Reaching UBS TWINT's payment and account data through an authorized integration

The Swiss open-finance split, and what it means for this wallet

Switzerland's market-driven open finance reached retail multibanking the week of 25 November 2025, per SIX's launch release — and that one fact reshapes how a third party reaches UBS TWINT. The linked UBS bank account behind the wallet is now consent-reachable over a standardized interface. The wallet's own objects are not.

That split is the whole story here. The balance and the booked transactions tied to the UBS account can ride the new account-information rails. KeyClub loyalty points earned on a registered UBS credit card, prepaid Guthaben vouchers, the Coop Supercard and other loyalty cards stored for auto-apply at checkout, and the in-app P2P request/receive ledger all sit inside the TWINT client and never appear on those rails. A useful integration has to cover both halves and reconcile the CHF amounts that show up in each. The bottom line: account ledger via consented account information, wallet-specific data via authorized analysis of the app's traffic, joined into one feed.

What UBS TWINT holds per user

Routes that actually reach this data

Four routes apply to UBS TWINT. They are not interchangeable — each reaches a different slice.

1. Authorized protocol analysis of the app's traffic

We observe and document the UBS TWINT client talking to its backend, under the consenting account holder's authorization, and rebuild the calls behind the transaction list, balance reflection, KeyClub accrual, vouchers and stored loyalty cards. This is the only route that reaches the wallet-specific objects. Effort is moderate; durability is good with upkeep, because the app ships new builds often and the handshake shifts with them.

2. SIX bLink account-information service

Where the target is really the UBS account ledger rather than TWINT's own objects, the consented account-information interface is cleaner and more durable. It exposes account overview, balance and booked transactions. It does not expose KeyClub points, vouchers or loyalty cards. Onboarding to the consented interface is something we set up with you.

3. Native export from the business portal

For the merchant side, the TWINT business portal exports settled transactions and settlement statements as CSV or RAF/XML, in windows up to 365 days, with transaction-amount and commission totals — per the TWINT portal documentation. Low effort, durable, but bounded to acquirer data and that window.

4. User-consented operation

For anything the first three miss, we operate the app or portal on the consenting holder's behalf to capture state directly. Narrow, but it closes gaps.

For most UBS TWINT briefs the spine is route 1 for the wallet objects, with route 2 layered under it for the bank-account ledger because that slice is the most consent-clean and the most durable; route 3 carries merchant reconciliation when that is in scope. We say which mix fits once we know which data you actually want.

What authorizes the pull in Switzerland

Switzerland is not in the EU and has no PSD2-style mandate. The model is market-driven: SIX runs the bLink platform, Swiss FinTech Innovations leads standardization, and the Swiss Bankers Association coordinated a memorandum that numerous banks signed in May 2023, with retail multibanking going live the week of 25 November 2025 — all per SIX's own launch material. Access over that platform requires explicit customer consent, scoped, time-bound and revocable by the holder.

Personal data handling falls under the revised Federal Act on Data Protection, in force since 1 September 2023, which requires active opt-in consent and is overseen by the Federal Data Protection and Information Commissioner. We work to that posture: authorized or user-consented access only, every pull logged with its consent record, data minimized to the fields the integration needs, NDA in place where the engagement calls for one. The app itself states that its data stays in Switzerland and is PIN- or biometric-protected; we keep the integration consistent with that.

What lands in your repo

• OpenAPI / Swagger spec covering the reconstructed UBS TWINT calls — transaction list, balance, KeyClub accrual, voucher state — plus the bLink account-information endpoints used for the account ledger.
• Protocol and auth-flow report: the device-pairing and PIN-derived session chain, token lifetime and refresh, step-up behavior, and where the wallet ledger diverges from the bank-account ledger.
• Runnable source in Python or Node.js for the key surfaces, with a normalizer that joins the app-traffic feed and the account-information feed and de-duplicates the same CHF transfer across both.
• Automated tests against recorded fixtures, including token-expiry and re-pair paths.
• Interface documentation and compliance / retention notes mapped to the nFADP consent posture above.

A look at the transaction-list call

Illustrative shape, confirmed and pinned during the build against an observed app version — not a published contract:

# Wallet transaction list, post device-bound session
POST /twint/wallet/v3/transactions:list
Authorization: Bearer <device-bound session token>
X-Device-Id: <paired device id>
X-Pin-Assert: <PIN-derived assertion, short-lived>
{ "fromDate": "2026-02-01", "toDate": "2026-05-16",
  "include": ["p2p","merchant","topup","voucher"], "pageSize": 50 }

200 OK
{ "items": [
    { "txId": "…", "type": "p2p", "direction": "out",
      "amountChf": 42.50, "counterparty": "contact:…",
      "bookingDate": "2026-05-14T18:22:05+02:00",
      "message": "dinner", "keyClubPoints": 0 },
    { "txId": "…", "type": "merchant", "merchant": "Coop",
      "amountChf": 18.90, "bookingDate": "…", "keyClubPoints": 19 }
  ], "nextPageToken": "…" }

# Error handling we wire in:
#  401 token_expired   -> silent refresh, else re-pair device
#  403 step_up_required -> re-assert PIN, retry once
#  409 consent_revoked  -> stop, surface to caller, drop cached tokens
      

Three integrations teams ask us for

• Personal-finance aggregation. A budgeting app wants the UBS account balance and history without screen-scraping: route 2 over consented account information, with route 1 added when the user also wants their TWINT P2P and voucher activity categorized.
• Accounting sync for a sole trader. Someone taking TWINT payments needs settled revenue and commission in their books: route 3 export from the business portal on a weekly settlement cadence, normalized into the accounting schema.
• Loyalty reconciliation. A rewards partner needs KeyClub accrual tied to specific payments — only route 1 carries that, joined to the merchant transactions that earned the points.

