I once tried to open a personal investing account with Fidelity. When it came time to fund it, they wanted me to give them the username and password for my bank account so that they could log in on my behalf and verify that the account was owned by me.
Obviously, I didn't follow through with that, because that's a terrible sign of how Fidelity treats security and when it comes to entrusting large sums of money with an investment firm, I'd prefer one that's demonstrated a better security policy all around.
Anyway, this article was hilariously scant of technical details, but if the API they're creating allows different privileges to be associated with each API user, it's possible that I could use it to provide a company like Fidelty read-only access to only the information they need to verify that I am the account owner, and nothing more.
Obviously, I didn't follow through with that, because that's a terrible sign of how Fidelity treats security and when it comes to entrusting large sums of money with an investment firm, I'd prefer one that's demonstrated a better security policy all around.
Anyway, this article was hilariously scant of technical details, but if the API they're creating allows different privileges to be associated with each API user, it's possible that I could use it to provide a company like Fidelty read-only access to only the information they need to verify that I am the account owner, and nothing more.