The Token.io Open Banking API
enables you to connect securely with banks for a range of
services.
Using our API you can:
provide authorized access
to an authenticated user's account information
get information on
specific banks
initiate authorization with a user-selected
bank
initate and track single immediate payments and future dated
payments
use variable recurring payments (VRP) to grant long-held
consents to Payment Initiation Service Providers (PISPs) to initiate series
of payments from users' bank accounts
carry out settlements,
payments and refunds using our settlement accounts
For more
information see our developer documentation.
version: ''
servers:
- url: https://api.token.io
tags:
- name: Payments v2
description: >-
Creates and initiates a single immediate payment or a future-dated
payment. Also supports initiating a Variable Recurring Payment (VRP) using
an existing VRP mandate that has been created and authorised via the
`/vrp-consent` endpoint.
- name: Pay by Link
description: >-
These endpoints allow you to create and manage payment links. Payment
links are reusable or single-use payment URLs that can be shared with
customers, supporting fixed or variable amounts, usage limits, and
expiration dates.
- name: Account on File
description: >-
These endpoints allow you to create and manage an Account on File from
bank account details. The Account on File can then be used in other API
requests instead of sending the full account details.
- name: Requests - for Payments v1 or AIS
description: >-
These endpoints allow you to initiate a Payments v1 request or an AIS
request, and retrieve the status of the request.
- name: Transfers - for Payments v1
description: >-
These endpoints relate to transfers, which are requests to move money
between accounts.
- name: Variable Recurring Payments
description: >-
These endpoints enable you to initiate Variable Recurring Payments (VRP).
Note, that VRP is also available in Payments v2 API.
x-internal: true
- name: Refunds
description: >-
These endpoints allow you to handle registration, posting, and retrieval
of refunds associated with original transaction account information.
- name: Payouts
description: These endpoints allow you to make payouts.
x-internal: true
- name: Settlement Accounts
description: >-
These endpoints provide authorized access to an authenticated user's
settlement account information, enabling you to create settlement
accounts, retrieve settlement account details, transactions and payouts,
and manage settlement rules.
x-internal: true
- name: Accounts
description: >-
These endpoints provide authorized access to an authenticated user's
account information.
- name: Tokens
description: >-
These endpoints retrieve all tokens, a filtered list of tokens, or a
specific token, as well as allowing you to cancel an existing token.
- name: Banks v1
description: >-
These endpoints filter and fetch the list of connected banks, get
information on specific banks, and initiate authorization with
user-selected banks using Payments v1.
- name: Banks v2
description: >-
This endpoint filters and fetches the list of connected banks, gets
information on specific banks, and initiates authorization with
user-selected banks using Payments v2.
- name: Sub-TPPs
description: >-
These endpoints are for resellers using Token.io's licence to create,
retrieve and delete sub-TPPs.
- name: Authentication keys
description: >-
These endpoints are for managing the public keys that are used for JWT
authentication.
- name: Reports
description: >-
These endpoints retrieve the current AIS and PIS status of connected
banks.
x-internal: true
- name: Webhooks
description: >-
These endpoints configure, retrieve and remove webhooks. See Webhooks for more details.
paths:
/accounts:
get:
tags:
- Accounts
summary: Get information for all accounts
description: >-
The `GET /accounts` endpoint retrieves information for all bank
accounts.
operationId: GatewayService.GetAccounts
parameters:
- name: on-behalf-of
in: header
description: The `tokenId` represents the consent granted by the user (PSU).
schema:
type: string
required: true
example: ta:3eYPU1BEKKunfmYgQuSKXFCeo851C5Y3XiZW3XA465TU:5zKtXEAq
- name: token-customer-ip-address
in: header
description: >-
The user's IP address if the user is currently logged in with the
TPP. If the customer IP address is supplied (recommended), it is
inferred that the user is present during the session (i.e.,
the request is user-initiated; adding a `customer-initiated` =
`true` header makes this explicit). For AIS calls, if the customer's
IP address is not provided in the request, the bank assumes it is a
TPP-initiated request and may limit the TPP to four TPP-initiated
access attempts within a given 24-hour period.
schema:
type: string
format: ipv4
required: false
example: 172.16.254.1
responses:
'200':
description: Successful response
content:
application/json:
schema:
$ref: '#/components/schemas/GetAccountsResponse'
'400':
description: The client specified an invalid argument
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_400'
'401':
description: The authorization information is missing or invalid
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_401'
'403':
description: Permission to access this endpoint is denied
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_403'
'404':
description: The requested entity, such as a payment, was not found
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_404'
'429':
description: Too many requests
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_429'
'500':
description: An unexpected or internal server error
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_500'
'501':
description: The operation was not implemented
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_501'
'503':
description: Service is unavailable
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_503'
'504':
description: Gateway has timed out
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_504'
deprecated: false
security:
- Bearer: []
- BasicAuth: []
x-hideTryItPanel: true
/accounts/{accountId}:
get:
tags:
- Accounts
summary: Get account information
description: >-
The `GET /accounts/{accountId}` endpoint retrieves the information for a
specific bank account.
operationId: GatewayService.GetAccount
parameters:
- name: on-behalf-of
in: header
description: The `tokenId` represents the consent granted by the user (PSU).
schema:
type: string
required: true
example: ta:3eYPU1BEKKunfmYgQuSKXFCeo851C5Y3XiZW3XA465TU:5zKtXEAq
- name: accountId
in: path
description: >-
The system-generated, unique bank account id, which specifies the
account for which the information is requested.
required: false
style: simple
explode: false
schema:
type: string
example: a:8DbPteGnytmMbKXdnWTReeRB6cYWKXZ84JgLTBC7fKL4:5zKcENpV
- name: token-customer-ip-address
in: header
description: >-
The user's IP address if the user is currently logged in with the
TPP. If the customer IP address is supplied (recommended), it is
inferred that the user is present during the session (i.e.,
the request is user-initiated; adding a `customer-initiated` =
`true` header makes this explicit). For AIS calls, if the customer's
IP address is not provided in the request, the bank assumes it is a
TPP-initiated request and may limit the TPP to 4 TPP-initiated
access attempts within a given 24-hour period.
schema:
type: string
format: ipv4
required: false
example: 172.16.254.1
responses:
'200':
description: Successful response
content:
application/json:
schema:
$ref: '#/components/schemas/GetAccountResponse'
'400':
description: The client specified an invalid argument
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_400'
'401':
description: The authorization information is missing or invalid
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_401'
'403':
description: Permission to access this endpoint is denied
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_403'
'404':
description: The requested entity, such as a payment, was not found
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_404'
'429':
description: Too many requests
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_429'
'500':
description: An unexpected or internal server error
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_500'
'501':
description: The operation was not implemented
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_501'
'503':
description: Service is unavailable
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_503'
'504':
description: Gateway has timed out
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_504'
deprecated: false
security:
- Bearer: []
- BasicAuth: []
x-hideTryItPanel: true
/account-balance:
get:
tags:
- Accounts
summary: Get account balances
description: >-
The `GET /account-balance` endpoint retrieves the balances for multiple
bank accounts.
operationId: GatewayService.GetBalances
parameters:
- name: on-behalf-of
in: header
description: The `tokenId` represents the consent granted by the user (PSU).
schema:
type: string
required: true
example: ta:3eYPU1BEKKunfmYgQuSKXFCeo851C5Y3XiZW3XA465TU:5zKtXEAq
- name: token-customer-ip-address
in: header
description: >-
The user's IP address if the user is currently logged in with the
TPP. If the customer IP address is supplied (recommended), it is
inferred that the user is present during the session (i.e.,
the request is user-initiated; adding a `customer-initiated` =
`true` header makes this explicit). For AIS calls, if the customer's
IP address is not provided in the request, the bank assumes it is a
TPP-initiated request and may limit the TPP to 4 TPP-initiated
access attempts within a given 24-hour period.
schema:
type: string
format: ipv4
required: false
example: 172.16.254.1
- name: accountId
in: query
description: >-
A list of account ids for which you wish to retrieve account
balances. Each `accountId` should be specified separately as
accountId=a:xxx:xxx&accountId=a:yyy:yyy.
required: false
style: form
explode: true
schema:
type: array
items:
type: string
example:
- a:8DbPteGnytmMbKXdnWTReeRB6cYWKXZ84JgLTBC7fKL4:5zKcENpV
- a:9TFpwkcQmcsMbdjQcpdjfsEBosDw28503fAAGPEMF2MVF19hfk3nc
- a:rtmv254gaskGLdkadQvdNesk2Y9ferbvpaom5mvepm0mv2nfGnaix
responses:
'200':
description: Successful response
content:
application/json:
schema:
$ref: '#/components/schemas/GetBalancesResponse'
'400':
description: The client specified an invalid argument
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_400'
'401':
description: The authorization information is missing or invalid
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_401'
'403':
description: Permission to access this endpoint is denied
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_403'
'404':
description: The requested entity, such as a payment, was not found
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_404'
'429':
description: Too many requests
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_429'
'500':
description: An unexpected or internal server error
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_500'
'501':
description: The operation was not implemented
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_501'
'503':
description: Service is unavailable
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_503'
'504':
description: Gateway has timed out
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_504'
deprecated: false
security:
- Bearer: []
- BasicAuth: []
x-hideTryItPanel: true
/accounts/{accountId}/balance:
get:
tags:
- Accounts
summary: Get an account balance
description: >-
The `GET /accounts/{accountId}/balance` endpoint retrieves the balance
for a given bank account.
operationId: GatewayService.GetBalance
parameters:
- name: on-behalf-of
in: header
description: The `tokenId` represents the consent granted by the user (PSU).
schema:
type: string
required: true
example: ta:3eYPU1BEKKunfmYgQuSKXFCeo851C5Y3XiZW3XA465TU:5zKtXEAq
- name: token-customer-ip-address
in: header
description: >-
The user's IP address if the user is currently logged in with the
TPP. If the customer IP address is supplied (recommended), it is
inferred that the user is present during the session (i.e.,
the request is user-initiated; adding a `customer-initiated` =
`true` header makes this explicit). For AIS calls, if the customer's
IP address is not provided in the request, the bank assumes it is a
TPP-initiated request and may limit the TPP to 4 TPP-initiated
access attempts within a given 24-hour period.
schema:
type: string
format: ipv4
required: false
example: 172.16.254.1
- name: accountId
in: path
description: >-
The unique bank account id, which specifies the account for which
the information is requested.
required: false
style: simple
explode: false
schema:
type: string
example: a:8DbPteGnytmMbKXdnWTReeRB6cYWKXZ84JgLTBC7fKL4:5zKcENpV
responses:
'200':
description: Successful response
content:
application/json:
schema:
$ref: '#/components/schemas/GetBalanceResponse'
'400':
description: The client specified an invalid argument
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_400'
'401':
description: The authorization information is missing or invalid
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_401'
'403':
description: Permission to access this endpoint is denied
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_403'
'404':
description: The requested entity, such as a payment, was not found
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_404'
'429':
description: Too many requests
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_429'
'500':
description: An unexpected or internal server error
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_500'
'501':
description: The operation was not implemented
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_501'
'503':
description: Service is unavailable
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_503'
'504':
description: Gateway has timed out
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_504'
deprecated: false
security:
- Bearer: []
- BasicAuth: []
x-hideTryItPanel: true
/accounts/{accountId}/standing-orders:
get:
tags:
- Accounts
summary: Get information for all standing orders
description: >-
The `GET /accounts/{accountId}/standing-orders` endpoint retrieves
information for all standing orders in a given account, once consent has
been given.
operationId: GatewayService.GetStandingOrders
parameters:
- name: on-behalf-of
in: header
description: The `tokenId` represents the consent granted by the user (PSU).
schema:
type: string
required: true
example: ta:3eYPU1BEKKunfmYgQuSKXFCeo851C5Y3XiZW3XA465TU:5zKtXEAq
- name: token-customer-ip-address
in: header
description: >-
The user's IP address if the user is currently logged in with the
TPP. If the customer IP address is supplied (recommended), it is
inferred that the user is present during the session (i.e.,
the request is user-initiated; adding a `customer-initiated` =
`true` header makes this explicit). For AIS calls, if the customer's
IP address is not provided in the request, the bank assumes it is a
TPP-initiated request and may limit the TPP to 4 TPP-initiated
access attempts within a given 24-hour period.
schema:
type: string
format: ipv4
required: false
example: 172.16.254.1
- name: accountId
in: path
description: >-
The unique bank account id, which specifies the account for which
the information is requested.
required: false
schema:
type: string
example: a:8DbPteGnytmMbKXdnWTReeRB6cYWKXZ84JgLTBC7fKL4:5zKcENpV
- name: page.offset
in: query
description: >-
The offset for the current page. If the offset has been provided in
the request, this offset will be equal to the provided one. But if
no offset was provided in the request (i.e. this is the first
page) and the page is not empty, this field will be populated with a
non-empty string. This may be helpful for loading the same page
again, which might not always be possible with an empty offset due
to a dynamic nature of the data. The offset is not visible to a
user and should not be parsed and/or understood in any way.
required: false
style: form
explode: true
schema:
type: string
example: LerV6Jmex
- name: page.limit
in: query
description: The maximum number of records to return. This must be less than 200.
required: true
style: form
explode: true
schema:
type: integer
format: int32
example: 175
default: 1
responses:
'200':
description: Successful response
content:
application/json:
schema:
$ref: '#/components/schemas/GetStandingOrdersResponse'
'400':
description: The client specified an invalid argument
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_400'
'401':
description: The authorization information is missing or invalid
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_400'
'403':
description: Permission to access this endpoint is denied
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_403'
'404':
description: The requested entity, such as a payment, was not found
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_404'
'429':
description: Too many requests
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_429'
'500':
description: An unexpected or internal server error
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_500'
'501':
description: The operation was not implemented
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_501'
'503':
description: Service is unavailable
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_503'
'504':
description: Gateway has timed out
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_504'
deprecated: false
security:
- Bearer: []
- BasicAuth: []
x-hideTryItPanel: true
x-internal: true
/accounts/{accountId}/standing-orders/{standingOrderId}:
get:
tags:
- Accounts
summary: Get standing order information
description: >-
The `GET /accounts/{accountId}/standing-orders/{standingOrderId}`
endpoint retrieves information for a specific standing order in a given
account, once consent has been given.
operationId: GatewayService.GetStandingOrder
parameters:
- name: on-behalf-of
in: header
description: The `tokenId` represents the consent granted by the user (PSU).
schema:
type: string
required: true
example: ta:3eYPU1BEKKunfmYgQuSKXFCeo851C5Y3XiZW3XA465TU:5zKtXEAq
- name: token-customer-ip-address
in: header
description: >-
The user's IP address if the user is currently logged in with the
TPP. If the customer IP address is supplied (recommended), it is
inferred that the user is present during the session (i.e.,
the request is user-initiated; adding a `customer-initiated` =
`true` header makes this explicit). For AIS calls, if the customer's
IP address is not provided in the request, the bank assumes it is a
TPP-initiated request and may limit the TPP to 4 TPP-initiated
access attempts within a given 24-hour period.
schema:
type: string
format: ipv4
required: false
example: 172.16.254.1
- name: accountId
in: path
description: >-
The system-generated, unique bank account id, which specifies the
account for which the information is requested.
required: false
schema:
type: string
example: a:8DbPteGnytmMbKXdnWTReeRB6cYWKXZ84JgLTBC7fKL4:5zKcENpV
- name: standingOrderId
in: path
required: true
schema:
type: string
description: >-
The unique standing order identifier, which specifies the standing
order requested.
responses:
'200':
description: Successful response
content:
application/json:
schema:
$ref: '#/components/schemas/GetStandingOrderResponse'
'400':
description: The client specified an invalid argument
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_400'
deprecated: false
security:
- Bearer: []
- BasicAuth: []
x-hideTryItPanel: true
x-internal: true
/accounts/{accountId}/transactions:
get:
tags:
- Accounts
summary: Get account transactions
description: >-
The `GET /accounts/{accountId}/transactions` endpoint retrieves
information for all transactions in a given account.
operationId: GatewayService.GetTransactions
parameters:
- name: on-behalf-of
in: header
description: The `tokenId` represents the consent granted by the user (PSU).
schema:
type: string
required: true
example: ta:3eYPU1BEKKunfmYgQuSKXFCeo851C5Y3XiZW3XA465TU:5zKtXEAq
- name: token-customer-ip-address
in: header
description: >-
The user's IP address if the user is currently logged in with the
TPP. If the customer IP address is supplied (recommended), it is
inferred that the user is present during the session (i.e.,
the request is user-initiated; adding a `customer-initiated` =
`true` header makes this explicit). For AIS calls, if the customer's
IP address is not provided in the request, the bank assumes it is a
TPP-initiated request and may limit the TPP to 4 TPP-initiated
access attempts within a given 24-hour period.
schema:
type: string
format: ipv4
required: false
example: 172.16.254.1
- name: accountId
in: path
description: >-
The system-generated unique bank account id, which specifies the
account for which the information is requested.
required: false
style: simple
explode: false
schema:
type: string
example: a:8DbPteGnytmMbKXdnWTReeRB6cYWKXZ84JgLTBC7fKL4:5zKcENpV
- name: page.offset
in: query
description: >-
The offset for the current page. If the offset has been provided in
the request, this offset will be equal to the provided one. But if
no offset was provided in the request (i.e. this is the first
page) and the page is not empty, this field will be populated with a
non-empty string. This may be helpful for loading the same page
again, which might not always be possible with an empty offset due
to a dynamic nature of the data. The offset is not visible to a
user and should not be parsed and/or understood in any way.
required: false
style: form
explode: true
schema:
type: string
example: LerV6Jmex
- name: page.limit
in: query
description: The maximum number of records to return. This must be less than 200.
required: true
style: form
explode: true
schema:
type: integer
format: int32
example: 175
default: 1
- name: startDate
in: query
description: >-
The earliest transaction date requested, in ISO 8601 format.
required: false
style: form
explode: true
schema:
type: string
example: '2022-06-15'
- name: endDate
in: query
description: >-
The latest transaction date requested, in ISO 8601 format.
required: false
style: form
explode: true
schema:
type: string
example: '2022-11-30'
responses:
'200':
description: Successful response
content:
application/json:
schema:
$ref: '#/components/schemas/GetTransactionsResponse'
'400':
description: The client specified an invalid argument
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_400'
'401':
description: The authorization information is missing or invalid
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_401'
'403':
description: Permission to access this endpoint is denied
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_403'
'404':
description: The requested entity, such as a payment, was not found
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_404'
'429':
description: Too many requests
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_429'
'500':
description: An unexpected or internal server error
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_500'
'501':
description: The operation was not implemented
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_501'
'503':
description: Service is unavailable
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_503'
'504':
description: Gateway has timed out
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_504'
deprecated: false
security:
- Bearer: []
- BasicAuth: []
x-hideTryItPanel: true
/accounts/{accountId}/transaction/{transactionId}:
get:
tags:
- Accounts
summary: Get transaction information
description: >-
The `GET /accounts/{accountId}/transaction/{transactionId}` endpoint
retrieves information for a specific transaction in a given account.
operationId: GatewayService.GetTransaction
parameters:
- name: on-behalf-of
in: header
description: The `tokenId` represents the consent granted by the user (PSU).
schema:
type: string
required: true
example: ta:3eYPU1BEKKunfmYgQuSKXFCeo851C5Y3XiZW3XA465TU:5zKtXEAq
- name: token-customer-ip-address
in: header
description: >-
The user's IP address if the user is currently logged in with the
TPP. If the customer IP address is supplied (recommended), it is
inferred that the user is present during the session (i.e.,
the request is user-initiated; adding a `customer-initiated` =
`true` header makes this explicit). For AIS calls, if the customer's
IP address is not provided in the request, the bank assumes it is a
TPP-initiated request and may limit the TPP to 4 TPP-initiated
access attempts within a given 24-hour period.
schema:
type: string
format: ipv4
required: false
example: 172.16.254.1
- name: accountId
in: path
description: >-
The unique bank account id, which specifies the account for which
the information is requested.
required: false
style: simple
explode: false
schema:
type: string
example: a:8DbPteGnytmMbKXdnWTReeRB6cYWKXZ84JgLTBC7fKL4:5zKcENpV
- name: transactionId
in: path
description: >-
The unique transaction identifier, which specifies the transaction
requested.
required: true
style: simple
explode: false
schema:
type: string
example: 42909b155d4942299c39017686b5dc36
responses:
'200':
description: Successful response
content:
application/json:
schema:
$ref: '#/components/schemas/GetTransactionResponse'
'400':
description: The client specified an invalid argument
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_400'
'401':
description: The authorization information is missing or invalid
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_401'
'403':
description: Permission to access this endpoint is denied
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_403'
'404':
description: The requested entity, such as a payment, was not found
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_404'
'429':
description: Too many requests
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_429'
'500':
description: An unexpected or internal server error
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_500'
'501':
description: The operation was not implemented
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_501'
'503':
description: Service is unavailable
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_503'
'504':
description: Gateway has timed out
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_504'
deprecated: false
security:
- Bearer: []
- BasicAuth: []
x-hideTryItPanel: true
/banks:
get:
tags:
- Banks v1
summary: Get banks v1
description: >-
The `GET /banks` endpoint retrieves a list of connected banks matching
the parameters specified.
operationId: GatewayService.GetBanks
parameters:
- name: page
in: query
description: The index of the page currently being retrieved.
required: false
style: form
explode: true
schema:
type: integer
format: int32
example: 1
- name: perPage
in: query
description: The number of records per page.
required: false
style: form
explode: true
schema:
type: integer
format: int32
example: 175
- name: sort
in: query
description: >-
The key to sort the result. This can be `name` (i.e., bank
name), `provider`, or `country`.
required: false
style: form
explode: true
schema:
type: string
example: country
default: name
- name: memberId
in: query
description: The Token.io-assigned member id of the TPP.
required: false
style: form
explode: true
schema:
type: string
example: m:nP4w3u5y8ddrxDJkjimgSX9e4fZ:5zKtXEAq
- name: ids
in: query
description: >-
Filters for banks with a `bankId` (case-insensitive) matching any of
the ids listed, up to a maximum of 1000. Only exact (full string)
matches are returned.
required: false
style: form
explode: true
schema:
type: array
example:
- goldbank
- opalbank
- platinumbank
items:
type: string
- name: search
in: query
description: >-
Filters for banks with a name or identifiers containing this search
string.
required: false
style: form
explode: true
schema:
type: string
example: hsbc
- name: tppId
in: query
description: >-
Filters for banks for which the TPP represented by this `tppId` has
access.
required: false
style: form
explode: true
schema:
type: string
example: 4h27g823-g73s-07v3-l49s-prte94bf21v
- name: providers
in: query
description: >-
Filters for banks that are accessed through any of the listed
providers.
required: false
style: form
explode: true
schema:
type: array
example: Token.io
items:
type: string
- name: bankCode
in: query
description: >-
Filters for banks with a BIC (or BLZ, if German) that matches this
`bankCode`. The BIC must have a string length of 8 or 11. The BLZ
must have a string length of 8.
required: false
style: form
explode: true
schema:
type: string
example: NBAGDE3E
- name: countries
in: query
description: >-
Filters for banks that are located in the countries specified by
this list of two-letter country codes in upper case (ISO 3166-1
alpha-2).
required: false
style: form
explode: true
schema:
type: array
example:
- IT
- DE
- RO
items:
type: string
- name: bank_features.supports_send_payment.value
in: query
description: Filters for banks that support payment initiation.
required: false
style: form
explode: true
schema:
type: boolean
format: boolean
example: false
default: false
- name: bank_features.supports_receive_payment.value
in: query
description: Filters for banks that support receiving payments.
required: false
style: form
explode: true
schema:
type: boolean
format: boolean
example: false
default: false
- name: bank_features.supports_balance.value
in: query
description: Filters for the banks that support retrieving balances.
required: false
style: form
explode: true
schema:
type: boolean
format: boolean
example: false
default: false
- name: bank_features.supports_scheduled_payment.value
in: query
description: Filters for banks that support future dated scheduled payments.
required: false
style: form
explode: true
schema:
type: boolean
format: boolean
example: false
default: false
- name: bank_features.supports_standing_order.value
in: query
description: Filters for banks that support recurring payments/standing orders.
required: false
style: form
explode: true
schema:
type: boolean
format: boolean
example: false
default: false
- name: bank_features.requires_one_step_payment.value
in: query
description: >-
Filters for banks that only support immediate redemption of
transfers.
required: false
style: form
explode: true
schema:
type: boolean
format: boolean
example: false
default: false
- name: bank_features.supports_funds_confirmation.value
in: query
description: Filters for the banks that support confirmation of available funds.
required: false
style: form
explode: true
schema:
type: boolean
format: boolean
example: false
default: false
- name: bank_features.supports_return_refund_account.value
in: query
description: Filters for the banks that support request of refund account.
required: false
style: form
explode: true
schema:
type: boolean
format: boolean
example: false
default: false
- name: bank_features.supports_transactions_date_filter.value
in: query
description: >-
Filters for banks that support retrieving transactions by date
filter.
required: false
style: form
explode: true
schema:
type: boolean
format: boolean
example: false
default: false
- name: bank_features.supports_account_information.value
in: query
description: Filters for banks that support retrieval of account information.
required: false
style: form
explode: true
schema:
type: boolean
format: boolean
example: false
default: false
- name: bank_features.supports_single_payment.value
in: query
description: Filters for banks that support single immediate payments.
required: false
style: form
explode: true
schema:
type: boolean
format: boolean
example: false
default: false
- name: bank_features.supports_variable_recurring_payment.value
x-internal: true
in: query
description: Filters for banks that support variable recurring payments.
required: false
style: form
explode: true
schema:
type: boolean
format: boolean
example: false
default: false
- name: bics
in: query
description: >-
Filters for banks whose BIC matches any of the listed BICs
(case-insensitive), up to a maximum of 1000.
required: false
style: form
explode: true
schema:
type: array
items:
type: string
example: BKENGB2L, BNPAFRPH, NBAGDE3E
- name: supportedPaymentNetworks
in: query
description: Filters for banks that support any of the listed payment networks.
required: false
style: form
explode: true
schema:
type: array
items:
type: string
- name: bankGroup
in: query
description: Filters for banks that are part of the bank group specified.
required: false
style: form
explode: true
schema:
type: string
example:
- HSBC
- Coop
- name: bankSubGroup
in: query
description: Filters for banks that are part of the bank sub-group specified.
required: false
style: form
explode: true
schema:
type: string
example:
- CMM Grand
- Banque Populaire
- La Banque
responses:
'200':
description: Successful response
content:
application/json:
schema:
$ref: '#/components/schemas/GetBanksResponse'
'400':
description: The client specified an invalid argument
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_400'
'401':
description: The authorization information is missing or invalid
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_401'
'403':
description: Permission to access this endpoint is denied
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_403'
'404':
description: The requested entity, such as a payment, was not found
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_404'
'429':
description: Too many requests
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_429'
'500':
description: An unexpected or internal server error
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_500'
'501':
description: The operation was not implemented
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_501'
'503':
description: Service is unavailable
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_503'
'504':
description: Gateway has timed out
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_504'
deprecated: false
security:
- Bearer: []
- BasicAuth: []
x-hideTryItPanel: true
/bank/countries:
get:
tags:
- Banks v1
summary: Get bank countries
description: >-
The `GET /banks/countries` endpoint retrieves the list of countries that
have connected banks which match the parameters specified.
operationId: GatewayService.GetBanksCountries
parameters:
- name: ids
in: query
description: >-
Filters for banks with bank ids that are represented in this list of
ids (case-insensitive), up to a maximum of 1000.
required: false
style: form
explode: true
schema:
type: array
items:
type: string
example:
- goldbank
- opalbank
- platinumbank
- name: search
in: query
description: >-
Filters for banks with names or identifiers that contain this search
string (case sensitive).
required: false
style: form
explode: true
schema:
type: string
example: banca
- name: tppId
in: query
description: Filters for banks to which the TPP with this `tppId` has access.
required: false
style: form
explode: true
schema:
type: string
example: 9fk3m361-f12r-04b9-p39f-rio2m3pw9v8s
- name: bankCode
in: query
description: >-
Filters for banks with a BIC (or BLZ, if German) that matches this
`bankCode`. The BIC must have a string length of 8 or 11. The BLZ
must have a string length of 8.
required: false
style: form
explode: true
schema:
type: string
example: NBAGDE3E
- name: countries
in: query
description: >-
Filters for banks that are located in the countries specified by
this list of two-letter country code in upper case (ISO 3166-1
alpha-2).
required: false
style: form
explode: true
schema:
type: array
items:
type: string
example: GB, RO, AT
- name: providers
in: query
description: >-
Filters for banks that are accessed through any of this list of
providers.
required: false
style: form
explode: true
schema:
type: array
example: Token.io
items:
type: string
- name: bank_features.supports_send_payment.value
in: query
description: Filters for banks that support payment initiation.
required: false
style: form
explode: true
schema:
type: boolean
format: boolean
example: false
default: false
- name: bank_features.supports_receive_payment.value
in: query
description: Filters for banks that support the receipt of payments.
required: false
style: form
explode: true
schema:
type: boolean
format: boolean
example: false
default: false
- name: bank_features.supports_balance.value
in: query
description: Filters for the banks that support retrieving account balances.
required: false
style: form
explode: true
schema:
type: boolean
format: boolean
example: false
default: false
- name: bank_features.supports_scheduled_payment.value
in: query
description: Filters for banks that support future dated scheduled payments.
required: false
style: form
explode: true
schema:
type: boolean
format: boolean
example: false
default: false
- name: bank_features.supports_standing_order.value
in: query
description: Filters for banks that support standing orders/recurring payments.
required: false
style: form
explode: true
schema:
type: boolean
format: boolean
example: false
default: false
- name: bank_features.requires_one_step_payment.value
in: query
description: >-
Filters for banks that only support immediate redemption of transfer
tokens.
required: false
style: form
explode: true
schema:
type: boolean
format: boolean
example: false
default: false
- name: bank_features.supports_funds_confirmation.value
in: query
description: Filters for banks that support confirmation of available funds.
required: false
style: form
explode: true
schema:
type: boolean
format: boolean
example: false
default: false
- name: bank_features.supports_return_refund_account.value
in: query
description: Filters for banks that support the request of refund account.
required: false
style: form
explode: true
schema:
type: boolean
format: boolean
example: false
default: false
- name: bank_features.supports_transactions_date_filter.value
in: query
description: >-
Filters for banks that support retrieving transactions by date
filter.
required: false
style: form
explode: true
schema:
type: boolean
format: boolean
example: false
default: false
- name: bank_features.supports_account_information.value
in: query
description: >-
Filters for banks that support retrieving account information using
Account Information Services (AIS).
required: false
style: form
explode: true
schema:
type: boolean
format: boolean
example: false
default: false
- name: bank_features.supports_single_payment.value
in: query
description: Filters for banks that support single immediate payments.
required: false
style: form
explode: true
schema:
type: boolean
format: boolean
example: false
default: false
- name: bank_features.supports_variable_recurring_payment.value
in: query
description: Filters for banks that support variable recurring payments.
required: false
style: form
explode: true
schema:
type: boolean
format: boolean
example: false
default: false
- name: memberId
in: query
description: The Token.io-assigned member id of the TPP.
required: false
style: form
explode: true
schema:
type: string
example: m:nP4w3u5y8ddrxDJkjimgSX9e4fZ:5zKtXEAq
example: m:nP4w3u5y8ddrxDJkjimgSX9e4fZ:5zKtXEAq
- name: supportedPaymentNetworks
in: query
description: Filters for banks that support any of the listed payment networks.
required: false
style: form
explode: true
schema:
type: array
items:
type: string
example: SEPA
responses:
'200':
description: Successful response
content:
application/json:
schema:
$ref: '#/components/schemas/GetBanksCountriesResponse'
'400':
description: The client specified an invalid argument
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_400'
'401':
description: The authorization information is missing or invalid
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_401'
'403':
description: Permission to access this endpoint is denied
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_403'
'404':
description: The requested entity, such as a payment, was not found
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_404'
'429':
description: Too many requests
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_429'
'500':
description: An unexpected or internal server error
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_500'
'501':
description: The operation was not implemented
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_501'
'503':
description: Service is unavailable
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_503'
'504':
description: Gateway has timed out
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_504'
deprecated: false
security:
- Bearer: []
- BasicAuth: []
x-hideTryItPanel: true
/member/sub-tpps:
post:
tags:
- Sub-TPPs
summary: Create a sub-TPP
description: >-
The `POST /member/sub-tpps` endpoint creates a new sub-TPP for a
reseller.
operationId: GatewayService.CreateSubTpp
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/CreateSubTppRequest'
required: true
responses:
'200':
description: Successful response
content:
application/json:
schema:
$ref: '#/components/schemas/CreateSubTppResponse'
'400':
description: The client specified an invalid argument
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_400'
'401':
description: The authorization information is missing or invalid
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_401'
'403':
description: Permission to access this endpoint is denied
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_403'
'404':
description: The requested entity, such as a sub-tpp, was not found
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_404'
'429':
description: Too many requests
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_429'
'500':
description: An unexpected or internal server error
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_500'
'501':
description: The operation was not implemented
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_501'
'503':
description: Service is unavailable
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_503'
'504':
description: Gateway has timed out
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_504'
deprecated: false
security:
- Bearer: []
- BasicAuth: []
x-hideTryItPanel: true
get:
tags:
- Sub-TPPs
summary: Get sub-TPPs
description: >-
The `GET /member/sub-tpps` endpoint retrieves a list of all sub-TPPs for
a reseller.
operationId: GatewayService.RetrieveSubTpps
parameters:
- name: page.offset
in: query
description: >-
The offset for the current page. If the offset has been provided in
the request, this offset will be equal to the provided one. But if
no offset was provided in the request (i.e. this is the first
page) and the page is not empty, this field will be populated with a
non-empty string. This may be helpful for loading the same page
again, which might not always be possible with an empty offset due
to a dynamic nature of the data. The offset is not visible to a
user and should not be parsed and/or understood in any way.
required: false
style: form
explode: true
schema:
type: string
example: LerV6Jmex
- name: page.limit
in: query
description: The maximum number of records to return. This must be less than 200.
required: true
style: form
explode: true
schema:
type: integer
format: int32
example: 175
default: 1
- name: filter.byCompanyNames
in: query
description: Filters the sub-TPPs by the list of company names submitted.
required: false
style: form
explode: true
schema:
type: array
items:
type: string
example: '["Company A","Company B","Company C"]'
- name: filter.byRegistrationDates
in: query
description: Filters the sub-TPPs by the list of registration dates submitted.
required: false
style: form
explode: true
schema:
type: array
items:
type: string
example: '["22-03-21","19-05-21","27-07-21"]'
responses:
'200':
description: Successful response
content:
application/json:
schema:
$ref: '#/components/schemas/RetrieveSubTppsResponse'
'400':
description: The client specified an invalid argument
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_400'
'401':
description: The authorization information is missing or invalid
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_401'
'403':
description: Permission to access this endpoint is denied
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_403'
'404':
description: The requested entity, such as a sub-tpp, was not found
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_404'
'429':
description: Too many requests
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_429'
'500':
description: An unexpected or internal server error
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_500'
'501':
description: The operation was not implemented
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_501'
'503':
description: Service is unavailable
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_503'
'504':
description: Gateway has timed out
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_504'
deprecated: false
security:
- Bearer: []
- BasicAuth: []
x-hideTryItPanel: true
/member/sub-tpps/{subTppId}:
get:
tags:
- Sub-TPPs
summary: Get sub-TPP information
description: >-
The `GET /member/sub-tpps/{subTppId}` endpoint retrieves the details of
the specified sub-TPP for a reseller.
operationId: GatewayService.RetrieveSubTpp
parameters:
- name: subTppId
in: path
description: This id specifies the sub-TPP to be retrieved.
required: true
style: simple
explode: false
schema:
type: string
example: 8d54f066-c14a-47c0-b58b-fec6b0ed6b4c
responses:
'200':
description: Successful response
content:
application/json:
schema:
$ref: '#/components/schemas/RetrieveSubTppResponse'
'400':
description: The client specified an invalid argument
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_400'
'401':
description: The authorization information is missing or invalid
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_401'
'403':
description: Permission to access this endpoint is denied
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_403'
'404':
description: The requested entity, such as a sub-tpp, was not found
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_404'
'429':
description: Too many requests
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_429'
'500':
description: An unexpected or internal server error
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_500'
'501':
description: The operation was not implemented
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_501'
'503':
description: Service is unavailable
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_503'
'504':
description: Gateway has timed out
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_504'
deprecated: false
security:
- Bearer: []
- BasicAuth: []
x-hideTryItPanel: true
delete:
tags:
- Sub-TPPs
summary: Delete a sub-TPP
description: >-
The `DELETE /member/sub-tpps/{subTppId}` endpoint deletes an existing
sub-TPP for a reseller.
operationId: GatewayService.DeleteSubTpp
parameters:
- name: subTppId
in: path
description: This id specifies the sub-TPP to delete.
required: true
style: simple
explode: false
schema:
type: string
example: 8d54f066-c14a-47c0-b58b-fec6b0ed6b4c
responses:
'200':
description: Successful response
content:
application/json:
schema:
$ref: '#/components/schemas/DeleteSubTppResponse'
'400':
description: The client specified an invalid argument
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_400'
'401':
description: The authorization information is missing or invalid
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_401'
'403':
description: Permission to access this endpoint is denied
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_403'
'404':
description: The requested entity, such as a sub-tpp, was not found
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_404'
'429':
description: Too many requests
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_429'
'500':
description: An unexpected or internal server error
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_500'
'501':
description: The operation was not implemented
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_501'
'503':
description: Service is unavailable
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_503'
'504':
description: Gateway has timed out
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_504'
deprecated: false
security:
- Bearer: []
- BasicAuth: []
x-hideTryItPanel: true
/member/sub-tpps/{subTppId}/children:
get:
tags:
- Sub-TPPs
summary: Get sub-TPP children
description: >-
The `GET /member/sub-tpps/{subTppId}/children` endpoint retrieves the
sub-TPP children for given sub-TPP.
operationId: GatewayService.RetrieveSubTppChildren
parameters:
- name: subTppId
in: path
description: >-
This id specifies the sub-TPP for which the children are to be
retrieved.
required: true
style: simple
explode: false
schema:
type: string
example: 8d54f066-c14a-47c0-b58b-fec6b0ed6b4c
responses:
'200':
description: Successful response
content:
application/json:
schema:
$ref: '#/components/schemas/RetrieveSubTppChildrenResponse'
'400':
description: The client specified an invalid argument
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_400'
'401':
description: The authorization information is missing or invalid
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_401'
'403':
description: Permission to access this endpoint is denied
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_403'
'404':
description: The requested entity, such as a sub-tpp, was not found
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_404'
'429':
description: Too many requests
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_429'
'500':
description: An unexpected or internal server error
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_500'
'501':
description: The operation was not implemented
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_501'
'503':
description: Service is unavailable
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_503'
'504':
description: Gateway has timed out
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_504'
deprecated: false
security:
- Bearer: []
- BasicAuth: []
x-hideTryItPanel: true
/member/{memberId}/keys:
post:
tags:
- Authentication keys
summary: Submit a public key
description: >-
The `POST /member/{memberId}/keys` endpoint submits a public key for
authentication, for the specified member.
operationId: GatewayService.AddMemberKey
parameters:
- name: memberId
in: path
description: >-
This id specifies the member for whom the public key is to be
submitted.
