One Forte login spans cards, FX, loans and a marketplace

Sign into ForteApp once and you reach payment cards, tenge and foreign-currency accounts, deposits, a live loan repayment schedule, a loyalty ledger, plus ForteForex, ForteMarket and ForteMobile — all server-side, all tied to a single ForteBank profile. That breadth is the whole reason a third party would want a programmatic line into it. This brief maps what is actually there and the authorized route we use to reach it.

The bottom line: every surface a Forte user sees in the app is server-held state, and almost none of it is exposed for export in a structured form a system can consume. We close that gap by mapping the app's own authorized session into a documented, runnable integration. The route I would build first reaches all of it at once; a slice of it has a longer-lived national channel coming, covered below.

The data Forte keeps per account

Each row is a surface the app exposes to its own user, named the way Forte names it where possible. Granularity is what a consenting read returns, not what a marketing page claims.

Three authorized ways in

Two or three of these apply to almost any Forte build. For each: what it reaches, what it costs in effort, how long it holds, and the step we run to stand it up.

Reading the live client under the account holder's consent

With the account holder's written authorization, we map ForteApp's own session and read exactly what the app shows: cards, KZT and ForteForex accounts, statements, deposits, the loan schedule, loyalty. This reaches the full super-app surface today. It carries a maintenance cost against Forte's frequent releases. Access is arranged with you during onboarding — we document the session against a consenting test account or sandbox, not a production customer.

Riding Kazakhstan's national Open API

The National Bank and the National Payment Corporation operate a centralized consent system for standardized current-account data exchange, built on biometric identification. As that scheme broadens past its initial banks, current-account information becomes reachable through it under centralized consent — a standardized, longer-lived channel for that one slice. We track the scheme's onboarding and run the consent flow with the account holder when Forte is on it.

In-app statement export as a coarse fallback

ForteApp lets a user pull statements out of the app. Where a user can do that, we wire the export as a low-effort fallback for historical lines when a live read is not warranted. It is stable but coarse — periodic, not real-time, and thinner on metadata than a session read.

What I would actually build first: the consent-based live read, because it is the only route that returns FX, deposits, loans and cards in a single pass right now. Current-account sync I would later repoint at the national Open API channel once Forte is connected, since that piece earns a standardized feed there and stops needing app-release maintenance.

A statement pull, sketched

This is the shape of the session-plus-statement read we implement against a consenting account. Field names are illustrative and get pinned to the live client during the build — they are not copied from any Forte document.

# Forte session + statement read, sketched.
# Names illustrative; confirmed against the live client during the build.

session = forte.login(device_id, msisdn)     # OTP + biometric step-up
token   = session.access_token               # short-lived; refresh on 401

for acct in forte.accounts(token):           # cards, KZT + FX accounts
    if acct.type == "FX":                    # ForteForex balances
        capture_rate(acct.currency)          # USD, EUR vs tenge

    txns = forte.statement(token,
              account_id=acct.id,
              date_from="2026-01-01",
              date_to="2026-03-31")
    for t in txns:                           # postedAt, amount, mcc, merchant
        ledger.upsert(normalize(t))          # KZT minor units, ISO-4217

Two things drive the real work here. The session is device-bound and steps up to a one-time code or biometric check, so the handler has to survive token refresh and an occasional re-auth without dropping a long sync. And tenge and FX lines arrive in different shapes, so normalization to one schema happens before anything touches a ledger.

What you receive

Everything below is tied to Forte's real surfaces, not a generic checklist:

• An OpenAPI/Swagger specification covering the endpoints we map — account list, statement, transfers, deposits, loans, and the ForteForex rate/conversion read.
• A protocol and auth-flow report documenting the OTP-and-biometric step-up, the token chain, and refresh handling as they behave on the Forte client.
• Runnable source — Python or Node.js — for the high-value reads: account enumeration, statement pull, FX rate capture, loan-schedule fetch.
• Automated tests run against a consenting account or sandbox, so a release that moves a field fails loudly.
• Interface documentation an in-house team can maintain, plus data-retention and minimization guidance under Kazakhstan's personal-data law.

Consent and the Kazakhstan rulebook

Kazakhstan's Open API and Open Banking concept for 2023–2025 was approved in December 2022 by the National Bank together with the Agency for Regulation and Development of the Financial Market and the competition agency, and it is implemented by the National Payment Corporation. Its core is a centralized consent management system: a bank shares a customer's data with a third party only on that customer's explicit consent, verified through biometric identification. The current-accounts pilot launched on 1 November 2023 with Bank RBK, Altyn Bank, Home Credit Bank, Bank CenterCredit and Otbasy Bank — ForteBank was not in that first group, and reporting (The Astana Times) notes a new banking law with a dedicated data-privacy chapter still in development.

