0)

Works as of 1/8/18

Summary

Chase uses OFX to support programmatic interactions with its financial data. It does so somewhat reluctantly however, as this fact isn't widely advertised nor well documented - banks would rather have you use their products directly, rather than go to third parties. That being said, support for desktop products like Quicken still exists, and so one method is to spoof yourself as a desktop product (the other options are to use a third party service or use a screen scraper). Obviously this solution is completely at the mercy of Chase's whims, and as a discouraged access pattern this is not robust. But you're still reading, so let's do this!

Solution

Set up your account to accept connections from Desktop apps Account > Profile & Settings > Manage Account Security > Desktop apps > Click enable
Generate a Client UID. Chase will use this to verify that the OFX requests it's receiving are intended. Go to https://www.uuidgenerator.net/ and generate a UID.
Use ofx-ba-tfb.py to POST the following to https://ofx.chase.com. Comments begin with a # sign, do not include them.

Headers:

OFXHEADER:100
DATA:OFXSGML
VERSION:102
SECURITY:NONE
ENCODING:USASCII
CHARSET:1252
COMPRESSION:NONE
OLDFILEUID:NONE
NEWFILEUID:{Insert random alphanumeric string}

Payload:

<OFX>
    <SIGNONMSGSRQV1>
        <SONRQ>
            <DTCLIENT>20180108012004
            <USERID>{Insert user id}
            <USERPASS>{Insert password}
            <LANGUAGE>ENG
            <FI>
                <ORG>B1     # Comes from ofxhome.com 
                <FID>10898
            </FI>
            <APPID>QWIN
            <APPVER>1800
            <CLIENTUID>{Insert random alphanumeric string}
        </SONRQ>
    </SIGNONMSGSRQV1>
    <CREDITCARDMSGSRQV1>
        <CCSTMTTRNRQ>
            <TRNUID>{Insert random alphanumeric string}
            <CLTCOOKIE>4
            <CCSTMTRQ>
                <CCACCTFROM>
                    <ACCTID>{Insert account id here}
                </CCACCTFROM>
                <INCTRAN>
                    <DTSTART>20171208
                    <INCLUDE>Y
                </INCTRAN>
            </CCSTMTRQ>
        </CCSTMTTRNRQ>
    </CREDITCARDMSGSRQV1>
</OFX>

Verify the request You will get a response that says, "Please verify your identity within the next 7 days. Using your desktop computer, go to your bank's website and visit the Secure Message Center for instructions." After a small delay (in minutes), you will receive a message in your Secure Message Center asking to confirm that you made this request. Confirm the request. This response and verification happens with each new Client UID you submit.
Make the OFX request again, and you should receive your transactions!

Comments

Many thanks to Harry Sit @ thefinancebuff.com for doing most of the work!!

More is possible through OFX, it's a complicated standard. Look to the specification for details.

You can also use GnuCash to see other promising settings.

This is using OFX 1.02, but Chase is now at 2.2

References

https://thefinancebuff.com/replacing-microsoft-money-part-5-ofx-scripts.html#comments

http://www.ofx.net/

http://www.ofxhome.com/

http://www.ofxhome.com/ofxforum/viewtopic.php?id=47456

https://rhye.org/post/parsing-ofx-leex/

Evade answered 8/1, 2018 at 20:27 Comment(11)

I was able to make REST API calls to make this work, but after looking at the python library, I changed the request content type from application/xml (was giving me Error Code 500's) to application/x-ofx and it worked! – Entresol 25/6, 2018 at 18:53

Slight clarification: "Headers" here are OFX Headers, which go in the body of the HTTP request, separated from the OFX request payload with a blank line. – Highbinder 24/9, 2019 at 0:58

As of 10/24/2019, the location of the described settings is a bit different: Account > Profile & Settings > Account Safe > Desktop software > Next and follow a little wizard. – Asseverate 24/10, 2019 at 21:41

Does this script still work? I am calling ofx-ba-tfb.py chase my_chase_username and then I get this error: getaddrinfo(host, port, 0, SOCK_STREAM): socket.gaierror: [Errno 11001] getaddrinfo failed Am I doing this wrong? – Scottscotti 30/5, 2020 at 8:35

@Scottscotti that looks like an error with your environment, not the script. The script just makes a simple http connection to "ofx.chase.com." Can you connect to that address in your browser? Also, this SO question looks relevant: #7334699 – Evade 31/5, 2020 at 4:21

The enable desktop software has now been moved to chase website -> hamburger menu -> security and privacy -> desktop software – Aggy 10/8, 2021 at 18:27

Thank you sooooo much for this gem! It is so crazy how hidden and poorly documented this OFX protocol is, and it has been quite frustrating to browse the rare resources online and get something working. Indeed, the key is to spoof Quicken, and I can confirm your approach and your script works as of today. Time to build something out of this now :D – Flickertail 15/9, 2021 at 3:34

Glad it helped, @SimonNinon! :) – Evade 15/10, 2021 at 23:27

When I click the link in Chase's message to verify my identity, it keeps loading. Does anyone has this issue? – Biff 19/11, 2021 at 4:2

Does anyone know if this works if you have 2-factor authentication enabled on your chase account? – Intermarriage 10/3, 2022 at 2:9

This seemed to suddenly stop working. On the chase website -> hamburger menu -> security and privacy -> desktop software it says that chase is "Changing the way" the desktop apps authenticate. Does anyway one have an updated script? – Perturb 9/10, 2022 at 15:19

As HLE indicates, Chase has killed OFX/DirectConnect as of late Sept./early Oct. 2022. Here are some related articles:

"As of October 6th, 2022, Chase will no longer be supporting Direct Connect/OFX which includes 3rd-party bill pay. Along with some of the other larger financial institutions, Chase has moved to the Open Banking connection method for transaction importing. A link to an article that explains what Open Banking is all about is listed below." https://www.banktivity.com/support/articles/banktivity-7/ofx-direct-connect-will-no-longer-be-supported-by-chase-as-of-october-6th-2022/

"Chase Bank is changing the way it connects with personal finance management solutions like Quicken. To keep Quicken connected to your Chase account you'll need to switch you connection method on or before September 26, 2022." https://community.quicken.com/discussion/7916266/quicken-chase-announce-killing-link-to-chase-direct-connect-bill-pay

Possible solutions for Moneydance users:

http://infinitekind.tenderapp.com/discussions/online-banking/23881-chase-bank-accounts-no-longer-can-connect

It sounds like .QXF files contain the same/similar data as .OFX files and the downloading of such files may be scriptable. I will update this answer if I find out more.

Younts answered 14/10, 2022 at 20:26 Comment(1)

Thanks for the references. Any thoughts on how this would work for beancount users? I arrived at this thread hoping to automate the download of OFX files for use with beancount-import – Onieonion 6/11, 2022 at 8:7

since October 5, 2022, Chase disconnected ofx.chase.com and look like you have to go aggregators like Quicken/MD+ to get your data.

Roseroseann answered 10/10, 2022 at 1:22 Comment(1)

Your answer could be improved with additional supporting information. Please edit to add further details, such as citations or documentation, so that others can confirm that your answer is correct. You can find more information on how to write good answers in the help center. – Devorahdevore 15/10, 2022 at 1:43

Summary

Solution

Comments

References

Recommended topics

Hot tags