required: true
style: simple
explode: false
schema:
type: string
example: m:3qVTbXqXZza2VTKa28BPbExmxz9t:5zKtXEAq
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/SubmitKey'
required: true
responses:
'200':
description: Successful response
content:
application/json:
schema:
$ref: '#/components/schemas/KeyId'
'400':
description: The client specified an invalid argument
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_400'
'401':
description: The authorization information is missing or invalid
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_401'
'403':
description: Permission to access this endpoint is denied
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_403'
'404':
description: The requested entity, such as a sub-tpp, was not found
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_404'
'429':
description: Too many requests
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_429'
'500':
description: An unexpected or internal server error
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_500'
'501':
description: The operation was not implemented
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_501'
'503':
description: Service is unavailable
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_503'
'504':
description: Gateway has timed out
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_504'
deprecated: false
security:
- Bearer: []
- BasicAuth: []
x-hideTryItPanel: true
get:
tags:
- Authentication keys
summary: Get public keys
description: >-
The `GET /member/{memberId}/keys` endpoint retrieves a list of all
public keys, for the specified member.
operationId: GatewayService.GetMemberKeys
parameters:
- name: memberId
in: path
description: >-
This id specifies the member for whom the public keys are to be
retrieved.
required: true
style: simple
explode: false
schema:
type: string
example: m:3qVTbXqXZza2VTKa28BPbExmxz9t:5zKtXEAq
responses:
'200':
description: Successful response
content:
application/json:
schema:
type: array
items:
$ref: '#/components/schemas/GetKeysResponse'
'400':
description: The client specified an invalid argument
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_400'
'401':
description: The authorization information is missing or invalid
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_401'
'403':
description: Permission to access this endpoint is denied
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_403'
'404':
description: The requested entity, such as a sub-tpp, was not found
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_404'
'429':
description: Too many requests
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_429'
'500':
description: An unexpected or internal server error
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_500'
'501':
description: The operation was not implemented
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_501'
'503':
description: Service is unavailable
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_503'
'504':
description: Gateway has timed out
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_504'
deprecated: false
security:
- Bearer: []
- BasicAuth: []
x-hideTryItPanel: true
/member/{memberId}/keys/{keyId}:
get:
tags:
- Authentication keys
summary: Get a public key
description: >-
The `GET /member/{memberId}/keys/{keyId}` endpoint retrieves the details
of a specific public key, for the specified member.
operationId: GatewayService.GetMemberKey
parameters:
- name: memberId
in: path
description: >-
This id specifies the member for whom the public key is to be
retrieved.
required: true
style: simple
explode: false
schema:
type: string
example: m:3qVTbXqXZza2VTKa28BPbExmxz9t:5zKtXEAq
- name: keyId
in: path
description: This id specifies the public key to be retrieved.
required: true
style: simple
explode: false
schema:
type: string
example: cJSOA7nQscQBScnE
responses:
'200':
description: Successful response
content:
application/json:
schema:
$ref: '#/components/schemas/GetKeyResponse'
'400':
description: The client specified an invalid argument
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_400'
'401':
description: The authorization information is missing or invalid
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_401'
'403':
description: Permission to access this endpoint is denied
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_403'
'404':
description: The requested entity, such as a sub-tpp, was not found
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_404'
'429':
description: Too many requests
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_429'
'500':
description: An unexpected or internal server error
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_500'
'501':
description: The operation was not implemented
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_501'
'503':
description: Service is unavailable
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_503'
'504':
description: Gateway has timed out
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_504'
deprecated: false
security:
- Bearer: []
- BasicAuth: []
x-hideTryItPanel: true
delete:
tags:
- Authentication keys
summary: Delete a public key
description: >-
The `DELETE /member/{memberId}/keys/{keyId}` endpoint deletes an
existing public key, for the specified member.
operationId: GatewayService.DeleteMemberKey
parameters:
- name: memberId
in: path
description: >-
This id specifies the member for whom the public key is to be
deleted.
required: true
style: simple
explode: false
schema:
type: string
example: m:3qVTbXqXZza2VTKa28BPbExmxz9t:5zKtXEAq
- name: keyId
in: path
description: This id specifies the public key to be deleted.
required: true
style: simple
explode: false
schema:
type: string
example: eep-VtCNYXo00LIS
responses:
'200':
description: Successful response
content:
application/json:
schema:
$ref: '#/components/schemas/DeleteKeyResponse'
'400':
description: The client specified an invalid argument
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_400'
'401':
description: The authorization information is missing or invalid
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_401'
'403':
description: Permission to access this endpoint is denied
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_403'
'404':
description: The requested entity, such as a sub-tpp, was not found
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_404'
'429':
description: Too many requests
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_429'
'500':
description: An unexpected or internal server error
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_500'
'501':
description: The operation was not implemented
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_501'
'503':
description: Service is unavailable
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_503'
'504':
description: Gateway has timed out
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_504'
deprecated: false
security:
- Bearer: []
- BasicAuth: []
x-hideTryItPanel: true
/reports/banks/status:
get:
tags:
- Reports
summary: Get bank statuses
description: >-
The `GET /reports/banks/status` endpoint returns the current AIS and PIS
service status along with server status for all banks.
operationId: GatewayService.GetBanksStatus
responses:
'200':
description: Successful response
content:
application/json:
schema:
$ref: '#/components/schemas/GetBanksStatusResponse'
'400':
description: The client specified an invalid argument
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_400'
'401':
description: The authorization information is missing or invalid
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_401'
'403':
description: Permission to access this endpoint is denied
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_403'
'404':
description: The requested entity, such as a payment, was not found
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_404'
'429':
description: Too many requests
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_429'
'500':
description: An unexpected or internal server error
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_500'
'501':
description: The operation was not implemented
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_501'
'503':
description: Service is unavailable
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_503'
'504':
description: Gateway has timed out
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_504'
deprecated: false
security:
- Bearer: []
- BasicAuth: []
x-hideTryItPanel: true
/reports/banks/{bankId}/status:
get:
tags:
- Reports
summary: Get a bank status
description: >-
The `GET /reports/banks/{bankId}/status` endpoint returns the current
AIS and PIS service status for a specific bank.
operationId: GatewayService.GetBankStatus
parameters:
- name: bankId
in: path
description: >-
The bank identifier, identical to the `id` in the repsonse to `GET
/banks`.
required: true
style: simple
explode: false
schema:
type: string
example: ob-goldbank
responses:
'200':
description: Successful response
content:
application/json:
schema:
$ref: '#/components/schemas/GetBankStatusResponse'
'400':
description: The client specified an invalid argument
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_400'
'401':
description: The authorization information is missing or invalid
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_401'
'403':
description: Permission to access this endpoint is denied
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_403'
'404':
description: The requested entity, such as a payment, was not found
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_404'
'429':
description: Too many requests
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_429'
'500':
description: An unexpected or internal server error
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_500'
'501':
description: The operation was not implemented
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_501'
'503':
description: Service is unavailable
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_503'
'504':
description: Gateway has timed out
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_504'
deprecated: false
security:
- Bearer: []
- BasicAuth: []
x-hideTryItPanel: true
/token-requests:
post:
tags:
- Requests - for Payments v1 or AIS
summary: Initiate a token request
description: >-
The `POST /token-requests` endpoint persists the required information
used by AIS requests and PIS requests using the API and the Token.io
Hosted Pages.
operationId: GatewayService.StoreTokenRequest
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/StoreTokenRequestRequest'
required: true
responses:
'200':
description: Successful response
content:
application/json:
schema:
$ref: '#/components/schemas/StoreTokenRequestResponse'
'400':
description: The client specified an invalid argument
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_400'
'401':
description: The authorization information is missing or invalid
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_401'
'403':
description: Permission to access this endpoint is denied
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_403'
'404':
description: The requested entity, such as a payment, was not found
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_404'
'429':
description: Too many requests
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_429'
'500':
description: An unexpected or internal server error
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_500'
'501':
description: The operation was not implemented
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_501'
'503':
description: Service is unavailable
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_503'
'504':
description: Gateway has timed out
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_504'
deprecated: false
security:
- Bearer: []
- BasicAuth: []
x-hideTryItPanel: true
/token-requests/{requestId}:
get:
tags:
- Requests - for Payments v1 or AIS
summary: Get a token request
description: >-
The `GET /token-requests/{requestId}` endpoint retrieves a specific
token request by its id.
operationId: GatewayService.RetrieveTokenRequest
parameters:
- name: requestId
in: path
description: The request id received in response to the original token request.
required: true
style: simple
explode: false
schema:
type: string
example: rq:ej5ACWNwi1EcqBeuDPc4Z8C4Bgc:5zKtXEAq
responses:
'200':
description: Successful response
content:
application/json:
schema:
$ref: '#/components/schemas/RetrieveTokenRequestResponse'
'400':
description: The client specified an invalid argument
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_400'
'401':
description: The authorization information is missing or invalid
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_401'
'403':
description: Permission to access this endpoint is denied
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_403'
'404':
description: The requested entity, such as a token request, was not found
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_404'
'429':
description: Too many requests
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_429'
'500':
description: An unexpected or internal server error
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_500'
'501':
description: The operation was not implemented
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_501'
'503':
description: Service is unavailable
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_503'
'504':
description: Gateway has timed out
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_504'
deprecated: false
security:
- Bearer: []
- BasicAuth: []
x-hideTryItPanel: true
/token-requests/{tokenRequestId}/result:
get:
tags:
- Requests - for Payments v1 or AIS
summary: Get a token request result
description: >-
The `GET /token-requests/{tokenRequestId}/result` endpoint checks
whether a token request result is available. This endpoint will return a
`PENDING` status while the result is not available. The status will
become `PROCESSED` once the result is available. If the request is
rejected by the bank, the status will become `REJECTED`. The status will
become `EXPIRED` if the request is not processed or rejected before the
token request expiration.
operationId: GatewayService.GetTokenRequestResultWithStatus
parameters:
- name: tokenRequestId
in: path
description: >-
The token request id received in response to the original token
request.
required: true
style: simple
explode: false
schema:
type: string
example: rq:ej5ACWNwi1EcqBeuDPc4Z8C4Bgc:5zKtXEAq
responses:
'200':
description: Successful response
content:
application/json:
schema:
$ref: '#/components/schemas/GetTokenRequestResultWithStatusResponse'
'400':
description: The client specified an invalid argument
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_400'
'401':
description: The authorization information is missing or invalid
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_401'
'403':
description: Permission to access this endpoint is denied
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_403'
'404':
description: The requested entity, such as a token request, was not found
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_404'
'429':
description: Too many requests
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_429'
'500':
description: An unexpected or internal server error
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_500'
'501':
description: The operation was not implemented
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_501'
'503':
description: Service is unavailable
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_503'
'504':
description: Gateway has timed out
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_504'
deprecated: false
security:
- Bearer: []
- BasicAuth: []
x-hideTryItPanel: true
/tokens:
get:
tags:
- Tokens
summary: Get tokens
description: >-
The `GET /tokens` endpoint retrieves a list of all tokens for the
authenticated member.
operationId: GatewayService.GetTokens
parameters:
- name: type
in: query
description: Specifies the type of token returned.
required: false
style: form
explode: true
schema:
type: string
example: ACCESS
default: INVALID
enum:
- INVALID
- ACCESS
- TRANSFER
- name: page.offset
in: query
description: >-
The offset for the current page. If the offset has been provided in
the request, this offset will be equal to the provided one. But if
no offset was provided in the request (i.e. this is the first
page) and the page is not empty, this field will be populated with a
non-empty string. This may be helpful for loading the same page
again, which might not always be possible with an empty offset due
to a dynamic nature of the data. The offset is not visible to a
user and should not be parsed and/or understood in any way.
required: false
style: form
explode: true
schema:
type: string
example: LerV6Jmex
- name: page.limit
in: query
description: The maximum number of records to return. This must be less than 200.
required: true
style: form
explode: true
schema:
type: integer
format: int32
example: 175
default: 1
- name: filter.sourceAccountId
in: query
description: Identifies the payer's account.
required: false
style: form
explode: true
schema:
type: string
example: a:J72REftaRoiaDYRDU7M9FDgf8jeh3eqek9DvKeyBWbuA:3VMczyq7r7b6HwC
- name: filter.destinationAccountId
in: query
description: Identifies the payee/beneficiary's account.
required: false
style: form
explode: true
schema:
type: string
example: a:f34VSeqwfWGTGH23vsa2cDgecew209jdvcd5vdfv4vds:5VSWVRqicm4Csa2
- name: filter.startTimeMs
in: query
description: >-
The filtered list start timestamp in milliseconds, 1 day (24 hours)
= 8640000000, 1 hour = 36000000, and 1 minute = 60000.
required: false
style: form
explode: true
schema:
type: string
format: string
example: 67505
- name: filter.endTimeMs
in: query
description: >-
The filtered list end timestamp in milliseconds, 1 day (24 hours) =
8640000000, 1 hour = 36000000, and 1 minute = 60000.
required: false
style: form
explode: true
schema:
type: string
format: string
example: 365650
- name: filter.role
in: query
description: Filters by `accountHolder` role.
required: false
style: form
explode: true
schema:
type: string
example: ISSUER
default: ANY
enum:
- ANY
- FROM
- TO
- ISSUER
- name: filter.actingAsRefId
in: query
description: >-
Filters the list by the sub-TPP identifier generated by Token.io
once a TPP has been onboarded.
required: false
style: form
explode: true
schema:
type: string
example: 4kwl35c9sp3fwp4xq
responses:
'200':
description: Successful response
content:
application/json:
schema:
$ref: '#/components/schemas/GetTokensResponse'
'400':
description: The client specified an invalid argument
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_400'
'401':
description: The authorization information is missing or invalid
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_401'
'403':
description: Permission to access this endpoint is denied
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_403'
'404':
description: The requested entity, such as a payment, was not found
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_404'
'429':
description: Too many requests
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_429'
'500':
description: An unexpected or internal server error
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_500'
'501':
description: The operation was not implemented
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_501'
'503':
description: Service is unavailable
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_503'
'504':
description: Gateway has timed out
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_504'
deprecated: false
security:
- Bearer: []
- BasicAuth: []
x-hideTryItPanel: true
/tokens/{tokenId}:
get:
tags:
- Tokens
summary: Get a token
description: >-
The `GET /tokens/{tokenId}` endpoint retrieves information about a
specific token for the authenticated member.
operationId: GatewayService.GetToken
parameters:
- name: tokenId
in: path
description: >-
Identifies a unique authorization token for a transfer, standing
order, or account information access.
required: true
style: simple
explode: false
schema:
type: string
example: tt:8zK1dic95omjWb72gvc3z3ELKbTNfnGd89MbDnM73er4:ZhBVAJSH8DeU1
responses:
'200':
description: Successful response
content:
application/json:
schema:
$ref: '#/components/schemas/GetTokenResponse'
'400':
description: The client specified an invalid argument
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_400'
'401':
description: The authorization information is missing or invalid
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_401'
'403':
description: Permission to access this endpoint is denied
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_403'
'404':
description: The requested entity, such as a payment, was not found
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_404'
'429':
description: Too many requests
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_429'
'500':
description: An unexpected or internal server error
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_500'
'501':
description: The operation was not implemented
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_501'
'503':
description: Service is unavailable
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_503'
'504':
description: Gateway has timed out
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_504'
deprecated: false
security:
- Bearer: []
- BasicAuth: []
x-hideTryItPanel: true
/tokens/{tokenId}/cancel:
put:
tags:
- Tokens
summary: Cancel a token
description: The `PUT /tokens/{tokenId}/cancel` endpoint cancels a given token.
operationId: GatewayService.CancelToken
parameters:
- name: token-customer-ip-address
in: header
description: >-
The user's IP address if the user is currently logged in with the
TPP. If the customer IP address is supplied (recommended), it is
inferred that the user is present during the session (i.e.,
the request is user-initiated; adding a `customer-initiated` =
`true` header makes this explicit). For AIS calls, if the customer's
IP address is not provided in the request, the bank assumes it is a
TPP-initiated request and may limit the TPP to 4 TPP-initiated
access attempts within a given 24-hour period.
schema:
type: string
format: ipv4
required: false
example: 172.16.254.1
- name: customer-initiated
in: header
description: >-
Informs the bank that the API call was explicitly initiated by the
user. This is useful in circumnavigating bank restrictions that
impose a 4-times-a-day (i.e., within the same 24-hour period)
access limit on the same AISP, in accordance with RTS regulations.
schema:
type: boolean
required: false
example: true
- name: token-customer-device-id
in: header
description: >-
Obtained by the TPP from details in the user agent information of
the user.
schema:
type: string
required: false
example: 00000000-00000000-01234567-89ABCDEF
- name: tokenId
in: path
description: >-
Identifies a unique authorization token for a transfer, standing
order, or account information access.
required: true
style: simple
explode: false
schema:
type: string
example: ta:3eYPU1BEKKunfmYgQuSKXFCeo851C5Y3XiZW3XA465TU:5zKtXEAq
responses:
'200':
description: Successful response
content:
application/json:
schema:
$ref: '#/components/schemas/CancelTokenResponse'
'400':
description: The client specified an invalid argument
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_400'
'401':
description: The authorization information is missing or invalid
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_401'
'403':
description: Permission to access this endpoint is denied
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_403'
'404':
description: The requested entity, such as a payment, was not found
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_404'
'429':
description: Too many requests
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_429'
'500':
description: An unexpected or internal server error
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_500'
'501':
description: The operation was not implemented
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_501'
'503':
description: Service is unavailable
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_503'
'504':
description: Gateway has timed out
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_504'
deprecated: false
security:
- Bearer: []
- BasicAuth: []
x-hideTryItPanel: true
/transfers:
post:
tags:
- Transfers - for Payments v1
summary: Redeem a transfer token
description: >-
The `POST /transfers` endpoint is only required when you explicitly
redeem the request token, i.e., auto-redeem is not enabled.
operationId: GatewayService.CreateTransfer
x-internal: true
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/CreateTransferRequest'
required: true
responses:
'200':
description: Successful response
content:
application/json:
schema:
$ref: '#/components/schemas/CreateTransferResponse'
'400':
description: The client specified an invalid argument
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_400'
'401':
description: The authorization information is missing or invalid
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_401'
'403':
description: Permission to access this endpoint is denied
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_403'
'404':
description: The requested entity, such as a payment, was not found
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_404'
'429':
description: Too many requests
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_429'
'500':
description: An unexpected or internal server error
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_500'
'501':
description: The operation was not implemented
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_501'
'503':
description: Service is unavailable
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_503'
'504':
description: Gateway has timed out
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_504'
deprecated: false
security:
- Bearer: []
- BasicAuth: []
x-hideTryItPanel: true
get:
tags:
- Transfers - for Payments v1
summary: Get transfers
description: The `GET /transfers` endpoint retrieves information for all transfers.
operationId: GatewayService.GetTransfers
parameters:
- name: tokenId
in: query
description: Identifies the authorization token for the request.
required: false
style: form
explode: true
schema:
type: string
example: rq:ej5ACWNwi1EcqBeuDPc4Z8C4Bgc:5zKtXEAq
- name: page.offset
in: query
description: >-
The offset for the current page. If the offset has been provided in
the request, this offset will be equal to the provided one. But if
no offset was provided in the request (i.e. this is the first
page) and the page is not empty, this field will be populated with a
non-empty string. This may be helpful for loading the same page
again, which might not always be possible with an empty offset due
to a dynamic nature of the data. The offset is not visible to a
user and should not be parsed and/or understood in any way.
required: false
style: form
explode: true
schema:
type: string
example: LerV6Jmex
- name: page.limit
in: query
description: The maximum number of records to return. This must be less than 200.
required: true
style: form
explode: true
schema:
type: integer
format: int32
example: 175
default: 1
- name: filter.tokenId
in: query
description: Filters by the authorization token id.
required: false
style: form
explode: true
schema:
type: string
example: tt:3kFGtpEKHu8S2fJuEkb6YPnHZ4bJ2oUrYPCsJop68vCH:5zKcENpV
- name: filter.startTimeMs
in: query
description: >-
Filtered list start time boundary in milliseconds, 1 day (24 hours)
= 8640000000, 1 hour = 36000000, and 1 minute = 60000.
required: false
style: form
explode: true
schema:
type: string
format: string
example: 72799
- name: filter.endTimeMs
in: query
description: >-
Filtered list end time boundary in milliseconds, 1 day (24 hours) =
8640000000, 1 hour = 36000000, and 1 minute = 60000.
required: false
style: form
explode: true
schema:
type: string
format: string
example: 3341983424
- name: filter.transactionStatus
in: query
description: >-
Filters by transaction status.
PROCESSING – This
status indicates that the transaction is in process and that the
final status has not been received from the
bank.
SUCCESS – This status indicates that successful
payment initiation has been received from the bank. Settlement might
not be complete.
INITIATED – This status is set when
the previous status has remained as `PROCESSING` for 30 days and
cannot be updated. The transaction has been initiated but the result
is unknown. This is the final status and will not get updated later
because Token.io has stopped polling the bank. This status is
also returned in a two-step payment flow in the event that a user’s
request has been authorized at the bank but the payment confirmation
has subsequently
failed.
PENDING_EXTERNAL_AUTHORIZATION – This status
indicates that the user has been sent to the bank to complete the
authorization process. If not completed within the allowed timeframe
(usually around 15 mins, but there are variations between banks) the
transaction will expire and transition to `FAILURE_EXPIRED`. This
status is only relevant for 1-step payment flows.
FAILURE_GENERIC – This status usually indicates a
technical failure. Possibly, a failure callback was received from
the bank, with no transaction status and no further
information.
FAILURE_PERMISSION_DENIED – This status
indicates that the user has been denied authorization at the bank
This status is only relevant for two-step payment flows.
FAILURE_CANCELED – This status indicates that the payment
initiation has been canceled before execution.
FAILURE_EXPIRED – This status indicates that the user did
not complete the authorization process within the allowed timeframe
(usually around 15 mins, but there are variations between banks) and
the payment has expired.
FAILURE_INSUFFICIENT_FUNDS
– This status indicates that the payment initiation request has been
rejected due to insufficient funds.
FAILURE_DECLINED
– This status indicates that the payment initiation has been
rejected by the bank.
SETTLEMENT_IN_PROGRESS – This
status is provided when a Token.io settlement account is used as the
beneficiary for the payment, and replaces the payment initiation
status. Token.io is waiting for the payment to reach the payee bank.
No action is required; await the next step, e.g., Token.io
sends a webhook with the status update, or a polling call. The
status will change to `SETTLEMENT_IN_PROGRESS` soon after Token.io
receives the final status from the debtor bank.
SETTLEMENT_COMPLETED – This status is provided when a
Token.io settlement account is used as the beneficiary for the
payment, and replaces the payment initiation status. The payment has
reached the payee bank and Token.io has matched the transaction in
the TPP’s settlement account to the initiated payment. For instant
payments, `SETTLEMENT_COMPLETED` will be achieved within 30-45
minutes from payment initiation, at the latest. For non-instant
payments, the time to reach `SETTLEMENT_COMPLETED` will depend on
the clearing period for the
payment.
SETTLEMENT_INCOMPLETE – This status is
provided when a Token.io settlement account is used as the
beneficiary for the payment, and replaces the payment initiation
status. Reconciliation has failed. This happens when Token.io
doesn't find the corresponding transaction in the TPP’s settlement
account automatically.
During settlement of a
settlement accounts payment, the status update job will run first
for up to 30 days. Payment will then enter into a 'final' status,
normally `SUCCESS`. Once the status update job has run, the
reconciliation job looks for matching inbound payments.For SEPA
payments:
if a matching inbound payment is found within 15
days of the final payment status update ->
`SETTLEMENT_COMPLETED`
if no matching inbound payment is
found within 15 days of the final payment status update ->
`SETTLEMENT_INCOMPLETE`
For SEPA Instant
payments:
if a matching inbound payment is found within 1 day
of the final payment status update ->
`SETTLEMENT_COMPLETED`
if no matching inbound payment is
found within 1 day of the final payment status update ->
`SETTLEMENT_INCOMPLETE`
required: false
style: form
explode: true
schema:
title: filter.transactionStatus
type: string
example: SUCCESS
enum:
- PROCESSING
- SUCCESS
- INITIATED
- PENDING
- PENDING_EXTERNAL_AUTHORIZATION
- FAILURE GENERIC
- FAILURE_PERMISSION_DENIED
- FAILURE_CANCELED
- FAILURE_EXPIRED
- FAILURE_INSUFFICIENT_FUNDS
- FAILURE_DECLINED
- SETTLEMENT_IN_PROGRESS
- SETTLEMENT_COMPLETED
- SETTLEMENT_INCOMPLETE
- name: filter.role
in: query
description: Filters list by the account holder role.
required: false
style: form
explode: true
schema:
type: string
example: PAYER
enum:
- ANY
- PAYER
- PAYEE
- name: filter.actingAsRefId
in: query
description: >-
Filters the list by the sub-TPP identifier generated by Token.io
once a TPP has been onboarded.
required: false
style: form
explode: true
schema:
type: string
example: 4kwl35c9sp3fwp4xq
- name: filter.refId
in: query
description: Filters list by `refID`.
required: false
style: form
explode: true
schema:
type: string
example: 9htio4a1sp2akdr1aa
- name: filter.transferRefundStatus
in: query
description: Filters list by refund status.
required: false
style: form
explode: true
schema:
type: string
example: PARTIAL
enum:
- UNSET
- NONE
- PARTIAL
- FULL
responses:
'200':
description: Successful response
content:
application/json:
schema:
$ref: '#/components/schemas/GetTransfersResponse'
'400':
description: The client specified an invalid argument
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_400'
'401':
description: The authorization information is missing or invalid
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_401'
'403':
description: Permission to access this endpoint is denied
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_403'
'404':
description: The requested entity, such as a payment, was not found
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_404'
'429':
description: Too many requests
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_429'
'500':
description: An unexpected or internal server error
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_500'
'501':
description: The operation was not implemented
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_501'
'503':
description: Service is unavailable
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_503'
'504':
description: Gateway has timed out
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_504'
deprecated: false
security:
- Bearer: []
- BasicAuth: []
x-hideTryItPanel: true
/token-requests/{tokenRequestId}/authorization:
post:
tags:
- Requests - for Payments v1 or AIS
summary: Initiate bank authorization
description: >-
The `POST /token-requests/{tokenRequestId}/authorization` endpoint
initiates the bank authorization process with a given bank id and token
request id.
operationId: GatewayService.InitiateBankAuthorization
x-internal: true
parameters:
- name: tokenRequestId
in: path
description: >-
The token request id received in response to the original token
request.
required: true
style: simple
explode: false
schema:
type: string
example: rq:ej5ACWNwi1EcqBeuDPc4Z8C4Bgc:5zKtXEAq
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/InitiateBankAuthorizationRequest'
required: true
responses:
'200':
description: Successful response
content:
application/json:
schema:
$ref: '#/components/schemas/InitiateBankAuthorizationResponse'
'400':
description: The client specified an invalid argument
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_400'
'401':
description: The authorization information is missing or invalid
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_401'
'403':
description: Permission to access this endpoint is denied
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_403'
'404':
description: The requested entity, such as a payment, was not found
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_404'
'429':
description: Too many requests
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_429'
'500':
description: An unexpected or internal server error
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_500'
'501':
description: The operation was not implemented
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_501'
'503':
description: Service is unavailable
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_503'
'504':
description: Gateway has timed out
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_504'
deprecated: false
security:
- Bearer: []
- BasicAuth: []
x-hideTryItPanel: true
/transfers/{transferId}:
get:
tags:
- Transfers - for Payments v1
summary: Get a transfer
description: >-
The `GET /transfers/{transferId}` endpoint retrieves information about a
specific transfer in a given account.
operationId: GatewayService.GetTransfer
parameters:
- name: transferId
in: path
description: >-
The unique id of the transfer sent in the `POST /transfers` response
and/or included in a respective `GET /transfers` response.
required: true
style: simple
explode: false
schema:
type: string
- name: skipTransferUpdate
in: query
description: >-
If `skipTransferUpdate` is false, the request will call the bank for
a status update. If set to true, the cached result will be returned
instead.
required: false
style: form
explode: true
schema:
type: boolean
format: boolean
example: false
default: false
responses:
'200':
description: Successful response
content:
application/json:
schema:
$ref: '#/components/schemas/GetTransferResponse'
'400':
description: The client specified an invalid argument
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_400'
'401':
description: The authorization information is missing or invalid
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_401'
'403':
description: Permission to access this endpoint is denied
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_403'
'404':
description: The requested entity, such as a payment, was not found
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_404'
'429':
description: Too many requests
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_429'
'500':
description: An unexpected or internal server error
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_500'
'501':
description: The operation was not implemented
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_501'
'503':
description: Service is unavailable
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_503'
'504':
description: Gateway has timed out
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_504'
deprecated: false
security:
- Bearer: []
- BasicAuth: []
x-hideTryItPanel: true
/webhook/config:
put:
tags:
- Webhooks
summary: Set webhook config
description: The `PUT /webhook/config` endpoint sets the webhook configuration.
operationId: GatewayService.SetWebhookConfig
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/SetWebhookConfigRequest'
required: true
responses:
'200':
description: Successful response
content:
application/json:
schema:
$ref: '#/components/schemas/SetWebhookConfigResponse'
'400':
description: The client specified an invalid argument
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_400'
'401':
description: The authorization information is missing or invalid
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_401'
'403':
description: Permission to access this endpoint is denied
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_403'
'404':
description: The requested entity, such as a payment, was not found
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_404'
'429':
description: Too many requests
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_429'
'500':
description: An unexpected or internal server error
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_500'
'501':
description: The operation was not implemented
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_501'
'503':
description: Service is unavailable
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_503'
'504':
description: Gateway has timed out
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_504'
deprecated: false
security:
- Bearer: []
- BasicAuth: []
x-hideTryItPanel: true
get:
tags:
- Webhooks
summary: Get webhook config
description: The `GET /webhook/config` endpoint retrieves the webhook configuration.
operationId: GatewayService.GetWebhookConfig
responses:
'200':
description: Successful response
content:
application/json:
schema:
$ref: '#/components/schemas/GetWebhookConfigResponse'
'400':
description: The client specified an invalid argument
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_400'
'401':
description: The authorization information is missing or invalid
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_401'
'403':
description: Permission to access this endpoint is denied
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_403'
'404':
description: The requested entity, such as a payment, was not found
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_404'
'429':
description: Too many requests
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_429'
'500':
description: An unexpected or internal server error
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_500'
'501':
description: The operation was not implemented
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_501'
'503':
description: Service is unavailable
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_503'
'504':
description: Gateway has timed out
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_504'
deprecated: false
security:
- Bearer: []
- BasicAuth: []
x-hideTryItPanel: true
delete:
tags:
- Webhooks
summary: Delete webhook config
description: The `DELETE /webhook/config` endpoint deletes the webhook configuration.
operationId: GatewayService.DeleteWebhookConfig
responses:
'200':
description: Successful response
content:
application/json:
schema:
$ref: '#/components/schemas/DeleteWebhookConfigResponse'
'400':
description: The client specified an invalid argument
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_400'
'401':
description: The authorization information is missing or invalid
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_401'
'403':
description: Permission to access this endpoint is denied
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_403'
'404':
description: The requested entity, such as a payment, was not found
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_404'
'429':
description: Too many requests
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_429'
'500':
description: An unexpected or internal server error
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_500'
'501':
description: The operation was not implemented
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_501'
'503':
description: Service is unavailable
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_503'
'504':
description: Gateway has timed out
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_504'
deprecated: false
security:
- Bearer: []
- BasicAuth: []
x-hideTryItPanel: true
/vrp-consents:
post:
tags:
- Variable Recurring Payments
summary: Create a VRP consent
description: The `POST /vrp-consents` endpoint creates a new VRP consent.
operationId: CreateVrpConsent
x-internal: true
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/vrpconsents_body'
required: true
responses:
'200':
description: Successful response
content:
application/json:
schema:
$ref: '#/components/schemas/VrpConsentResponse'
'400':
description: Bad request
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_400_2'
'401':
description: The authorization information is missing or invalid
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_401'
'403':
description: Permission to access this endpoint is denied
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_403'
'500':
description: An unexpected or internal server error
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_500'
deprecated: false
security:
- Bearer: []
- BasicAuth: []
x-hideTryItPanel: true
get:
tags:
- Variable Recurring Payments
summary: Get VRP consents
description: >-
The `GET /vrp-consents` endpoint retrieves all VRP consents created by
the calling member.
operationId: GetVrpConsents
x-internal: true
parameters:
- name: limit
in: query
description: The maximum number of records to return.
required: true
style: form
explode: true
schema:
maximum: 200
minimum: 1
type: integer
format: int32
example: 10
- name: offset
in: query
description: The offset from the previous page.
required: false
style: form
explode: true
schema:
type: string
example: LerV6Jmex
- name: createdAfter
in: query
description: >-
Returns only Vrp consents created after this time (in ISO 8601 format).
required: false
style: form
explode: true
schema:
type: string
example: '2022-04-05T17:00:00.000Z'
- name: createdBefore
in: query
description: >-
Returns only Vrp consents created before this time (in ISO 8601 format).
required: false
style: form
explode: true
schema:
type: string
example: '2023-04-05T17:00:00.000Z'
- name: statuses
in: query
description: Filters Vrp consents by statuses
required: false
style: form
explode: true
schema:
type: array
items:
$ref: '#/components/schemas/VrpConsentStatus'
example:
- PENDING
- AUTHORIZED
- name: scheme
in: query
description: >-
Filters Vrp consents by Vrp scheme (only OBL_SWEEPING is currently
supported)
required: false
style: form
explode: true
schema:
$ref: '#/components/schemas/VrpScheme'
example: OBL_SWEEPING
- name: onBehalfOfId
in: query
description: Filters Vrp consents by their `onBehalfOfId` value.
required: false
style: form
explode: true
schema:
type: string
example: c5a863bc-86f2-4418-a26f-25b24c7983c7
responses:
'200':
description: Successful response
content:
application/json:
schema:
$ref: '#/components/schemas/VrpConsentsResponse'
'400':
description: Bad request
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_400_1'
'401':
description: The authorization information is missing or invalid
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_401'
'500':
description: An unexpected or internal server error
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_500'
deprecated: false
security:
- Bearer: []
- BasicAuth: []
x-hideTryItPanel: true
/vrp-consents/{id}:
get:
tags:
- Variable Recurring Payments
summary: Get a VRP consent
description: >-
The `GET /vrp-consents/{id}` endpoint retrieves the details for an
individual VRP consent.
operationId: GetVrpConsent
x-internal: true
parameters:
- name: id
in: path
required: true
style: simple
explode: false
schema:
type: string
description: VRP consent id
example: vc:12345abcd:abcde
responses:
'200':
description: Successful response
content:
application/json:
schema:
$ref: '#/components/schemas/VrpConsentResponse'
'401':
description: The authorization information is missing or invalid
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_401'
'404':
description: VRP consent not found
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_404_1'
'500':
description: An unexpected or internal server error
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_500'
deprecated: false
security:
- Bearer: []
- BasicAuth: []
x-hideTryItPanel: true
delete:
tags:
- Variable Recurring Payments
summary: Revoke a VRP consent
description: >-
The `DELETE /vrp-consents/{id}` endpoint revokes an individual VRP
consent.
operationId: RevokeVrpConsent
x-internal: true
parameters:
- name: id
in: path
required: true
style: simple
explode: false
schema:
type: string
description: VRP consent id
example: vc:12345abcd:abcde
responses:
'200':
description: Successful response
content:
application/json:
schema:
$ref: '#/components/schemas/VrpConsentResponse'
'401':
description: The authorization information is missing or invalid
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_401'
'404':
description: VRP consent not found
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_404_1'
'500':
description: An unexpected or internal server error
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_500'
deprecated: false
security:
- Bearer: []
- BasicAuth: []
x-hideTryItPanel: true
/vrp-consents/{id}/payments:
get:
tags:
- Variable Recurring Payments
summary: Get payments under a VRP consent
description: >-
The `GET /vrp-consents/{id}/payments` endpoint retrieves the payments
under a given VRP consent.
operationId: GetVrpConsentPayments
x-internal: true
parameters:
- name: id
in: path
description: VRP consent id
required: true
style: simple
explode: false
schema:
type: string
example: vc:12345abcd:abcde
- name: limit
in: query
description: The maximum number of records to return.
required: true
style: form
explode: true
schema:
maximum: 200
minimum: 1
type: integer
format: int32
example: 10
- name: offset
in: query
description: The offset from the previous page.
required: false
style: form
explode: true
schema:
type: string
example: LerV6Jmex
responses:
'200':
description: Successful response
content:
application/json:
schema:
$ref: '#/components/schemas/VrpsResponse'
'400':
description: Bad request
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_400_1'
'401':
description: The authorization information is missing or invalid
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_401'
'500':
description: An unexpected or internal server error
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_500'
deprecated: false
security:
- Bearer: []
- BasicAuth: []
x-hideTryItPanel: true
/vrps/{id}/confirm-funds:
get:
tags:
- Variable Recurring Payments
summary: Verify if funds are available or not
description: >-
The `GET /vrps/{id}/confirm-funds` endpoint confirms whether the funds
are available to initiate VRP.
operationId: ConfirmFunds
x-internal: true
parameters:
- name: id
in: path
description: The VRP consent id.
required: true
style: simple
explode: false
schema:
type: string
example: vc:12345abcd:abcde
- name: amount
in: query
required: true
description: The amount to confirm availability for.
schema:
type: string
example: 1
responses:
'200':
description: Successful response
content:
application/json:
schema:
$ref: '#/components/schemas/ConfirmFundsResponse'
'401':
description: The authorization information is missing or invalid
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_401'
'404':
description: Not found
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_404_2'
'500':
description: An unexpected or internal server error
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_500'
deprecated: false
security:
- Bearer: []
- BasicAuth: []
x-hideTryItPanel: true
/refunds:
post:
tags:
- Refunds
summary: Initiate a refund
description: >-
The `POST /refunds` endpoint initiates a refund. After the refund is
settled, the refund status of the original transfer will be updated.
The debtor field can be optional if you're using the debtor in
registration. The creditor field can be optional if the information is
available in the original payment.
operationId: InitiateRefund
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/refunds_body'
required: true
responses:
'200':
description: Successful response
content:
application/json:
schema:
$ref: '#/components/schemas/RefundResponse'
'400':
description: The client specified an invalid argument
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_400'
'401':
description: The authorization information is missing or invalid
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_401'
'403':
description: Permission to access this endpoint is denied
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_403'
'404':
description: The requested entity, such as a payment, was not found
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_404'
'429':
description: Too many requests
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_429'
'500':
description: An unexpected or internal server error
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_500'
'501':
description: The operation was not implemented
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_501'
'503':
description: Service is unavailable
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_503'
'504':
description: Gateway has timed out
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_504'
deprecated: false
security:
- Bearer: []
- BasicAuth: []
x-hideTryItPanel: true
get:
tags:
- Refunds
summary: Get refunds
description: >-
The `GET /refunds` endpoint retrieves a complete or filtered list of
refunds.
operationId: GetRefunds
parameters:
- name: limit
in: query
description: The maximum number of records to return.
required: true
style: form
explode: true
schema:
maximum: 200
minimum: 1
type: integer
format: int32
example: 10
- name: offset
in: query
description: The offset from the previous page.
required: false
style: form
explode: true
schema:
type: string
example: LerV6Jmex
- name: startDate
in: query
description: >-
Lower bound for a refund creation date in the format 'YYYY-MM-DD'
(UTC time zone). If specified, only refunds created at or after the
given date will be returned.
required: false
style: form
explode: true
schema:
type: string
example: '2010-01-01'
- name: endDate
in: query
description: >-
Upper bound for a refund creation date in the format 'YYYY-MM-DD'
(UTC time zone). If specified, only refunds created at or before the
given date will be returned.
required: false
style: form
explode: true
schema:
type: string
example: '2010-01-01'
- name: ids
in: query
description: >-
Filters refunds by their ids - returns only refunds with ids listed
in this parameter.
required: false
style: form
explode: true
schema:
type: array
items:
type: string
example:
- rf:4QExXrhKTxfShBdcTeqFabqJJhUF:2gFUX1NDgpN
- rf:N5cJDFsQzVca3Qvr8kQocgEnjgX:2gFUX1NEdYA
- name: invertIds
in: query
description: >-
Invert ids query - returns only refunds with ids not listed in the
ids parameter.
required: false
style: form
explode: true
schema:
type: boolean
example: false
- name: statuses
in: query
description: >-
Filters refunds by their statuses - returns only refunds with
statuses listed in this parameter.
required: false
style: form
explode: true
schema:
type: array
example:
- INITIATION_COMPLETED
- INITIATION_REJECTED
- name: invertStatuses
in: query
description: >-
Invert statuses query - returns only refunds with statuses not
listed in the statuses parameter.
required: false
style: form
explode: true
schema:
type: boolean
example: true
- name: refIds
in: query
description: >-
Filters refunds by their `refId` values - returns only refunds with
`refIds` listed in this parameter.
required: false
style: form
explode: true
schema:
type: array
items:
type: string
example:
- ShBdcTeqFabqJJhUF
- N5cJDFsQzVca3Q
- name: partial
in: query
description: >-
Returns refunds in a partial format - with only id and status fields
populated.
required: false
style: form
explode: true
schema:
type: boolean
example: true
- name: onBehalfOfIds
in: query
description: >-
Filters payouts by their `onBehalfOfId` values - returns only
payouts with the `onBehalfOfId` values specified in this parameter.
