Monzo connection

How Potzo connects to your Monzo account

Potzo's connection to Monzo works differently from its connection to your credit card. Here's exactly how it works, what access we have, and how you stay in control.

Your credit card

Open Banking · Yapily · FCA regulated

Potzo

Matches & syncs

Your Monzo pot

Direct API · BYOK · Your key

Two connections, not one

Potzo uses two separate connections to do its job. Your credit card is connected via Open Banking - a UK-regulated standard managed by Yapily. Your Monzo account is connected differently: through Monzo's own developer API, using a key that you generate and provide yourself. This is called the Bring Your Own Key (BYOK) model.

What is BYOK?

Rather than Potzo holding a shared or platform-level Monzo credential, you create a personal API key inside Monzo's own developer tools and give it to Potzo. This means the key belongs to you - not us. You can see it, rotate it, and delete it at any time directly from your Monzo account. Potzo has no access to your Monzo login, password, or PIN.

Monzo Developer Portal →

What Potzo reads and does with your Monzo

Potzo reads your account ID to find the pots attached to your account. It reads your pots so it knows where to move money. Before each pot move, it reads your balance to make sure you have enough to cover the transaction and won't dip into your overdraft. When a pot move is made, Potzo reads only the transaction it just created - this is so we can add a description. Potzo never reads any transactions it hasn't created. Moving money into your designated pot is the only action Potzo takes, and it is only triggered by a matched credit card transaction.

What Potzo never does

Potzo has no ability to initiate external payments from your Monzo account. Potzo has no ability to move money out of your Monzo account to any third party. Potzo never reads your Monzo transaction history beyond what is needed to identify your account and pot. Potzo never stores more data than is necessary to perform the sync.

How your API key is stored

Your Monzo API key is encrypted at rest using AES-256. It is never logged, never transmitted in plain text, and is only decrypted in memory at the time a sync runs. Only you and Potzo have access to your key.

How to revoke access

You are always in control. To disconnect Potzo from Monzo, you can delete your API key directly from the Monzo app under Profile → Developer tools. The key becomes invalid immediately. You can also disconnect via Potzo's settings, which will delete the stored key from our systems.

Credit card connection

For information on how Potzo connects to your credit card via Open Banking and Yapily, see the main security page.

Open Banking & FCA security →

Questions? Email us at help@potzo.cc or join our Discord community.