Open Banking for Investment Accounts: How It Works

Cover image for article open banking for investment accounts: how it works


Open banking lets your portfolio tracker read your brokerage data directly — without storing your login credentials. Here's how the technology works, and why it matters for DIY investors.

What is open banking?

Open banking is a system that lets financial software read your account data — with your explicit permission — directly from banks and brokerages. No screen scraping. No stored passwords. The technology uses secure, standardized APIs to transfer only the data you authorize.

Open banking was formalized in the United Kingdom under the Open Banking Standard in 2018. The European Union followed with PSD2 — the revised Payment Services Directive. In the United States, the Consumer Financial Protection Bureau (CFPB) issued a parallel framework under Section 1033 of the Dodd-Frank Act.

All three frameworks share the same core principle: consumers own their financial data. Banks and brokerages must make that data available to authorized third parties — on the consumer's request — via standardized, secure APIs.

Key distinction: Open banking is a read-only technology. A portfolio tracker using open banking can see your positions and transaction history. It cannot move money, place trades, or make changes to your account.

For investors, open banking unlocks a more important shift: financial data is no longer trapped inside your brokerage's interface. Specialized tools like Ziggma can now access your Fidelity, Schwab, Vanguard, and Robinhood data directly — and do far more with it than any single brokerage dashboard can. Portfolio analysis, risk scoring, Impact Scores, and optimizer tools are built by companies whose entire focus is investment intelligence, not custody.

How open banking applies to brokerage and investment accounts

Open banking started in retail banking — checking accounts, savings, credit cards. Its scope has expanded to cover brokerage accounts, IRAs, 401(k)s, and investment platforms. That expansion is what makes open banking investment tracking possible.

Account types covered

  • Individual brokerage accounts
  • Roth IRA & Traditional IRA
  • 401(k) and 403(b) plans
  • 529 education savings plans
  • Crypto exchange accounts

Data accessible via open banking

  • Holdings and position sizes
  • Transaction history
  • Account balances
  • Cost basis information
  • Dividend and income records

Not every brokerage supports direct open banking APIs yet. Where direct APIs are unavailable, aggregators like Plaid and SnapTrade bridge the gap using OAuth-based connections. Ziggma works with both to maximize brokerage coverage across U.S. and Canadian brokerages.

The practical result: a Ziggma user with accounts at Fidelity, Charles Schwab, and Robinhood can see a full consolidated portfolio — holdings, performance, risk metrics, and Impact Scores — without entering a password into Ziggma's interface.

How OAuth 2.0 powers open banking investment tracking

OAuth 2.0 is the authorization protocol that makes open banking secure. It lets you grant Ziggma permission to read your brokerage data — without sharing your username or password. The process takes under a minute.

1

You initiate the connection in Ziggma

You select your brokerage — for example, Fidelity or Charles Schwab — from Ziggma's account aggregation interface.

2

You are redirected to your brokerage's login page

Ziggma never sees your credentials. You log in directly on your brokerage's own domain — Fidelity.com, Schwab.com, or similar.

3

Your brokerage issues a time-limited access token

Your brokerage generates an OAuth 2.0 token. This token authorizes read-only data access for a specific scope — your holdings and transaction history.

4

Ziggma receives the token, not your password

The token is what Ziggma stores — not your username or password. You can revoke it at any time, directly from your brokerage's settings.

5

Your portfolio data syncs automatically

Ziggma uses the token to pull your latest positions, balances, and transactions. Your portfolio view updates without any manual input.

Security note: OAuth 2.0 tokens are scoped and revocable. "Scoped" means the token only permits the specific data access you authorized — not full account control. "Revocable" means you can disconnect Ziggma from your brokerage at any time by removing the app authorization in your brokerage settings — no action required inside Ziggma.

See your full portfolio in one place

Connect your brokerage accounts to Ziggma — read-only, and takes under a minute, full money-back guarantee.

Get Started Free

Open banking glossary: 10 key terms for investors

Open banking comes with its own vocabulary. These are the ten terms you are most likely to encounter when connecting brokerage accounts to a portfolio tracker like Ziggma.

Open banking

A regulatory framework that requires financial institutions to share customer data with authorized third-party applications — with the customer's explicit consent. Enabled by standardized APIs, open banking underpins modern account aggregation and portfolio tracking.

OAuth 2.0

The industry-standard authorization protocol used by open banking connections. OAuth 2.0 lets you grant a third-party app — like Ziggma — permission to access specific data from your brokerage, without sharing your login credentials. It is the foundational security layer of all modern open banking brokerage account connections.

Access token

A time-limited, cryptographically signed credential issued by your brokerage during the OAuth flow. The token authorizes read access to your account data for a defined scope. Ziggma stores your access token — not your password.

Read-only access

A data permission level that allows an application to view your account information but not make any changes. Ziggma's open banking connections are read-only: no trades, transfers, or account modifications are possible through the integration.

Financial data aggregator

A company that connects consumer-facing apps to banks and brokerages via open banking APIs. Plaid and SnapTrade are the two leading financial data aggregators serving investment platforms. Ziggma works with both to maximize brokerage coverage. See SnapTrade vs Plaid for a detailed comparison.