This field is mandatory for unregulated TPPs.
required: false
style: form
explode: true
schema:
type: array
items:
type: string
example:
- c5a863bc-86f2-4418-a26f-25b24c7983c7
- 6f34h397-b29h-23b0-s30g-hkd0d2dk4k1s
responses:
'200':
description: Successful response
content:
application/json:
schema:
$ref: '#/components/schemas/RefundsResponse'
'400':
description: The client specified an invalid argument
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_400'
'401':
description: The authorization information is missing or invalid
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_401'
'403':
description: Permission to access this endpoint is denied
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_403'
'404':
description: The requested entity, such as a payment, was not found
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_404'
'429':
description: Too many requests
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_429'
'500':
description: An unexpected or internal server error
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_500'
'501':
description: The operation was not implemented
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_501'
'503':
description: Service is unavailable
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_503'
'504':
description: Gateway has timed out
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_504'
deprecated: false
security:
- Bearer: []
- BasicAuth: []
x-hideTryItPanel: true
/refunds/{id}:
get:
tags:
- Refunds
summary: Get a refund
description: The `GET /refunds/{id}` endpoint retrieves a given refund.
operationId: GetRefund
parameters:
- name: id
in: path
required: true
style: simple
explode: false
schema:
type: string
description: The refund id.
example: your refund id
responses:
'200':
description: Successful response
content:
application/json:
schema:
$ref: '#/components/schemas/RefundResponse'
'400':
description: The client specified an invalid argument
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_400'
'401':
description: The authorization information is missing or invalid
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_401'
'403':
description: Permission to access this endpoint is denied
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_403'
'404':
description: The requested entity, such as a payment, was not found
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_404'
'429':
description: Too many requests
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_429'
'500':
description: An unexpected or internal server error
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_500'
'501':
description: The operation was not implemented
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_501'
'503':
description: Service is unavailable
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_503'
'504':
description: Gateway has timed out
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_504'
security:
- Bearer: []
- BasicAuth: []
/transfers/{id}/refunds:
get:
tags:
- Refunds
summary: Get all refunds by transfer
description: >-
The `GET /transfers/{id}/refunds` endpoint retrieves all refunds
associated with a given transfer.
operationId: GetTransferRefunds
parameters:
- name: limit
in: query
description: The maximum number of records to return.
required: true
style: form
explode: true
schema:
maximum: 200
minimum: 1
type: integer
format: int32
example: 10
- name: offset
in: query
description: The offset from the previous page.
required: false
style: form
explode: true
schema:
type: string
example: LerV6Jmex
- name: id
in: path
required: true
style: simple
explode: false
schema:
type: string
description: The transfer id.
example: your transfer id
responses:
'200':
description: Successful response
content:
application/json:
schema:
$ref: '#/components/schemas/RefundsResponse'
'400':
description: The client specified an invalid argument
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_400'
'401':
description: The authorization information is missing or invalid
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_401'
'403':
description: Permission to access this endpoint is denied
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_403'
'404':
description: The requested entity, such as a payment, was not found
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_404'
'429':
description: Too many requests
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_429'
'500':
description: An unexpected or internal server error
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_500'
'501':
description: The operation was not implemented
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_501'
'503':
description: Service is unavailable
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_503'
'504':
description: Gateway has timed out
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_504'
deprecated: false
security:
- Bearer: []
- BasicAuth: []
x-hideTryItPanel: true
/payouts:
post:
tags:
- Payouts
summary: Initiate a payout
description: The `POST /payouts` endpoint initiates a payout.
operationId: InitiatePayout
x-internal: true
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/payouts_body'
required: true
responses:
'200':
description: Successful response
content:
application/json:
schema:
$ref: '#/components/schemas/PayoutResponse'
'400':
description: The client specified an invalid argument
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_400'
'401':
description: The authorization information is missing or invalid
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_401'
'403':
description: Permission to access this endpoint is denied
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_403'
'404':
description: The requested entity, such as a payment, was not found
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_404'
'429':
description: Too many requests
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_429'
'500':
description: An unexpected or internal server error
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_500'
'501':
description: The operation was not implemented
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_501'
'503':
description: Service is unavailable
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_503'
'504':
description: Gateway has timed out
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_504'
deprecated: false
security:
- Bearer: []
- BasicAuth: []
x-hideTryItPanel: true
get:
tags:
- Payouts
summary: Get payouts
description: >-
The `GET /payouts` endpoint retrieves a complete or filtered list of
payouts.
operationId: GetPayouts
x-internal: true
parameters:
- name: limit
in: query
description: The maximum number of records to return.
required: true
style: form
explode: true
schema:
maximum: 200
minimum: 1
type: integer
format: int32
example: 10
- name: offset
in: query
description: The offset from the previous page.
required: false
style: form
explode: true
schema:
type: string
example: LerV6Jmex
- name: startDate
in: query
description: >-
Lower bound for a payout creation date in the format 'YYYY-MM-DD'
(UTC time zone). If specified, only payouts created at or after the
given date will be returned.
required: false
style: form
explode: true
schema:
type: string
example: '2010-01-01'
- name: endDate
in: query
description: >-
Upper bound for a payout creation date in the format 'YYYY-MM-DD'
(UTC time zone). If specified, only payouts created at or before the
given date will be returned.
required: false
style: form
explode: true
schema:
type: string
example: '2010-01-01'
- name: ids
in: query
description: >-
Filters payouts by their ids - returns only payouts with ids listed
in this parameter.
required: false
style: form
explode: true
schema:
type: array
items:
type: string
example:
- po:28oivvd3iFhBrcbNj4tmtLEhxRTk:2gFUX1NE1T6
- po:3ZfdHxbpXmRZ1TVmiYNPgcwEocBy:2gFUX1NDdqr
- name: invertIds
in: query
description: >-
Invert ids query - returns only payouts with ids not listed in the
ids parameter.
required: false
style: form
explode: true
schema:
type: boolean
example: false
- name: statuses
in: query
description: >-
Filters payouts by their statuses - returns only payouts with
statuses listed in this parameter.
required: false
style: form
explode: true
schema:
type: array
items:
$ref: '#/components/schemas/PayoutStatus'
example:
- INITIATION_COMPLETED
- INITIATION_REJECTED
- name: invertStatuses
in: query
description: >-
Invert statuses query - returns only payouts with statuses not
listed in the statuses parameter.
required: false
style: form
explode: true
schema:
type: boolean
example: true
- name: refIds
in: query
description: >-
Filters payouts by their `refId` values - returns only payouts with
`refIds` listed in this parameter.
required: false
style: form
explode: true
schema:
type: array
items:
type: string
example:
- ShBdcTeqFabqJJhUF
- N5cJDFsQzVca3Q
- name: onBehalfOfId
in: query
description: >-
Filters payouts by their `onBehalfOfId` value - returns only payouts
with the `onBehalfOfId` value specified in this parameter. This
field is mandatory for unregulated TPPs.
required: false
style: form
explode: true
schema:
type: string
example: c5a863bc-86f2-4418-a26f-25b24c7983c7
responses:
'200':
description: Successful response
content:
application/json:
schema:
$ref: '#/components/schemas/PayoutsResponse'
'400':
description: The client specified an invalid argument
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_400'
'401':
description: The authorization information is missing or invalid
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_401'
'403':
description: Permission to access this endpoint is denied
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_403'
'404':
description: The requested entity, such as a payment, was not found
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_404'
'429':
description: Too many requests
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_429'
'500':
description: An unexpected or internal server error
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_500'
'501':
description: The operation was not implemented
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_501'
'503':
description: Service is unavailable
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_503'
'504':
description: Gateway has timed out
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_504'
deprecated: false
security:
- Bearer: []
- BasicAuth: []
x-hideTryItPanel: true
/payouts/{id}:
get:
tags:
- Payouts
summary: Get a payout
description: The `GET /payouts/{id}` endpoint retrieves a given payout.
operationId: GetPayout
x-internal: true
parameters:
- name: id
in: path
required: true
style: simple
explode: false
schema:
type: string
description: The payout id.
example: your payout id
responses:
'200':
description: Successful response
content:
application/json:
schema:
$ref: '#/components/schemas/PayoutResponse'
'400':
description: The client specified an invalid argument
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_400'
'401':
description: The authorization information is missing or invalid
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_401'
'403':
description: Permission to access this endpoint is denied
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_403'
'404':
description: The requested entity, such as a payment, was not found
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_404'
'429':
description: Too many requests
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_429'
'500':
description: An unexpected or internal server error
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_500'
'501':
description: The operation was not implemented
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_501'
'503':
description: Service is unavailable
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_503'
'504':
description: Gateway has timed out
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_504'
security:
- Bearer: []
- BasicAuth: []
/v2/banks:
get:
tags:
- Banks v2
summary: Get banks v2
description: >-
The `GET /v2/banks` endpoint retrieves a list of connected banks
matching the parameters specified.
operationId: GetBanksv2
parameters:
- name: page
in: query
description: The index of the page currently being retrieved.
required: false
style: form
explode: true
schema:
type: integer
format: int32
- name: perPage
in: query
description: The number of records per page.
required: false
style: form
explode: true
schema:
type: integer
format: int32
default: 200
example: 10
- name: sort
in: query
description: >-
The key to sort the result. This can be `NAME` (Bank's name),
`STANDARD` (OpenBankingStandard), `RANK`, or `COUNTRY`.
required: false
style: form
explode: true
schema:
type: string
enum:
- COUNTRY
- STANDARD
- RANK
- NAME
example: COUNTRY
default: NAME
- name: memberId
in: query
description: The Token.io-assigned member id of the TPP.
required: false
style: form
explode: true
schema:
type: string
- name: tppId
in: query
description: >-
Filters for banks for which the TPP represented by this `tppId` has
access.
required: false
style: form
explode: true
schema:
type: string
- name: ids
in: query
description: >-
Filters for banks with a `bankId` (case-insensitive) matching any of
the ids listed, up to a maximum of 1000. Only exact (full string)
matches are returned.
required: false
style: form
explode: true
schema:
type: array
items:
type: string
- name: search
in: query
description: >-
Filters for banks with a name or identifiers containing this search
string.
required: false
style: form
explode: true
schema:
type: string
example: hsbc
- name: bankGroup
in: query
description: Filters for banks that are members of the bank group specified.
required: false
style: form
explode: true
schema:
type: string
example:
- HSBC
- Coop
- name: bankSubGroup
in: query
description: Filters for banks that are part of the bank sub-group specified.
required: false
style: form
explode: true
schema:
type: string
example:
- CMM Grand
- Banque Populaire
- La Banque
- name: bankCode
in: query
description: >-
Filters for banks with a BIC (or BLZ, if German) that matches this
`bankCode`. The BIC must have a string length of 8 or 11. The BLZ
must have a string length of 8.
required: false
style: form
explode: true
schema:
type: string
- name: openBankingStandards
in: query
description: >-
Filters for banks that are accessed through any of the listed
standards.
required: false
style: form
explode: true
schema:
type: array
items:
type: string
enum:
- UK_Open_Banking_Standard
- Starling_Bank_API
- PolishAPI
- STET_PSD2_API
- Citi_Handlowy_PSD2_API
- NextGenPSD2
- Slovak_Banking_API_Standard
- Czech_Open_Banking_Standard
- American_Express_PSD2_API
- Budapest_Bank_API
- Token
example: UK_Open_Banking_Standard
default: UK_Open_Banking_Standard
- name: countries
in: query
description: >-
Filters for banks that are located in the countries specified by
this list of two-letter country code in upper case (ISO 3166-1
alpha-2).
required: false
style: form
explode: true
schema:
type: array
items:
type: string
- name: bics
in: query
description: >-
Filters for banks whose BIC matches any of the listed BICs
(case-insensitive), up to a maximum of 1000.
required: false
style: form
explode: true
schema:
type: array
items:
type: string
example: BKENGB2L
- name: supportedLocalInstruments
in: query
description: Filters for banks that support any of the listed payment networks.
required: false
style: form
explode: true
schema:
type: array
items:
type: string
example:
- SEPA
- SEPA_INSTANT
- FASTER_PAYMENTS
- name: supportsAccountList
in: query
description: Filters for banks that support fetching accounts.
required: false
style: form
explode: true
schema:
type: boolean
format: boolean
- name: supportsAccountDetails
in: query
description: Filters for banks that support fetching account details.
required: false
style: form
explode: true
schema:
type: boolean
format: boolean
- name: supportsAccountBalance
in: query
description: Filters for banks that support fetching account balances.
required: false
style: form
explode: true
schema:
type: boolean
format: boolean
- name: supportsTransactionList
in: query
description: Filters for banks that support fetching transactions.
required: false
style: form
explode: true
schema:
type: boolean
format: boolean
- name: supportsTransactionDetails
in: query
description: Filters for banks that support fetching transaction details.
required: false
style: form
explode: true
schema:
type: boolean
format: boolean
- name: supportsStandingOrderList
in: query
description: Filters for banks that support the fetching standing orders.
required: false
style: form
explode: true
schema:
type: boolean
format: boolean
- name: supportsTransactionsDateFilter
in: query
description: >-
Filters for banks that support feting transactions using a date
filter.
required: false
style: form
explode: true
schema:
type: boolean
format: boolean
- name: requiresOneStepPayment
in: query
description: >-
Filters for banks that only support immediate redemption of
transfers.
required: false
style: form
explode: true
schema:
type: boolean
format: boolean
- name: supportsSinglePayment
in: query
description: Filters for banks that support single immediate payments.
required: false
style: form
explode: true
schema:
type: boolean
format: boolean
example: true
- name: supportsScheduledPayment
in: query
description: Filters for banks that support future dated scheduled payments.
required: false
style: form
explode: true
schema:
type: boolean
format: boolean
- name: supportsStandingOrder
in: query
description: Filters for banks that support recurring payments/standing orders.
required: false
style: form
explode: true
schema:
type: boolean
format: boolean
- name: supportsReturnRefundAccount
in: query
description: Filters for the banks that support request of refund account.
required: false
style: form
explode: true
schema:
type: boolean
format: boolean
- name: supportsReturnRefundAccountHolderName
in: query
description: >-
Filters for banks that support returning the refund account holder
name.
required: false
style: form
explode: true
schema:
type: boolean
format: boolean
- name: supportsFundsConfirmation
in: query
description: Filters for the banks that support confirmation of available funds.
required: false
style: form
explode: true
schema:
type: boolean
format: boolean
- name: supportsVariableRecurringPayment
x-internal: true
in: query
description: Filters for banks that support variable recurring payments.
required: false
style: form
explode: true
schema:
type: boolean
format: boolean
responses:
'200':
description: Successful response
content:
application/json:
schema:
$ref: '#/components/schemas/GetBanksV2Response'
'400':
description: The client specified an invalid argument
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_400_2'
'401':
description: The authorization information is missing or invalid
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_401'
'403':
description: Permission to access this endpoint is denied
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_403'
'500':
description: An unexpected or internal server error
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_500'
'501':
description: The operation was not implemented
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_501'
'503':
description: Service is unavailable
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_503'
'504':
description: Gateway has timed out
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_504'
deprecated: false
security:
- Bearer: []
- BasicAuth: []
x-hideTryItPanel: true
/v2/payments:
post:
tags:
- Payments v2
summary: Initiate a payment
description: >-
The `POST /v2/payments` endpoint enables you to initiate a payment with
a bank.
Once the payment has been initiated, the end user needs
to authenticate themselves with their bank.
Check payment
status:
If the status in the initiation response is
`INITIATION_PENDING_REDIRECT_AUTH` or `INITIATION_PENDING_REDIRECT_HP`,
redirect the user to the redirect url found in the authentication
payload of the payment, to authenticate at the bank or at Token.io's
Hosted Pages.
If the status in the initiation response is
`INITIATION_PENDING_REDIRECT_PBL`, redirect the user to the payment link
(redirect URL) found in the authentication payload. The user will be
taken to Token.io’s Hosted Pages, where any missing information (such as
amount or reference) can be provided before proceeding with payment
authentication.
If the status in the initiation response is
`INITIATION_PENDING_EMBEDDED_AUTH`, collect the requested data listed in
the authentication payload of the payment and use the `POST
/v2/payments/{paymentId}/embedded-auth` endpoint to provide the
requested field values.
If the status in the initiation
response is `INITIATION_PENDING`, Token.io needs more time to process
this request with the bank. In the case of a successful scenario, the
status will be updated to `INITIATION_PENDING_REDIRECT_AUTH`,
`INITIATION_PENDING_EMBEDDED_AUTH` or
`INITIATION_PENDING_DECOUPLED_AUTH` when the authentication details are
ready. The update can be checked by the `GET /v2/payments/{paymentId}`
endpoint or received via a webhook (see Webhooks).
If the status is
`INITIATION_PENDING_DECOUPLED_AUTH`, the bank has requested a decoupled
authentication from the user and Token.io is awaiting the result. No
further action is required.
`request-timeout`
header:
Banks may take some time to respond when a request
is made. Therefore, Token.io recommends that you set a `request-timeout`
header in your API-only `POST /v2/payments` requests to match the
timeout of your client and avoid `DEADLINE_EXCEEDED` errors. If this is
set, Token.io sends a response when this timeout period has passed and
will update payment status as soon as the bank has responded. The
following example demonstrates what happens when you set a timeout of 10
seconds and the call to the bank takes 15 seconds:
The
TPP makes a `POST /v2/payments` call.
Token.io creates a
resource with the status `INITIATION_PENDING`.
Token.io
starts the call to the bank.
After 10 seconds from (1):
Token.io returns the payment status
`INITIATION_PENDING`.
After 15 seconds from (3): Token.io
receives a response from the bank and changes the status to, for
example, `INITIATION_PENDING_REDIRECT_AUTH`. The update will be sent in
a webhook, if TPP is subscribed for webhooks.
The TPP makes
the `GET /v2/payments/{id}` call and receives the payment with the
status `INITIATION_PENDING_REDIRECT_AUTH`.
operationId: InitiatePayment
parameters:
- name: request-timeout
in: header
description: >-
Sets the number of elapsed seconds until Token.io sends the response
back, even if the call is not finished by that time (in which case
the call will be completed asynchronously).
schema:
type: integer
required: false
example: 10
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/v2_payments_body'
required: true
responses:
'200':
description: Successful response
content:
application/json:
schema:
$ref: '#/components/schemas/PaymentResponse'
'400':
description: The client specified an invalid argument
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_400_2'
'401':
description: The authorization information is missing or invalid
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_401'
'403':
description: Permission to access this endpoint is denied
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_403'
'500':
description: An unexpected or internal server error
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_500'
deprecated: false
security:
- Bearer: []
- BasicAuth: []
x-hideTryItPanel: true
get:
tags:
- Payments v2
summary: Get payments
description: >-
The `GET /v2/payments` endpoint provides you with a list of payments and
their details.
operationId: GetPayments
parameters:
- name: limit
in: query
description: The maximum number of records to return.
required: true
style: form
explode: true
schema:
maximum: 200
minimum: 1
type: integer
format: int32
example: 10
- name: offset
in: query
description: The offset from the previous page.
required: false
style: form
explode: true
schema:
type: string
example: LerV6Jmex
- name: ids
in: query
description: >-
Filters payments by their ids - returns only payments with ids
listed in this parameter.
required: false
style: form
explode: true
schema:
type: array
items:
type: string
example:
- pm2:4QExXrhKTxfShBdcTeqFabqJJhUF:2gFUX1NDgpN
- pm2:N5cJDFsQzVca3Qvr8kQocgEnjgX:2gFUX1NEdYA
- name: invertIds
in: query
description: >-
Invert ids query - returns only payments with ids not listed in the
ids parameter.
required: false
style: form
explode: true
schema:
type: boolean
example: false
- name: statuses
in: query
description: >-
Filters payments by their statuses - returns only payments with
statuses listed in this parameter. For VRP payments (when
type=VARIABLE_RECURRING_PAYMENT), only the following PaymentStatus
values are supported: • INITIATION_PENDING •
INITIATION_PROCESSING • INITIATION_COMPLETED •
INITIATION_REJECTED •
INITIATION_REJECTED_INSUFFICIENT_FUNDS • INITIATION_FAILED •
INITIATION_NO_FINAL_STATUS_AVAILABLE Using unsupported statuses
for VRP payments will result in an error.
For single
immediate payments, all PaymentStatus values are supported.
required: false
style: form
explode: true
schema:
type: array
items:
$ref: '#/components/schemas/PaymentStatus'
example:
- INITIATION_COMPLETED
- INITIATION_REJECTED
- name: invertStatuses
in: query
description: >-
Invert statuses query - returns only payments with statuses not
listed in the statuses parameter.
required: false
style: form
explode: true
schema:
type: boolean
example: true
- name: createdAfter
in: query
description: >-
Returns only payments created after this time (in ISO 8601 format).
required: false
style: form
explode: true
schema:
type: string
example: '2022-04-05T17:00:00.000Z'
- name: createdBefore
in: query
description: >-
Returns only payments created before this time (in ISO 8601 format).
required: false
style: form
explode: true
schema:
type: string
example: '2022-04-05T17:00:00.000Z'
- name: refIds
in: query
description: >-
Filters payments by their `refId` values - returns only payments
with `refIds` listed in this parameter.
required: false
style: form
explode: true
schema:
type: array
items:
type: string
example:
- ShBdcTeqFabqJJhUF
- N5cJDFsQzVca3Q
- name: onBehalfOfId
in: query
description: >-
Filters payments by the `onBehalfOfId` value - returns only payments
with the `onBehalfOfId` value specified in this parameter. This
field is mandatory for unregulated TPPs.
required: false
style: form
explode: true
schema:
type: string
example: c5a863bc-86f2-4418-a26f-25b24c7983c7
- name: refundStatuses
in: query
description: >-
Filters payments by their refund status values - returns only
payments with refund statuses listed in this parameter. Not
supported for Vrp.
required: false
style: form
explode: true
schema:
type: array
items:
$ref: '#/components/schemas/PaymentRefundStatus'
example:
- PARTIAL
- NONE
- name: partial
in: query
description: >-
Returns payments in a partial format - with only id and status
fields populated.
required: false
style: form
explode: true
schema:
type: boolean
example: true
- name: externalPsuReference
in: query
required: false
style: form
explode: true
schema:
$ref: '#/components/schemas/ExternalPsuReference'
- name: type
in: query
description: >-
Filter by payment type - single immediate or variable recurring
payment. Defaults to SINGLE_IMMEDIATE_PAYMENT if not specified.
required: false
schema:
title: PaymentType
type: string
items:
type: string
example: SINGLE_IMMEDIATE_PAYMENT
enum:
- SINGLE_IMMEDIATE_PAYMENT
- VARIABLE_RECURRING_PAYMENT
- name: vrpConsentId
in: query
description: >-
Filter by Vrp consent id value. Only applied if type is
VARIABLE_RECURRING_PAYMENT.
required: false
style: form
explode: true
schema:
type: string
responses:
'200':
description: Successful response
content:
application/json:
schema:
$ref: '#/components/schemas/PaymentsResponse'
'400':
description: The client specified an invalid argument.
content:
application/json:
schema:
$ref: '#/components/schemas/FieldError'
'401':
description: The authorization information is missing or invalid
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_401'
'500':
description: An unexpected or internal server error
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_500'
deprecated: false
security:
- Bearer: []
- BasicAuth: []
x-hideTryItPanel: true
/tokenized-accounts:
post:
tags:
- Account on File
summary: Create an Account on File
description: >-
Creates an Account on File from the provided bank account details. This
can be used by Third Party Providers (TPPs) in future API requests to
reference the account without resending the full account information.
operationId: CreateTokenizedAccount
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/CreateTokenizedAccountRequest'
required: true
x-badges:
- name: Beta
position: before
responses:
'200':
description: Successful response
content:
application/json:
schema:
$ref: '#/components/schemas/CreateTokenizedAccountResponse'
'400':
description: The client specified an invalid argument
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_400_bad_request'
'401':
description: The authorization information is missing or invalid
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_401'
'403':
description: Permission to access this endpoint is denied
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_403_1'
'429':
description: Too many requests
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_429'
'500':
description: >-
An unexpected internal server error occurred while processing the
request.
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_500_internal'
'501':
description: The operation was not implemented
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_501'
'503':
description: Service is unavailable
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_503'
'504':
description: Gateway has timed out
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_504'
deprecated: false
security:
- Bearer: []
- BasicAuth: []
x-hideTryItPanel: true
/tokenized-accounts/{tokenizedAccountId}:
get:
tags:
- Account on File
summary: Retrieve an Account on File
description: Retrieves an Account on File using its tokenizedAccountId.
operationId: GetTokenizedAccount
parameters:
- name: tokenizedAccountId
description: The tokenized account id.
in: path
required: true
style: simple
explode: false
schema:
type: string
x-badges:
- name: Beta
position: before
responses:
'200':
description: Successful response
content:
application/json:
schema:
$ref: '#/components/schemas/GetTokenizedAccountResponse'
'400':
description: The client specified an invalid argument
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_400_bad_request'
'401':
description: The authorization information is missing or invalid
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_401'
'403':
description: Permission to access this endpoint is denied
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_403_1'
'404':
description: The requested entity, such as tokenized account, was not found
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_404'
'429':
description: Too many requests
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_429'
'500':
description: >-
An unexpected internal server error occurred while processing the
request.
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_500_internal'
'501':
description: The operation was not implemented
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_501'
'503':
description: Service is unavailable
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_503'
'504':
description: Gateway has timed out
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_504'
deprecated: false
security:
- Bearer: []
- BasicAuth: []
x-hideTryItPanel: true
delete:
tags:
- Account on File
summary: Delete an Account on File
description: >-
Deletes an Account on File. After deletion, the tokenizedAccountId can
no longer be used to reference the associated account details in API
requests.
operationId: DeleteTokenizedAccount
parameters:
- name: tokenizedAccountId
description: The tokenized account id.
in: path
required: true
style: simple
explode: false
schema:
type: string
x-badges:
- name: Beta
position: before
responses:
'200':
description: Successful response
content:
application/json:
schema:
$ref: '#/components/schemas/DeleteTokenizedAccountResponse'
'400':
description: The client specified an invalid argument
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_400_bad_request'
'401':
description: The authorization information is missing or invalid
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_401'
'403':
description: Permission to access this endpoint is denied
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_403_1'
'404':
description: The requested entity, such as tokenized account, was not found
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_404'
'429':
description: Too many requests
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_429'
'500':
description: >-
An unexpected internal server error occurred while processing the
request.
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_500_internal'
'501':
description: The operation was not implemented
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_501'
'503':
description: Service is unavailable
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_503'
'504':
description: Gateway has timed out
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_504'
deprecated: false
security:
- Bearer: []
- BasicAuth: []
x-hideTryItPanel: true
/v2/payments/{paymentId}:
get:
tags:
- Payments v2
summary: Get a payment
description: >-
The `GET /v2/payments/{paymentId}` endpoint provides you with details of
an individual payment and checks the payment status for the next step,
if any.
operationId: GetPayment
parameters:
- name: request-timeout
in: header
description: >-
Sets the number of elapsed seconds until Token.io sends the response
back, even if the call is not finished by that time (in which case
the call will be completed asynchronously).
schema:
type: integer
required: false
example: 10
- name: paymentId
description: The payment id.
in: path
required: true
style: simple
explode: false
schema:
type: string
responses:
'200':
description: Successful response
content:
application/json:
schema:
$ref: '#/components/schemas/PaymentResponse'
'401':
description: The authorization information is missing or invalid
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_401'
'404':
description: The requested entity, such as a payment, was not found
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_404'
'500':
description: An unexpected or internal server error
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_500'
deprecated: false
security:
- Bearer: []
- BasicAuth: []
x-hideTryItPanel: true
/v2/payments/{paymentId}/embedded-auth:
post:
tags:
- Payments v2
summary: Provide information for embedded authentication
description: >-
The `POST /v2/payments/{paymentId}/embedded-auth` endpoint provides you
with the requested information when the payment status is
`INITIATION_PENDING_EMBEDDED_AUTH`. The requested information can be
found in the authentication field of the payment.
It's
possible that some banks might request the user's input multiple times.
In this case you might need to call this endpoint again for a new field
set.
operationId: ProvideEmbeddedFields
x-internal: true
parameters:
- name: request-timeout
in: header
description: >-
Sets the number of elapsed seconds until Token.io sends the response
back, even if the call is not finished by that time (in which case
the call will be completed asynchronously).
schema:
type: integer
required: false
example: 10
- name: paymentId
in: path
description: The payment id.
required: true
style: simple
explode: false
schema:
type: string
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/paymentIdEmbeddedAuthBody'
required: true
responses:
'200':
description: Successful response
content:
application/json:
schema:
$ref: '#/components/schemas/PaymentResponse'
'400':
description: The client specified an invalid argument.
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_400_4'
'401':
description: The authorization information is missing or invalid
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_401'
'403':
description: Permission to access this endpoint is denied
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_403'
'404':
description: The requested entity, such as a payment, was not found
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_404'
'500':
description: An unexpected or internal server error
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_500'
deprecated: false
security:
- Bearer: []
- BasicAuth: []
x-hideTryItPanel: true
/v2/payment-links:
post:
tags:
- Pay by Link
summary: Create a payment link
description: >-
The `POST /v2/payment-links` endpoint creates a new payment link with
payment template and link configuration. Payment links allow you to
create reusable or single-use payment URLs that can be shared with
customers. The link can have fixed or variable amounts, usage limits,
and expiration dates.
operationId: CreatePaymentLink
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/CreatePaymentLinkRequest'
required: true
responses:
'200':
description: Payment link created successfully
content:
application/json:
schema:
$ref: '#/components/schemas/PaymentLinkResponse'
'400':
description: The client specified an invalid argument
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_400_2'
'401':
description: The authorization information is missing or invalid
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_401'
'403':
description: Permission to access this endpoint is denied
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_403'
'500':
description: An unexpected or internal server error
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_500'
deprecated: false
security:
- Bearer: []
- BasicAuth: []
x-hideTryItPanel: true
get:
tags:
- Pay by Link
summary: List payment links
description: >-
The `GET /v2/payment-links` endpoint returns a list of payment links. At
least one filter parameter must be provided. Results can be filtered by
IDs, statuses, creation date range (createdAfter, createdBefore),
expiration date range (expiresAfter, expiresBefore), external PSU
reference, and on-behalf-of ID.
operationId: ListPaymentLinks
parameters:
- name: ids
in: query
description: Filter by payment link ID list
required: false
style: form
explode: true
schema:
type: array
items:
type: string
example:
- pl-019c8a02-a30e-7307-83da-7428239da59d
- pl-019f0d3a-9c4b-7a1e-8c2f-0b7d9a4e3c12
- name: statuses
in: query
description: Filter by link statuses
required: false
style: form
explode: true
schema:
type: array
items:
$ref: '#/components/schemas/PaymentLinkStatusFilter'
example:
- LINK_ACTIVE
- LINK_EXPIRED
- name: onBehalfOfId
in: query
description: Filter by on behalf of ID
required: false
style: form
explode: true
schema:
type: string
example: c5a863bc-86f2-4418-a26f-25b24c7983c7
- name: externalPsuReference
in: query
description: Filter by external PSU Reference
required: false
style: form
explode: true
schema:
$ref: '#/components/schemas/ExternalPsuReference'
example: customer_456789_coffee_order
- name: createdAfter
in: query
description: >-
Filter links created after this timestamp (in ISO 8601 format)
required: false
style: form
explode: true
schema:
type: string
format: date-time
example: '2026-01-01T00:00:00Z'
- name: createdBefore
in: query
description: >-
Filter links created before this timestamp (in ISO 8601 format)
required: false
style: form
explode: true
schema:
type: string
format: date-time
example: '2026-01-01T00:00:00Z'
- name: expiresAfter
in: query
description: >-
Filter links expiring after this timestamp (in ISO 8601 format)
required: false
style: form
explode: true
schema:
type: string
format: date-time
example: '2026-01-01T00:00:00Z'
- name: expiresBefore
in: query
description: >-
Filter links expiring before this timestamp (in ISO 8601 format)
required: false
style: form
explode: true
schema:
type: string
format: date-time
example: '2026-01-01T00:00:00Z'
- name: limit
in: query
description: Maximum number of results to return
required: false
style: form
explode: true
schema:
type: integer
format: int32
minimum: 1
maximum: 200
- name: offset
in: query
description: >-
The offset for the current page. The offset is not required to fetch
the first page. To fetch subsequent pages, use the 'nextOffset'
value from the previous page response.
required: false
style: form
explode: true
schema:
type: string
example: 019f0d6b-3e21-7c9a-9f04-6a2b8d1c7e53
responses:
'200':
description: List of payment links
content:
application/json:
schema:
$ref: '#/components/schemas/PaymentLinksResponse'
'400':
description: The client specified an invalid argument
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_400_2'
'401':
description: The authorization information is missing or invalid
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_401'
'403':
description: Permission to access this endpoint is denied
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_403'
'500':
description: An unexpected or internal server error
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_500'
deprecated: false
security:
- Bearer: []
- BasicAuth: []
x-hideTryItPanel: true
/v2/payment-links/{paymentLinkId}:
get:
tags:
- Pay by Link
summary: Get payment link details
description: >-
The `GET /v2/payment-links/{paymentLinkId}` endpoint retrieves detailed
information about a specific payment link including current usage
statistics.
operationId: GetPaymentLink
parameters:
- name: paymentLinkId
in: path
description: Payment link ID
required: true
style: simple
explode: false
schema:
type: string
example: pl-019c8a02-a30e-7307-83da-7428239da59d
responses:
'200':
description: Payment link details
content:
application/json:
schema:
$ref: '#/components/schemas/PaymentLinkResponse'
'400':
description: The client specified an invalid argument
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_400_2'
'401':
description: The authorization information is missing or invalid
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_401'
'403':
description: Permission to access this endpoint is denied
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_403'
'404':
description: The requested payment link was not found
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_404'
'500':
description: An unexpected or internal server error
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_500'
deprecated: false
security:
- Bearer: []
- BasicAuth: []
x-hideTryItPanel: true
delete:
tags:
- Pay by Link
summary: Deactivate payment link
description: >-
The `DELETE /v2/payment-links/{paymentLinkId}` endpoint deactivates a
payment link, preventing further usage. Only active payment links can be
deactivated.
operationId: DeactivatePaymentLink
parameters:
- name: paymentLinkId
in: path
description: Payment link ID
required: true
style: simple
explode: false
schema:
type: string
example: pl-019c8a02-a30e-7307-83da-7428239da59d
responses:
'200':
description: Payment link deactivated successfully
content:
application/json:
schema:
$ref: '#/components/schemas/PaymentLinkResponse'
'400':
description: The client specified an invalid argument
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_400_2'
'401':
description: The authorization information is missing or invalid
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_401'
'403':
description: Permission to access this endpoint is denied
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_403'
'404':
description: The requested payment link was not found
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_404'
'409':
description: Payment link cannot be deactivated
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_400_2'
'500':
description: An unexpected or internal server error
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_500'
deprecated: false
security:
- Bearer: []
- BasicAuth: []
x-hideTryItPanel: true
/virtual-accounts:
post:
tags:
- Settlement Accounts
summary: Create a settlement account
description: The `POST /virtual-accounts` endpoint creates a settlement account.
operationId: GatewayService.CreateVirtualAccount
x-internal: true
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/CreateVirtualAccountRequest'
required: true
responses:
'200':
description: Successful response
content:
application/json:
schema:
$ref: '#/components/schemas/CreateVirtualAccountResponse'
'400':
$ref: '#/components/responses/InvalidArgumentRequest'
'401':
$ref: '#/components/responses/UnauthenticatedResponse'
'403':
$ref: '#/components/responses/PermissionDeniedResponse'
'404':
$ref: '#/components/responses/CustomerNotFoundResponse'
'429':
$ref: '#/components/responses/TooManyRequestsResponse'
'500':
$ref: '#/components/responses/UnexpectedErrorResponse'
'501':
$ref: '#/components/responses/NotImplementedResponse'
'503':
$ref: '#/components/responses/ServiceUnavailableResponse'
'504':
$ref: '#/components/responses/GatewayTimeoutResponse'
deprecated: false
security:
- Bearer: []
- BasicAuth: []
x-hideTryItPanel: true
get:
tags:
- Settlement Accounts
summary: Get settlement accounts
description: >-
The `GET /virtual-accounts` endpoint retrieves information for all
settlement accounts.
operationId: GatewayService.GetVirtualAccounts
x-internal: true
parameters:
- name: limit
in: query
required: false
description: >-
The maximum number of records to return. The maximum allowed
limit is 200. If the passed limit is bigger than this, it will be
set to 200.
schema:
format: int32
type: integer
- name: offset
in: query
required: false
description: >-
The offset for the current page. The offset is not required to fetch
the first page. To fetch subsequent pages, use the 'nextOffset'
value from the previous page response. The offset value should
not be parsed and/or understood in any way.
schema:
type: string
- name: currency
in: query
required: false
description: >-
The ISO 4217 three letter currency code.
example: EUR
schema:
type: string
- name: country
in: query
required: false
description: Two-letter country code in upper case (ISO 3166-1 alpha-2).
example: PL
schema:
type: string
- name: nickname
in: query
required: false
description: The alias name that identifies the settlement account.
example: Account Alias
schema:
type: string
- name: onBehalfOfId
in: query
description: >-
The id of the ultimate client on whose behalf the account is
created. If the account is created on behalf of a sub-TPP, this
field should contain the sub-TPP `referenceId`. This field is
mandatory for unregulated TPPs.
required: false
style: form
explode: true
schema:
type: string
example: c5a863bc-86f2-4418-a26f-25b24c7983c7
responses:
'200':
description: Successful response
content:
application/json:
schema:
$ref: '#/components/schemas/GetVirtualAccountsResponse'
'400':
$ref: '#/components/responses/InvalidArgumentRequest'
'401':
$ref: '#/components/responses/UnauthenticatedResponse'
'403':
$ref: '#/components/responses/PermissionDeniedResponse'
'404':
$ref: '#/components/responses/CustomerNotFoundResponse'
'429':
$ref: '#/components/responses/TooManyRequestsResponse'
'500':
$ref: '#/components/responses/UnexpectedErrorResponse'
'501':
$ref: '#/components/responses/NotImplementedResponse'
'503':
$ref: '#/components/responses/ServiceUnavailableResponse'
'504':
$ref: '#/components/responses/GatewayTimeoutResponse'
deprecated: false
security:
- Bearer: []
- BasicAuth: []
x-hideTryItPanel: true
/virtual-accounts/{accountId}:
get:
tags:
- Settlement Accounts
summary: Get a settlement account
description: >-
The `GET /virtual-accounts/{accountId}` endpoint the information, for a
given settlement account.