What we handle on this build

Two things shape every UBS TWINT integration, and we account for both rather than passing them to you.

• Frequent client churn. UBS TWINT is updated often. We keep a versioned capture of the device-pairing and session handshake, pin the protocol map to the build it was observed against, and re-check it against each new release as routine upkeep so a silent client change does not break the feed unnoticed.
• Two ledgers, one truth. The same CHF transfer can appear in the wallet list and in the linked bank account. We model the join so route 1 and route 2 data reconcile to a single normalized record instead of double-counting, and we keep the wallet-only objects — KeyClub, vouchers, loyalty cards — clearly attributed to the app-traffic source.
• Swiss-resident reachability. The app is offered to UBS Switzerland AG clients and natural persons domiciled in Switzerland, per its store text. We arrange a consenting Swiss-resident account or a sponsor sandbox with you during onboarding, so the build runs against a valid account rather than assuming access.

Screens from the app

How this mapping was put together

Checked in May 2026 against SIX's bLink multibanking launch release for the Swiss timeline and consent model, the TWINT business-portal export documentation for native-export shape and windows, the Swiss federal guidance on the revised data-protection act, and the bLink platform overview. Data domains were taken from the app's own store description and help pages, not inferred.

• SIX — Swiss multibanking launch via bLink (Nov 2025)
• TWINT — exporting revenues and charges (CSV / RAF)
• Swiss Confederation — the new Federal Act on Data Protection
• bLink — the Swiss open banking platform (SIX)

Mapping by the OpenBanking Studio integration desk · May 2026

The Swiss payment and account apps around it

UBS TWINT does not sit alone; a unified integration usually has to speak to its neighbours too. Named here for ecosystem context, not ranked.

• Revolut — multi-currency accounts and card with a Swiss IBAN; holds transaction history, balances and FX records.
• Wise — multi-currency balances and transfers with detailed per-transfer fee and rate data.
• Neon — app-only Swiss account; balances, card transactions and statements behind a login.
• Yuh — Swiss banking, saving and investing app with account, card and investment positions.
• PostFinance App — large Swiss retail account base; balances, payments and e-bill data.
• Apple Pay — device-bound card tokens; transaction records tied to the underlying card, not a bank ledger.
• Google Pay — tokenized card payments with a per-transaction activity log.
• Swatch Pay — NFC card payments from a wearable; minimal app-side transaction state.
• UBS Mobile Banking — the full UBS account portfolio: accounts, cards, payments and statements that the TWINT wallet links into.

Questions integrators ask about UBS TWINT

Does the bLink/AIS route give you KeyClub points and TWINT vouchers, or only the bank account?

The Swiss bLink account-information interface carries the linked UBS account ledger — account overview, balance and booked transactions for the consenting holder. It does not carry wallet-specific objects such as KeyClub loyalty points, prepaid Guthaben vouchers or stored loyalty cards. Those live inside the UBS TWINT client surfaces, so we reach them through the authorized app-traffic route and stitch both into one normalized feed.

Switzerland has no PSD2 — what actually authorizes pulling UBS TWINT account data?

Switzerland runs a market-driven model rather than a statutory mandate. Account data moves over SIX's bLink platform under explicit customer consent, with standardization led by Swiss FinTech Innovations and a Swiss Bankers Association memorandum signed in May 2023; retail multibanking went live the week of 25 November 2025. Personal data handling sits under the revised Federal Act on Data Protection, in force since 1 September 2023, with opt-in consent. UBS Switzerland AG is a regulated Swiss bank.

Can the merchant side be exported instead of reverse-engineered?

Yes. The TWINT business portal lets a merchant export settled transactions and settlement statements as CSV or RAF/XML, in query windows up to 365 days, with totals for transaction amount and commission. That covers acquirer-side revenue and fee reconciliation cleanly. The consumer wallet ledger and loyalty objects are not in those files, so a full picture still needs the app-traffic route.

Because UBS TWINT is limited to Swiss-resident UBS clients, what do you run the build against?

We arrange a consenting Swiss-resident account or a sponsor sandbox with you during onboarding. You give us the app name and the data you want out of it; the access path and any compliance paperwork are handled as part of the engagement, not asked of you up front.

Working with us

One model: we build and deliver runnable integration source for the routes above, and you pay from $300 only after delivery, once it works to your satisfaction. The other: no upfront cost at all — you call our hosted endpoints and pay per call. Either way the build cycle runs one to two weeks. Tell us the app and the data you want at /contact.html.