Account aggregation

The process of pulling data from multiple financial accounts — across different institutions — into a single interface. Account aggregation is what allows a Ziggma user with accounts at Fidelity, Vanguard, and Robinhood to see a unified portfolio view.

PSD2 (Payment Services Directive 2)

The European Union regulation that mandated open banking across EU member states. PSD2 requires banks to open their APIs to licensed third-party providers when a customer gives consent. PSD2 directly inspired similar frameworks in the United Kingdom, Australia, and the United States.

Screen scraping

An older account aggregation method in which software logs into your brokerage using your actual credentials and extracts data by parsing the HTML of your account pages. Screen scraping is less secure than OAuth-based open banking — it requires storing your password and breaks when brokerages update their interfaces.

Tokenized credentials

A security architecture in which your actual login details are replaced by a surrogate token for data access purposes. Open banking connections use tokenized credentials so that even if a third-party app's data were compromised, your brokerage password would remain unexposed.

Data portability

The right of consumers to access and transfer their own financial data between institutions and applications. The CFPB's Section 1033 rule codifies data portability for U.S. bank and brokerage customers, giving legal weight to the open banking principle that your financial data belongs to you.

Frequently asked questions about open banking investment tracking

What is open banking investment tracking?
Open banking investment tracking is the use of open banking APIs to pull your brokerage account data — holdings, balances, transactions — into a portfolio management tool. Instead of logging into each brokerage separately, you authorize a tool like Ziggma's free portfolio tracker to read your data via a secure, read-only connection. The result is a consolidated portfolio view across all your accounts, updated automatically.
Is open banking safe for investment accounts?
Yes. Open banking connections use OAuth 2.0, which means your brokerage password is never shared with or stored by the third-party app. The app receives a scoped access token instead. Connections are read-only — no trades, transfers, or account changes are possible. You can revoke access at any time from your brokerage's settings. For a deeper look at the security model, see Is Plaid safe?.
Which brokerages support open banking connections?
Major U.S. brokerages — including Fidelity, Charles Schwab, TD Ameritrade, Robinhood, E*TRADE, and Interactive Brokers — support open banking connections via aggregators like Plaid and SnapTrade. Ziggma supports connections to over 12,000 financial institutions through its aggregator partnerships. Coverage varies by country. See how to link your brokerage account for a step-by-step guide.
What is the difference between open banking and screen scraping?
Screen scraping logs into your brokerage using your actual username and password, then extracts data from the page HTML. It requires storing your credentials and breaks when brokerages update their interfaces. Open banking uses OAuth 2.0: your credentials stay on your brokerage's servers, and the third-party app receives only a scoped, revocable access token. Plaid, which powers many financial account aggregators, has been phasing out screen scraping in favor of direct API connections since 2021.
Can I track a 401(k) or IRA using open banking?
Yes, in most cases. Open banking investment tracking covers 401(k), 403(b), Traditional IRA, Roth IRA, and taxable brokerage accounts — provided your plan administrator or brokerage supports API connections. Fidelity NetBenefits, Vanguard, and Empower Retirement support aggregator connections. Ziggma's portfolio checkup works across all connected account types.
What data does Ziggma access through an open banking connection?
Ziggma accesses holdings, account balances, transaction history, and cost basis data — the information needed to run portfolio analysis. Ziggma does not access payment initiation, personal identification documents, or any data outside the defined scope you authorize. This data powers Ziggma features including the portfolio checkup, portfolio optimizer, and Impact Score calculations.
How does Plaid differ from SnapTrade for open banking investment tracking?
Plaid is a broad financial data aggregator covering bank accounts, credit cards, and investment accounts. SnapTrade was built specifically for investment accounts and offers deeper brokerage coverage and OAuth-first connections across more brokerages. Ziggma uses both, which maximizes the number of brokerages you can connect. For a detailed comparison, see SnapTrade vs Plaid.
How do I revoke an open banking connection?
You revoke an open banking connection from your brokerage's security settings — typically under "Connected apps," "Linked accounts," or "Third-party access." Removing the authorization invalidates the access token immediately. You can also disconnect accounts inside Ziggma, which removes the token on Ziggma's side. For more context on how data access works, see Is Plaid safe?.
What is the CFPB Section 1033 rule and how does it affect investors?
Section 1033 of the Dodd-Frank Act gives U.S. consumers the legal right to access and share their own financial data. The CFPB's final Section 1033 rule, issued in 2024, requires banks and financial institutions to make data available via standardized APIs — and prohibits anti-competitive tactics that block data portability. For investors, this means brokerages must support open banking connections. The rule strengthens the infrastructure that makes secure portfolio tracking possible across institutions.
Does open banking investment tracking work outside the United States?
Yes. The United Kingdom's Open Banking Standard and the EU's PSD2 directive have been operational since 2018. Canadian investors can use SnapTrade-based connections, which Ziggma supports. Coverage varies by country and institution. Check how to link your brokerage account for current coverage by country.

Track every account in one dashboard.

Ziggma connects to your Fidelity, Schwab, Robinhood, and other brokerage accounts via secure, read-only open banking connections. Get your full portfolio view in under a minute.

Create your Ziggma account →