operationId: GatewayService.GetVirtualAccountById
x-internal: true
parameters:
- name: accountId
in: path
description: >-
The system-generated, unique id which specifies the settlement
account.
required: true
schema:
type: string
- name: onBehalfOfId
in: query
description: >-
Filters payments by the `onBehalfOfId` value - returns only payments
with the `onBehalfOfId` value specified in this parameter. This
field is mandatory for unregulated TPPs.
required: false
style: form
explode: true
schema:
type: string
example: c5a863bc-86f2-4418-a26f-25b24c7983c7
responses:
'200':
description: Successful response
content:
application/json:
schema:
$ref: '#/components/schemas/GetVirtualAccountByIdResponse'
'400':
$ref: '#/components/responses/InvalidArgumentRequest'
'401':
$ref: '#/components/responses/UnauthenticatedResponse'
'403':
$ref: '#/components/responses/PermissionDeniedResponse'
'404':
$ref: '#/components/responses/AccountNotFoundResponse'
'429':
$ref: '#/components/responses/TooManyRequestsResponse'
'500':
$ref: '#/components/responses/UnexpectedErrorResponse'
'501':
$ref: '#/components/responses/NotImplementedResponse'
'503':
$ref: '#/components/responses/ServiceUnavailableResponse'
'504':
$ref: '#/components/responses/GatewayTimeoutResponse'
deprecated: false
security:
- Bearer: []
- BasicAuth: []
x-hideTryItPanel: true
/virtual-accounts/{accountId}/transactions:
get:
tags:
- Settlement Accounts
summary: Get settlement account transactions
description: >-
The `GET /virtual-accounts/{accountId}/transactions` endpoint retrieves
transcation information in a given settlement account.
operationId: GatewayService.GetVirtualAccountTransactions
x-internal: true
parameters:
- name: accountId
in: path
description: >-
The system-generated, unique id which specifies the settlement
account.
required: true
schema:
type: string
- name: limit
in: query
required: false
description: >-
The maximum number of records to return. The maximum allowed
limit is 200. If the passed limit is bigger than this, it will be
set to 200.
schema:
format: int32
type: integer
- name: offset
in: query
required: false
description: >-
The offset for the current page. The offset is not required to fetch
the first page. To fetch subsequent pages, use the 'nextOffset'
value from the previous page response. The offset value should
not be parsed and/or understood in any way.
schema:
type: string
- name: refId
in: query
required: false
description: >-
Filters transactions by their `refId` value - returns only
transactions with `refId` mentioned in the reference.
schema:
type: string
- name: startDate
in: query
description: >-
Returns transactions created on or after this date, inclusive (in ISO 8601 format).
required: false
schema:
type: string
example: '2022-04-05'
- name: endDate
in: query
description: >-
Returns transactions created on or before this date, inclusive (in
ISO 8601 format).
required: false
schema:
type: string
example: '2022-04-05'
- name: amount
in: query
required: false
description: Filters transactions by their transaction amount.
schema:
type: string
- name: providerPaymentId
in: query
required: false
description: Filters transactions by the provider-payment-id.
schema:
type: string
- name: transactionType
in: query
required: false
description: >-
Filters transactions by type to include only CREDIT or DEBIT
transactions.
schema:
$ref: '#/components/schemas/TransactionType'
example: CREDIT
- name: onBehalfOfId
in: query
description: >-
Filters payments by the `onBehalfOfId` value - returns only payments
with `onBehalfOfId` specified in this parameter. This field is
mandatory for unregulated TPPs.
required: false
style: form
explode: true
schema:
type: string
example: c5a863bc-86f2-4418-a26f-25b24c7983c7
responses:
'200':
description: Successful response
content:
application/json:
schema:
$ref: '#/components/schemas/GetVirtualAccountTransactionsResponse'
'400':
$ref: '#/components/responses/InvalidArgumentRequest'
'401':
$ref: '#/components/responses/UnauthenticatedResponse'
'403':
$ref: '#/components/responses/PermissionDeniedResponse'
'404':
$ref: '#/components/responses/AccountNotFoundResponse'
'429':
$ref: '#/components/responses/TooManyRequestsResponse'
'500':
$ref: '#/components/responses/UnexpectedErrorResponse'
'501':
$ref: '#/components/responses/NotImplementedResponse'
'503':
$ref: '#/components/responses/ServiceUnavailableResponse'
'504':
$ref: '#/components/responses/GatewayTimeoutResponse'
deprecated: false
security:
- Bearer: []
- BasicAuth: []
x-hideTryItPanel: true
/virtual-accounts/{accountId}/transactions/{providerPaymentId}:
get:
tags:
- Settlement Accounts
summary: Get a settlement account transaction
description: >-
The `GET /virtual-accounts/{accountId}/transactions/{providerPaymentId}`
endpoint retrieves information for a specific transaction in a given
settlement account.
operationId: GatewayService.GetVirtualAccountTransaction
x-internal: true
parameters:
- name: accountId
in: path
description: >-
The system-generated, unique id which specifies the settlement
account.
required: true
schema:
type: string
- name: providerPaymentId
in: path
description: >-
The settlement account provider-assigned unique transaction
identifier.
required: true
schema:
type: string
- name: onBehalfOfId
in: query
description: >-
Filters payments by the `onBehalfOfId` value - returns only payments
with `onBehalfOfId` specified in this parameter. This field is
mandatory for unregulated TPPs.
required: false
style: form
explode: true
schema:
type: string
example: c5a863bc-86f2-4418-a26f-25b24c7983c7
responses:
'200':
description: Successful response
content:
application/json:
schema:
$ref: '#/components/schemas/GetVirtualAccountTransactionResponse'
'400':
$ref: '#/components/responses/InvalidArgumentRequest'
'401':
$ref: '#/components/responses/UnauthenticatedResponse'
'403':
$ref: '#/components/responses/PermissionDeniedResponse'
'404':
$ref: '#/components/responses/AccountNotFoundResponse'
'429':
$ref: '#/components/responses/TooManyRequestsResponse'
'500':
$ref: '#/components/responses/UnexpectedErrorResponse'
'501':
$ref: '#/components/responses/NotImplementedResponse'
'503':
$ref: '#/components/responses/ServiceUnavailableResponse'
'504':
$ref: '#/components/responses/GatewayTimeoutResponse'
deprecated: false
security:
- Bearer: []
- BasicAuth: []
x-hideTryItPanel: true
/virtual-accounts/{accountId}/settlement-rule:
post:
tags:
- Settlement Accounts
summary: Create a settlement rule
description: >-
The `POST /virtual-accounts/{accountId}/settlement-rule` endpoint
creates a settlement rule, for a given settlement account.
operationId: GatewayService.CreateVirtualAccountSettlementRule
x-internal: true
parameters:
- name: accountId
in: path
description: >-
The system-generated, unique id which specifies the settlement
account.
required: true
schema:
type: string
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/CreateVirtualAccountSettlementRuleRequest'
required: true
responses:
'200':
description: Successful response
content:
application/json:
schema:
$ref: >-
#/components/schemas/CreateVirtualAccountSettlementRuleResponse
'400':
$ref: '#/components/responses/InvalidArgumentRequest'
'401':
$ref: '#/components/responses/UnauthenticatedResponse'
'403':
$ref: '#/components/responses/PermissionDeniedResponse'
'404':
$ref: '#/components/responses/AccountNotFoundResponse'
'429':
$ref: '#/components/responses/TooManyRequestsResponse'
'500':
$ref: '#/components/responses/UnexpectedErrorResponse'
'501':
$ref: '#/components/responses/NotImplementedResponse'
'503':
$ref: '#/components/responses/ServiceUnavailableResponse'
'504':
$ref: '#/components/responses/GatewayTimeoutResponse'
deprecated: false
security:
- Bearer: []
- BasicAuth: []
x-hideTryItPanel: true
/virtual-accounts/{accountId}/settlement-rules:
get:
tags:
- Settlement Accounts
summary: Get settlement rules
description: >-
The `GET /virtual-accounts/{accountId}/settlement-rules` endpoint
retrieves information about settlement rules, for a given settlement
account, according to the settlement rule status in the request. If no
status is provided, the endpoint retrieves all settlement rules for the
settlement account.
operationId: GatewayService.GetVirtualAccountSettlementRules
x-internal: true
parameters:
- name: accountId
description: >-
The system-generated, unique id which specifies the settlement
account.
required: true
in: path
schema:
type: string
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/GetVirtualAccountSettlementRulesRequest'
required: true
responses:
'200':
description: Successful response
content:
application/json:
schema:
$ref: '#/components/schemas/GetVirtualAccountSettlementRulesResponse'
'400':
$ref: '#/components/responses/InvalidArgumentRequest'
'401':
$ref: '#/components/responses/UnauthenticatedResponse'
'403':
$ref: '#/components/responses/PermissionDeniedResponse'
'429':
$ref: '#/components/responses/TooManyRequestsResponse'
'500':
$ref: '#/components/responses/UnexpectedErrorResponse'
'501':
$ref: '#/components/responses/NotImplementedResponse'
'503':
$ref: '#/components/responses/ServiceUnavailableResponse'
'504':
$ref: '#/components/responses/GatewayTimeoutResponse'
deprecated: false
security:
- Bearer: []
- BasicAuth: []
x-hideTryItPanel: true
/virtual-accounts/{accountId}/settlement-rules/{settlementRuleId}:
get:
tags:
- Settlement Accounts
summary: Get a settlement rule
description: >-
The `GET
/virtual-accounts/{accountId}/settlement-rules/{settlementRuleId}`
endpoint retrieves information for a specific settlement rule, for a
given settlement account.
operationId: GatewayService.GetVirtualAccountSettlementRule
x-internal: true
parameters:
- name: accountId
description: >-
The system-generated, unique id which specifies the settlement
account.
in: path
required: true
schema:
type: string
- name: settlementRuleId
description: The id of the settlement rule.
in: path
required: true
schema:
type: string
responses:
'200':
description: Successful response
content:
application/json:
schema:
$ref: '#/components/schemas/GetVirtualAccountSettlementRuleResponse'
'400':
$ref: '#/components/responses/InvalidArgumentRequest'
'401':
$ref: '#/components/responses/UnauthenticatedResponse'
'403':
$ref: '#/components/responses/PermissionDeniedResponse'
'404':
$ref: '#/components/responses/SettlementRuleNotFoundResponse'
'429':
$ref: '#/components/responses/TooManyRequestsResponse'
'500':
$ref: '#/components/responses/UnexpectedErrorResponse'
'501':
$ref: '#/components/responses/NotImplementedResponse'
'503':
$ref: '#/components/responses/ServiceUnavailableResponse'
'504':
$ref: '#/components/responses/GatewayTimeoutResponse'
deprecated: false
security:
- Bearer: []
- BasicAuth: []
x-hideTryItPanel: true
delete:
tags:
- Settlement Accounts
summary: Delete a settlement rule
description: >-
The ` DELETE
/virtual-accounts/{accountId}/settlement-rules/{settlementRuleId}`
endpoint delete an active settlement rule, for a given settlement
account.
operationId: GatewayService.DeleteVirtualAccountSettlementRule
x-internal: true
parameters:
- name: accountId
description: >-
The system-generated, unique id which specifies the settlement
account.
in: path
required: true
schema:
type: string
- name: settlementRuleId
description: The id of the settlement rule.
in: path
required: true
schema:
type: string
responses:
'200':
description: Successful response
content:
application/json:
schema:
$ref: >-
#/components/schemas/DeleteVirtualAccountSettlementRuleResponse
'400':
$ref: '#/components/responses/InvalidArgumentRequest'
'401':
$ref: '#/components/responses/UnauthenticatedResponse'
'403':
$ref: '#/components/responses/PermissionDeniedResponse'
'404':
$ref: '#/components/responses/SettlementRuleNotFoundResponse'
'429':
$ref: '#/components/responses/TooManyRequestsResponse'
'500':
$ref: '#/components/responses/UnexpectedErrorResponse'
'501':
$ref: '#/components/responses/NotImplementedResponse'
'503':
$ref: '#/components/responses/ServiceUnavailableResponse'
'504':
$ref: '#/components/responses/GatewayTimeoutResponse'
deprecated: false
security:
- Bearer: []
- BasicAuth: []
x-hideTryItPanel: true
/virtual-accounts/{accountId}/settlement-rule-payouts:
get:
tags:
- Settlement Accounts
summary: Get settlement account payouts
description: >-
The `GET /virtual-accounts/{accountId}/settlement-rule-payouts` endpoint
retrieves information about payouts created by a settlement rule, for a
given settlement account.
operationId: GatewayService.GetVirtualAccountSettlementPayouts
x-internal: true
parameters:
- name: accountId
description: >-
The system-generated, unique id which specifies the settlement
account.
in: path
required: true
schema:
type: string
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/GetVirtualAccountSettlementPayoutsRequest'
required: true
responses:
'200':
description: Successful response
content:
application/json:
schema:
$ref: >-
#/components/schemas/GetVirtualAccountSettlementPayoutsResponse
'400':
$ref: '#/components/responses/InvalidArgumentRequest'
'401':
$ref: '#/components/responses/UnauthenticatedResponse'
'403':
$ref: '#/components/responses/PermissionDeniedResponse'
'429':
$ref: '#/components/responses/TooManyRequestsResponse'
'500':
$ref: '#/components/responses/UnexpectedErrorResponse'
'501':
$ref: '#/components/responses/NotImplementedResponse'
'503':
$ref: '#/components/responses/ServiceUnavailableResponse'
'504':
$ref: '#/components/responses/GatewayTimeoutResponse'
deprecated: false
security:
- Bearer: []
- BasicAuth: []
x-hideTryItPanel: true
/qr-code:
get:
tags:
- Payments v2
summary: Generate QR code
description: >-
The `GET /qr-code` endpoint generates a QR code in fixed SVG format
(240x240 px). This allows TPPs to programmatically obtain a scannable QR
code .
operationId: GetQrCode
parameters:
- name: data
description: >-
The encoded URL to use while generating the QR code. The link must
be URL encoded.
in: query
required: true
schema:
type: string
responses:
'200':
description: QR code successfully generated
content:
image/svg+xml:
schema:
type: string
description: The QR code in SVG format.
example: >
'400':
description: The client specified an invalid argument (e.g., size too small)
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_400'
'401':
description: The authorization information is missing or invalid
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_401'
'403':
description: Permission to access this endpoint is denied
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_403'
'404':
description: The requested payment was not found or does not have a link
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_404'
'500':
description: An unexpected or internal server error
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_500'
deprecated: false
security:
- Bearer: []
- BasicAuth: []
x-hideTryItPanel: true
/account-verifications:
post:
summary: Initiate an account verification check
tags:
- Verification
responses:
'200':
description: OK
content:
application/json:
schema:
$ref: '#/components/schemas/AccountVerificationResponse'
examples:
'Full Match (EU ACCOUNT) ':
value:
id: avr-01K8R977E2Y0XE5CYQE1608N06
result:
status: MATCH
reasons:
- EXACT_MATCH
details: The account details match.
Close Match (EU ACCOUNT):
value:
id: avr-01K8R97M3BZMQAZ8014CABDKVJ
result:
status: CLOSE_MATCH
reasons:
- NAME_MISMATCH
details: The name provided is a close match.
matched:
name: H. C. Andersen
No match (EU ACCOUNT):
value:
id: avr-01K8R97W7QTCTV8SSZ53FBPATY
result:
status: NO_MATCH
reasons:
- ACCOUNT_MISMATCH
- NAME_MISMATCH
details: The account and name do not match.
Unable to match (EU ACCOUNT):
value:
id: avr-01K8R982QQZ94R58X51GDJRQDE
result:
status: VERIFICATION_NOT_POSSIBLE
reasons:
- UNKNOWN
details: The check cannot be completed.
'400':
description: The client specified an invalid argument
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_400'
operationId: post-verification
description: >-
This endpoint allows clients to verify whether the provided account
details (such as sort code and account number or IBAN) match the name of
the intended account holder, whether an individual or a business
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/AccountVerificationRequest'
examples:
UK (GBP) Account Check:
value:
account:
name: John Doe
accountNumber: '12345678'
sortCode: '123456'
currency: GBP
accountType: PERSONAL
virtualAccountId: pa:8DbPteGnytmMbKXdnWTReeRB6cYWKXZ84JgLTBC7fKL4:5zKcENpV
EU (EUR) Account Check:
value:
account:
name: John Doe
iban: GB33BUKB20201555555555
currency: EUR
virtualAccountId: pa:8DbPteGnytmMbKXdnWTReeRB6cYWKXZ84JgLTBC7fKL4:5zKcENpV
security:
- Bearer: []
- BasicAuth: []
components:
schemas:
Account:
type: object
required:
- bankId
- id
properties:
accountDetails:
$ref: '#/components/schemas/AccountDetails'
accountFeatures:
$ref: '#/components/schemas/AccountFeatures'
bankId:
$ref: '#/components/schemas/bankId'
id:
type: string
description: The system-generated, unique identifier for this account.
example: a:8DbPteGnytmMbKXdnWTReeRB6cYWKXZ84JgLTBC7fKL4:5zKcENpV
isLocked:
x-internal: true
type: boolean
description: >-
All services are locked out for this account if `isLocked` = true.
This setting is only used in conjunction with the legacy Token.io
mobile app. The account will be locked if, for example, the user has
lost their phone. Instead of removing the account, Token.io locks it
so that the user can still see the account after recovery. A
re-linking is enforced before the account can be used again.
format: boolean
example: false
default: false
name:
type: string
description: The unique name of this account.
example: John A Smith
description: Contains information about the requested bank account.
AccountDetails:
type: object
required:
- identifier
- accountIdentifiers
- type
- accountFeautures
properties:
accountHolderName:
type: string
description: The name of the account holder/owner.
example: John Arthur Smith
bic:
type: string
description: >-
The Business Identifier Code (BIC), ISO
9362, is the SWIFT Address assigned to a bank in order to send
automated payments quickly and accurately to the banks concerned. It
uniquely identifies the name and country, (and sometimes the branch)
of the bank involved. BICs are often called SWIFT Codes and can be
either 8 or 11 characters long."
example: BOFIIE2D
identifier:
type: string
description: >-
The type of `accountIdentifier` being used, e.g., bban,
gbDomestic, iban, msisdn, pan or token. The `identifier` is
displayed if an account is returned by the bank.
example: iban
accountIdentifiers:
type: array
description: >-
The account numbers and other strings that identify this as a unique
bank account. The `accountidentifiers` are displayed if an account
is returned by the bank
items:
$ref: '#/components/schemas/AccountIdentifier'
metadata:
type: array
description: >-
Additional fields returned by the bank in response to your
particular request. The presence and type of metadata are dependent
on the bank and generally comprise additional information about the
account or the transaction pertinent to your specific use case. You
define how this information is used when included in the bank's
response.
items:
$ref: '#/components/schemas/AccountDetailsMetadataEntry'
ProviderAccountDetails:
type: object
oneOf:
- title: CMA9 API
properties:
cma9AccountDetails:
$ref: '#/components/schemas/Cma9AccountDetails'
- title: NextGenPSD2
properties:
nextGenPsd2AccountDetails:
$ref: '#/components/schemas/NextGenPsd2AccountDetails'
- title: Polish API
properties:
polishApiAccountDetails:
$ref: '#/components/schemas/PolishApiAccountDetails'
- title: French PSD2
properties:
stetAccountDetails:
$ref: '#/components/schemas/StetAccountDetails'
description: >-
Specific information regarding the bank required by the respective
Open Banking API standard adopted (CMA9, NextGenPSD2, PolishAPI, or
STET).
status:
type: string
description: >-
Specifies the bank-defined status of the account (open, closed,
active, inactive, etc.)
example: Active
type:
type: array
description: >-
Specifies the type of account. The `type` is displayed if an account
is returned by the bank
items:
$ref: '#/components/schemas/AccountDetailsAccountType'
currency:
type: string
description: >-
The ISO 4217 three letter currency code. The
`currency` is displayed if an account is returned by the bank
example: EUR
description: >-
Contains the details needed to identify, correlate and validate the bank
account.
AccountDetailsAccountType:
type: string
description: Specifies the type of account.
example: SAVINGS
default: INVALID
enum:
- INVALID
- OTHER
- CHECKING
- SAVINGS
- LOAN
- CARD
AccountDetailsMetadataEntry:
type: object
additionalProperties:
type: string
description: >-
Bank-defined | [*] – bank-dependent fields 0 .. n; each respective
data type is also bank-dependent (string, number, boolean, null/empty,
object, or array).
description: >-
Additional fields returned by the bank in response to your particular
request. The presence and type of metadata are dependent on the bank and
generally comprise additional information about the account or the
transaction pertinent to your specific use case. You define how this
information is used when included in the bank's response.
AccountFeatures:
type: object
properties:
supportsInformation:
type: boolean
description: An account available for AIS operations.
format: boolean
example: false
default: false
supportsReceivePayment:
type: boolean
description: An account that can receive money transfers.
format: boolean
example: false
default: false
supportsSendPayment:
type: boolean
description: An account that can send money transfers.
format: boolean
example: false
default: false
description: Open Banking features supported for this account.
AccountIdentifier:
type: object
required:
- bankgiro
- bban
- gbDomestic
- iban
- msisdn
- pan
- plus giro
- token
oneOf:
- title: bankgiro
properties:
bankgiro:
$ref: '#/components/schemas/AccountIdentifierBankgiro'
- title: bban
properties:
bban:
$ref: '#/components/schemas/AccountIdentifierBban'
- title: gbDomestic
properties:
gbDomestic:
$ref: '#/components/schemas/AccountIdentifierGbDomestic'
- title: iban
properties:
iban:
$ref: '#/components/schemas/AccountIdentifierIban'
- title: msisdn
properties:
msisdn:
$ref: '#/components/schemas/AccountIdentifierMsisdn'
- title: pan
properties:
pan:
$ref: '#/components/schemas/AccountIdentifierPan'
- title: plusgiro
properties:
plusgiro:
$ref: '#/components/schemas/AccountIdentifierPlusgiro'
- title: token
properties:
token:
$ref: '#/components/schemas/AccountIdentifierToken'
description: >-
Account numbers and other strings that identify this as a unique bank
account.
AccountIdentifierBankgiro:
type: object
properties:
bankgiroNumber:
type: string
description: >-
The unique identifier for the bank account in Sweden (known in
Swedish as Bankgironummer); it consists of 7 or 8 digits; the
clearing code is not used.
example: '56781234'
description: The identifier for domestic bank accounts in Sweden.
AccountIdentifierBban:
type: object
properties:
bban:
type: string
description: >-
Represents a country-specific bank account number. The BBAN is the
last part of the IBAN when used for international funds transfers.
Every country has its own specific BBAN format and length. At
present, there is no common EU or other standard unifying the BBAN.
This is why IBAN was introduced to standardise international bank
transfers.
example: NWBK60161331926819
clearingNumber:
type: string
description: >-
The bank clearing number or BC number is a number used for the
identification of financial institutions in Switzerland and
Liechtenstein. Bank clearing numbers are connected to the Swiss
Interbank Clearing and the EuroSIC system.
example: 87654321
AccountIdentifierGbDomestic:
type: object
properties:
accountNumber:
type: string
description: The unique identifier for the bank account in the UK or Ireland.
example: '12345678'
sortCode:
type: string
description: >-
The number assigned to a branch of a bank, typically containing six
digits and most commonly used in the UK and Ireland.
example: 123456
description: A domestic bank account in the UK.
AccountIdentifierIban:
type: object
properties:
iban:
type: string
description: >-
The International Bank Account Number. This consists of a two-letter
country code followed by two check digits and up to thirty-five
alphanumeric characters.
example: GB29NWBK60161331926819
description: >-
The International Bank Account Number, used when sending interbank
transfers or wiring money from one bank to another, especially across
international borders.
AccountIdentifierMsisdn:
type: object
properties:
msisdn:
type: string
description: >-
The MSISDN is composed of the country code and the national
destination code. Ensure you remove the + sign and any 0 before the
mobile number.
example: '447949123456'
description: >-
The Mobile Station International Subscriber Director Number (MSISDN) is
the user's mobile phone number, used as a unique identifier to enable
routing of voice and SMS traffic to and from a specific
subscription/device on a wireless/mobile network.
AccountIdentifierPan:
type: object
properties:
pan:
type: string
description: >-
The 14, 15, or 16 digit number generated as a unique identifier for
a primary account.
example: '4658552288550023'
description: >-
The Primary Account Number (PAN). The card identifier found on payment
cards, such as credit cards and debit cards, as well as stored-value
cards, gift cards and other similar card, sometimes referred to as a
bank card number.
AccountIdentifierPlusgiro:
type: object
properties:
plusgiroNumber:
type: string
description: >-
The account number (minimum 2 and maximum 8 digits) for a PlusGiro
account. The clearing code is not used.
example: '987654'
description: >-
The domestic transaction clearing system in Sweden. The credit transfer
function, which is part of Nordea, and used for mediating payments between
accounts held by companies and individuals.
AccountIdentifierToken:
type: object
properties:
accountId:
type: string
description: >-
The bank account identifier for a linked account used by Token.io's
Bank Integration Account Linking Service.
example: a:b6037206ca7311ed:afa1
memberId:
type: string
description: The Token.io-generated member id for the user/account holder.
example: m:nP4w3u5y8ddrxDJkjimgSX9e4fZ:5zKtXEAq
description: >-
The primary account number; the card identifier found on payment cards,
such as credit cards and debit cards, as well as stored-value cards,
gift cards and other similar card, sometimes referred to as a bank card
number.
RefundInfo:
type: object
properties:
account:
$ref: '#/components/schemas/AccountIdentifier'
name:
type: string
description: Name of the account.
example: John A Smith
description: Contains information about each refund initiation record in the list.
AddressInfo:
type: object
properties:
city:
type: string
description: Name of the city as given in postal addresses of the building/area.
example: Berlin
conscriptionNumber:
type: string
description: >-
A special kind of house number. This relates to a settlement instead
of a street. Conscription numbers are in use in some parts of
Europe, sometimes together with street-related house numbers, which
are also called orientation numbers.
example: '2831'
country:
type: string
description: Two-letter country code in upper case (ISO 3166-1 alpha-2).
example: DE
district:
type: string
description: >-
A defined district within the city or country containing the
address.
example: Friedrichshain
flats:
type: string
description: House numbers (range or list) of flats behind a door.
example: 21A - 21C
full:
type: string
description: >-
This is used for a full-text, often multi-line address if you find
the structured address fields unsuitable for denoting the address of
this particular location. Typically such strings cannot be parsed by
software.
example: >-
Fifth house on the left after the village oak, Smalltown,
Smallcountry
hamlet:
type: string
description: >-
A small settlement. In different jurisdictions and geographies, a
hamlet may be the size of a town, village, or parish, or may be
considered to be a smaller settlement or subdivision or satellite
entity to a larger settlement.
example: Botzowviertel
houseName:
type: string
description: >-
The name of a house. Sometimes used in countries like England
instead of (or in addition to) a house number.
example: Grossen Blauen Haus
houseNumber:
type: string
description: >-
The house number (may contain letters, dashes, or other characters).
This identifies a single building with multiple addresses.
example: '123'
place:
type: string
description: >-
The part of an address which refers to the name of some territorial
zone (like an island or square) instead of a street. It should not
be included together with `street`.
example: Arnswalder Platz
postCode:
type: string
description: >-
An identifier consisting of a group of letters and/or numbers that
is added to a postal address to assist the sorting of mail.
example: '10243'
province:
type: string
description: >-
For Canada, uppercase two-letter postal abbreviations, e.g.,
BC, AB, ON, QC.
example: BC
state:
type: string
description: >-
For the US, uppercase two-letter postal abbreviations, e.g.,
AK, CA, HI, NY, TX, WY.
example: CA
street:
type: string
description: >-
the name of the respective street in which the dwelling or business
is located or where mail is received.
example: Hans-Otto-Strasse
subdistrict:
type: string
description: A smaller, readily identifiable part of a district.
example: Friedrichshain Nord
suburb:
type: string
description: >-
Suburbs and localities are the names of geographic subdivisions of
urban areas in Australia.
example: Altona Meadows Suburb
description: The complete postal address of a party.
Alias:
type: object
properties:
realmId:
type: string
description: Identifies a member created under the realm of a specific bank.
example: m:vHZUAMFt6s64vn6aDyMiwBYbPDN:5zKtXEAq
type:
$ref: '#/components/schemas/Type'
value:
type: string
description: The alias string representing the type.
example: e-sales@token.io
description: Alternate or additional member identification information.
Type:
type: string
description: The types of alias available.
example: EMAIL
default: INVALID
enum:
- INVALID
- UNKNOWN
- EMAIL
- PHONE
- DOMAIN
- BANK
- CUSTOM
- EIDAS
OpenBankingStandard:
type: string
description: Specifies the API standard adopted by the bank.
example: UK_Open_Banking_Standard
default: Invalid_Standard
enum:
- Invalid_Standard
- UK_Open_Banking_Standard
- Starling_Bank_API
- PolishApi
- STET_PSD2_API
- Citi_Handlowy_PSD2_API
- NextGenPsd2
- Slovak_Banking_API_Standard
- Czech_Open_Banking_Standard
- American_Express_PSD2_API
- Budapest_Bank_API
Paging:
type: object
properties:
page:
type: integer
description: The index of the current page.
format: int32
example: 15
pageCount:
type: integer
description: The number of records per page.
format: int32
example: 80
perPage:
type: integer
description: The number of total pages.
format: int32
example: 32
totalCount:
type: integer
description: The number of total records.
format: int32
example: 2500
description: Contains the page information for response content.
FieldFormatInformation:
type: object
properties:
constraint:
type: string
description: >-
The regex specifying allowed characters. See https://regexr.com/3cr6fhttps://regexr.com/3cr6f
for more details.
example: ^[A-Za-z0-9?:()./,'+\-\s]*$
name:
type: string
description: >-
The name of the field in the Token.io `requestpayload` with
bank-imposed formatting constraints.
example: description
path:
type: string
description: >-
The `object.field` path indicating the constrained field's position
in the Token.io `requestPayload`.
example: credentials.credentials1
description: >-
Contains bank-dependent formatting constraints indicating allowable
characters, if any.
FieldsFormatInformation:
type: object
properties:
constraint:
type: string
description: >-
The regex specifying allowed characters. See https://regexr.com/3cr6fhttps://regexr.com/3cr6f
for more details.
example: ^[A-Za-z0-9?:()./,'+\-\s]*$
v2Name:
type: string
description: >-
The name of the field in the Token.io `requestpayload` with
bank-imposed formatting constraints.
example: description
v2Path:
type: string
description: >-
The `object.field` path indicating the constrained field's position
in the Token.io `requestPayload`.
example: credentials.credentials1
description: >-
Contains bank-dependent formatting constraints indicating allowable
characters, if any.
bankId:
type: string
description: >-
The Token.io id of the bank where the consent is created. **This field
is required if the customer is not using Token.io's Hosted Pages for
bank selection, i.e., API-only integration when
`EMBEDDED_HOSTED_PAGES` is selected in `flowType`, or Hosted Pages
embedded (modal) integration.**
example: ob-modelo
callbackUrl:
type: string
description: >-
The TPP's url that Token.io calls back to. This url should not be under
the token.io domain and must be https/SSL secure.
example: https://tpp.com/callback
callbackState:
type: string
description: >-
The developer-specified string allowing the state to be persisted
between the request and callback phases of the flow; used for the
signature in a `GET
/token-requests/{tokenRequestId}/token-request-result` call, in which
the signing payload for the signature is a combination of `state` and
`tokenId`, and validates the `tokenId` against the callbackstate
originally sent in the request. Note: The value of `callbackState`
is added to the redirect URL and appended to the hash of the CSRF token.
example: 6242e45e-3063-4c42-8376
callbackStatev2:
type: string
description: >-
The uniquely-generated string included as part of the URL when
communicating with the bank. It is sent to the bank during payment
initiation and is also returned in the callback from the bank. You can
use it to identify which payment the callback refers to, ensuring that
the callback can be reliably matched to the original payment request.
example: 6242e45e-3063-4c42-8376
MandatoryFields:
type: object
properties:
access:
$ref: '#/components/schemas/MandatoryFieldsAccess'
standingOrder:
$ref: '#/components/schemas/MandatoryFieldsStandingOrder'
transfer:
$ref: '#/components/schemas/MandatoryFieldsTransfer'
description: >-
Contains the fields required by the bank, which the TPP must populate in
the token request, where applicable.
MandatoryFieldsAccess:
type: object
properties:
domestic:
$ref: '#/components/schemas/MandatoryFieldsAccessDomestic'
international:
$ref: '#/components/schemas/MandatoryFieldsAccessInternational'
description: Specifies the mandatory fields for an access token request.
MandatoryFieldsAccessDomestic:
type: object
properties:
fields:
type: array
description: The full path to the field within the domestic access request.
example:
- >-
access_body.instructions.access_destinations.customer_data.legal_names
- access_body.instructions.source.bic
- access_body.instructions.source.account_identifier
items:
type: string
PolishApiFields:
type: array
description: >-
Lists other Polish API fields which must be included in the domestic
access request.
example: >-
access_body.instructions.metadata.provider_access_metadata.polish_api_access_metadata.delivery_mode
items:
type: string
StetFields:
type: array
description: >-
Lists other STET API fields which must be included in the domestic
access request.
example: >-
access_body.instructions.metadata.provider_access_metadata.stet_access_metadata.beneficiary.creditor_agent
items:
type: string
description: Specifies the mandatory fields for an access request.
MandatoryFieldsAccessInternational:
type: object
properties:
fields:
type: array
description: The full path to the field within the international access request.
example:
- >-
access_body.instructions.access_destinations.customer_data.legal_names
- access_body.instructions.source.bic
- access_body.instructions.source.account_identifier
items:
type: string
PolishApiFields:
type: array
description: >-
Lists other Polish API fields which must be included in the access
request.
example: >-
access_body.instructions.metadata.provider_access_metadata.polish_api_access_metadata.delivery_mode
items:
type: string
StetFields:
type: array
description: >-
Lists other STET API fields which must be included in the access
request.
example: >-
access_body.instructions.metadata.provider_access_metadata.stet_access_metadata.beneficiary.creditor_agent
items:
type: string
description: Specifies the mandatory fields for an international access request.
MandatoryFieldsTransferDomestic:
type: object
properties:
fields:
type: array
description: The full path to the field within the domestic transfer.
example:
- >-
transfer_body.instructions.transfer_destinations.customer_data.legal_names
- transfer_body.instructions.source.bic
- transfer_body.instructions.source.account_identifier
items:
type: string
PolishApiFields:
type: array
description: >-
Lists other Polish API fields which must be included in the domestic
transfer.
example: >-
transfer_body.instructions.metadata.provider_transfer_metadata.polish_api_transfer_metadata.delivery_mode
items:
type: string
StetFields:
type: array
description: >-
Lists other STET API fields which must be included in the domestic
transfer.
example: >-
transfer_body.instructions.metadata.provider_transfer_metadata.stet_transfer_metadata.beneficiary.creditor_agent
items:
type: string
description: Specifies the mandatory fields for a domestic transfer.
MandatoryFieldsTransferInternational:
type: object
properties:
fields:
type: array
description: The full path to the field within the international transfer.
example:
- >-
transfer_body.instructions.transfer_destinations.customer_data.legal_names
- transfer_body.instructions.source.bic
- transfer_body.instructions.source.account_identifier
items:
type: string
PolishApiFields:
type: array
description: >-
Lists other Polish API fields which must be included in the
international transfer.
example: >-
transfer_body.instructions.metadata.provider_transfer_metadata.polish_api_transfer_metadata.delivery_mode
items:
type: string
StetFields:
type: array
description: >-
Lists other STET API fields which must be included in the
international transfer.
example: >-
transfer_body.instructions.metadata.provider_transfer_metadata.stet_transfer_metadata.beneficiary.creditor_agent
items:
type: string
description: Specifies the mandatory fields for an international transfer.
MandatoryFieldsStandingOrderDomestic:
type: object
properties:
fields:
type: array
description: The full path to the field within the domestic standing order.
example:
- >-
standing_order_body.instructions.transfer_destinations.customer_data.legal_names
- standing_order_body.instructions.source.bic
- standing_order_body.instructions.source.account_identifier
items:
type: string
PolishApiFields:
type: array
description: >-
Lists other Polish API fields which must be included in the domestic
standing order.
example: >-
standing_order_body.instructions.metadata.provider_transfer_metadata.polish_api_transfer_metadata.delivery_mode
items:
type: string
StetFields:
type: array
description: >-
Lists other STET API fields which must be included in the domestic
standing order.
example: >-
standing_order_body.instructions.metadata.provider_transfer_metadata.stet_transfer_metadata.beneficiary.creditor_agent
items:
type: string
description: Specifies the mandatory fields for a domestic standing order.
MandatoryFieldsStandingOrderInternational:
type: object
properties:
fields:
type: array
description: The full path to the field within the international standing order.
example:
- >-
standing_order_body.instructions.transfer_destinations.customer_data.legal_names
- standing_order_body.instructions.source.bic
- standing_order_body.instructions.source.account_identifier
items:
type: string
PolishApiFields:
type: array
description: >-
Lists other Polish API fields which must be included in the
international token request.
example: >-
standing_order_body.instructions.metadata.provider_transfer_metadata.polish_api_transfer_metadata.delivery_mode
items:
type: string
StetFields:
type: array
description: >-
Lists other STET API fields which must be included in the
international token request.
example: >-
standing_order_body.instructions.metadata.provider_transfer_metadata.polish_api_transfer_metadata.delivery_mode
items:
type: string
description: Specifies the mandatory fields for an international standing order.
MandatoryFieldsStandingOrder:
type: object
properties:
domestic:
$ref: '#/components/schemas/MandatoryFieldsStandingOrderDomestic'
international:
$ref: '#/components/schemas/MandatoryFieldsStandingOrderInternational'
description: Specifies the mandatory fields for a standing order token request.
MandatoryFieldsTransfer:
type: object
properties:
domestic:
$ref: '#/components/schemas/MandatoryFieldsTransferDomestic'
international:
$ref: '#/components/schemas/MandatoryFieldsTransferInternational'
description: Specifies the mandatory fields for a transfer token request.
Attachment:
type: object
properties:
blobId:
type: string
description: The unique numeric value that references blob data.
example: '7124783462147'
name:
type: string
description: >-
The name of the attachment. This can contain any combination of
characters.
example: 3Etyewchj27
type:
type: string
description: >-
Specifies the type of attachment, e.g., image, audio,
multimedia, or binary executable code.
example: Image
description: >-
Contains optional provider blob objects supporting the
transfer/transaction.
Money:
type: object
required:
- currency
- value
properties:
currency:
type: string
description: >-
The ISO 4217 three letter currency code.
example: EUR
value:
type: string
description: >-
The transaction amount with up to four digits after the decimal
point.
example: '10.23'
description: The balance currency and value.
MoneyRequest:
type: object
properties:
currency:
type: string
description: >-
The ISO 4217 three letter currency code.
example: EUR
value:
type: string
description: >-
The transaction amount with up to four digits after the decimal
point.
example: '10.23'
description: The balance currency and value.