So the dependable legal basis today is the account holder's own consent, not a scheme Forte has already joined. We work to that: authorized and logged access, consent records kept, data minimized to what the integration needs, and an NDA where the engagement calls for one. Personal data is handled under Kazakhstan's personal-data protection law, with retention scoped to purpose.

What we plan around on a Forte build

Concrete engineering judgments specific to this app — things we account for, handled on our side:

• Step-up authentication. Forte logs in with a one-time code and a biometric or PIN check, then issues a short-lived token. We design the session handler around that device-bound token and the step-up re-auth so a long statement sync does not silently expire mid-run.
• Super-app surface sprawl. Balances are scattered across cards, KZT accounts, ForteForex FX accounts, deposits and loans, each with its own shape. We fold them into one normalized schema — KZT minor units, ISO-4217 currency codes — so FX and tenge lines reconcile against each other.
• Frequent front-end churn. Forte ships often; AR card scanning, AI home-screen tips and the Forte Plus subscription all arrived in releases. When a release moves a field, the fix is a contained patch to the client model, and that patch is exactly what the maintenance window covers — no rebuild.
• Open registration. Anyone can register in ForteApp without being a ForteBank customer, per its store listing, so we scope the build to the account that actually grants consent rather than an assumed full customer relationship.

Where teams put this to work

• A personal-finance app categorizing a user's Forte spend, with tenge and ForteForex lines in one view.
• An accounting tool reconciling a small business's Forte account movements and Quickpay utility payments.
• A lender reading a consenting applicant's Forte loan schedule and balances for an affordability check.
• A treasury dashboard capturing ForteForex executed rates and FX balances next to positions at other banks.

Interface evidence

Store screenshots of the surfaces named above. Select one to enlarge.

How this brief was put together

Worked up in June 2026 from Forte's own store listings and the public record on Kazakhstan's open-banking programme. The app surfaces and registration note come from the Google Play and App Store pages; the AR card-scan, TalkIN chatbot and the figure of more than 950,000 monthly active users come from Forte's design partner Commencis and are reported as it states them; the regulatory picture is drawn from the National Bank and National Payment Corporation pages and The Astana Times.

• National Bank of Kazakhstan — Open API, Open Banking
• National Payment Corporation — Open Banking & Open API
• The Astana Times — what stands behind Kazakhstan's open banking initiative
• Commencis — ForteBank app portfolio

Compiled by the OpenBanking Studio integration desk · 15 June 2026.

Other Kazakhstan banking apps in the same picture

Same category, all holding per-account data a unified integration would normalize side by side. Listed for context, not ranked.

• Kaspi.kz — the dominant retail super-app, with payments, a marketplace and installment lending under one account.
• Halyk (Homebank) — the largest bank's app, covering accounts, transfers, investing and government services.
• Bank CenterCredit (BCC.kz) — retail banking and payments; one of the original national open-banking pilot banks.
• Jusan — a banking-and-lifestyle app with cards, transfers and loans.
• Bereke Bank (B-Bank) — full-service retail banking with cards and deposits.
• Freedom SuperApp — Freedom Bank's app bundling banking, brokerage and lifestyle services.
• Otbasy Bank — housing-savings focused, also in the open-banking current-accounts pilot.
• Altyn Bank — retail and SME banking; another of the pilot participants.
• Home Credit Bank Kazakhstan — consumer lending and cards, also in the pilot cohort.

Questions integrators ask about Forte

Can you reach ForteForex rates and FX balances, not just tenge accounts?

Yes. ForteForex sits behind the same Forte login as your KZT cards and accounts, so we capture executed conversions and the live buy/sell rate alongside tenge statement lines, normalized to ISO-4217 with amounts in minor units.

Is ForteBank part of Kazakhstan's national open-banking scheme yet?

Not in the first cohort. The November 2023 current-accounts pilot named Bank RBK, Altyn Bank, Home Credit Bank, Bank CenterCredit and Otbasy Bank; the centralized consent scheme run by the National Payment Corporation is widening from there. Until Forte is live on it, the dependable basis is the account holder's own consent, captured and logged.

What happens to the integration when Forte ships an app update?

Forte updates the app often — AR card scanning, AI tips and Forte Plus all arrived in releases. When a release moves a field, the fix is a contained patch to the client model rather than a rebuild, and that patch is what our maintenance window covers.

Do we need an existing ForteBank customer account for you to build this?

No. Anyone can register in ForteApp without being a ForteBank customer, as its store listing notes, so we build against a consenting test account. The starting point is just the app name and what you want from its data; access is arranged with you.

Working with us

Forte work ships in one to two weeks. You can take it as runnable source plus its OpenAPI spec, automated tests and interface docs from $300, paid only after delivery once you are satisfied — or skip the build entirely and call our hosted endpoints, paying per call with nothing upfront. Tell us the app and what you need from its data at /contact.html and we scope the rest with you.