MCP Hub
Back to servers

poke-bank

An MCP server that exposes Enable Banking API tools for interacting with bank accounts through Open Banking. It enables users to authenticate sessions, list accounts, and fetch transaction history or balances via a secure self-hosted server.

glama
Updated
Mar 25, 2026
View Source
Claim this server

poke-bank

A FastMCP server that exposes Enable Banking (Open Banking) as MCP tools. Designed for easy self-hosting on a VPS with Docker.

Built as a companion to poke-mail, following the same structure and config conventions.

Tools

ToolDescription
get_auth_urlStart the OAuth2 flow — returns an authorization URL and a session_id
exchange_codeExchange the authorization code for access + refresh tokens
list_accountsList all bank accounts linked to a session
get_transactionsGet transactions for an account (optional date range filter)
get_balancesGet current balances for an account

Quick start

git clone https://github.com/kacperkwapisz/poke-bank
cd poke-bank
cp .env.example .env
# Edit .env — fill in MCP_API_KEY, Enable Banking credentials, SESSION_ENCRYPTION_KEY
docker compose up -d

The server listens on port 3000 (configurable via HOST_PORT in .env).

MCP endpoint: http://your-vps:3000/mcp

Configuration

All config is via environment variables (or .env file for Docker Compose).

VariableRequiredDescription
MCP_API_KEYYesBearer token for MCP clients
ENABLE_BANKING_CLIENT_IDYesEnable Banking OAuth2 client ID
ENABLE_BANKING_CLIENT_SECRETYesEnable Banking OAuth2 client secret
ENABLE_BANKING_REDIRECT_URIYesOAuth2 redirect URI registered with Enable Banking
SESSION_ENCRYPTION_KEYYes64 hex chars (32 bytes) for AES-256-GCM session encryption
ENABLE_BANKING_BASENoAPI base URL — defaults to https://api.enablebanking.com
DB_PATHNoSQLite path — defaults to /data/sessions.db
RATE_LIMIT_GET_RPMNoGET rate limit per IP (default: 30)
RATE_LIMIT_POST_RPMNoPOST rate limit per IP (default: 120)
POKE_TUNNELNoSet to 1 when using the Poke tunnel (disables MCP_API_KEY requirement)
PORTNoServer port inside the container (default: 3000)

Generating keys

# MCP_API_KEY
openssl rand -hex 32

# SESSION_ENCRYPTION_KEY
python -c "import secrets; print(secrets.token_hex(32))"

Session store

Sessions (access tokens, refresh tokens) are stored in an encrypted SQLite database at /data/sessions.db inside the container. The poke-bank-data Docker volume persists this across restarts.

All session data is encrypted with AES-256-GCM using the SESSION_ENCRYPTION_KEY. The key never leaves your server.

OAuth2 flow

  1. Call get_auth_url with the bank name and country code
  2. Open the returned auth_url in a browser and authorize
  3. After the redirect, copy the code from the URL
  4. Call exchange_code with the code and session_id
  5. Use list_accounts, get_transactions, get_balances with the session_id

License

MIT

Reviews

No reviews yet

Sign in to write a review