CredentialField:
type: object
properties:
description:
type: string
description: The description of the credentials.
example: User authentication
displayName:
type: string
description: The display name for the credentials.
example: Client ID
flickerCode:
type: string
description: The Flicker code displayed to the user.
example: FLICKERCODE
id:
type: string
description: >-
Specifies the identifier to be used when passing the value for this
credential.
example: clientId
image:
type: string
description: A Base64 representation of an image displayed to the user.
example: YWJAeXoyWhAeXohteQ
options:
type: array
description: >-
A list of options for the user to select from. For example, it can
be an SCA method choice (SMS message, phone call etc.), or
confirm/decline options for a confirmation page. The customer sends
one of the values back to Token.io with the corresponding id.
example:
- SMS
- Phone call
items:
type: string
type:
$ref: '#/components/schemas/CredentialFieldType'
description: Contains information used in embedded authentication flows.
CredentialFieldType:
type: string
description: Specifies the type of credential.
example: PASSWORD
enum:
- INVALID
- FIELD
- PASSWORD
- PSU_MESSAGE
- IMAGE
- FLICKER
- DECOUPLED
ProviderTransactionDetails:
type: object
properties:
budapestApiTransactionDetails:
$ref: '#/components/schemas/BudapestApiTransactionDetails'
cma9ApiTransactionDetails:
$ref: '#/components/schemas/Cma9ApiTransactionDetails'
czechApiTransactionDetails:
$ref: '#/components/schemas/CzechApiTransactionDetails'
nextGenPsd2TransactionDetails:
$ref: '#/components/schemas/NextGenPsd2TransactionDetails'
polishApiTransactionDetails:
$ref: '#/components/schemas/PolishApiTransactionDetails'
slovakApiTransactionDetails:
$ref: '#/components/schemas/SlovakApiTransactionDetails'
stetTransactionDetails:
$ref: '#/components/schemas/StetTransactionDetails'
description: >-
Specific information regarding the bank required by the respective Open
Banking API standard adopted.
ProviderTransferDetails:
type: object
properties:
id:
type: string
description: A provider-specific reference id generated upon TPP submission.
example: uXmEDV5m2b8ZvLGE91ELf7PPw5BaDab98kMguu
status:
type: string
description: >-
The status provided by the bank. This can be the ISO 20022
payment status code. See ISO 20022 payment status codes for more
information.
example: AcceptedSettlementCompleted
description: Information about the transfer.
ProviderTransferMetadata:
type: object
oneOf:
- title: CMA9 API
properties:
cma9TransferMetadata:
$ref: '#/components/schemas/Cma9TransferMetadata'
- title: NextGenPSD2
properties:
nextGenPsd2TransferMetadata:
$ref: '#/components/schemas/NextGenPsd2TransferMetadata'
- title: Polish API
properties:
polishApiTransferMetadata:
$ref: '#/components/schemas/PolishApiTransferMetadata'
- title: French PSD2
properties:
stetTransferMetadata:
$ref: '#/components/schemas/StetTransferMetadata'
description: >-
The transfer metadata required under the Open Banking API standard
adopted by the bank.
ScaStatus:
type: string
description: This status indicates whether the SCA process succeeded or failed.
example: AUTHENTICATED
enum:
- INVALID
- AUTHENTICATED
- AUTHENTICATION_FAILED
- DECLINED_BY_PSU
BudapestApiAccountReference:
type: object
properties:
iban:
type: string
description: >-
The International Bank Account Number, used when sending interbank
transfers or wiring money from one bank to another, especially
across international borders. It consists of a two-letter country
code followed by two check digits and up to thirty-five alphanumeric
characters.
example: GB29NWBK60161331926819
description: >-
The unique provider account identifier required under the Budapest Bank
API standards.
BudapestApiTransactionDetails:
type: object
properties:
creditorAccount:
$ref: '#/components/schemas/BudapestApiAccountReference'
creditorName:
type: string
description: The name of the creditor/payee.
example: ACME Company
debtorAccount:
$ref: '#/components/schemas/BudapestApiAccountReference'
debtorName:
type: string
description: The name of the debtor/payer.
example: John Smith
transactionCategory:
type: string
description: The category for the transaction, e.g., Debit, Credit.
example: Credit
description: >-
Provider transaction details required under the Budapest Bank API
standards.
Cma9CardInstrument:
type: object
properties:
accountIdentification:
type: string
example: a:J72REftaRoiaDYRDU7M9FDgf8jeh3eqek9DvKeyBWbuA:3VMczyq7r7b6HwC
authorizationType:
type: string
cardSchemeName:
type: string
name:
type: string
description: >-
Card instrument details required under the CMA9 API standard.
Cma9AccountDetails:
type: object
properties:
accountType:
$ref: '#/components/schemas/Cma9AccountDetailsAccountType'
accountSubtype:
$ref: '#/components/schemas/Cma9AccountDetailsAccountSubtype'
address:
type: array
items:
$ref: '#/components/schemas/Cma9AccountDetailsAddress'
description:
type: string
description: A description of the account type.
example: Personal
emailAddress:
type: string
description: The electronic mail address associated with the account.
example: john.smith@email.com
mobile:
type: string
description: The mobile phone number associated with the account.
example: 07999 123456
name:
type: string
description: >-
Name of the account, as assigned by the account servicing
institution. The account name is the name or names of the account
owner(s) represented at an account level. The account name is not
the product name or the nickname of the account.
example: John Smith
partyId:
type: string
description: >-
The unique and immutable identifier used to identify the TPP
resource; this identifier has no meaning to the account owner.
example: '68973542'
partyNumber:
type: string
description: The number assigned by an agent to identify its customer.
example: '24354657'
partyType:
$ref: '#/components/schemas/Cma9AccountDetailsPartyType'
phone:
type: string
description: >-
The collection of information that identifies a phone number, as
defined by the telecom service.
example: 020 123 4567
description: >-
Provider account details required under the CMA9 API standard.
Cma9AccountDetailsAccountSubtype:
type: string
description: This specifies the sub type of the account.
example: CURRENT_ACCOUNT
default: INVALID_ACCOUNT_SUBTYPE
enum:
- INVALID_ACCOUNT_SUBTYPE
- CHARGE_CARD
- CREDIT_CARD
- CURRENT_ACCOUNT
- EMONEY
- LOAN
- MORTGAGE
- PREPAID_CARD
- SAVINGS
Cma9AccountDetailsAccountType:
type: string
description: Specifies the type of account.
example: PERSONAL_ACCOUNT
default: INVALID_ACCOUNT_TYPE
enum:
- INVALID_ACCOUNT_TYPE
- BUSINESS_ACCOUNT
- PERSONAL_ACCOUNT
Cma9AccountDetailsAddressType:
type: string
description: Specifies the type of address.
example: BUSINESS
default: INVALID_ADDRESS_TYPE
enum:
- INVALID_ADDRESS_TYPE
- BUSINESS
- CORRESPONDENCE
- DELIVERYTO
- MAILTO
- POBOX
- POSTAL
- RESIDENTIAL
- STATEMENT
Cma9AccountDetailsAddress:
type: object
properties:
address:
$ref: '#/components/schemas/AddressInfo'
addressType:
$ref: '#/components/schemas/Cma9AccountDetailsAddressType'
description: The complete postal address of a party.
Cma9AccountDetailsPartyType:
type: string
description: The party type, in a coded form.
example: JOINT
default: INVALID_PARTY_TYPE
enum:
- INVALID_PARTY_TYPE
- DELEGATE
- JOINT
- SOLE
Cma9ApiTransactionDetails:
type: object
properties:
creditorAccount:
$ref: '#/components/schemas/Cma9CreditorAccount'
creditorAgent:
$ref: '#/components/schemas/Cma9CreditorAgent'
debtorAccount:
$ref: '#/components/schemas/Cma9DebtorAccount'
debtorAgent:
$ref: '#/components/schemas/Cma9DebtorAgent'
merchantDetails:
$ref: '#/components/schemas/Cma9MerchantDetails'
description: >-
Provider transaction details required under the CMA9 API standard.
Cma9TransferMetadata:
type: object
properties:
endToEndIdentification:
type: string
description: >-
A short reference field to share an invoice or receipt number for
your records; this reference is important to the debtor (this could
be an internal reference id against the transaction) but it Is NOT
the reference information that will be primarily populated on the
statement of the creditor (beneficiary).
instructionIdentification:
$ref: '#/components/schemas/instructionIdentification'
risk:
$ref: '#/components/schemas/Cma9Risk'
description: >-
Transfer metadata required under the CMA9 API standard.
instructionIdentification:
type: string
description: >-
The TPP-generated, unique transaction id passed to the bank (mandatory)
but does not have to go any further in the payment flow. The expectation
is that this is unique indefinitely across all time periods by including
a date or date time element to the field, or by inserting a unique id.
Cma9CreditorAccount:
type: object
properties:
accountIdentification:
type: string
description: The payee's creditor account id or number.
creditorName:
type: string
description: The name of the payee listed for the creditor account.
schemeName:
type: string
description: The creditor-defined recurring payment scheme name.
example: Purchase instalment plan
secondaryIdentification:
type: string
description: Secondary identification required for the transaction.
description: Specifies the payee's account with the creditor.
Cma9CreditorAgent:
type: object
properties:
creditorAgentAddress:
$ref: '#/components/schemas/DeliveryAddress'
creditorAgentName:
type: string
description: >-
The name of financial institution servicing an account for the
creditor.
example: Creditor bank
identification:
type: string
description: >-
The unique identifier for financial institution servicing an account
for the creditor.
example: '98765432'
schemeName:
description: The creditor-defined recurring payment scheme name.
example: Purchase instalment plan
description: >-
The unique and unambiguous identification of a financial institution, as
assigned under an internationally recognised or proprietary
identification scheme.
Cma9DebtorAccount:
type: object
properties:
accountIdentification:
type: string
description: The payer's debtor account id or number.
cardInstrument:
$ref: '#/components/schemas/Cma9CardInstrument'
debtorName:
type: string
description: The name of the payee listed for the creditor account.
schemeName:
type: string
description: The creditor-defined recurring payment scheme name.
example: Purchase instalment plan
secondaryIdentification:
type: string
description: Additional identification required.
description: >-
The source account information for the payment, the payer's bank
account.
Cma9DebtorAgent:
type: object
properties:
debtorAgentAddress:
$ref: '#/components/schemas/DeliveryAddress'
debtorAgentName:
type: string
description: >-
The name of financial institution servicing an account for the
debtor.
example: Debtor bank.
identification:
type: string
description: >-
The unique identifier for financial institution servicing an account
for the debtor.
schemeName:
type: string
description: The creditor-defined recurring payment scheme name.
example: Purchase instalment plan
description: >-
The unique and unambiguous identification of a financial institution, as
assigned under an internationally recognised or proprietary
identification scheme.
DeliveryAddress:
type: object
properties:
addressLine:
type: array
description: Specifies the delivery address using multiple lines, as necessary.
example:
- Flat 2, The Red Lodge, 1 High Street
items:
type: string
addressType:
type: string
description: Specifies the type of address.
example: BUSINESS
default: INVALID_ADDRESS_TYPE
enum:
- INVALID_ADDRESS_TYPE
- BUSINESS
- CORRESPONDENCE
- DELIVERYTO
- MAILTO
- POBOX
- POSTAL
- RESIDENTIAL
- STATEMENT
buildingNumber:
type: string
description: The building number within the delivery address.
example: '1'
country:
type: string
description: Two-letter country code in upper case (ISO 3166-1 alpha-2).
example: GB
countrySubDivision:
type: array
description: >-
Identifies a subdivision of a country; for instance, a state,
region, or county.
example:
- North Yorkshire
items:
type: string
department:
type: string
description: >-
This OBIE specification maps to house number.
example: '1'
postCode:
type: string
description: >-
An identifier consisting of a group of letters and/or numbers that
is added to a postal address to assist the sorting of mail.
example: YO62 5JB
streetName:
type: string
description: >-
The name of the respective street or thoroughfare in which the
dwelling or business is located or where mail is received.
example: High Street
subDepartment:
type: string
description: >-
This OBIE specification maps to flats.
example: Flat 2
townName:
type: string
description: >-
The name of a built-up area with defined boundaries and a local
government.
example: York
description: Specifies the recipient's delivery address details.
Cma9MerchantDetails:
type: object
properties:
merchantCategoryCode:
type: string
description: >-
The category code conforming to ISO
18245, relating to the type of services or goods provided by the
merchant. A list of codes can be purchased here."
example: 5699-V
merchantName:
type: string
description: The name of the merchant.
example: Merchants R US
PaymentContextCode:
type: string
description: >-
This field describes the context of the payment context. This field is
an OBIE
standard and also maps to NextGenPsd2's `purposeCode` and
`categoryPurposeCode` fields. We recommend that the TPP populates this
field.
example: PISP_PAYEE
enum:
- INVALID_PAYMENT_CONTEXT_CODE
- BILLING_GOODS_AND_SERVICES_IN_ADVANCE
- BILLING_GOODS_AND_SERVICES_IN_ARREARS
- PISP_PAYEE
- ECOMMERCE_MERCHANT_INITIATED_PAYMENT
- FACE_TO_FACE_POINT_OF_SALE
- TRANSFER_TO_SELF
- TRANSFER_TO_THIRD_PARTY
Cma9BeneficiaryAccountType:
type: string
description: To be provided if the AccountType is known.
example: BUSINESS
enum:
- PERSONAL
- JOINT_PERSONAL
- PERSONAL_SAVINGS_ACCOUNT
- BUSINESS
- BUSINESS_SAVINGS_ACCOUNT
- CHARITY
- COLLECTION
- CORPORATE
- GOVERNMENT
- EWALLET
- INVESTMENT
- ISA
- PREMIER
- WEALTH
- PENSION
Cma9Risk:
type: object
properties:
deliveryAddress:
$ref: '#/components/schemas/DeliveryAddress'
merchantCustomerIdentification:
type: string
description: >-
The unique customer identifier for the user with the merchant
(maximum 70 characters).
example: '0000789123'
paymentContextCode:
$ref: '#/components/schemas/PaymentContextCode'
paymentPurposeCode:
type: string
description: >-
The category code conforming to the Recommended UK Purpose Code in
the ISO 20022 Payment Messaging List, related to the
type of services or goods corresponding to the underlying purpose of
the payment.
CASH -
CashManagementTransfer
CORT -
TradeSettlementPayment
DVPM -
DeliveryAgainstPayment
INTC -
IntraCompanyPayment
TREA -
TreasuryPayment
SUPP - SupplierPayment
default: CASH
example: DVPM
enum:
- CASH
- CORT
- DVPM
- INTC
- TREA
- SUPP
beneficiaryAccountType:
$ref: '#/components/schemas/Cma9BeneficiaryAccountType'
contractPresentIndicator:
type: string
description: >-
This field indicates whether the Payment Service Provider (PSP) has
a contract with the payee and has undertaken some form of validation
or due diligence on the payee; values: true or false. This field can
be pre-populated by Token.io, for PSPs using Token.io's license.
example: 'true'
beneficiaryPrepopulatedIndicator:
type: string
description: >-
This field indicates whether the PSP, rather than the user, has
generated the TRI fields and that the user can't change them during
the transaction journey; values: true or false. This field can be
pre-populated by the PSP.
example: 'true'
description: This object specifies additional details for risk scoring of payments.
CzechApiAccountReference:
type: object
properties:
iban:
type: string
description: >-
The International Bank Account Number, used when sending interbank
transfers or wiring money from one bank to another, especially
across international borders. It consists of a two-letter country
code followed by two check digits and up to thirty-five alphanumeric
characters.
example: GB29NWBK60161331926819
bban:
type: string
description: >-
Represents a country-specific bank account number. The BBAN is the
last part of the IBAN when used for international funds transfers.
Every country has its own specific BBAN format and length. At
present, there is no common EU or other standard unifying the BBAN.
This is why IBAN was introduced to standardise international bank
transfers.
example: NWBK60161331926819
description: >-
The unique provider account identifier required under the Czech Standard
for Open Banking.
CzechApiTransactionDetails:
type: object
properties:
creditorAccount:
$ref: '#/components/schemas/CzechApiAccountReference'
creditorName:
type: string
description: The name of the creditor/payee.
debtorAccount:
$ref: '#/components/schemas/CzechApiAccountReference'
debtorName:
type: string
description: The name of the debtor/payer.
description: >-
Provider transaction details required under the Czech Standard for Open Banking.
NextGenPsd2AccountReference:
type: object
properties:
bban:
type: string
description: >-
Represents a country-specific bank account number. The BBAN is the
last part of the IBAN when used for international funds transfers.
Every country has its own specific BBAN format and length; 10 to 30
characters comprising the bank code (including the account number)
and a checksum key. At present, there is no common EU or other
standard unifying the BBAN. This is why IBAN was introduced to
standardise international bank transfers.
example: NWBK60161331926819
currency:
type: string
description: >-
The ISO 4217 three letter currency code.
example: EUR
iban:
type: string
description: >-
The International Bank Account Number, used when sending interbank
transfers or wiring money from one bank to another, especially
across international borders. It consists of a two-letter country
code followed by two check digits and up to thirty-five alphanumeric
characters.
example: GB29NWBK60161331926819
maskedPan:
type: string
description: >-
The masked primary account number; tokenised identification for data
protection.
msisdn:
type: string
description: >-
The Mobile Station International Subscriber Director Number (MSISDN)
is the user's mobile phone number, used as a unique identifier to
enable routing of voice and SMS traffic to and from a specific
subscription/device on a wireless/mobile network. It's composed of
the country code and the national destination code. Ensure you
remove the + sign and any 0 before the mobile number.
example: '447949123456'
pan:
type: string
description: >-
The primary account number. The card identifier found on payment
cards, such as credit cards and debit cards, as well as stored-value
cards, gift cards and other similar card, sometimes referred to as a
bank card number.
example: '4658552288550023'
description: >-
The unique provider account identifier required under the NextGenPSD2 standard.
NextGenPsd2AccountDetails:
type: object
properties:
cashAccountType:
type: string
description: >-
The `ExternalCashAccountType1Code` from the ISO
20022 code.
currency:
type: string
description: >-
The ISO 4217 three letter currency code.
example: EUR
details:
type: string
description: >-
The details provided by the bank regarding characteristics of the
account or characteristics of the relevant card.
linkedAccounts:
type: string
description: >-
In the case of a set of pending card transactions, the relevant cash
account the card is set up on; this is the same as the `resourceId`
of the relevant cash account.
product:
type: string
description: >-
The bank-defined product name for this account; the proprietary
definition.
usage:
type: string
description: >-
Specifies the usage of the account (PRIV = private personal account,
ORGA = professional account).
example: PRIV
description: >-
Provider account details required under the NextGenPSD2 standard.
NextGenPsd2TransactionDetails:
type: object
properties:
additionalInformation:
type: string
description: Additional bank-provided information about the transaction.
example: Additional bank information
domain:
$ref: '#/components/schemas/BankTransactionCodeDomain'
checkId:
type: string
description: The identifier for the electronic check, where applicable.
example: 4vn6aDyMiwBYbP
creditorAccount:
$ref: '#/components/schemas/NextGenPsd2AccountReference'
creditorId:
type: string
description: The creditor/payee identifier provided by the bank.
example: 4vn6aDyMiwBYbP
creditorName:
type: string
description: The name of the creditor/payee.
example: ACME Company
currencyExchange:
type: array
description: The currency exchange rate.
items:
$ref: '#/components/schemas/NextGenPsd2ReportExchangeRate'
debtorAccount:
$ref: '#/components/schemas/NextGenPsd2AccountReference'
debtorName:
type: string
description: The name of the debtor/payer.
example: John Smith
endToEndId:
type: string
description: >-
A short reference field to share an invoice or receipt number for
your records; this reference is important to the debtor (could be an
internal reference ID against the transaction) but it Is NOT the
reference information that will be primarily populated on the
statement of the creditor (beneficiary).
example: 6aDyMiwB
entryReference:
type: string
description: >-
The identification of the transaction referencing delta function on
an application level; same id used within camt.05x messages.
example: 72REftaRoiaDYRDU
mandateId:
type: string
description: The identifier for mandates; e.g., a SEPA Mandate id.
example: DE452399865089
purposeCode:
type: string
description: >-
The ISO 20022 external purpose code. Purpose Codes
are four letter codes which are carried across the payment chain,
providing information to all users in the payments chain to indicate
the reason a payment is being made. Purpose Codes are one of the
policy areas of Enhanced Data that can deliver the benefits of the
ISO 20022 payment messaging standard.
CASH -
CashManagementTransfer
CORT -
TradeSettlementPayment
DVPM -
DeliveryAgainstPayment
INTC -
IntraCompanyPayment
TREA -
TreasuryPayment
SUPP - SupplierPayment
"
default: CASH
example: DVPM
enum:
- CASH
- CORT
- DVPM
- INTC
- TREA
- SUPP
remittanceInformationStructured:
type: string
description: >-
Structured remittance information; a reference issued by the seller
used to establish a link between the payment of an invoice and the
invoice instance.
example: REf:taRoiaDY34DU
ultimateCreditor:
type: string
description: The ultimate party to which the transfer is due.
example: ACME GmbH
ultimateDebtor:
type: string
description: >-
The ultimate party that owes that owes money to the (ultimate)
creditor.
example: John Smith
valueDate:
type: string
description: >-
The date, in ISO 8601 format, when funds are posted to an
account and available for immediate use.
example: '2022-03-27T17:00:00.000Z'
description: >-
Provider transaction details required under the NextGenPSD2 standard.
NextGenPsd2TransferMetadata:
type: object
properties:
creditorAgent:
type: string
description: >-
A unique and unambiguous identifier for a financial institution, as
assigned under an internationally recognised or proprietary
identification scheme.
creditorAgentName:
type: string
description: >-
The name of the financial institution servicing an account for the
creditor.
endToEndIdentification:
type: string
description: >-
The unique identifier assigned by the initiating party to
unambiguously identify the transaction; this identification is
passed on, unchanged, throughout the entire end-to-end chain.
remittanceInformationStructured:
type: string
description: >-
The information supplied to enable matching of an entry with the
items that the transfer is intended to settle, such as commercial
invoices in an accounts receivable system.
description: >-
The transfer metadata required under the NextGenPSD2 standard.
NextGenPsd2ReportExchangeRate:
type: object
properties:
contractIdentification:
type: string
description: Identifies the forward or spot exchange contract.
exchangeRate:
type: string
description: >-
The rate of exchange between the `sourceCurrencyand` the
`targetCurrency`.
quotationDate:
type: string
description: >-
The date of the FX quote, in ISO 8601 format.
example: '2022-04-05T17:00:00.000Z'
sourceCurrency:
type: string
description: >-
The ISO 4217 three letter currency code.
example: EUR
targetCurrency:
type: string
description: >-
The ISO 4217 three letter currency code.
example: EUR
unitCurrency:
type: string
description: The price of one currency expressed in terms of another currency.
example: 1.4 to 1.
description: The currency exchange rate.
PolishApiAccountHolderType:
type: string
description: Specifies the type of account holder.
example: INDIVIDUAL
default: INVALID_ACCOUNT_HOLDER_TYPE
enum:
- INVALID_ACCOUNT_HOLDER_TYPE
- INDIVIDUAL
- CORPORATION
PolishApiAccountPsuRelation:
type: object
properties:
stake:
type: integer
description: >-
The total value, expressed as a percentage, specifying the user's
share of the funds on the account or its liability in the case of
credit products; applies to the Owner, Borrower, Guarantor
relationship.
format: int32
typeOfProxy:
$ref: '#/components/schemas/PolishApiTypeOfProxy'
typeOfRelation:
$ref: '#/components/schemas/PolishApiTypeOfRelation'
description: >-
The bank-provided information concerning the relationship between the
user and an account.
PolishApiBank:
type: object
properties:
address:
type: array
description: The physical/mailing address of the bank.
example: 45, Torunska, Gdansk
items:
type: string
bicOrSwift:
type: string
description: >-
The standard format for business identifier codes (BIC), used to
identify banks and financial institutions globally.
example: HBUKGB7F261
code:
type: string
description: The bank code for foreign transfers.
example: BKAFEWFK564
countryCode:
type: string
description: Two-letter country code in upper case (ISO 3166-1 alpha-2).
example: PL
name:
type: string
description: The official name of the bank corresponding to its SWIFT/BIC code.
example: Polska Bank
description: Specifies information about the bank itself.
PolishApiBankAccountInfo:
type: object
properties:
address:
type: array
description: The physical/mailing address of the bank.
items:
type: string
example: 123 Torunska, Srodmiescie, Gdansk, 62-345
name:
type: string
description: The official name of the bank corresponding to its SWIFT/BIC code.
example: Polska Bank
description: Specifies information about the bank itself.
PolishApiCurrencyRate:
type: object
properties:
fromCurrency:
type: string
description: >-
The ISO 4217 three letter currency code for the
convert-from currency.
example: EUR
rate:
type: number
description: The currency exchange rate.
format: double
toCurrency:
type: string
description: >-
The ISO 4217 three letter currency code for the
convert-to currency.
example: EUR
description: The currency conversion rate information.
PolishApiDeliveryMode:
type: string
description: The urgency classification for delivery.
example: STANDARD_D2
default: INVALID_DELIVERY_MODE
enum:
- INVALID_DELIVERY_MODE
- STANDARD_D2
- STANDARD_D1
- URGENT_D1
- EXPRESS_D0
PolishApiNameAddress:
type: object
properties:
value:
type: array
description: The bank-defined name and postal address.
items:
type: string
example: ACME Business Ltd, 299 Zywiecka, Gdansk
description: Doing Business As (DBA) and/or other names and addresses of the company.
PolishApiPayer:
type: object
properties:
payerId:
type: string
description: The payer's tax id.
example: '444433332211'
payerIdType:
type: string
description: The type of tax payer id.
example: R
default: 'N'
enum:
- 'N'
- P
- R
- '1'
- '2'
- '3'
description: Information about the tax payer.
PolishApiAccountDetails:
type: object
properties:
accountHolderType:
$ref: '#/components/schemas/PolishApiAccountHolderType'
accountNameClient:
type: string
description: Account nickname set by the account holder.
auxData:
$ref: '#/components/schemas/PolishApiAccountDetailsAuxDataEntry'
bank:
$ref: '#/components/schemas/PolishApiBankAccountInfo'
currency:
type: string
description: >-
The ISO 4217 three letter currency code.
example: EUR
nameAddress:
$ref: '#/components/schemas/PolishApiNameAddress'
psuRelations:
type: array
description: >-
The bank-provided information concerning the relationship between
the user and an account.
items:
$ref: '#/components/schemas/PolishApiAccountPsuRelation'
description: >-
The provider account details required under the Polish API standard.
PolishApiAccountDetailsAuxDataEntry:
type: object
additionalProperties:
type: string
description: >-
Bank-defined | [*] – bank-dependent fields 0 .. n; each respective
data type is also bank-dependent (string, number, boolean, null/empty,
object, or array).
description: The bank-defined auxiliary data associated with the account.
PolishApiTransactionDetails:
type: object
properties:
accountBaseCurrency:
type: string
description: >-
The ISO 4217 three letter currency code for the
account's currency.
example: EUR
auxData:
$ref: '#/components/schemas/PolishApiTransactionDetails.AuxDataEntry'
baseCurrency:
type: string
description: >-
The ISO 4217 three letter currency code for the
transaction's currency.
example: EUR
cardInfo:
$ref: '#/components/schemas/PolishApiTransactionInfoCard'
currencyDate:
type: string
description: The transaction currency valuation date.
holdExpirationDate:
type: string
description: >-
The date the bank hold expires, in < ISO 8601 format.
example: '2022-11-12T17:00:00.000Z'
initiator:
$ref: '#/components/schemas/PolishApiNameAddress'
mcc:
type: string
description: The code for each transaction or operation performed by card.
example: 5699-V
postTransactionBalance:
type: string
description: The account balance after the transaction.
recipient:
$ref: '#/components/schemas/PolishApiSenderRecipient'
rejectionDate:
type: string
description: >-
The date, in ISO 8601 format, when the transaction was
rejected.
example: '2022-10-23T17:00:00.000Z'
rejectionReason:
type: string
description: The reason the transaction was rejected.
sender:
$ref: '#/components/schemas/PolishApiSenderRecipient'
taxInfo:
$ref: '#/components/schemas/PolishApiTransactionInfoTax'
tppName:
type: string
description: The name of the third-party provider.
example: Mario's Pizzas
tppTransactionId:
type: string
description: The TPP's unique transaction Identifier.
example: esaWvvr4l32iaDRqvrekkfwe212vsfvkcddEaVFaVR:4DVLaMVWER4VC6b
tradeDate:
type: string
description: >-
The date of the transaction operation, in ISO 8601 format.
example: '2022-11-30T17:00:00.000Z'
transactionRate:
type: array
items:
$ref: '#/components/schemas/PolishApiCurrencyRate'
transactionType:
type: string
description: The type of transaction.
example: CREDIT
default: CREDIT
enum:
- CREDIT
- DEBIT
usedPaymentInstrumentId:
type: string
description: >-
The unique identifier of the payment instrument used to execute the
transaction/payment instrument id.
zusInfo:
$ref: '#/components/schemas/PolishApiTransactionInfoZus'
description: >-
The provider transaction details required under the Polish API standard.
PolishApiTransactionDetails.AuxDataEntry:
type: object
additionalProperties:
type: string
description: >-
Bank-defined | [*] – bank-dependent fields 0 .. n; each respective
data type is also bank-dependent (string, number, boolean, null/empty,
object, or array).
description: The bank-defined auxiliary data associated with the account.
PolishApiTransferMetadata:
type: object
properties:
deliveryMode:
$ref: '#/components/schemas/PolishApiDeliveryMode'
hold:
type: boolean
description: >-
Indicates whether payment should be held until confirmation of
delivery.
format: boolean
example: false
default: false
description: >-
Transfer metadata required under the Polish API standard.
PolishApiSenderRecipient:
type: object
properties:
accountMassPayment:
type: string
description: >-
The settlement account number of the recipient/settlement account
name.
accountNumber:
type: string
description: The recipient's account number.
example: 87654321
bank:
$ref: '#/components/schemas/PolishApiBank'
nameAddress:
$ref: '#/components/schemas/PolishApiNameAddress'
description: Information about the recipient.
PolishApiSocialSecurityPayer:
type: object
properties:
additionalPayerId:
type: string
description: The payer's additional identification number.
additionalPayerIdType:
type: string
description: The type of additional payer id.
nip:
type: string
description: The payer's tax identification number.
example: '444433332211'
description: >-
The information associated with payer social security; i.e.,
Polish Security Institution (ZUS).
PolishApiTransactionInfoCard:
type: object
properties:
cardHolder:
type: string
description: The name of the cardholder.
example: Piotr Brama
cardNumber:
type: string
description: The card account number.
example: '5687243201834817'
description: The information about the card used in/for the transaction.
PolishApiTransactionInfoTax:
type: object
properties:
formCode:
type: string
description: The data for a tax transfer to the Tax Office or Customs Chamber.
example: 49DtA9CoF9qYzh77FA9nVrCn2jia:5zKtXEAq
obligationId:
type: string
description: >-
The identifier of the liability from which the tax is due;
e.g., decision, executive title, resolution.
example: DECISION
payerInfo:
$ref: '#/components/schemas/PolishApiPayer'
periodId:
type: string
description: The tax period number.
example: '11'
periodType:
type: string
description: The tax period type.
example: Month
year:
type: integer
description: The tax year (YYYY).
format: int32
example: 2022
description: The data for a tax transfer to the Tax Office or Customs Chamber.
PolishApiTransactionInfoZus:
type: object
properties:
contributionId:
type: string
description: The declaration number/contribution identifier.
contributionPeriod:
type: string
description: The declaration period/contribution period in MMYYYY format.
contributionType:
type: string
description: The contribution type.
obligationId:
type: string
description: The execution title number/obligation identifier or number.
payerInfo:
$ref: '#/components/schemas/PolishApiSocialSecurityPayer'
paymentTypeId:
type: string
description: The payment type identifier.
description: >-
Data information for transfers to ZUS.
PolishApiTypeOfProxy:
type: string
description: >-
The type of user's power of attorney for the payment account; required
when the relationship type is an account representative.
example: GENERAL
default: INVALID_TYPE_OF_PROXY
enum:
- INVALID_TYPE_OF_PROXY
- GENERAL
- SPECIAL
- ADMINISTRATOR
- USER
PolishApiTypeOfRelation:
type: string
description: The type of relation between the user and the account.
example: OWNER
default: INVALID_TYPE_OF_RELATION
enum:
- INVALID_TYPE_OF_RELATION
- OWNER
- BORROWER
- GUARANTOR
- PROXY_OWNER
- BENEFICIARY
- TRUSTEE
slovakApiCreditorAccountReference:
type: object
properties:
iban:
type: string
description: >-
The International Bank Account Number, used when sending interbank
transfers or wiring money from one bank to another, especially
across international borders. It consists of a two-letter country
code followed by two check digits and up to thirty-five alphanumeric
characters.
example: GB29NWBK60161331926819
bban:
type: string
description: >-
Represents a country-specific bank account number. The BBAN is the
last part of the IBAN when used for international funds transfers.
Every country has its own specific BBAN format and length. At
present, there is no common EU or other standard unifying the BBAN.
This is why IBAN was introduced to standardise international bank
transfers.
example: NWBK60161331926819
description: Information about the payee/creditor's account.
slovakApiDebtorAccountReference:
type: object
properties:
iban:
type: string
description: >-
The International Bank Account Number, used when sending interbank
transfers or wiring money from one bank to another, especially
across international borders. It consists of a two-letter country
code followed by two check digits and up to thirty-five alphanumeric
characters.
example: GB29NWBK60161331926819
bban:
type: string
description: >-
Represents a country-specific bank account number. The BBAN is the
last part of the IBAN when used for international funds transfers.
Every country has its own specific BBAN format and length. At
present, there is no common EU or other standard unifying the BBAN.
This is why IBAN was introduced to standardise international bank
transfers.
example: NWBK60161331926819
description: Information about the payer/debtor's account.
SlovakApiTransactionDetails:
type: object
properties:
creditorAccount:
$ref: '#/components/schemas/slovakApiCreditorAccountReference'
creditorName:
type: string
description: The name of creditor/payee.
debtorAccount:
$ref: '#/components/schemas/slovakApiDebtorAccountReference'
debtorName:
type: string
description: The name of the debtor/payer.
description: >-
Provider transaction details required under the Slovak Banking API Standard.
StetAccountIdentification:
type: object
properties:
currency:
type: string
description: >-
The ISO 4217 three letter currency code.
example: EUR
other:
$ref: '#/components/schemas/StetGenericIdentification'
description: Bank-defined account identifiers.
StetCreditorAccountReference:
type: object
properties:
iban:
type: string
description: >-
The International Bank Account Number, used when sending interbank
transfers or wiring money from one bank to another, especially
across international borders. It consists of a two-letter country
code followed by two check digits and up to thirty-five alphanumeric
characters.
example: GB29NWBK60161331926819
description: Information about the payee/creditor's account.
StetDebtorAccountReference:
type: object
properties:
iban:
type: string
description: >-
The International Bank Account Number, used when sending interbank
transfers or wiring money from one bank to another, especially
across international borders. It consists of a two-letter country
code followed by two check digits and up to thirty-five alphanumeric
characters.
example: GB29NWBK60161331926819
description: Information about the payer/debtor's account.
StetBeneficiary:
type: object
properties:
creditor:
$ref: '#/components/schemas/StetPartyIdentification'
creditorAccount:
$ref: '#/components/schemas/StetAccountIdentification'
creditorAgent:
$ref: '#/components/schemas/StetFinancialInstitutionIdentification'
id:
type: string
description: >-
The unique identification of an account, a person, or an
organisation assigned by an issuer.
description: The creditor or payee receiving the transfer.
StetClearingSystemMemberIdentification:
type: object
properties:
clearingSystemId:
type: string
description: >-
The specification of a pre-agreed offering between clearing agents
or the channel through which the payment instruction is processed.
memberId:
type: string
description: Identification of a member of a clearing system.
example: m:49DtA9CoF9qYzh77FA9nVrCn2jia:5zKtXEAq
description: >-
Identifies a member within a clearing system; to be used for certain
international credit transfers in order to identify the beneficiary
bank.
StetFinancialInstitutionIdentification:
type: object
properties:
bicFi:
type: string
description: >-
The code allocated to a financial institution by the ISO
9362 Registration Authority as described in ISO
9362 "Banking - Banking telecommunication messages - Business
identification code (BIC)".
clearingSystemMemberId:
$ref: '#/components/schemas/StetClearingSystemMemberIdentification'
name:
type: string
description: >-
The name by which the party is known and which is usually used to
identify that party.
example: Credit Bureau
postalAddress:
$ref: '#/components/schemas/StetPostalAddressCreditor'
description: >-
The unique and unambiguous identification of a financial institution, as
assigned under an internationally recognised or proprietary
identification scheme.
StetGenericIdentification:
type: object
properties:
identification:
type: string
description: The alias of the account.
issuer:
type: string
description: >-
The entity that assigned the identification; country code or any
organisation name or identifier that can be recognized by both
parties.
schemeName:
type: string
description: >-
The name of the identification scheme. Possible values for the
scheme name, partially based on ISO
20022 external code list, are (a) BANK
(BankPartyIdentification): Unique and unambiguous assignment made by
a specific bank or similar financial institution to identify a
relationship as defined between the bank and its client; (b) COID
(CountryIdentificationCode) : Country authority given organisation
identification; e.g., corporate registration number; (c) SREN
(SIREN): 9-digit code assigned by INSEE, the French National
Institute for Statistics and Economic Studies, to identify an
organisation in France; (d) SRET (SIRET): 14-digit code assigned by
INSEE, the French National Institute for Statistics and Economic
Studies, to identify an organisation unit in France; consists of the
SIREN number, followed by a five digit classification number, to
identify the local geographical unit of that entity; (e) NIDN
(NationalIdentityNumber): assigned by an authority to identify the
national identity number of a person. Other values are also
permitted, for instance: - OAUT (OAUTH2): OAUTH2 access token that
is owned by the Payment Initiation Service Provider (PISP) being
also an Account Information Service Provider (AISP) and that can be
used in order to identify the user - CPAN (CardPan): Card PAN.
description: Bank-defined account information.
StetPartyIdentification:
type: object
properties:
name:
type: string
description: >-
The name by which the party is known and which is usually used to
identify that party.
example: John Smith
organisationId:
$ref: '#/components/schemas/StetGenericIdentification'
postalAddress:
$ref: '#/components/schemas/StetPostalAddress'
privateId:
$ref: '#/components/schemas/StetGenericIdentification'
description: >-
The ISO 20022 information about the party; this can be
either a person or an organisation.
StetPaymentTypeInformation:
type: object
properties:
categoryPurpose:
type: string
description: >-
Specifies the high level purpose of the instruction based on a set
of pre-defined categories; used by the initiating party to provide
information concerning the processing of the payment and is likely
to trigger special processing by any of the agents involved in the
payment chain.
CASH -
CashManagementTransfer
CORT -
TradeSettlementPayment
DVPM -
DeliveryAgainstPayment
INTC -
IntraCompanyPayment
TREA -
TreasuryPayment
SUPP - SupplierPayment
example: DVPM
default: CASH
enum:
- CASH
- CORT
- DVPM
- INTC
- TREA
- SUPP
instructionPriority:
type: string
description: >-
Indicates the urgency or order of importance the instructing party
would like to apply to processing; can be ignored for SCTInst (SEPA
Instant).
example: SAMEDAY
localInstrument:
type: string
description: >-
Used to specify a local instrument, local clearing option and/or
further qualify the service or service level. For example, INST is
used to ask for SEPA instant Payment (SCTInst). For International
payments, this field may be valued with one of the ISO
20022 external codes to specify which payment instrument should
be used by the creditor's bank.
example: INST
serviceLevel:
type: string
description: Only SEPA is allowed.
example: SEPA
description: A set of elements used to further specify the type of transaction.
