Monzo connection

How Potzo connects to your Monzo account

Potzo's connection to Monzo works differently from its connection to your credit card. Here's exactly how it works, what access we have, and how you stay in control.

Your credit card

Open Banking · Yapily · FCA regulated

Potzo

Matches & syncs

Your Monzo pot

Direct API · BYOK · Your key

Two connections, not one

Potzo uses two separate connections to do its job. Your credit card is connected via Open Banking — a UK-regulated standard managed by Yapily. Your Monzo account is connected differently: through Monzo's own developer API, using a key that you generate and provide yourself. This is called the Bring Your Own Key (BYOK) model.

What is BYOK?

Rather than Potzo holding a shared or platform-level Monzo credential, you create a personal API key inside Monzo's own developer tools and give it to Potzo. This means the key belongs to you — not us. You can see it, rotate it, and delete it at any time directly from your Monzo account. Potzo never touches your Monzo login, password, or PIN.

Monzo Developer Portal →

Content placeholder

What Potzo reads from your Monzo account

[PLACEHOLDER — fill in the exact API scopes requested. E.g.: account ID, pot IDs and balances, account balance. Potzo does not read transaction history from Monzo, does not read Direct Debits or standing orders, and does not access any data outside the scopes listed here.]

Content placeholder

What Potzo does with your Monzo

[PLACEHOLDER — describe the write operations: moving money from the main Monzo balance into a designated pot when a credit card transaction is detected. Explain that this is the only action Potzo takes, and that it is triggered only by a matched credit card transaction.]

What Potzo never does

Potzo never initiates external payments from your Monzo account. Potzo never moves money out of your Monzo account to any third party. Potzo never reads your Monzo transaction history beyond what is needed to identify your account and pot. Potzo never stores more data than is necessary to perform the sync.

Content placeholder

How your API key is stored

[PLACEHOLDER — describe how the key is stored: encryption at rest, what encryption standard, whether it is stored per-user or shared. E.g. "Your Monzo API key is encrypted at rest using AES-256. It is never logged, never transmitted in plain text, and is only decrypted in memory at the time a sync runs."]

How to revoke access

You are always in control. To disconnect Potzo from Monzo, you can delete your API key directly from the Monzo app under Profile → Developer tools. The key becomes invalid immediately. You can also disconnect via Potzo's settings, which will delete the stored key from our systems.

Credit card connection

For information on how Potzo connects to your credit card via Open Banking and Yapily, see the main security page.

Open Banking & FCA security →

Questions? Email us at hasan@potzo.cc or join our Discord community.