StetPostalAddress:
type: object
properties:
addressLine:
type: array
description: Up to 4 lines that capture the mailing address.
items:
type: string
example: Appartement 3a, 35 Rue de Bologne, Marseilles
country:
type: string
description: Two-letter country code in upper case (ISO 3166-1 alpha-2).
example: FR
description: Contains the mailing address of the creditor.
StetPostalAddressCreditor:
type: object
properties:
addressLine:
type: array
description: Up to 4 lines that capture the mailing address.
items:
type: string
example: 47 La Grande Rue, Paris
country:
type: string
description: Two-letter country code in upper case (ISO 3166-1 alpha-2).
example: FR
description: Contains the mailing address of the creditor.
StetRegulatoryReportingCodes:
type: object
properties:
regulatoryReportingCode:
type: array
description: Regulatory and statutory codes provided by the NCA.
items:
type: string
description: >-
Contains the list of needed regulatory reporting codes for international
payments.
StetAccountDetails:
type: object
properties:
accountId:
$ref: '#/components/schemas/StetAccountIdentification'
cashAccountType:
type: string
description: Specifies the type of account.
details:
type: string
description: >-
The bank-defined characteristics of the account or characteristics
of the card.
linkedAccount:
type: string
description: The relevant cash account that the card is set up on.
product:
type: string
description: >-
The bank-defined product name for this account; the proprietary
definition.
example: Green Savings Account
psuStatus:
type: string
description: >-
The relationship between the user and the account; e.g.,
Account Holder, Co-account Holder, Attorney.
example: Account Holder
usage:
type: string
description: >-
Specifies the usage of the account (PRIV = private personal account,
ORGA = professional account).
example: PRIV
description: >-
The provider account details required under the French PSD2 API
standard.
StetTransactionDetails:
type: object
properties:
creditorAccount:
$ref: '#/components/schemas/StetCreditorAccountReference'
creditorName:
type: string
description: The name of creditor/payee.
debtorAccount:
$ref: '#/components/schemas/StetDebtorAccountReference'
debtorName:
type: string
description: The name of the debtor/payer.
entryReference:
type: string
description: >-
The technical incremental identification of the transaction for
reconciliation by the TPP.
transactionDate:
type: string
description: >-
For card transaction - date of the commercial
transaction
for credit transfer - acquiring date of the
transaction
for direct debit - receiving date of the
transaction
valueDate:
type: string
description: The value date of the transaction on the account.
example: '2023-08-11'
description: >-
The provider account details required under the French PSD2 API
standard.
StetTransferMetadata:
type: object
properties:
beneficiary:
$ref: '#/components/schemas/StetBeneficiary'
debtorAgent:
$ref: '#/components/schemas/StetFinancialInstitutionIdentification'
endToEndId:
type: string
description: >-
The unique identification assigned by the initiating party to
unambiguously identify the transaction, which is passed on,
unchanged, throughout the entire end-to-end chain.
executionRule:
type: string
description: >-
The execution date-shifting rule when a recurring payment date falls
on a weekend or bank holiday; payment is then executed either the
"preceding" or "following" working day in accordance with bank
policy.
paymentTypeInformation:
$ref: '#/components/schemas/StetPaymentTypeInformation'
regulatoryReportingCodes:
$ref: '#/components/schemas/StetRegulatoryReportingCodes'
description: >-
Transfer metadata required under the French PSD2 API
standard.
Signature:
type: object
properties:
keyId:
type: string
description: >-
The id of the public key used to verify the signature. This is only
present if a `tokenId` is present. It can be used to validate that
the provided `tokenId` corresponds to the token request (this is
needed for Hosted Pages flows only).
example: CqSTHPvWY_dgVh-f
memberId:
type: string
description: The Token.io member id of the signing member.
example: m:nP4w3u5y8ddrxDJkjimgSX9e4fZ:5zKtXEAq
signature:
type: string
description: The Base64url-encoded ciphertext signature.
example: >-
ODRWmM0xMRM7CKmK3bNl4e2Kb2btavTbZssCsrHsu8yopoKxBzouBrD9q5-E63tgdV1DpB7i31vwNDKywA0CAE
description: >-
Contains information about the signing party. This is only present if a
`tokenId` is present. It can be used to validate that the provided
`tokenId` corresponds to the token request (this is needed for the
Hosted Pages flows only).
AccessBody:
type: object
properties:
resources:
type: array
items:
$ref: '#/components/schemas/AccessBodyResource'
transactionHistoryDays:
type: integer
description: The number of transaction history days.
format: int32
example: 4
description: >-
Contains the request payload for a token representing account
information access permissions.
AccessBodyResource:
type: object
properties:
account:
$ref: '#/components/schemas/AccessBodyResourceAccount'
balance:
$ref: '#/components/schemas/AccessBodyResourceAccountBalance'
fundsConfirmation:
$ref: '#/components/schemas/AccessBodyResourceFundsConfirmation'
standingOrders:
$ref: '#/components/schemas/AccessBodyResourceAccountStandingOrders'
transactions:
$ref: '#/components/schemas/AccessBodyResourceAccountTransactions'
transferDestinations:
$ref: '#/components/schemas/AccessBodyResourceTransferDestinations'
description: >-
The body case seeking access to one or more resources for a single
account.
AccessBodyResourceAccount:
type: object
properties:
accountId:
type: string
description: >-
The account number and associated information that identify a unique
bank account.
example: a:b6037206ca7311ed:afa1
description: Specifies the account and resource for which access is being requested.
AccessBodyResourceAccountBalance:
type: object
properties:
accountId:
type: string
description: >-
The account number and associated information that identify a unique
bank account.
example: '5291.27'
AccessBodyResourceAccountStandingOrders:
type: object
properties:
accountId:
type: string
description: The unique identifier for the bank account.
example: a:J72REftaRoiaDYRDU7M9FDgf8jeh3eqek9DvKeyBWbuA:3VMczyq7r7b6HwC
AccessBodyResourceAccountTransactions:
type: object
properties:
accountId:
type: string
description: The unique identifier for the bank account.
AccessBodyResourceFundsConfirmation:
type: object
properties:
accountId:
type: string
description: The unique identifier for the bank account.
example: a:J72REftaRoiaDYRDU7M9FDgf8jeh3eqek9DvKeyBWbuA:3VMczyq7r7b6HwC
AccessBodyResourceTransferDestinations:
type: object
properties:
accountId:
type: string
description: The unique identifier for the bank account.
example: a:J72REftaRoiaDYRDU7M9FDgf8jeh3eqek9DvKeyBWbuA:3VMczyq7r7b6HwC
ActingAs:
type: object
properties:
displayName:
type: string
description: >-
The name of the recipient shown to the user; required when
specifying `actingAs`, optional otherwise.
example: The Great Baking Co.
refId:
$ref: '#/components/schemas/refId'
secondaryName:
type: string
description: >-
The domain or email address of the recipient shown to the user along
with the `displayName`.
example: jane.doe@company.com
description: Specifies another party for whom the token was created 'on behalf of'.
refId:
type: string
description: >-
The TPP-generated reference identifier for the token. This is not to be
confused with the `requestId`. The `refId` maps to the `tppRefId` in the
bank's `consentRequest`. This is needed to match/verify the originating
token request with the bank's consent request. We recommend that
the `refId` should not contain special characters (the allowed
characters are the 26-letter Latin alphabet, the numerical digits from
0-9 and the hyphen '-'). This field should not exceed 18 characters in
length.
example: 9htio4a1sp2akdr1aa
ExternalAuthorizationDetails:
type: object
properties:
authorizationUrl:
type: string
description: >-
Content displayed from this URL prompts the user for permission to
initiate the standing order.
example: https://your-standing-order-credentials.com
description: Contains the external authorization details provided by the bank.
StandingOrderBody:
title: PIS - Standing Orders
type: object
required:
- amount
- currency
- instructions
properties:
amount:
type: string
description: >-
Specifies the transaction amount, with up to four digits after the
decimal point, for payments scheduled according to frequency.
example: '10.23'
currency:
type: string
description: >-
The ISO 4217 three letter currency code.
example: EUR
endDate:
type: string
description: >-
Date when regularly scheduled payments end, in ISO 8601 format.
example: '2022-09-13'
frequency:
type: string
description: >-
Specifies the ISO 20022 code for the scheduled frequency of
standing order payments occurring between the first and final
payments. Options:
DAIL - daily/once a day
WEEK -
weekly/once a week
TOWK - twice weekly/two times a
week
MNTH - monthly/once a month
TOMN - twice
monthly/two times a month
QUTR - quarterly/once every three
months
SEMI - semi-annually/twice a year
YEAR -
annually/once a year
example: WEEK
instructions:
$ref: '#/components/schemas/TransferInstructions'
remittanceReference:
type: string
description: >-
Creditor's reference for matching an entry with the items that the
transfer is intended to settle, such as commercial invoices in an
accounts receivable system.
example: 64vn6aDyMiwBYbPDN:5zKtXEAq
returnRefundAccount:
type: boolean
description: >-
Requests that a refund account be returned in the response of `GET
transfers` for any amounts refunded.
format: boolean
example: false
default: false
startDate:
type: string
description: >-
The date when the regularly scheduled payments will start; uses
YYYY-MM-DD or YYYYMMDD format.
example: '2022-09-13'
description: >-
Contains the request payload for a token representing a standing
order/recurring payment.
Token:
type: object
properties:
id:
type: string
description: >-
Identifies a unique authorization token for a transfer, standing
order, or account information access.
example: ta:3eYPU1BEKKunfmYgQuSKXFCeo851C5Y3XiZW3XA465TU:5zKtXEAq
payload:
$ref: '#/components/schemas/TokenPayload'
payloadSignatures:
type: array
items:
$ref: '#/components/schemas/TokenSignature'
description: Contains information about the payload signatures.
replacedByTokenId:
type: string
description: The id of the latest token replacing the original `tokenId`.
example: ta:BzFCFwVt5zrt6rdcHJK5imf2HXbGdVdyHKpWQZbgzL5s:qXTkpBAZVbXMxk9vi
tokenRequestId:
type: string
description: Identifies the original token request.
example: rq:ej5ACWNwi1EcqBeuDPc4Z8C4Bgc:5zKtXEAq
description: >-
Contains the details of each requested token returned according to the
request's filtering parameters
TokenMember:
required:
- id
type: object
properties:
alias:
$ref: '#/components/schemas/Alias'
id:
$ref: '#/components/schemas/id'
description: Contains information identifying the Token.io member.
id:
type: string
description: The Token.io-assigned `memberId` of the TPP.
example: m:nP4w3u5y8ddrxDJkjimgSX9e4fZ:5zKtXEAq
userRefId:
type: string
description: The Token.io-generated unique reference for the user.
example: 3jdaWmcewrj3MX0CDS
TokenOperationResult:
type: object
properties:
status:
$ref: '#/components/schemas/TokenOperationResultStatus'
token:
$ref: '#/components/schemas/Token'
description: Contains details about the canceled token.
TokenOperationResultStatus:
type: string
description: >-
Specifies the success or failure of the cancellation, the condition can
be avoided by using a PRIVILEGED signature, rather than LOW or STANDARD.
example: SUCCESS
default: INVALID
enum:
- INVALID
- SUCCESS
- MORE_SIGNATURES_NEEDED
TokenPayload:
type: object
oneOf:
- title: PIS - Payments
properties:
transfer:
$ref: '#/components/schemas/TransferBody'
- title: PIS - Standing Orders
properties:
standingOrder:
$ref: '#/components/schemas/StandingOrderBody'
- title: AIS
properties:
access:
$ref: '#/components/schemas/AccessBody'
properties:
actingAs:
$ref: '#/components/schemas/ActingAs'
authorizationMetadata:
$ref: '#/components/schemas/TokenPayloadAuthorizationMetadataEntry'
description:
type: string
description: >-
Description of the payment with the following qualifiers
must
not contain special characters
length must be no greater
than 255 characters
the description in a subsequent call
must match description in originating request
the
description omitted in originating request must also be omitted in
subsequent calls
the description omitted in subsequent call
will be replaced with `refId`, this field maps to the description in
the bank's `consentRequest` presented to the user. **Warning** -
If the description in a subsequent token request for
lookups/changes/updates (retrieve, redeem, or cancel) doesn't match
the description in the originating token request, an exception is
thrown.
example: This describes the payment.
effectiveAtMs:
type: string
description: >-
Sets when the token took effect in milliseconds, 1 day (24 hours) =
8640000000, 1 hour = 36000000, and 1 minute = 60000
format: string
example: '1523514000'
endorseUntilMs:
type: string
description: >-
The token can be endorsed until this time in milliseconds, 1 day (24
hours) = 8640000000, 1 hour = 36000000, and 1 minute = 60000
format: string
example: '254800000'
expiresAtMs:
type: string
description: >-
Token expiration date-time. Access tokens typically have a 90-day
lifespan unless overridden by `tokenExpiration` in the original
token request. For transfer tokens, this is a bank-optional
expiration time. Note - Not all banks support the override of the
90-day default
format: string
example: '29671679919284586'
from:
$ref: '#/components/schemas/TokenMember'
initiatorId:
type: string
description: The `memberId` of the member that requested the token creation.
example: m:ej5ACWNwi1EcqBeuDPc4Z8C4Bgc:5zKtXEAq
issuer:
$ref: '#/components/schemas/TokenMember'
receiptRequested:
type: boolean
description: >-
Indicates whether the TPP requested an email confirmation of the
token request be sent to the user.
format: boolean
example: false
default: false
refId:
$ref: '#/components/schemas/refId'
to:
$ref: '#/components/schemas/TokenMember'
tokenRequestId:
type: string
description: >-
Identifies the original token request. The value returned in the
response to the original token request as the id.
example: rq:ej5ACWNwi1EcqBeuDPc4Z8C4Bgc:5zKtXEAq
version:
type: string
description: Token.io API version number
example: '1.0'
description: Contains the details about the token specified by id.
TokenPayloadAuthorizationMetadataEntry:
type: object
additionalProperties:
type: string
description: Bank-defined authorization property.
description: Bank-defined additional authorization properties.
TokenRequest:
type: object
properties:
id:
type: string
description: >-
Identifies the token request and is used by the TPP as `requestId`.
Add to the base URL to define the endpoint for subsequent requests.
example: rq:ej5ACWNwi1EcqBeuDPc4Z8C4Bgc:5zKtXEAq
requestOptions:
$ref: '#/components/schemas/TokenRequestOptions'
requestPayload:
$ref: '#/components/schemas/TokenRequestPayload'
description: Contains the response to the submitted request.
TokenRequestOptions:
required:
- to
type: object
properties:
bankId:
$ref: '#/components/schemas/bankId'
from:
$ref: '#/components/schemas/TokenMember'
psuId:
type: string
description: >-
The unique identifier for the bank customer (account holder)
providing consent to initiate the request. Recommended to identify
group payments initiated by the same user.
example: a:TASDo3124fcsmF0vsmdv4mf4mklsdwls3mcixz14fkasdv5
receiptRequested:
type: boolean
description: Requests email confirmation of the token request.
format: boolean
example: false
default: false
tokenInternal:
$ref: '#/components/schemas/TokenRequestOptionsTokenInternal'
description: Specifies optional request parameters.
TokenRequestOptionsTokenInternal:
required:
- redirecturl
type: object
properties:
redirectUrl:
type: string
description: This URL redirects the user after bank authentication.
example: http://psu-redirect.com
usingWebApp:
type: boolean
description: >-
If true, this launches the Hosted Pages credentials URL instead of
the bank authorization URL.
format: boolean
example: false
default: false
description: Contains information about the redirect url and Hosted Pages.
TokenRequestPayload:
type: object
required:
- refId
- to
- id
- redirectUrl
oneOf:
- title: PIS - Payments
required:
- transferBody
properties:
transferBody:
$ref: '#/components/schemas/TokenRequestPayloadTransferBody'
- title: PIS - Standing Orders
required:
- standingOrderBody
properties:
standingOrderBody:
$ref: '#/components/schemas/StandingOrderBody'
- title: AIS
required:
- accessBody
properties:
accessBody:
$ref: '#/components/schemas/TokenRequestPayloadAccessBody'
tokenExpiration:
type: string
description: >-
Sets the requested consent expiration for access requests in
Unix epoch format. Not all banks support customising the consent
expiration or overriding the default. For banks in the EU, the
PSD2 regulations specify a default consent period of 180 days.
For UK banks, the tokens are long-lived with no default expiry
date. The TPP must confirm with the end user every 90 days to
ensure that access should continue. We recommend sending this
parameter to UK banks to ensure an appropriate consent expiry
period is set.
format: string
example: '1679009247'
properties:
actingAs:
$ref: '#/components/schemas/ActingAs'
callbackState:
$ref: '#/components/schemas/callbackState'
countries:
type: array
description: >-
Specifies the destination country or countries, using the two-letter
country code in upper case (ISO 3166-1 alpha-2). This is used to
limit the number of countries displayed in the Hosted Pages for user
selection.
example:
- DE
- IT
- RO
items:
type: string
description:
type: string
description: >-
Description of the payment with the following
qualifiers:
must comply with the constraint imposed by the
bank
length must be no greater than 255
characters
description in a subsequent call must match
description in originating request
description omitted in
originating request must also be omitted in subsequent
calls
description omitted in subsequent call will be
replaced with `refId`
the description field maps to
`description` in the bank's `consentRequest` presented to the
user
example: A regular payment
disableFutureDatedPaymentConversion:
type: boolean
description: >-
This field determines whether a payment can been converted from a
single immediate payment to a future dated payment. If set to false,
payments can be converted.
format: boolean
example: false
default: false
redirectUrl:
type: string
description: This URL redirects the user after bank authentication.
example: http://psu-redirect.com
refId:
$ref: '#/components/schemas/refId'
to:
$ref: '#/components/schemas/TokenMember'
userRefId:
$ref: '#/components/schemas/userRefId'
description: Contains the details for obtaining the requested token.
TokenRequestPayloadAccessBody:
type: object
properties:
resourceTypeList:
$ref: '#/components/schemas/TokenRequestPayloadAccessBodyResourceTypeList'
transactionHistoryDays:
type: integer
description: The number of transaction history days.
format: int32
example: 4
description: >-
Contains the request payload for a token representing account
information access permissions.
TokenRequestPayloadAccessBodyResourceType:
type: string
description: >-
Specifies the account resources included in the request.
ACCOUNTS
– list of accounts with associated names
BALANCES – current
balance of each requested account
TRANSACTIONS – recorded
account activity in terms of debits and
credits
TRANSFER_DESTINATIONS – account number and sort code,
where applicable
STANDING_ORDERS – recorded account activity for
the standing order
example: BALANCES
enum:
- ACCOUNTS
- BALANCES
- TRANSACTIONS
- TRANSFER_DESTINATIONS
- STANDING_ORDERS
TokenRequestPayloadAccessBodyResourceTypeList:
type: object
required:
- resources
properties:
resources:
type: array
description: >-
Specifies the account resources included in the request. When
`resourceTypeList` is used, the `resources` array is required and
can’t be empty.
items:
$ref: '#/components/schemas/TokenRequestPayloadAccessBodyResourceType'
source:
$ref: >-
#/components/schemas/TokenRequestPayloadAccessBodyResourceTypeListSourceAccount
description: >-
Contains the account resources being requested for access related to
multiple accounts.
TokenRequestPayloadAccessBodyResourceTypeListSourceAccount:
type: object
properties:
accountIdentifier:
$ref: '#/components/schemas/AccountIdentifier'
currency:
type: string
description: >-
The ISO 4217 three letter currency code.
example: EUR
TokenRequestPayloadTransferBody:
type: object
required:
- currency
- lifetimeAmount
- instructions
properties:
confirmFunds:
type: boolean
description: If true, sufficient funds available for transfer are confirmed.
format: boolean
example: false
default: false
currency:
type: string
description: >-
The ISO 4217 three letter currency code.
example: EUR
executionDate:
type: string
description: >-
Specifies the execution date for the transfer (in ISO 8601 format).
example: '2023-02-28'
instructions:
$ref: '#/components/schemas/TransferInstructions'
lifetimeAmount:
type: string
description: >-
The total amount, with up to four digits after the decimal point,
transferred over the life of the token.
example: '10000.00'
remittanceReference:
type: string
description: >-
The creditor's reference for matching an entry with the items that
the transfer is intended to settle, such as commercial invoices in
an accounts receivable system.
example: MFt6s64vn6aDyMiwBA3
returnRefundAccount:
type: boolean
description: >-
Requests that a refund account be returned in the response of `GET
transfers` for any amounts refunded.
format: boolean
example: false
default: false
setTransferDestinationsUrl:
type: string
description: destination.url.com
description: Contains the financial details of the transfer.
TokenRequestResultStatus:
type: string
description: >-
The current result of the token request. This field is always populated.
PENDING - consent is not authorized by the user.
PROCESSED - consent was successfully authorized by the
user.
REJECTED - consent has been rejected (the reason
usually can be found in the `statusReasonInformation`
field).
EXPIRED - the token request has expired and
cannot be used anymore (consent can be in any state - authorized/not
authorized yet/rejected - at this point).
example: PROCESSED
enum:
- PENDING
- PROCESSED
- REJECTED
- EXPIRED
TokenSignature:
type: object
properties:
action:
$ref: '#/components/schemas/TokenSignatureAction'
signature:
$ref: '#/components/schemas/Signature'
description: Contains the respective verified digital signatures for the payload.
tokenId:
type: string
description: >-
Identifies a unique authorization token for a transfer, standing order
or account information access.
example: tt:8zK1dic95omjWb72gvc3z3ELKbTNfnGd89MbDnM73er4:ZhBVAJSH8DeU1
statusReasonInformation:
type: string
description: >-
A human-readable description of the reason for the reported status,
which may include a message from the bank, This value should not exceed
256 characters in length.
example: The token request is processing.
TokenSignatureAction:
type: string
description: Specifies the signature validation action.
example: ENDORSED
default: INVALID
enum:
- INVALID
- ENDORSED
- CANCELED
TransferBody:
type: object
required:
- currency
- lifetimeAmount
- instructions
properties:
amount:
type: string
description: >-
The transaction amount with up to four digits after the decimal
point.
example: '10.23'
attachments:
type: array
description: >-
Contains optional provider blob objects supporting the
transfer/transaction.
items:
$ref: '#/components/schemas/Attachment'
confirmFunds:
type: boolean
description: If true, sufficient funds available for transfer are confirmed.
format: boolean
example: false
default: false
currency:
type: string
description: >-
The ISO 4217 three letter currency code.
example: EUR
executionDate:
type: string
description: >-
Specifies the execution date for the transfer (in ISO 8601 format).
example: '2022-04-29'
instructions:
$ref: '#/components/schemas/TransferInstructions'
lifetimeAmount:
type: string
description: >-
The total amount over the life of the token, with up to four digits
after the decimal point.
remittanceReference:
type: string
description: >-
The creditor's reference for matching an entry with the items that
the transfer is intended to settle, such as commercial invoices in
an accounts receivable system.
example: r3VsMFt6s64vn64b66asaDyMiwB
returnRefundAccount:
type: boolean
description: >-
Requests that a refund account be returned in the response of `GET
transfers` for any amounts refunded.
format: boolean
example: false
default: false
description: >-
Contains the request payload for a transfer token representing a
one-time payment.
Balance:
type: object
properties:
accountId:
type: string
description: The unique identifier for the account.
example: a:8DbPteGnytmMbKXdnWTReeRB6cYWKXZ84JgLTBC7fKL4:5zKcENpV4
available:
allOf:
- description: The account's balance available to the account holder.
- $ref: '#/components/schemas/Money'
current:
allOf:
- description: The account's total current balance, both available and on-hold.
- $ref: '#/components/schemas/Money'
otherBalances:
type: array
description: >-
Other bank-defined balances associated with the account, where
applicable.
items:
$ref: '#/components/schemas/BalanceTypedBalance'
description: >-
Relevant information associated with the monetary balance of an
individual account.
BalanceTypedBalance:
type: object
properties:
amount:
allOf:
- description: The balance currency and value.
- $ref: '#/components/schemas/Money'
type:
type: string
description: A bank-defined type of other balance.
example: Trial
updatedAtMs:
type: string
description: >-
The last update timestamp in milliseconds, 1 day (24 hours) =
8640000000, 1 hour = 36000000, and 1 minute = 60000
format: string
example: '581458935'
BankTransactionCode:
type: object
properties:
domain:
$ref: '#/components/schemas/BankTransactionCodeDomain'
proprietary:
$ref: '#/components/schemas/BankTransactionCodeProprietary'
description: >-
The Bank transaction code, created using the sub-elements of the
structured code defined by ISO
20022; it concatenates the three ISO 20022 Codes - Domain Code,
Family Code, and SubFamiliy Code by hyphens, resulting in
'DomainCode'-'FamilyCode'-'SubFamilyCode'; e.g.,
"PMNT-RDDT-ESDD".
BankTransactionCodeDomain:
type: object
properties:
code:
type: string
description: The domain code.
example: PMNT
familyCode:
type: string
description: The family code.
example: RCDT
subFamilyCode:
type: string
description: The sub-family code.
example: ESCT
description: >-
Bank transaction code using the sub-elements of the structured code
defined by ISO 20022. It concatenates the three ISO 20022
Codes: Domain Code, Family Code, and SubFamiliy Code with hyphens,
resulting in 'DomainCode'-'FamilyCode'-'SubFamilyCode'; e.g.,
"PMNT-RDDT-ESDD".
BankTransactionCodeProprietary:
type: object
properties:
code:
type: string
description: The bank code.
example: XXXX
issuer:
type: string
description: The issuer code.
example: XXXX
description: >-
A bank transaction code used within a community or within a bank;
e.g., for MT94x based transaction reports.
RequestStatus:
type: string
description: Specifies the status of the request.
example: SUCCESSFUL_REQUEST
default: INVALID_REQUEST
enum:
- INVALID_REQUEST
- SUCCESSFUL_REQUEST
- MORE_SIGNATURES_NEEDED
VirtualAccountTransactions:
type: object
properties:
amount:
allOf:
- description: The transaction currency and value.
- $ref: '#/components/schemas/Money'
providerPaymentId:
type: string
description: >-
The settlement account provider-assigned unique transaction
identifier.
example: 83KiRJuXm
createdDateTime:
type: string
description: >-
The date and time this refund object was created (in ISO 8601 format).
example: '2017-04-05T10:43:07.000+00:00'
description:
type: string
description: The description of the transaction.
example: Payment
transactionType:
$ref: '#/components/schemas/TransactionType'
localInstrument:
type: string
description: The bank's payment service to be used for making a payment.
example: SEPA_INSTANT
enum:
- SEPA
- SEPA_INSTANT
- FASTER_PAYMENTS
debtor:
$ref: '#/components/schemas/DebtorInformation'
creditor:
$ref: '#/components/schemas/CreditorInformation'
refId:
$ref: '#/components/schemas/refId'
description: Information about the requested transaction.
VirtualAccountTransaction:
type: object
properties:
amount:
allOf:
- description: The transaction currency and value.
- $ref: '#/components/schemas/Money'
providerPaymentId:
type: string
description: >-
The settlement account provider-assigned unique transaction
identifier.
example: 83KiRJuXm
createdDateTime:
type: string
description: >-
The date and time this refund object was created (in ISO 8601 format).
example: '2017-04-05T10:43:07.000+00:00'
description:
type: string
description: The description of the transaction.
example: Payment
transactionType:
$ref: '#/components/schemas/TransactionType'
localInstrument:
type: string
description: The bank's payment service to be used for making a payment.
example: SEPA_INSTANT
enum:
- SEPA
- SEPA_INSTANT
- FASTER_PAYMENTS
debtor:
$ref: '#/components/schemas/DebtorInformation'
creditor:
$ref: '#/components/schemas/CreditorInformation'
refId:
$ref: '#/components/schemas/refId'
transferId:
type: string
description: The transfer identifier for the transaction.
example: t:2UhwCZ3BMaEcAUK8bZdukor7NL4tH6TBuu6aJMp5KKfX:5zKcENpV
paymentId:
type: string
description: The V2 payment identifier for the transaction.
example: pm2:2UhwCZ3BMaEcAUK8bZdukor7NL4tH6TBuu6aJMp5KKfX:5zKcENpV
refundId:
type: string
description: The refund payment identifier for the transaction.
example: rf:2UhwCZ3BMaEcAUK8bZdukor7NL4tH6TBuu6aJMp5KKfX:5zKcENpV
payoutId:
type: string
description: The payout identifier for the transaction.
example: po:2UhwCZ3BMaEcAUK8bZdukor7NL4tH6TBuu6aJMp5KKfX:5zKcENpV
description: Information about the requested transaction.
Transaction:
type: object
required:
- amount
- createdAtMs
- description
- id
- status
- tokenId
- type
properties:
amount:
allOf:
- description: >-
The transaction currency and value. The `amount` is only
displayed if a transaction is returned.
- $ref: '#/components/schemas/Money'
bankTransactionCode:
$ref: '#/components/schemas/BankTransactionCode'
bankTransactionId:
type: string
description: The bank-assigned unique identifier for the transaction.
example: 83KiRJuXmEDV5m2b8ZvLGE91ELf7PPw5BaDab98kMguu:3VMczyq7r7b6HwC
createdAtMs:
type: string
description: >-
Specifies the time the transfer was created; timestamp (UTC) in
milliseconds, 1 day (24 hours) = 8640000000, 1 hour = 36000000, and
1 minute = 60000.
format: string
example: 1729212980771
creditorEndpoint:
$ref: '#/components/schemas/TransferCreditorEndpoint'
description:
type: string
description: The description of the transaction.
example: Payment
id:
type: string
description: The transaction identifier; transaction id.
example: tt:83KiRJuXmEDV5m2b8ZvLGE91ELf7PPw5BaDab98kMguu:3VMczyq7r7b6HwC
metadata:
$ref: '#/components/schemas/MetadataEntry'
providerTransactionDetails:
$ref: '#/components/schemas/ProviderTransactionDetails'
status:
$ref: '#/components/schemas/TransactionStatus'
tokenId:
type: string
description: Identifies the authorization token for the transfer.
example: tt:8zK1dic95omjWb72gvc3z3ELKbTNfnGd89MbDnM73er4:ZhBVAJSH8DeU1
tokenTransferId:
type: string
description: The transfer identifier for the payment.
example: t:2UhwCZ3BMaEcAUK8bZdukor7NL4tH6TBuu6aJMp5KKfX:5zKcENpV
type:
$ref: '#/components/schemas/TransactionType'
description: Information about the requested transaction.
MetadataEntry:
type: object
additionalProperties:
type: string
description: >-
Bank-defined | [*] – bank-dependent fields 0 .. n; each respective
data type is also bank-dependent (string, number, boolean, null/empty,
object, or array).
description: The bank-defined data associated with the account.
TransactionStatus:
title: TransactionStatus
type: string
example: PROCESSING
description: >-
Filters by transaction status.
PROCESSING – This status
indicates that the transaction is in process and that the final status
has not been received from the bank.
SUCCESS – This
status indicates that successful payment initiation has been received
from the bank. Settlement might not be complete.
INITIATED – This status is set when the previous status has
remained as `PROCESSING` for 30 days and cannot be updated. The
transaction has been initiated but the result is unknown. This is the
final status and will not get updated later because Token.io has stopped
polling the bank. This status is also returned in a two-step
payment flow in the event that a user’s request has been authorized at
the bank but the payment confirmation has subsequently failed.
PENDING – This status indicates that the user has
successfully completed the authorization process at the bank and the
transfer is pending redemption. This status is only relevant for
two-step payment flows.
PENDING_EXTERNAL_AUTHORIZATION –
This status indicates that the user has been sent to the bank to
complete the authorization process. If not completed within the allowed
timeframe (usually around 15 mins, but there are variations between
banks) the transaction will expire and transition to `FAILURE_EXPIRED`.
This status is only relevant for 1-step payment flows.
FAILURE_GENERIC – This status usually indicates a technical
failure. Possibly, a failure callback was received from the bank, with
no transaction status and no further information.
FAILURE_PERMISSION_DENIED – This status indicates that the
user has been denied authorization at the bank This status is only
relevant for two-step payment flows.
FAILURE_CANCELED –
This status indicates that the payment initiation has been cancelled
before execution.
FAILURE_EXPIRED – This status
indicates that the user did not complete the authorization process
within the allowed timeframe (usually around 15 mins, but there are
variations between banks) and the payment has expired.
FAILURE_INSUFFICIENT_FUNDS – This status indicates that the
payment initiation request has been rejected due to insufficient
funds.
FAILURE_DECLINED – This status indicates that the
payment initiation has been rejected by the bank.
SETTLEMENT_IN_PROGRESS – This status is provided when a
Token.io settlement account is used as the beneficiary for the payment,
and replaces the payment initiation status. Token.io is waiting for the
payment to reach the payee bank. No action is required; await the next
step, e.g., Token.io sends a webhook with the status update, or a
polling call. The status will change to `SETTLEMENT_IN_PROGRESS` soon
after Token.io receives the final status from the debtor bank.
SETTLEMENT_COMPLETED – This status is provided when a
Token.io settlement account is used as the beneficiary for the payment,
and replaces the payment initiation status. The payment has reached the
payee bank and Token.io has matched the transaction in the TPP’s
settlement account to the initiated payment. For instant payments,
`SETTLEMENT_COMPLETED` will be achieved within 30-45 minutes from
payment initiation, at the latest. For non-instant payments, the time to
reach `SETTLEMENT_COMPLETED` will depend on the clearing period for the
payment.
SETTLEMENT_INCOMPLETE – This status is provided
when a Token.io settlement account is used as the beneficiary for the
payment, and replaces the payment initiation status. Reconciliation has
failed. This happens when Token.io doesn't find the corresponding
transaction in the TPP’s settlement account
automatically.
During settlement of a settlement accounts
payment, the status update job will run first for up to 30 days. Payment
will then enter into a 'final' status, normally `SUCCESS`. Once the
status update job has run, the reconciliation job looks for matching
inbound payments. For SEPA payments:
if a matching inbound
payment is found within 15 days of the final payment status update ->
`SETTLEMENT_COMPLETED`
if no matching inbound payment is found
within 15 days of the final payment status update ->
`SETTLEMENT_INCOMPLETE`
For SEPA Instant payments:
if a
matching inbound payment is found within 1 day of the final payment
status update -> `SETTLEMENT_COMPLETED`
if no matching inbound
payment is found within 1 day of the final payment status update ->
`SETTLEMENT_INCOMPLETE`
enum:
- PROCESSING
- SUCCESS
- INITIATED
- PENDING
- PENDING_EXTERNAL_AUTHORIZATION
- FAILURE_GENERIC
- FAILURE_PERMISSION_DENIED
- FAILURE_CANCELED
- FAILURE_EXPIRED
- FAILURE_INSUFFICIENT_FUNDS
- FAILURE_DECLINED
- SETTLEMENT_IN_PROGRESS
- SETTLEMENT_COMPLETED
- SETTLEMENT_INCOMPLETE
TransactionType:
type: string
description: Specifies the type of transaction.
default: INVALID_TYPE
enum:
- INVALID_TYPE
- DEBIT
- CREDIT
TransferRefund:
type: object
properties:
remainingRefundAmount:
allOf:
- description: >-
The currency and value of the original amount minus the total
amount refunded (includes items in processing).
- $ref: '#/components/schemas/Money'
settledRefundAmount:
allOf:
- description: The currency and value of the amount successfully refunded.
- $ref: '#/components/schemas/Money'
transferRefundStatus:
$ref: '#/components/schemas/TransferRefundStatus'
description: >-
Contains details of the refunded amount settled, the transfer balance
remaining, and whether initiated.
TransferRefundStatus:
type: string
description: Indicates the status of the initiated refund payout.
example: PARTIAL
default: UNSET
enum:
- UNSET
- NONE
- PARTIAL
- FULL
Transfer:
type: object
properties:
actingAs:
$ref: '#/components/schemas/ActingAs'
convertedToFutureDatedPayment:
type: boolean
description: >-
Indicates whether a transfer is from an auto single immediate
payment coinciding with the bank's out-of-operation hours was
converted to a future dated payment
format: boolean
example: false
default: false
createdAtMs:
type: string
description: >-
Specifies the time the transfer was created; timestamp (UTC) in
milliseconds, 1 day (24 hours) = 8640000000, 1 hour = 36000000, and
1 minute = 60000.
format: string
example: 1729212980771
executionDate:
type: string
description: >-
Specifies the execution date for the transfer (in ISO 8601 format).
example: '2023-01-28'
id:
type: string
description: The `transferId` computed as the hash of the transfer payload.
example: tt:83KiRJuXmEDV5m2b8ZvLGE91ELf7PPw5BaDab98kMguu:3VMczyq7r7b6HwC
payload:
$ref: '#/components/schemas/TransferPayload'
payloadSignatures:
type: array
items:
$ref: '#/components/schemas/Signature'
providerDetails:
$ref: '#/components/schemas/ProviderTransferDetails'
refund:
$ref: '#/components/schemas/RefundInfo'
refundDetails:
$ref: '#/components/schemas/TransferRefund'
source:
$ref: '#/components/schemas/TransferDebtorEndpointResponse'
status:
$ref: '#/components/schemas/TransactionStatus'
statusReasonInformation:
type: string
description: >-
A human-readable description of the reason for the reported status,
which may include a message from the bank. This value should not
exceed 256 characters in length.
example: This transfer is processing.
transactionId:
type: string
description: The unique transaction identifier; the transaction id.
example: 2UhwCZ3BMaEcAUK8bZdukor7NL4tH6TBuu6aJMp5KKfX:5zKcENpV
description: Information about each respective transfer record requested.
TransferPayload:
type: object
required:
- tokenId
- refId
- amount
properties:
amount:
allOf:
- description: The transaction currency and value.
- $ref: '#/components/schemas/MoneyRequest'
confirmFunds:
type: boolean
description: Requests confirmation that sufficient funds are available.
format: boolean
example: false
default: false
description:
type: string
description: A description of the transfer.
metadata:
$ref: '#/components/schemas/Metadata'
refId:
$ref: '#/components/schemas/refId'
tokenId:
type: string
description: Identifies the authorization token for the transfer.
example: tt:8zK1dic95omjWb72gvc3z3ELKbTNfnGd89MbDnM73er4:ZhBVAJSH8DeU1
transferDestinations:
title: transferDestinations
type: array
description: >-
The beneficiary account specifying the transfer destination;
i.e., TPP/merchant/creditor.
items:
$ref: '#/components/schemas/TransferDestination'
description: Contains the financial details of the transfer.
TransferPayloadRequest:
type: object
required:
- tokenId
properties:
amount:
allOf:
- description: The transaction currency and value.
- $ref: '#/components/schemas/MoneyRequest'
confirmFunds:
type: boolean
description: Requests confirmation that sufficient funds are available.
format: boolean
example: false
default: false
description:
type: string
description: >-
A description of the transfer. **Warning**: If the description
in a subsequent token request for lookups/changes/updates (retrieve,
redeem, or cancel) doesn't match the description in the originating
token request, an exception will be thrown.
metadata:
$ref: '#/components/schemas/Metadata'
refId:
$ref: '#/components/schemas/refId'
tokenId:
type: string
description: Identifies the authorization token for the transfer.
example: tt:8zK1dic95omjWb72gvc3z3ELKbTNfnGd89MbDnM73er4:ZhBVAJSH8DeU1
transferDestinations:
type: array
description: >-
The beneficiary account specifying the transfer destination;
i.e., TPP/merchant/creditor.
items:
$ref: '#/components/schemas/TransferDestinationRequest'
description: Contains the financial details of the transfer.
ChargeBearer:
type: string
description: >-
The bearer of the charge, if any, for international transfers.
CRED - all charges are borne by the creditor.
DEBT - all charges are borne by the debtor.
SHAR - the parties share the charges.
SLEV -
each party bears its own charges, recommended on SEPA
payments.
example: CRED
default: INVALID_CHARGE_BEARER
enum:
- INVALID_CHARGE_BEARER
- CRED
- DEBT
- SHAR
- SLEV
CustomerData:
type: object
properties:
address:
$ref: '#/components/schemas/AddressInfo'
legalNames:
type: array
description: The legal owner name for the account.
example: Mr John Arthur Smith
items:
type: string
description: >-
Specifies the legal identity information for the account. This
information is not required for settlement accounts.
CustomerDataDebtor:
type: object
required:
- legalNames
properties:
address:
$ref: '#/components/schemas/AddressInfo'
legalNames:
type: array
description: Legal owner name for the debtor account.
example: Mr John Arthur Smith
items:
type: string
description: Specifies the legal identity information for the payer/customer.
CustomerDataDebtorResponse:
type: object
properties:
address:
$ref: '#/components/schemas/AddressInfo'
legalNames:
type: array
description: Legal owner name for the debtor account.
example: Mr John Arthur Smith
items:
type: string
description: Specifies the legal identity information for the payer/customer.
CustomerDataCreditor:
type: object
required:
- legalNames
properties:
address:
$ref: '#/components/schemas/AddressInfo'
legalNames:
type: array
description: The legal owner name for the creditor account.
example: Mr John Arthur Smith
items:
type: string
description: >-
Specifies the legal identity information for the payee. This information
is not required for settlement accounts.
TransferDestination:
required:
- customerData
- sepa
- sepaInstant
- fasterPayments
- plusgiro
- bankgiro
- elixir
- euDomesticNonEuro
- euDomesticNonEuroInstant
- virtualAccount
properties:
customerData:
$ref: '#/components/schemas/CustomerDataCreditor'
type:
$ref: '#/components/schemas/TransferDestinationType'
oneOf:
- title: sepa
properties:
sepa:
$ref: '#/components/schemas/TransferDestinationSepa'
- title: sepaInstant
properties:
sepaInstant:
$ref: '#/components/schemas/TransferDestinationSepaInstant'
- title: fasterPayments
properties:
fasterPayments:
$ref: '#/components/schemas/TransferDestinationFasterPayments'
- title: elixir
properties:
elixir:
$ref: '#/components/schemas/TransferDestinationElixir'
- title: euDomesticNonEuro
properties:
euDomesticNonEuro:
$ref: '#/components/schemas/TransferDestinationEuDomesticNonEuro'
- title: euDomesticNonEuroInstant
properties:
euDomesticNonEuroInstant:
$ref: '#/components/schemas/TransferDestinationEuDomesticNonEuroInstant'
- title: bankgiro
properties:
bankgiro:
$ref: '#/components/schemas/TransferDestinationBankgiro'
- title: plusgiro
properties:
plusgiro:
$ref: '#/components/schemas/TransferDestinationPlusgiro'
- title: token
properties:
token:
$ref: '#/components/schemas/TransferDestinationToken'
- title: virtualAccount
properties:
virtualAccount:
$ref: '#/components/schemas/TransferDestinationVirtualAccount'
description: >-
The beneficiary account specifying the transfer destination, i.e.
TPP/merchant/creditor bank.
TransferDestinationRequest:
required:
- customerData
- sepa
- sepaInstant
- fasterPayments
- plusgiro
- bankgiro
- elixir
- euDomesticNonEuro
- euDomesticNonEuroInstant
- virtualAccount
properties:
customerData:
$ref: '#/components/schemas/CustomerData'
type:
$ref: '#/components/schemas/TransferDestinationType'
oneOf:
- title: sepa
properties:
sepa:
$ref: '#/components/schemas/TransferDestinationSepa'
- title: sepaInstant
properties:
sepaInstant:
$ref: '#/components/schemas/TransferDestinationSepaInstant'
- title: fasterPayments
properties:
fasterPayments:
$ref: '#/components/schemas/TransferDestinationFasterPayments'
- title: elixir
properties:
elixir:
$ref: '#/components/schemas/TransferDestinationElixir'
- title: euDomesticNonEuro
properties:
euDomesticNonEuro:
$ref: '#/components/schemas/TransferDestinationEuDomesticNonEuro'
- title: euDomesticNonEuroInstant
properties:
euDomesticNonEuroInstant:
$ref: '#/components/schemas/TransferDestinationEuDomesticNonEuroInstant'
- title: bankgiro
properties:
bankgiro:
$ref: '#/components/schemas/TransferDestinationBankgiro'
- title: plusgiro
properties:
plusgiro:
$ref: '#/components/schemas/TransferDestinationPlusgiro'
- title: token
properties:
token:
$ref: '#/components/schemas/TransferDestinationToken'
- title: virtualAccount
properties:
virtualAccount:
$ref: '#/components/schemas/TransferDestinationVirtualAccount'
description: >-
The beneficiary account specifying the transfer destination, i.e.
TPP/merchant/creditor bank.
TransferDestinationBankgiro:
title: bankgiro
allOf:
- description: The identifier for domestic bank accounts in Sweden.
- $ref: '#/components/schemas/BankGiroAccount'
TransferDestinationCustom:
type: object
properties:
bankId:
$ref: '#/components/schemas/bankId'
payload:
type: string
description: The transfer payload.
example: sdfjds12-f85-46b0-8058-343dek543grt
description: The custom transfer destination.
TransferDestinationElixir:
title: elixir
required:
- accountNumber
type: object
properties:
accountNumber:
type: string
description: >-
The payee's Elixir-registered bank account number. You can also
enter the iban in this field for iban accounts.
example: FRAX82783423
description: The interbank payment system in Poland.
TransferDestinationEuDomesticNonEuroInstant:
title: euDomesticNonEuroInstant
oneOf:
- $ref: '#/components/schemas/EUIbanAccount'
- $ref: '#/components/schemas/BbanAccount'
- $ref: '#/components/schemas/ClearingNumberAccount'
- $ref: '#/components/schemas/SENoBankIdAccount'
description: >-
The instant payment system within a country using that country's
non-Euro domestic currency. An IBAN account will require an `iban` and
an optional `bic`, a BBAN account will require a `bban` and an optional
`bic`, a Clearing Number account will require a `bban` and a
`clearingNumber`. A SENoBankId account, where the currency is SEK or
NOK, will require an `iban` and `bban` with an optional `bic` and/or
`clearingNumber`. This option is only available for an HP flow that
doesn't have a preselected `bankId`.
TransferDestinationEuDomesticNonEuro:
title: euDomesticNonEuro
oneOf:
- $ref: '#/components/schemas/EUIbanAccount'
- $ref: '#/components/schemas/BbanAccount'
- $ref: '#/components/schemas/ClearingNumberAccount'
- $ref: '#/components/schemas/SENoBankIdAccount'
description: >-
The payment system within a country using that country's non-Euro
domestic currency. An IBAN account will require an `iban` and an
optional `bic`, a BBAN account will require a `bban` and an optional
`bic`, a Clearing Number account will require a `bban` and a
`clearingNumber`. A SENoBankId account, where the currency is SEK or
NOK, will require an `iban` and `bban` with an optional `bic` and/or
`clearingNumber`. This option is only available for an HP flow that
doesn't have a preselected `bankId`.
TransferDestinationFasterPayments:
title: fasterPayments
allOf:
- description: >-
The interbank payment system in the UK, Full Payment Submission
(FPS).
- $ref: '#/components/schemas/FasterPaymentsAccount'
TransferDestinationPlusgiro:
title: plusgiro
allOf:
- description: >-
The domestic transaction clearing system in Sweden. The credit
transfer function, which is part of Nordea, and used for mediating payments between
accounts held by companies and individuals.
- $ref: '#/components/schemas/PlusGiroAccount'
TransferDestinationSepa:
title: sepa
allOf:
- description: >-
The Single Euro Payments Area (SEPA), for bank transfers denominated
in Euro. This consists of the 27 member states of the European
Union, the four member states of the European Free Trade Association
(Iceland, Liechtenstein, Norway and Switzerland) and the UK.
- $ref: '#/components/schemas/SepaAccount'
TransferDestinationSepaInstant:
title: sepaInstant
allOf:
- description: >-
SEPA Instant Credit, the instant payment processing system with
funds made available immediately for the recipient.
- $ref: '#/components/schemas/SepaInstantAccount'
TransferDestinationToken:
title: token
type: object
properties:
accountId:
type: string
description: >-
The bank account identifier for a linked account used by Token.io's
Bank Integration Account Linking Service.
memberId:
type: string
description: The Token.io-generated member id for the user/account holder.
example: m:nP4w3u5y8ddrxDJkjimgSX9e4fZ:5zKtXEAq
description: >-
The primary account number. The cCard identifier found on payment cards,
such as credit and debit cards, as well as stored-value cards, gift
cards and other similar cards, somtimes referred to as a bank card
number.
TransferDestinationVirtualAccount:
title: virtualAccount
type: object
required:
- id
- localInstrument
properties:
id:
type: string
description: The unique identifier for the settlement account.
example: pa:2tv9sJzeftSWRXSRvPN4SA1sL5e6:2gFUX1NDbiv
localInstrument:
type: string
description: The bank's payment service used to make the payment.
example: SEPA
enum:
- SEPA
- SEPA_INSTANT
- FASTER_PAYMENTS
description: >-
The details of the transfer destination for the settlement account. This
destination is mandatory for unregulated TPPs.
TransferDestinationType:
title: type
type: string
description: Specifies the type of transfer destination.
example: BUSINESS
default: UNKNOWN
enum:
- UNKNOWN
- BUSINESS
- PERSONAL
TransferDebtorEndpoint:
type: object
required:
- accountIdentifier
properties:
accountIdentifier:
$ref: '#/components/schemas/AccountIdentifier'
bankId:
$ref: '#/components/schemas/bankId'
bic:
type: string
description: >-
The Business Identifier Code (BIC), ISO
9362, is the SWIFT Address assigned to a bank in order to send
automated payments quickly and accurately to the banks concerned. It
uniquely identifies the name and country, (and sometimes the branch)
of the bank involved. BICs are often called SWIFT Codes and can be
either 8 or 11 characters long.
example: BOFIIE2D
customerData:
$ref: '#/components/schemas/CustomerDataDebtor'
description: Contains information about the payer account.
TransferDebtorEndpointResponse:
type: object
required:
- accountIdentifier
properties:
accountIdentifier:
$ref: '#/components/schemas/AccountIdentifier'
bankId:
$ref: '#/components/schemas/bankId'
bic:
type: string
description: >-
The Business Identifier Code (BIC), ISO
9362, is the SWIFT Address assigned to a bank in order to send
automated payments quickly and accurately to the banks concerned. It
uniquely identifies the name and country, (and sometimes the branch)
of the bank involved. BICs are often called SWIFT Codes and can be
either 8 or 11 characters long.
example: BOFIIE2D
customerData:
$ref: '#/components/schemas/CustomerDataDebtorResponse'
description: Contains information about the payer account.
TransferCreditorEndpoint:
type: object
required:
- accountIdentifier
properties:
accountIdentifier:
$ref: '#/components/schemas/AccountIdentifier'
bankId:
$ref: '#/components/schemas/bankId'
bic:
type: string
description: >-
The Business Identifier Code (BIC), ISO
9362, is the SWIFT Address assigned to a bank in order to send
automated payments quickly and accurately to the banks concerned. It
uniquely identifies the name and country, (and sometimes the branch)
of the bank involved. BICs are often called SWIFT Codes and can be
either 8 or 11 characters long.
example: BOFIIE2D
customerData:
$ref: '#/components/schemas/CustomerDataCreditor'
description: Contains information about the payee account.
TransferInstructions:
type: object
required:
- transferDestinations
properties:
metadata:
$ref: '#/components/schemas/Metadata'
source:
$ref: '#/components/schemas/TransferDebtorEndpoint'
transferDestinations:
type: array
minItems: 1
description: >-
The beneficiary account specifying the transfer destination,
i.e., TPP/merchant/creditor bank account.
items:
$ref: '#/components/schemas/TransferDestination'
description: Contains the transfer instructions for each payment.
Metadata:
type: object
properties:
chargeBearer:
$ref: '#/components/schemas/ChargeBearer'
providerTransferMetadata:
$ref: '#/components/schemas/ProviderTransferMetadata'
purposeCode:
type: string
description: >-
The ISO 20022 external purpose code. Purpose Codes
are four letter codes which are carried across the payment chain,
providing information to all users in the payments chain to indicate
the reason a payment is being made. Purpose Codes are one of the
policy areas of Enhanced Data that can deliver the benefits of the
ISO 20022 payment messaging standard.
CASH -
CashManagementTransfer
CORT -
TradeSettlementPayment
DVPM -
DeliveryAgainstPayment
INTC -
IntraCompanyPayment
TREA -
TreasuryPayment
SUPP - SupplierPayment
default: CASH
example: DVPM
enum:
- CASH
- CORT
- DVPM
- INTC
- TREA
- SUPP
ultimateCreditor:
type: string
description: The ultimate party to which an amount of money is due.
example: ACME GmbH
ultimateDebtor:
type: string
description: >-
The ultimate party that owes that owes money to the (ultimate)
creditor.
example: John Smith
description: Information governing or otherwise related to the transfer instructions.
EventType:
type: string
description: Specifies the types of webhook currently configured.
example: PAYMENT_STATUS_CHANGED
enum:
- INVALID
- TRANSFER_STATUS_CHANGED
- STANDING_ORDER_STATUS_CHANGED
- REFUND_STATUS_CHANGED
- PAYMENT_STATUS_CHANGED
- VRP_STATUS_CHANGED
- VRP_CONSENT_STATUS_CHANGED
- VIRTUAL_ACCOUNT_CREDIT_RECEIVED
- PAYOUT_STATUS_CHANGED
- SETTLEMENT_RULE_PAYOUT_EXECUTION_FAILED
- BANK_AIS_OUTAGE_STATUS_CHANGED
- BANK_SIP_OUTAGE_STATUS_CHANGED
Config:
required:
- type
- url
type: object
properties:
type:
type: array
items:
$ref: '#/components/schemas/EventType'
url:
type: string
description: Specifies the webhook URL that receives the status updates.
example: your-webhook-url.com
description: Specifies the types of webhook currently configured.
CancelTokenResponse:
type: object
properties:
result:
$ref: '#/components/schemas/TokenOperationResult'
ConfirmFundsRequest:
type: object
properties:
amount:
allOf:
- description: The currency and value of the funds available.
- $ref: '#/components/schemas/Money'
description: Requests confirmation of sufficient funds available.
ConfirmFundsResponse:
type: object
properties:
fundsAvailable:
type: boolean
description: >-
A flag indicating whether funds are available or not. If set to
`true`, funds are available for transfer.
format: boolean
example: false
default: false
description: >-
A flag indicating whether funds are available or not. If set to `true`,
funds are available for transfer.
CreateSubTppRequest:
type: object
oneOf:
- $ref: '#/components/schemas/OldMerchantOnboarding'
- $ref: '#/components/schemas/OldMerchantOnboardingGB'
- $ref: '#/components/schemas/TokenLicensedSoleTrader'
- $ref: '#/components/schemas/LicensedTppNonSoleTrader'
- $ref: '#/components/schemas/LicensedTppSoleTrader'
- $ref: '#/components/schemas/TokenLicensedNonSoleTraderPublic'
- $ref: '#/components/schemas/TokenLicensedNonSoleTraderPrivate'
- $ref: '#/components/schemas/TokenLicensedSoleTraderGB'
- $ref: '#/components/schemas/LicensedTppNonSoleTraderGB'
- $ref: '#/components/schemas/LicensedTppSoleTraderGB'
- $ref: '#/components/schemas/TokenLicensedNonSoleTraderPublicGB'
- $ref: '#/components/schemas/TokenLicensedNonSoleTraderPrivateGB'
OldMerchantOnboarding:
title: Old Merchant Onboarding Flow
type: object
required:
- name
- domain
- merchant
properties:
domain:
type: string
description: >-
The fully qualified domain name of the sub-TPP, also referred to as
the absolute domain name. This specifies an exact location in the
tree hierarchy of the Domain Name System (DNS). It must include all
domain levels, including the top-level domain and the root zone.
example: somehost.example.com
logo:
pattern: ^(?:[A-Za-z0-9+/]{4})*(?:[A-Za-z0-9+/]{2}==|[A-Za-z0-9+/]{3}=)?$
type: string
description: >-
This field specifies the image file containing the sub-TPP's logo as
a byte array (click here for the JavaScript FileReader instance
needed to convert the selected file into a byte array).
format: byte
example: b0Y5cVl6aDc3RkE5blZyQ24yamlh
merchant:
$ref: '#/components/schemas/member.Merchant'
name:
type: string
description: The recognised business name or DBA of the sub-TPP.
example: Sub-TPP Business Ltd
parentSubTppId:
$ref: '#/components/schemas/parentSubTppId'
mccCode:
type: string
description: >-
Merchant Category Code is a four-digit number that classifies the
type of goods or services a business offers.
useNewFlow:
type: boolean
example: false
description: >-
When useNewFlow is set to true, the request is handled by the new
merchant onboarding flow, rather than by the old flow.
OldMerchantOnboardingGB:
title: Old Merchant Onboarding Flow GB
type: object
required:
- name
- domain
- merchant
properties:
domain:
type: string
description: >-
The fully qualified domain name of the sub-TPP, also referred to as
the absolute domain name. This specifies an exact location in the
tree hierarchy of the Domain Name System (DNS). It must include all
domain levels, including the top-level domain and the root zone.
example: somehost.example.com
logo:
pattern: ^(?:[A-Za-z0-9+/]{4})*(?:[A-Za-z0-9+/]{2}==|[A-Za-z0-9+/]{3}=)?$
type: string
description: >-
This field specifies the image file containing the sub-TPP's logo as
a byte array (click here for the JavaScript FileReader instance
needed to convert the selected file into a byte array).
format: byte
example: b0Y5cVl6aDc3RkE5blZyQ24yamlh
merchant:
$ref: '#/components/schemas/member.MerchantGB'
name:
type: string
description: The recognised business name or DBA of the sub-TPP.
example: Sub-TPP Business Ltd
parentSubTppId:
$ref: '#/components/schemas/parentSubTppId'
mccCode:
type: string
description: >-
Merchant Category Code is a four-digit number that classifies the
type of goods or services a business offers.
useNewFlow:
type: boolean
example: false
description: >-
When useNewFlow is set to true, the request is handled by the new
merchant onboarding flow, rather than by the old flow.
TokenLicensedSoleTrader:
title: Token Licensed Tpp Sole Trader
type: object
required:
- name
- domain
- merchant
properties:
domain:
type: string
description: >-
The fully qualified domain name of the sub-TPP, also referred to as
the absolute domain name. This specifies an exact location in the
tree hierarchy of the Domain Name System (DNS). It must include all
domain levels, including the top-level domain and the root zone.
example: somehost.example.com
logo:
pattern: ^(?:[A-Za-z0-9+/]{4})*(?:[A-Za-z0-9+/]{2}==|[A-Za-z0-9+/]{3}=)?$
type: string
description: >-
This field specifies the image file containing the sub-TPP's logo as
a byte array (click here for the JavaScript FileReader instance
needed to convert the selected file into a byte array).
format: byte
example: b0Y5cVl6aDc3RkE5blZyQ24yamlh
merchant:
$ref: '#/components/schemas/member.TokenLicensedSoleTraderMerchant'
name:
type: string
description: The recognised business name or DBA of the sub-TPP.
example: Sub-TPP Business Ltd
parentSubTppId:
$ref: '#/components/schemas/parentSubTppId'
mccCode:
type: string
description: >-
Merchant Category Code is a four-digit number that classifies the
type of goods or services a business offers.
useNewFlow:
type: boolean
description: >-
When useNewFlow is set to true, the request is handled by the new
merchant onboarding flow, rather than by the old flow.
LicensedTppNonSoleTrader:
title: Licensed Tpp Non Sole Trader
type: object
required:
- name
- domain
- merchant
properties:
domain:
type: string
description: >-
The fully qualified domain name of the sub-TPP, also referred to as
the absolute domain name. This specifies an exact location in the
tree hierarchy of the Domain Name System (DNS). It must include all
domain levels, including the top-level domain and the root zone.
example: somehost.example.com
logo:
pattern: ^(?:[A-Za-z0-9+/]{4})*(?:[A-Za-z0-9+/]{2}==|[A-Za-z0-9+/]{3}=)?$
type: string
description: >-
This field specifies the image file containing the sub-TPP's logo as
a byte array (click here for the JavaScript FileReader instance
needed to convert the selected file into a byte array).
format: byte
example: b0Y5cVl6aDc3RkE5blZyQ24yamlh
merchant:
$ref: '#/components/schemas/member.LicensedTppNonSoleTraderMerchant'
name:
type: string
description: The recognised business name or DBA of the sub-TPP.
example: Sub-TPP Business Ltd
parentSubTppId:
$ref: '#/components/schemas/parentSubTppId'
mccCode:
type: string
description: >-
Merchant Category Code is a four-digit number that classifies the
type of goods or services a business offers.
useNewFlow:
type: boolean
description: >-
When useNewFlow is set to true, the request is handled by the new
merchant onboarding flow, rather than by the old flow.
LicensedTppSoleTrader:
title: Licensed Tpp Sole Trader
type: object
required:
- name
- domain
- merchant
properties:
domain:
type: string
description: >-
The fully qualified domain name of the sub-TPP, also referred to as
the absolute domain name. This specifies an exact location in the
tree hierarchy of the Domain Name System (DNS). It must include all
domain levels, including the top-level domain and the root zone.
example: somehost.example.com
logo:
pattern: ^(?:[A-Za-z0-9+/]{4})*(?:[A-Za-z0-9+/]{2}==|[A-Za-z0-9+/]{3}=)?$
type: string
description: >-
This field specifies the image file containing the sub-TPP's logo as
a byte array (click here for the JavaScript FileReader instance
needed to convert the selected file into a byte array).
format: byte
example: b0Y5cVl6aDc3RkE5blZyQ24yamlh
merchant:
$ref: '#/components/schemas/member.LicensedTppSoleTraderMerchant'
name:
type: string
description: The recognised business name or DBA of the sub-TPP.
example: Sub-TPP Business Ltd
parentSubTppId:
$ref: '#/components/schemas/parentSubTppId'
mccCode:
type: string
description: >-
Merchant Category Code is a four-digit number that classifies the
type of goods or services a business offers.
useNewFlow:
type: boolean
description: >-
When useNewFlow is set to true, the request is handled by the new
merchant onboarding flow, rather than by the old flow.
TokenLicensedNonSoleTraderPublic:
title: Token Licensed Tpp Non Sole Trader Public
type: object
required:
- name
- domain
- merchant
properties:
domain:
type: string
description: >-
The fully qualified domain name of the sub-TPP, also referred to as
the absolute domain name. This specifies an exact location in the
tree hierarchy of the Domain Name System (DNS). It must include all
domain levels, including the top-level domain and the root zone.
example: somehost.example.com
logo:
pattern: ^(?:[A-Za-z0-9+/]{4})*(?:[A-Za-z0-9+/]{2}==|[A-Za-z0-9+/]{3}=)?$
type: string
description: >-
This field specifies the image file containing the sub-TPP's logo as
a byte array (click here for the JavaScript FileReader instance
needed to convert the selected file into a byte array).
format: byte
example: b0Y5cVl6aDc3RkE5blZyQ24yamlh
merchant:
$ref: '#/components/schemas/member.TokenLicensedNonSoleTraderPublicMerchant'
name:
type: string
description: The recognised business name or DBA of the sub-TPP.
example: Sub-TPP Business Ltd
parentSubTppId:
$ref: '#/components/schemas/parentSubTppId'
mccCode:
type: string
description: >-
Merchant Category Code is a four-digit number that classifies the
type of goods or services a business offers.
useNewFlow:
type: boolean
description: >-
When useNewFlow is set to true, the request is handled by the new
merchant onboarding flow, rather than by the old flow.
TokenLicensedNonSoleTraderPrivate:
title: Token Licensed Tpp Non Sole Trader Private
type: object
required:
- name
- domain
- merchant
properties:
domain:
type: string
description: >-
The fully qualified domain name of the sub-TPP, also referred to as
the absolute domain name. This specifies an exact location in the
tree hierarchy of the Domain Name System (DNS). It must include all
domain levels, including the top-level domain and the root zone.
example: somehost.example.com
logo:
pattern: ^(?:[A-Za-z0-9+/]{4})*(?:[A-Za-z0-9+/]{2}==|[A-Za-z0-9+/]{3}=)?$
type: string
description: >-
This field specifies the image file containing the sub-TPP's logo as
a byte array (click here for the JavaScript FileReader instance
needed to convert the selected file into a byte array).
format: byte
example: b0Y5cVl6aDc3RkE5blZyQ24yamlh
merchant:
$ref: >-
#/components/schemas/member.TokenLicensedNonSoleTraderPrivateMerchant
name:
type: string
description: The recognised business name or DBA of the sub-TPP.
example: Sub-TPP Business Ltd
parentSubTppId:
$ref: '#/components/schemas/parentSubTppId'
mccCode:
type: string
description: >-
Merchant Category Code is a four-digit number that classifies the
type of goods or services a business offers.
useNewFlow:
type: boolean
description: >-
When useNewFlow is set to true, the request is handled by the new
merchant onboarding flow, rather than by the old flow.
TokenLicensedSoleTraderGB:
title: Token Licensed Sole Trader GB
type: object
required:
- name
- domain
- merchant
properties:
domain:
type: string
description: >-
The fully qualified domain name of the sub-TPP, also referred to as
the absolute domain name. This specifies an exact location in the
tree hierarchy of the Domain Name System (DNS). It must include all
domain levels, including the top-level domain and the root zone.
example: somehost.example.com
logo:
pattern: ^(?:[A-Za-z0-9+/]{4})*(?:[A-Za-z0-9+/]{2}==|[A-Za-z0-9+/]{3}=)?$
type: string
description: >-
This field specifies the image file containing the sub-TPP's logo as
a byte array (click here for the JavaScript FileReader instance
needed to convert the selected file into a byte array).
format: byte
example: b0Y5cVl6aDc3RkE5blZyQ24yamlh
merchant:
$ref: '#/components/schemas/member.TokenLicensedSoleTraderMerchantGB'
name:
type: string
description: The recognised business name or DBA of the sub-TPP.
example: Sub-TPP Business Ltd
parentSubTppId:
$ref: '#/components/schemas/parentSubTppId'
mccCode:
type: string
description: >-
Merchant Category Code is a four-digit number that classifies the
type of goods or services a business offers.
useNewFlow:
type: boolean
description: >-
When useNewFlow is set to true, the request is handled by the new
merchant onboarding flow, rather than by the old flow.
LicensedTppNonSoleTraderGB:
title: Licensed Non Sole Trader GB
type: object
required:
- name
- domain
- merchant
properties:
domain:
type: string
description: >-
The fully qualified domain name of the sub-TPP, also referred to as
the absolute domain name. This specifies an exact location in the
tree hierarchy of the Domain Name System (DNS). It must include all
domain levels, including the top-level domain and the root zone.
example: somehost.example.com
logo:
pattern: ^(?:[A-Za-z0-9+/]{4})*(?:[A-Za-z0-9+/]{2}==|[A-Za-z0-9+/]{3}=)?$
type: string
description: >-
This field specifies the image file containing the sub-TPP's logo as
a byte array (click here for the JavaScript FileReader instance
needed to convert the selected file into a byte array).
format: byte
example: b0Y5cVl6aDc3RkE5blZyQ24yamlh
merchant:
$ref: '#/components/schemas/member.LicensedTppNonSoleTraderMerchantGB'
name:
type: string
description: The recognised business name or DBA of the sub-TPP.
example: Sub-TPP Business Ltd
parentSubTppId:
$ref: '#/components/schemas/parentSubTppId'
mccCode:
type: string
description: >-
Merchant Category Code is a four-digit number that classifies the
type of goods or services a business offers.
useNewFlow:
type: boolean
description: >-
When useNewFlow is set to true, the request is handled by the new
merchant onboarding flow, rather than by the old flow.
LicensedTppSoleTraderGB:
title: Licensed Tpp Sole Trader GB
type: object
required:
- name
- domain
- merchant
properties:
domain:
type: string
description: >-
The fully qualified domain name of the sub-TPP, also referred to as
the absolute domain name. This specifies an exact location in the
tree hierarchy of the Domain Name System (DNS). It must include all
domain levels, including the top-level domain and the root zone.
example: somehost.example.com
logo:
pattern: ^(?:[A-Za-z0-9+/]{4})*(?:[A-Za-z0-9+/]{2}==|[A-Za-z0-9+/]{3}=)?$
type: string
description: >-
This field specifies the image file containing the sub-TPP's logo as
a byte array (click here for the JavaScript FileReader instance
needed to convert the selected file into a byte array).
format: byte
example: b0Y5cVl6aDc3RkE5blZyQ24yamlh
merchant:
$ref: '#/components/schemas/member.LicensedTppSoleTraderMerchantGB'
name:
type: string
description: The recognised business name or DBA of the sub-TPP.
example: Sub-TPP Business Ltd
parentSubTppId:
$ref: '#/components/schemas/parentSubTppId'
mccCode:
type: string
description: >-
Merchant Category Code is a four-digit number that classifies the
type of goods or services a business offers.
useNewFlow:
type: boolean
description: >-
When useNewFlow is set to true, the request is handled by the new
merchant onboarding flow, rather than by the old flow.
TokenLicensedNonSoleTraderPublicGB:
title: Token Licensed Tpp Non Sole Trader Public GB
type: object
required:
- name
- domain
- merchant
properties:
domain:
type: string
description: >-
The fully qualified domain name of the sub-TPP, also referred to as
the absolute domain name. This specifies an exact location in the
tree hierarchy of the Domain Name System (DNS). It must include all
domain levels, including the top-level domain and the root zone.
example: somehost.example.com
logo:
pattern: ^(?:[A-Za-z0-9+/]{4})*(?:[A-Za-z0-9+/]{2}==|[A-Za-z0-9+/]{3}=)?$
type: string
description: >-
This field specifies the image file containing the sub-TPP's logo as
a byte array (click here for the JavaScript FileReader instance
needed to convert the selected file into a byte array).
format: byte
example: b0Y5cVl6aDc3RkE5blZyQ24yamlh
merchant:
$ref: >-
#/components/schemas/member.TokenLicensedNonSoleTraderPublicMerchantGB
name:
type: string
description: The recognised business name or DBA of the sub-TPP.
example: Sub-TPP Business Ltd
parentSubTppId:
$ref: '#/components/schemas/parentSubTppId'
mccCode:
type: string
description: >-
Merchant Category Code is a four-digit number that classifies the
type of goods or services a business offers.
useNewFlow:
type: boolean
description: >-
When useNewFlow is set to true, the request is handled by the new
merchant onboarding flow, rather than by the old flow.
TokenLicensedNonSoleTraderPrivateGB:
title: Token Licensed Tpp Non Sole Trader Private GB
type: object
required:
- name
- domain
- merchant
properties:
domain:
type: string
description: >-
The fully qualified domain name of the sub-TPP, also referred to as
the absolute domain name. This specifies an exact location in the
tree hierarchy of the Domain Name System (DNS). It must include all
domain levels, including the top-level domain and the root zone.
example: somehost.example.com
logo:
pattern: ^(?:[A-Za-z0-9+/]{4})*(?:[A-Za-z0-9+/]{2}==|[A-Za-z0-9+/]{3}=)?$
type: string
description: >-
This field specifies the image file containing the sub-TPP's logo as
a byte array (click here for the JavaScript FileReader instance
needed to convert the selected file into a byte array).
format: byte
example: b0Y5cVl6aDc3RkE5blZyQ24yamlh
merchant:
$ref: >-
#/components/schemas/member.TokenLicensedNonSoleTraderPrivateMerchantGB
name:
type: string
description: The recognised business name or DBA of the sub-TPP.
example: Sub-TPP Business Ltd
parentSubTppId:
$ref: '#/components/schemas/parentSubTppId'
mccCode:
type: string
description: >-
Merchant Category Code is a four-digit number that classifies the
type of goods or services a business offers.
useNewFlow:
type: boolean
description: >-
When useNewFlow is set to true, the request is handled by the new
merchant onboarding flow, rather than by the old flow.
parentSubTppId:
type: string
description: The Token.io-generated identifier for the parent sub-TPP.
example: 6f34h397-b29h-23b0-s30g-hkd0d2dk4k1s
CreateSubTppResponse:
type: object
properties:
subTppId:
$ref: '#/components/schemas/subTppId'
subTppId:
type: string
description: >-
The Token.io-generated identifier for the sub-TPP used by the reseller
as the `actingAs.refId` in token requests.
example: 8d54f066-c14a-47c0-b58b-fec6b0ed6b4c
CreateTransferRequest:
type: object
required:
- payload
properties:
payload:
$ref: '#/components/schemas/TransferPayloadRequest'
title: >-
This field contains the request payload for a new one-time payment based
on the response to a `POST /token-requests` call.
CreateTransferResponse:
type: object
properties:
authorizationDetails:
$ref: '#/components/schemas/ExternalAuthorizationDetails'
transfer:
$ref: '#/components/schemas/Transfer'
CredentialFields:
type: object
properties:
fields:
type: array
items:
$ref: '#/components/schemas/CredentialField'
description: >-
Contains information used in embedded authentication flows. These
are optional credential request fields. When provided, the TPP
should call `initiateBankAuth` again to provide the credentials.
DeleteSubTppResponse:
type: object
description: No data returned in the successful response.
DeleteWebhookConfigResponse:
type: object
description: No data returned in the successful response.
GetAccountResponse:
type: object
properties:
account:
$ref: '#/components/schemas/Account'
description: Operation completed successfully.
GetAccountsResponse:
type: object
properties:
accounts:
type: array
items:
$ref: '#/components/schemas/Account'
description: Each object represents a unique bank account.
GetBalanceResponse:
type: object
properties:
balance:
$ref: '#/components/schemas/Balance'
status:
$ref: '#/components/schemas/RequestStatus'
GetBalancesResponse:
type: object
properties:
response:
type: array
description: >-
An array of objects containing balance information for each account
requested.
items:
$ref: '#/components/schemas/GetBalanceResponse'
GetBankStatusResponse:
type: object
properties:
bankStatus:
$ref: '#/components/schemas/bankStatus'
bankStatus:
type: object
properties:
aisStatus:
type: string
description: >-
The current state of this bank's AIS support:
LIVE –
accepting calls
DOWN – connection interrupted, not
accepting calls
bankName:
type: string
description: The name of the bank.
example: Any Bank
lastUpdatedAt:
type: string
description: >-
The time since the latest status reported, in milliseconds, 1 day
(24 hours) = 8640000000, 1 hour = 36000000, and 1 minute = 60000.
example: '27811843'
pisStatus:
type: string
description: >-
The current state of this bank's PIS support:
LIVE –
accepting calls
DOWN – connection interrupted, not
accepting calls
description: Contains information on the current status of the connected bank.
GetBanksResponse:
type: object
properties:
banks:
type: array
description: Contains information for each bank matching the request criteria.
items:
$ref: '#/components/schemas/BankV1'
paging:
$ref: '#/components/schemas/Paging'
rank:
type: integer
description: Sort banks by the value of rank.
example:
- 1
- 2
- 100
bankSubGroup:
type: string
description: Filters for banks that are part of the bank sub-group specified.
example:
- CMM Grand
- Banque Populaire
- La Banque
GetBanksCountriesResponse:
type: object
properties:
countries:
type: array
description: Two-letter country codes in upper case (ISO 3166-1 alpha-2).
items:
type: string
example: RO, AT, DE, FR
GetBanksStatusResponse:
type: object
properties:
banksStatus:
type: array
items:
$ref: '#/components/schemas/banksStatus'
description: Contains information on the current status of connected banks.
banksStatus:
type: object
properties:
aisStatus:
type: string
description: >-
The current state of this bank's AIS support:
LIVE –
accepting calls
DOWN – connection interrupted, not
accepting calls
bankId:
$ref: '#/components/schemas/bankId'
lastUpdatedAt:
type: string
description: >-
The time since the latest status reported, in milliseconds, 1 day
(24 hours) = 8640000000, 1 hour = 36000000, and 1 minute = 60000.
example: '27811843'
pisStatus:
type: string
description: >-
The current state of this bank's PIS support:
LIVE –
accepting calls
DOWN – connection interrupted, not
accepting calls
description: Contains information on the current status of connected banks.
BankV1:
type: object
properties:
bankGroup:
type: string
description: The name of the banking group in which this bank holds membership.
example: XYZ-Bank-Group
bic:
type: string
description: >-
The Business Identifier Code (BIC), ISO
9362, is the SWIFT Address assigned to a bank in order to send
automated payments quickly and accurately to the banks concerned. It
uniquely identifies the name and country, (and sometimes the branch)
of the bank involved. BICs are often called SWIFT Codes and can be
either 8 or 11 characters long.
example: BOFIIE2D
countries:
type: array
description: >-
A list of two-letter country codes in upper case (ISO 3166-1
alpha-2), in which this bank operates.
example:
- DE
- IT
- GB
items:
type: string
credentialFields:
$ref: '#/components/schemas/CredentialFields'
fieldsFormatInformation:
type: array
description: >-
Contains bank-dependent formatting constraints indicating allowable
characters, if any.
items:
$ref: '#/components/schemas/FieldFormatInformation'
fullLogoUri:
type: string
description: The URI of the location of the full size bank icon.
example: >-
https://s3-us-west-2.amazonaws.com/tokenio-assets/1.0.0/logos/gold/gold_full.png
id:
type: string
description: The Token.io bank identifier.
example: ob-modelo
identifier:
type: string
description: >-
The optional identifier for the bank. This is not guaranteed to be
unique across all banks.
example: BLZ
logoUri:
type: string
description: The URI of the location of the square bank avatar icon.
example: >-
https://s3-us-west-2.amazonaws.com/tokenio-assets/1.0.0/logos/gold/gold_square.png
mandatoryFields:
$ref: '#/components/schemas/MandatoryFields'
maintenanceWindow:
$ref: '#/components/schemas/MaintenanceWindow'
name:
type: string
description: The commonly recognised name of the bank.
example: Gold Bank
openBankingStandard:
$ref: '#/components/schemas/OpenBankingStandard'
operationalTime:
type: string
description: >-
Specifies the bank’s days and hours of operation in a normal week.
Does not take into account bank-specific public holidays, which may
or may not be considered out-of-operation time.
example: MON to FRI, 00:00 to 24:00 GMT+1
provider:
type: string
description: Open Banking SaaS adapter or provider.
example: Token.io
requiresExternalAuth:
type: boolean
description: >-
The bank connection requires external authorization for creating
transfers.
format: boolean
example: false
default: false
requiresOneStepPayment:
type: boolean
description: >-
The bank connection only supports immediate redemption of transfer
tokens.
format: boolean
example: false
default: false
scaMethods:
$ref: '#/components/schemas/scaMethod'
supportedTransferDestinationTypes:
type: array
description: Payment methods/rails supported by the bank.
example:
- SWIFT
- FASTER_PAYMENTS
- SEPA
items:
type: string
oneOf:
- $ref: '#/components/schemas/TransferDestinationBankgiro'
- $ref: '#/components/schemas/TransferDestinationCustom'
- $ref: '#/components/schemas/TransferDestinationElixir'
- $ref: '#/components/schemas/TransferDestinationEuDomesticNonEuro'
- $ref: >-
#/components/schemas/TransferDestinationEuDomesticNonEuroInstant
- $ref: '#/components/schemas/TransferDestinationFasterPayments'
- $ref: '#/components/schemas/TransferDestinationPlusgiro'
- $ref: '#/components/schemas/TransferDestinationSepa'
- $ref: '#/components/schemas/TransferDestinationSepaInstant'
- $ref: '#/components/schemas/TransferDestinationToken'
- $ref: '#/components/schemas/TransferDestinationType'
supportsBalance:
type: boolean
description: The bank connection supports the retrieval of balances.
format: boolean
example: false
default: false
supportsFundsConfirmation:
type: boolean
description: The bank connection supports confirmation of available funds.
format: boolean
example: false
default: false
supportsAccountInformation:
type: boolean
description: >-
The bank connection supports retrieval of information through
Account Information Services (AIS).
format: boolean
example: false
default: false
supportsReceivePayment:
type: boolean
description: The bank connection supports the receipt of payments.
format: boolean
example: false
default: false
supportsReturnRefundAccount:
type: boolean
description: The bank connection supports the return of refunds.
format: boolean
example: false
default: false
supportsScheduledPayment:
type: boolean
description: The bank connection supports future dated payments.
format: boolean
example: false
default: false
supportsSendPayment:
type: boolean
description: The bank connection supports payment initiation.
format: boolean
example: false
default: false
supportsStandingOrder:
type: boolean
description: The bank connection supports scheduled recurring payments.
format: boolean
example: false
default: false
supportsTransactionsDateFilter:
type: boolean
description: >-
The bank connection supports specifying startDate and endDate for
filtering transaction lookups.
format: boolean
example: false
default: false
supportsSinglePayment:
type: boolean
description: The bank connection supports single immediate payments.
format: boolean
example: false
default: false
supportsVariableRecurringPayment:
x-internal: true
type: boolean
description: The bank connection supports variable recurring payments.
format: boolean
example: false
default: false
transactionHistoryLimit:
type: integer
description: >-
Defines the number of transaction history records allowed per page,
-1 (unlimited) or a positive integer (record limit).
format: int32
example: 65
default: -1
GetTokenRequestResultWithStatusResponse:
type: object
oneOf:
- $ref: '#/components/schemas/TokenRequestPayloadResponse'
- $ref: '#/components/schemas/StandingOrderBodyResponse'
- $ref: '#/components/schemas/TokenRequestAccessBodyResponse'
TokenRequestPayloadResponse:
title: PIS - Payments
type: object
required:
- status
properties:
transferId:
type: string
description: >-
The id of the transfer sent in the `POST /transfers` response and/or
included in a respective `GET /transfers` response. This is
populated for transfer token requests only, it is present if a
transfer resource is created.
example: t:2UhwCZ3BMaEcAUK8bZdukor7NL4tH6TBuu6aJMp5KKfX:5zKcENpV
tokenId:
$ref: '#/components/schemas/tokenId'
signature:
$ref: '#/components/schemas/Signature'
status:
$ref: '#/components/schemas/TokenRequestResultStatus'
statusReasonInformation:
$ref: '#/components/schemas/statusReasonInformation'
bankId:
type: string
description: >-
The bank identifier, identical to the `id` in the repsonse to `GET
/banks`.
example: ob-modelo
description: Contains the details of the transfer response.
StandingOrderBodyResponse:
title: PIS - Standing Orders
type: object
required:
- status
properties:
standingOrderSubmissionId:
type: string
description: >-
The unique id of the standing order submission. This is populated
for standing order token requests only, it is present if a standing
order submission resource is created
example: >-
so:89DSFAkvdfgreJuXmEDV5m2b8ZvLGE91ELf7PPw5BaDab98kMguu:3VMczfjkewrbniu5667
tokenId:
$ref: '#/components/schemas/tokenId'
signature:
$ref: '#/components/schemas/Signature'
status:
$ref: '#/components/schemas/TokenRequestResultStatus'
statusReasonInformation:
$ref: '#/components/schemas/statusReasonInformation'
bankId:
type: string
description: >-
The bank identifier, identical to the `id` in the repsonse to `GET
/banks`.
example: ob-modelo
description: Contains the details of the standing order response.
TokenRequestAccessBodyResponse:
title: AIS
type: object
required:
- status
properties:
tokenId:
$ref: '#/components/schemas/tokenId'
signature:
$ref: '#/components/schemas/Signature'
status:
$ref: '#/components/schemas/TokenRequestResultStatus'
statusReasonInformation:
$ref: '#/components/schemas/statusReasonInformation'
bankId:
type: string
description: >-
The bank identifier, identical to the `id` in the repsonse to `GET
/banks`.
example: ob-modelo
description: Contains the details of the access request response.
GetTokenResponse:
type: object
properties:
token:
$ref: '#/components/schemas/Token'
GetTokensResponse:
type: object
properties:
offset:
type: string
description: The offset of the first item returned in the collection.
example: LerV6Jmex
tokens:
type: array
description: >-
Contains the details of each requested token returned according to
the request's filtering parameters.
items:
$ref: '#/components/schemas/Token'
GetTransactionResponse:
type: object
required:
- status
properties:
status:
$ref: '#/components/schemas/RequestStatus'
transaction:
$ref: '#/components/schemas/Transaction'
GetTransactionsResponse:
type: object
required:
- status
properties:
offset:
type: string
description: The offset of the first item returned in the collection.
example: LerV6Jmex
status:
$ref: '#/components/schemas/RequestStatus'
transactions:
type: array
items:
$ref: '#/components/schemas/Transaction'
GetVirtualAccountTransactionResponse:
type: object
properties:
transaction:
$ref: '#/components/schemas/VirtualAccountTransaction'
GetVirtualAccountTransactionsResponse:
type: object
properties:
pageInfo:
$ref: '#/components/schemas/PageInfo'
transactions:
type: array
items:
$ref: '#/components/schemas/VirtualAccountTransactions'
GetTransferResponse:
type: object
properties:
transfer:
$ref: '#/components/schemas/Transfer'
GetTransfersResponse:
type: object
properties:
offset:
type: string
description: The offset of the first item returned in the collection.
example: LerV6Jmex
transfers:
type: array
items:
$ref: '#/components/schemas/Transfer'
GetWebhookConfigResponse:
type: object
properties:
config:
$ref: '#/components/schemas/Config'
description: Specifies details of the webhook.
InitiateBankAuthorizationRequest:
type: object
properties:
consentAccepted:
type: boolean
description: >-
This flag indicates whether the user has grated consent for the
payment in the TPP's user interface.
format: boolean
example: false
default: false
credentials:
$ref: >-
#/components/schemas/InitiateBankAuthorizationRequestCredentialsEntry
useCredentialFlow:
type: boolean
description: >-
If true, this triggers the credential flow. The credentials map must
be populated if required by the bank (see `credentialFields` in the
response to `GET /banks`). Otherwise, empty credentials are used.
format: boolean
example: false
default: false
useWebappCredentialsFlow:
type: boolean
description: >-
When useWebAppCredentialsFlow is set to true and bank's flow
includes embedded steps, these steps are handled by Token.io's
Hosted Pages, rather than by the customer's own pages.
format: boolean
example: false
default: false
description: Contains the consent information for the original request.
InitiateBankAuthorizationRequestCredentialsEntry:
type: object
additionalProperties:
type: string
description: Credential id mapped to a value.
description: Maps a bank-defined credential id string to a value.
InitiateBankAuthorizationResponse:
type: object
oneOf:
- title: Fields
properties:
fields:
$ref: '#/components/schemas/CredentialFields'
- title: Redirect url
properties:
redirectUrl:
type: string
description: This URL redirects the user after bank authentication.
example: http://psu-redirect.com
- title: SCA status
properties:
status:
$ref: '#/components/schemas/ScaStatus'
properties:
oauthState:
type: string
description: >-
The authorization state parameter generated within Token.io in the
response. It is an optional field.
example: 71b624cf-af3a-4f78-9420-d6e4248a9efe
OnBankAuthCallbackRequest:
type: object
properties:
query:
type: string
description: >-
The URL-encoded string of all query parameters returned by the bank
in the callback received by the client.
example: param1=value1¶m2=value2
description: Contains the callback query parameters.
OnBankAuthCallbackResponse:
type: object
properties:
redirectUrl:
type: string
description: >-
The url for multi-redirect where the TPP handles everything
themselves.
example: redirect-url
fields:
$ref: '#/components/schemas/CredentialFields'
oneOf:
- title: v1
required:
- tokenRequestId
properties:
tokenRequestId:
type: string
description: >-
Identifies the original token request. The value returned in the
response to the original token request as the id.
example: rq:ej5ACWNwi1EcqBeuDPc4Z8C4Bgc:5zKtXEAq
- title: v2
properties:
payment:
type: object
description: Defines the v2 payment payload.
$ref: '#/components/schemas/Payment'
- title: VRP
properties:
vrpConsent:
type: object
description: Defines the VRP consent payload.
$ref: '#/components/schemas/VrpConsent'
RetrieveSubTppChildrenResponse:
type: object
properties:
subTpps:
type: array
items:
$ref: '#/components/schemas/member.SubTpp'
description: Contains each sub-TPP member onboarded by the reseller.
member.TokenLicensedNonSoleTraderPublicMerchant:
type: object
required:
- merchantJurisdiction
- legalEntityName
- companyRegistrationNumber
- primaryUseCase
- iban
- signatories
properties:
merchantJurisdiction:
type: string
description: >-
The 'merchantJurisdiction' field specifies the jurisdiction in which
the merchant operates. Previously, this field was referred to as the
'domicile country'.
example: DE
legalEntityName:
type: string
description: Full name of the merchant legal entity.
example: Test Merchant Entity Name
companyRegistrationNumber:
type: string
description: Company registration number of merchant legal entity.
example: '123456789'
primaryUseCase:
type: string
description: >-
Merchant primary use case. Possible values include: AIS: Accounting
package integration, AIS: Cash flow management, AIS: Credit risk
analysis, AIS: Customer onboarding / verification, AIS: Personal
finance management, PIS: eCommerce merchant payment, PIS: Funding an
account, PIS: In store merchant payment, PIS: Paying a bill, PIS:
Paying off debt
example: 'AIS: Accounting package integration'
iban:
type: string
description: >-
The IBAN of the bank where the payments are settled. The IBAN used
will depend on the specific setup for each TPP/sub-TPP. For
example, this will be:
The sub-TPP's IBAN for cases where
settlement is to the merchant.
The TPP's IBAN when the
sub-TPP settles directly with the TPP.
A proxy for
jurisdictions involved in the transaction.
Token.io checks
the jurisdiction of the bank account and, where possible, confirms
that the name on the account is valid; this name can be either the
client's or the merchant's. You must use a valid IBAN if you're
testing in Sandbox.
example: DE0000000000000000000
bic:
type: string
description: >-
BIC of merchant’s recipient bank account. You must use a valid IBAN
if you're testing in sandbox.
example: BOFIIE2D
merchantType:
type: string
description: >-
Type of merchant being onboarded. Determines compliance requirements
during onboarding.
LICENSED_TPP_SOLE_TRADERIndividually
operated business Licensed by
TPP.
LICENSED_TPP_NON_SOLE_TRADERPublicly listed
company. May require Signatories depending on sub-TPP type.
TOKEN_LICENSED_NON_SOLE_TRADER_PUBLICPublicly listed company.
May require Signatories depending on sub-TPP
type.
TOKEN_LICENSED_NON_SOLE_TRADER_PRIVATEPrivately
held company. UBOs, Directors, and Signatories will be required
depending on sub-TPP type.
example: TOKEN_LICENSED_NON_SOLE_TRADER_PUBLIC
enum:
- TOKEN_LICENSED_NON_SOLE_TRADER_PUBLIC
mccSubType:
type: string
description: >-
Merchant Category Code Subtype, for certain industry this field
needs to be provided.
signatories:
type: array
items:
$ref: '#/components/schemas/member.PersonDetail'
description: Contains information about the merchant member.
member.TokenLicensedNonSoleTraderPrivateMerchant:
type: object
required:
- merchantJurisdiction
- legalEntityName
- companyRegistrationNumber
- primaryUseCase
- iban
- ubos
- directors
- signatories
properties:
merchantJurisdiction:
type: string
description: >-
The 'merchantJurisdiction' field specifies the jurisdiction in which
the merchant operates. Previously, this field was referred to as the
'domicile country'.
example: DE
legalEntityName:
type: string
description: Full name of the merchant legal entity.
example: Test Merchant Entity Name
companyRegistrationNumber:
type: string
description: Company registration number of merchant legal entity.
example: '123456789'
primaryUseCase:
type: string
description: >-
Merchant primary use case. Possible values include: AIS: Accounting
package integration, AIS: Cash flow management, AIS: Credit risk
analysis, AIS: Customer onboarding / verification, AIS: Personal
finance management, PIS: eCommerce merchant payment, PIS: Funding an
account, PIS: In store merchant payment, PIS: Paying a bill, PIS:
Paying off debt
example: 'AIS: Accounting package integration'
iban:
type: string
description: >-
The IBAN of the bank where the payments are settled. The IBAN used
will depend on the specific setup for each TPP/sub-TPP. For
example, this will be:
The sub-TPP's IBAN for cases where
settlement is to the merchant.
The TPP's IBAN when the
sub-TPP settles directly with the TPP.
A proxy for
jurisdictions involved in the transaction.
Token.io checks
the jurisdiction of the bank account and, where possible, confirms
that the name on the account is valid; this name can be either the
client's or the merchant's. You must use a valid IBAN if you're
testing in Sandbox.
example: DE0000000000000000000
bic:
type: string
description: >-
BIC of merchant’s recipient bank account. You must use a valid IBAN
if you're testing in sandbox.
example: BOFIIE2D
merchantType:
type: string
description: >-
Type of merchant being onboarded. Determines compliance requirements
during onboarding.
LICENSED_TPP_SOLE_TRADERIndividually
operated business Licensed by
TPP.
LICENSED_TPP_NON_SOLE_TRADERPublicly listed
company. May require Signatories depending on sub-TPP type.
TOKEN_LICENSED_NON_SOLE_TRADER_PUBLICPublicly listed company.
May require Signatories depending on sub-TPP
type.
TOKEN_LICENSED_NON_SOLE_TRADER_PRIVATEPrivately
held company. UBOs, Directors, and Signatories will be required
depending on sub-TPP type.
example: TOKEN_LICENSED_NON_SOLE_TRADER_PRIVATE
enum:
- TOKEN_LICENSED_NON_SOLE_TRADER_PRIVATE
mccSubType:
type: string
description: >-
Merchant Category Code Subtype, for certain industry this field
needs to be provided.
ubos:
type: array
items:
$ref: '#/components/schemas/member.PersonDetail'
directors:
type: array
items:
$ref: '#/components/schemas/member.PersonDetail'
signatories:
type: array
items:
$ref: '#/components/schemas/member.PersonDetail'
description: Contains information about the merchant member.
member.TokenLicensedSoleTraderMerchant:
type: object
required:
- merchantJurisdiction
- legalEntityName
- primaryUseCase
- soleTrader
- iban
properties:
merchantJurisdiction:
type: string
description: >-
The 'merchantJurisdiction' field specifies the jurisdiction in which
the merchant operates. Previously, this field was referred to as the
'domicile country'.
example: DE
legalEntityName:
type: string
description: Full name of the merchant legal entity.
example: Test Merchant Entity Name
companyRegistrationNumber:
type: string
description: Company registration number of merchant legal entity.
example: '123456789'
primaryUseCase:
type: string
description: >-
Merchant primary use case. Possible values include: AIS: Accounting
package integration, AIS: Cash flow management, AIS: Credit risk
analysis, AIS: Customer onboarding / verification, AIS: Personal
finance management, PIS: eCommerce merchant payment, PIS: Funding an
account, PIS: In store merchant payment, PIS: Paying a bill, PIS:
Paying off debt
example: 'AIS: Accounting package integration'
iban:
type: string
description: >-
The IBAN of the bank where the payments are settled. The IBAN used
will depend on the specific setup for each TPP/sub-TPP. For
example, this will be:
The sub-TPP's IBAN for cases where
settlement is to the merchant.
The TPP's IBAN when the
sub-TPP settles directly with the TPP.
A proxy for
jurisdictions involved in the transaction.
Token.io checks
the jurisdiction of the bank account and, where possible, confirms
that the name on the account is valid; this name can be either the
client's or the merchant's. You must use a valid IBAN if you're
testing in Sandbox.
example: DE0000000000000000000
bic:
type: string
description: >-
BIC of merchant’s recipient bank account. You must use a valid IBAN
if you're testing in sandbox.
example: BOFIIE2D
merchantType:
type: string
description: >-
Type of merchant being onboarded. Determines compliance requirements
during onboarding.
LICENSED_TPP_SOLE_TRADERIndividually
operated business Licensed by
TPP.
LICENSED_TPP_NON_SOLE_TRADERPublicly listed
company. May require Signatories depending on sub-TPP type.
TOKEN_LICENSED_NON_SOLE_TRADER_PUBLICPublicly listed company.
May require Signatories depending on sub-TPP
type.
TOKEN_LICENSED_NON_SOLE_TRADER_PRIVATEPrivately
held company. UBOs, Directors, and Signatories will be required
depending on sub-TPP type.
example: TOKEN_LICENSED_SOLE_TRADER
enum:
- TOKEN_LICENSED_SOLE_TRADER
mccSubType:
type: string
description: >-
Merchant Category Code Subtype, for certain industry this field
needs to be provided.
soleTrader:
$ref: '#/components/schemas/member.PersonDetail'
member.LicensedTppNonSoleTraderMerchant:
type: object
required:
- merchantJurisdiction
- legalEntityName
- companyRegistrationNumber
- primaryUseCase
- iban
properties:
merchantJurisdiction:
type: string
description: >-
The 'merchantJurisdiction' field specifies the jurisdiction in which
the merchant operates. Previously, this field was referred to as the
'domicile country'.
example: DE
legalEntityName:
type: string
description: Full name of the merchant legal entity.
example: Test Merchant Entity Name
companyRegistrationNumber:
type: string
description: Company registration number of merchant legal entity.
example: '123456789'
primaryUseCase:
type: string
description: >-
Merchant primary use case. Possible values include: AIS: Accounting
package integration, AIS: Cash flow management, AIS: Credit risk
analysis, AIS: Customer onboarding / verification, AIS: Personal
finance management, PIS: eCommerce merchant payment, PIS: Funding an
account, PIS: In store merchant payment, PIS: Paying a bill, PIS:
Paying off debt
example: 'AIS: Accounting package integration'
iban:
type: string
description: >-
The IBAN of the bank where the payments are settled. The IBAN used
will depend on the specific setup for each TPP/sub-TPP. For
example, this will be:
The sub-TPP's IBAN for cases where
settlement is to the merchant.
The TPP's IBAN when the
sub-TPP settles directly with the TPP.
A proxy for
jurisdictions involved in the transaction.
Token.io checks
the jurisdiction of the bank account and, where possible, confirms
that the name on the account is valid; this name can be either the
client's or the merchant's. You must use a valid IBAN if you're
testing in Sandbox.
example: DE0000000000000000000
bic:
type: string
description: >-
BIC of merchant’s recipient bank account. You must use a valid IBAN
if you're testing in sandbox.
example: BOFIIE2D
merchantType:
type: string
description: >-
Type of merchant being onboarded. Determines compliance requirements
during onboarding.
LICENSED_TPP_SOLE_TRADERIndividually
operated business Licensed by
TPP.
LICENSED_TPP_NON_SOLE_TRADERPublicly listed
company. May require Signatories depending on sub-TPP type.
TOKEN_LICENSED_NON_SOLE_TRADER_PUBLICPublicly listed company.
May require Signatories depending on sub-TPP
type.
TOKEN_LICENSED_NON_SOLE_TRADER_PRIVATEPrivately
held company. UBOs, Directors, and Signatories will be required
depending on sub-TPP type.
example: LICENSED_TPP_NON_SOLE_TRADER
enum:
- LICENSED_TPP_NON_SOLE_TRADER
mccSubType:
type: string
description: >-
Merchant Category Code Subtype, for certain industry this field
needs to be provided.
description: Contains information about the merchant member.
member.LicensedTppSoleTraderMerchant:
type: object
required:
- merchantJurisdiction
- legalEntityName
- companyRegistrationNumber
- primaryUseCase
- iban
properties:
merchantJurisdiction:
type: string
description: >-
The 'merchantJurisdiction' field specifies the jurisdiction in which
the merchant operates. Previously, this field was referred to as the
'domicile country'.
example: DE
legalEntityName:
type: string
description: Full name of the merchant legal entity.
example: Test Merchant Entity Name
companyRegistrationNumber:
type: string
description: Company registration number of merchant legal entity.
example: '123456789'
primaryUseCase:
type: string
description: >-
Merchant primary use case. Possible values include: AIS: Accounting
package integration, AIS: Cash flow management, AIS: Credit risk
analysis, AIS: Customer onboarding / verification, AIS: Personal
finance management, PIS: eCommerce merchant payment, PIS: Funding an
account, PIS: In store merchant payment, PIS: Paying a bill, PIS:
Paying off debt
example: 'AIS: Accounting package integration'
iban:
type: string
description: >-
The IBAN of the bank where the payments are settled. The IBAN used
will depend on the specific setup for each TPP/sub-TPP. For
example, this will be:
The sub-TPP's IBAN for cases where
settlement is to the merchant.
The TPP's IBAN when the
sub-TPP settles directly with the TPP.
A proxy for
jurisdictions involved in the transaction.
Token.io checks
the jurisdiction of the bank account and, where possible, confirms
that the name on the account is valid; this name can be either the
client's or the merchant's. You must use a valid IBAN if you're
testing in Sandbox.
example: DE0000000000000000000
bic:
type: string
description: >-
BIC of merchant’s recipient bank account. You must use a valid IBAN
if you're testing in sandbox.
example: BOFIIE2D
merchantType:
type: string
description: >-
Type of merchant being onboarded. Determines compliance requirements
during onboarding.
LICENSED_TPP_SOLE_TRADERIndividually
operated business Licensed by
TPP.
LICENSED_TPP_NON_SOLE_TRADERPublicly listed
company. May require Signatories depending on sub-TPP type.
TOKEN_LICENSED_NON_SOLE_TRADER_PUBLICPublicly listed company.
May require Signatories depending on sub-TPP
type.
TOKEN_LICENSED_NON_SOLE_TRADER_PRIVATEPrivately
held company. UBOs, Directors, and Signatories will be required
depending on sub-TPP type.
example: LICENSED_TPP_SOLE_TRADER
enum:
- LICENSED_TPP_SOLE_TRADER
mccSubType:
type: string
description: >-
Merchant Category Code Subtype, for certain industry this field
needs to be provided.
description: Contains information about the merchant member.
member.TokenLicensedNonSoleTraderPublicMerchantGB:
type: object
required:
- merchantJurisdiction
- legalEntityName
- companyRegistrationNumber
- primaryUseCase
- iban
properties:
merchantJurisdiction:
type: string
description: >-
The 'merchantJurisdiction' field specifies the jurisdiction in which
the merchant operates. Previously, this field was referred to as the
'domicile country'.
example: GB
legalEntityName:
type: string
description: Full name of the merchant legal entity.
example: Test Merchant Entity Name
companyRegistrationNumber:
type: string
description: Company registration number of merchant legal entity.
example: '123456789'
primaryUseCase:
type: string
description: >-
Merchant primary use case. Possible values include: AIS: Accounting
package integration, AIS: Cash flow management, AIS: Credit risk
analysis, AIS: Customer onboarding / verification, AIS: Personal
finance management, PIS: eCommerce merchant payment, PIS: Funding an
account, PIS: In store merchant payment, PIS: Paying a bill, PIS:
Paying off debt
example: 'AIS: Accounting package integration'
accountNumber:
type: string
description: The unique identifier for the bank account in the UK or Ireland.
example: '12345678'
sortCode:
type: string
description: >-
The number assigned to a branch of a bank, typically containing six
digits and most commonly used in the UK and Ireland.
example: '123456'
merchantType:
type: string
description: >-
Type of merchant being onboarded. Determines compliance requirements
during onboarding.
LICENSED_TPP_SOLE_TRADERIndividually
operated business Licensed by
TPP.
LICENSED_TPP_NON_SOLE_TRADERPublicly listed
company. May require Signatories depending on sub-TPP type.
TOKEN_LICENSED_NON_SOLE_TRADER_PUBLICPublicly listed company.
May require Signatories depending on sub-TPP
type.
TOKEN_LICENSED_NON_SOLE_TRADER_PRIVATEPrivately
held company. UBOs, Directors, and Signatories will be required
depending on sub-TPP type.
example: TOKEN_LICENSED_NON_SOLE_TRADER_PUBLIC
enum:
- TOKEN_LICENSED_NON_SOLE_TRADER_PUBLIC
mccSubType:
type: string
description: >-
Merchant Category Code Subtype, for certain industry this field
needs to be provided.
description: Contains information about the merchant member.
member.TokenLicensedNonSoleTraderPrivateMerchantGB:
type: object
required:
- merchantJurisdiction
- legalEntityName
- companyRegistrationNumber
- primaryUseCase
- accountNumber
- sortCode
- ubos
- directors
properties:
merchantJurisdiction:
type: string
description: >-
The 'merchantJurisdiction' field specifies the jurisdiction in which
the merchant operates. Previously, this field was referred to as the
'domicile country'.
example: GB
legalEntityName:
type: string
description: Full name of the merchant legal entity.
example: Test Merchant Entity Name
companyRegistrationNumber:
type: string
description: Company registration number of merchant legal entity.
example: '123456789'
primaryUseCase:
type: string
description: >-
Merchant primary use case. Possible values include: AIS: Accounting
package integration, AIS: Cash flow management, AIS: Credit risk
analysis, AIS: Customer onboarding / verification, AIS: Personal
finance management, PIS: eCommerce merchant payment, PIS: Funding an
account, PIS: In store merchant payment, PIS: Paying a bill, PIS:
Paying off debt
example: 'AIS: Accounting package integration'
accountNumber:
type: string
description: The unique identifier for the bank account in the UK or Ireland.
example: '12345678'
sortCode:
type: string
description: >-
The number assigned to a branch of a bank, typically containing six
digits and most commonly used in the UK and Ireland.
example: '123456'
merchantType:
type: string
description: >-
Type of merchant being onboarded. Determines compliance requirements
during onboarding.
LICENSED_TPP_SOLE_TRADERIndividually
operated business Licensed by
TPP.
LICENSED_TPP_NON_SOLE_TRADERPublicly listed
company. May require Signatories depending on sub-TPP type.
TOKEN_LICENSED_NON_SOLE_TRADER_PUBLICPublicly listed company.
May require Signatories depending on sub-TPP
type.
TOKEN_LICENSED_NON_SOLE_TRADER_PRIVATEPrivately
held company. UBOs, Directors, and Signatories will be required
depending on sub-TPP type.
example: TOKEN_LICENSED_NON_SOLE_TRADER_PRIVATE
enum:
- TOKEN_LICENSED_NON_SOLE_TRADER_PRIVATE
mccSubType:
type: string
description: >-
Merchant Category Code Subtype, for certain industry this field
needs to be provided.
ubos:
type: array
items:
$ref: '#/components/schemas/member.PersonDetail'
directors:
type: array
items:
$ref: '#/components/schemas/member.PersonDetail'
description: Contains information about the merchant member.
member.TokenLicensedSoleTraderMerchantGB:
type: object
required:
- merchantJurisdiction
- legalEntityName
- primaryUseCase
- soleTrader
- accountNumber
- sortCode
properties:
merchantJurisdiction:
type: string
description: >-
The 'merchantJurisdiction' field specifies the jurisdiction in which
the merchant operates. Previously, this field was referred to as the
'domicile country'.
example: GB
legalEntityName:
type: string
description: Full name of the merchant legal entity.
example: Test Merchant Entity Name
companyRegistrationNumber:
type: string
description: Company registration number of merchant legal entity.
example: '123456789'
primaryUseCase:
type: string
description: >-
Merchant primary use case. Possible values include: AIS: Accounting
package integration, AIS: Cash flow management, AIS: Credit risk
analysis, AIS: Customer onboarding / verification, AIS: Personal
finance management, PIS: eCommerce merchant payment, PIS: Funding an
account, PIS: In store merchant payment, PIS: Paying a bill, PIS:
Paying off debt
example: 'AIS: Accounting package integration'
accountNumber:
type: string
description: The unique identifier for the bank account in the UK or Ireland.
example: '12345678'
sortCode:
type: string
description: >-
The number assigned to a branch of a bank, typically containing six
digits and most commonly used in the UK and Ireland.
example: '123456'
merchantType:
type: string
description: >-
Type of merchant being onboarded. Determines compliance requirements
during onboarding.
LICENSED_TPP_SOLE_TRADERIndividually
operated business Licensed by
TPP.
LICENSED_TPP_NON_SOLE_TRADERPublicly listed
company. May require Signatories depending on sub-TPP type.
TOKEN_LICENSED_NON_SOLE_TRADER_PUBLICPublicly listed company.
May require Signatories depending on sub-TPP
type.
TOKEN_LICENSED_NON_SOLE_TRADER_PRIVATEPrivately
held company. UBOs, Directors, and Signatories will be required
depending on sub-TPP type.
example: TOKEN_LICENSED_SOLE_TRADER
enum:
- TOKEN_LICENSED_SOLE_TRADER
mccSubType:
type: string
description: >-
Merchant Category Code Subtype, for certain industry this field
needs to be provided.
soleTrader:
$ref: '#/components/schemas/member.PersonDetail'
member.LicensedTppNonSoleTraderMerchantGB:
type: object
required:
- merchantJurisdiction
- legalEntityName
- companyRegistrationNumber
- primaryUseCase
- accountNumber
- sortCode
properties:
merchantJurisdiction:
type: string
description: >-
The 'merchantJurisdiction' field specifies the jurisdiction in which
the merchant operates. Previously, this field was referred to as the
'domicile country'.
example: GB
legalEntityName:
type: string
description: Full name of the merchant legal entity.
example: Test Merchant Entity Name
companyRegistrationNumber:
type: string
description: Company registration number of merchant legal entity.
example: '123456789'
primaryUseCase:
type: string
description: >-
Merchant primary use case. Possible values include: AIS: Accounting
package integration, AIS: Cash flow management, AIS: Credit risk
analysis, AIS: Customer onboarding / verification, AIS: Personal
finance management, PIS: eCommerce merchant payment, PIS: Funding an
account, PIS: In store merchant payment, PIS: Paying a bill, PIS:
Paying off debt
example: 'AIS: Accounting package integration'
accountNumber:
type: string
description: The unique identifier for the bank account in the UK or Ireland.
example: '12345678'
sortCode:
type: string
description: >-
The number assigned to a branch of a bank, typically containing six
digits and most commonly used in the UK and Ireland.
example: '123456'
merchantType:
type: string
description: >-
Type of merchant being onboarded. Determines compliance requirements
during onboarding.
LICENSED_TPP_SOLE_TRADERIndividually
operated business Licensed by
TPP.
LICENSED_TPP_NON_SOLE_TRADERPublicly listed
company. May require Signatories depending on sub-TPP type.
TOKEN_LICENSED_NON_SOLE_TRADER_PUBLICPublicly listed company.
May require Signatories depending on sub-TPP
type.
TOKEN_LICENSED_NON_SOLE_TRADER_PRIVATEPrivately
held company. UBOs, Directors, and Signatories will be required
depending on sub-TPP type.
example: LICENSED_TPP_NON_SOLE_TRADER
enum:
- LICENSED_TPP_NON_SOLE_TRADER
mccSubType:
type: string
description: >-
Merchant Category Code Subtype, for certain industry this field
needs to be provided.
description: Contains information about the merchant member.
member.LicensedTppSoleTraderMerchantGB:
type: object
required:
- merchantJurisdiction
- legalEntityName
- companyRegistrationNumber
- primaryUseCase
- accountNumber
- sortCode
properties:
merchantJurisdiction:
type: string
description: >-
The 'merchantJurisdiction' field specifies the jurisdiction in which
the merchant operates. Previously, this field was referred to as the
'domicile country'.
example: GB
legalEntityName:
type: string
description: Full name of the merchant legal entity.
example: Test Merchant Entity Name
companyRegistrationNumber:
type: string
description: Company registration number of merchant legal entity.
example: '123456789'
primaryUseCase:
type: string
description: >-
Merchant primary use case. Possible values include: AIS: Accounting
package integration, AIS: Cash flow management, AIS: Credit risk
analysis, AIS: Customer onboarding / verification, AIS: Personal
finance management, PIS: eCommerce merchant payment, PIS: Funding an
account, PIS: In store merchant payment, PIS: Paying a bill, PIS:
Paying off debt
example: 'AIS: Accounting package integration'
accountNumber:
type: string
description: The unique identifier for the bank account in the UK or Ireland.
example: '12345678'
sortCode:
type: string
description: >-
The number assigned to a branch of a bank, typically containing six
digits and most commonly used in the UK and Ireland.
example: '123456'
merchantType:
type: string
description: >-
Type of merchant being onboarded. Determines compliance requirements
during onboarding.
LICENSED_TPP_SOLE_TRADERIndividually
operated business Licensed by
TPP.
LICENSED_TPP_NON_SOLE_TRADERPublicly listed
company. May require Signatories depending on sub-TPP type.
TOKEN_LICENSED_NON_SOLE_TRADER_PUBLICPublicly listed company.
May require Signatories depending on sub-TPP
type.
TOKEN_LICENSED_NON_SOLE_TRADER_PRIVATEPrivately
held company. UBOs, Directors, and Signatories will be required
depending on sub-TPP type.
example: LICENSED_TPP_SOLE_TRADER
enum:
- LICENSED_TPP_SOLE_TRADER
mccSubType:
type: string
description: >-
Merchant Category Code Subtype, for certain industry this field
needs to be provided.
description: Contains information about the merchant member.
member.Merchant:
type: object
required:
- merchantJurisdiction
- legalEntityName
- companyRegistrationNumber
- industry
- primaryUseCase
- iban
properties:
merchantJurisdiction:
type: string
description: >-
The 'merchantJurisdiction' field specifies the jurisdiction in which
the merchant operates. Previously, this field was referred to as the
'domicile country'.
example: DE
legalEntityName:
type: string
description: Full name of the merchant legal entity.
example: Test Merchant Entity Name
companyRegistrationNumber:
type: string
description: Company registration number of merchant legal entity.
example: '123456789'
primaryUseCase:
type: string
description: >-
Merchant primary use case. Possible values include: AIS: Accounting
package integration, AIS: Cash flow management, AIS: Credit risk
analysis, AIS: Customer onboarding / verification, AIS: Personal
finance management, PIS: eCommerce merchant payment, PIS: Funding an
account, PIS: In store merchant payment, PIS: Paying a bill, PIS:
Paying off debt
example: 'AIS: Accounting package integration'
iban:
type: string
description: >-
The IBAN of the bank where the payments are settled. The IBAN used
will depend on the specific setup for each TPP/sub-TPP. For
example, this will be:
The sub-TPP's IBAN for cases where
settlement is to the merchant.
The TPP's IBAN when the
sub-TPP settles directly with the TPP.
A proxy for
jurisdictions involved in the transaction.
Token.io checks
the jurisdiction of the bank account and, where possible, confirms
that the name on the account is valid; this name can be either the
client's or the merchant's. You must use a valid IBAN if you're
testing in Sandbox.
example: DE0000000000000000000
bic:
type: string
description: >-
BIC of merchant’s recipient bank account. You must use a valid IBAN
if you're testing in sandbox.
example: BOFIIE2D
description: Contains information about the merchant member.
member.MerchantGB:
type: object
required:
- merchantJurisdiction
- legalEntityName
- companyRegistrationNumber
- industry
- primaryUseCase
- accountNumber
- sortCode
properties:
merchantJurisdiction:
type: string
description: >-
The 'merchantJurisdiction' field specifies the jurisdiction in which
the merchant operates. Previously, this field was referred to as the
'domicile country'.
example: GB
legalEntityName:
type: string
description: Full name of the merchant legal entity.
example: Test Merchant Entity Name
companyRegistrationNumber:
type: string
description: Company registration number of merchant legal entity.
example: '123456789'
primaryUseCase:
type: string
description: >-
Merchant primary use case. Possible values include: AIS: Accounting
package integration, AIS: Cash flow management, AIS: Credit risk
analysis, AIS: Customer onboarding / verification, AIS: Personal
finance management, PIS: eCommerce merchant payment, PIS: Funding an
account, PIS: In store merchant payment, PIS: Paying a bill, PIS:
Paying off debt
example: 'AIS: Accounting package integration'
accountNumber:
type: string
description: The unique identifier for the bank account in the UK or Ireland.
example: '12345678'
sortCode:
type: string
description: >-
The number assigned to a branch of a bank, typically containing six
digits and most commonly used in the UK and Ireland.
example: '123456'
description: Contains information about the merchant member.
member.PersonDetail:
type: object
properties:
fullName:
type: string
description: Full name.
example: John Smith
address:
type: string
description: Personal Address Details.
example: 110 Long Lane, ....
dateOfBirth:
type: string
description: Date of Birth in ISO format (YYYY-MM-DD).
example: '2001-01-01'
description: >-
Contains personal details of a Sole Trader, Ubos, Directors, or
Signatories.
member.SubTpp:
type: object
properties:
childSubTppIds:
type: array
description: The list of sub-TPP ids returned.
items:
type: string
example: >-
["8d54f066-c14a-47c0-b58b-fec6b0ed6b4c","3d46h823-g02s-20m5-k19c-kes4ekkc2p5x","0c55fwgs-s1e2-dloa-0j36-sat2b9kw4s8g"]
createdAt:
type: string
description: >-
Represents the creation date for the sub-TPP, in ISO 8601 format.
format: string
example: '2022-09-22T17:00:00.000Z'
domain:
type: string
description: >-
The fully qualified domain name of the sub-TPP, also referred to as
an absolute domain name. This specifies an exact location in the
tree hierarchy of the Domain Name System (DNS). It must include all
domain levels, including the top-level domain and the root zone.
example: somehost.example.com
id:
type: string
description: >-
The Token.io-generated `subTPPId` used by the reseller as
`actingAs.refId` in token requests to identify the sub-TPP.
example: 8d54f066-c14a-47c0-b58b-fec6b0ed6b4c
logo:
pattern: ^(?:[A-Za-z0-9+/]{4})*(?:[A-Za-z0-9+/]{2}==|[A-Za-z0-9+/]{3}=)?$
type: string
description: >-
Specifies the image file containing the sub-TPP's logo as a byte
array. Click here for the JavaScript `fromCharCode` function
needed to convert the byte array to a UTF-8 string.
format: byte
memberId:
type: string
description: The Token.io-generated member id for the reseller.
example: m:213xyzabc3453434
merchant:
$ref: '#/components/schemas/member.Merchant'
name:
type: string
description: The recognised business name or DBA of the sub-TPP.
example: Sub-TPP Business Ltd
parentSubTppId:
$ref: '#/components/schemas/parentSubTppId'
restrictedCountries:
type: array
description: >-
A list of two-letter country codes in upper case (ISO 3166-1
alpha-2), in which this bank operates.
items:
type: string
example:
- DE
- FR
- GB
status:
$ref: '#/components/schemas/member.SubTpp.Status'
statusReasonInformation:
type: string
description: >-
A human-readable description of the reason for the reported status,
which may include a message from the bank. This value should not
exceed 256 characters in length.
example: This sub-TPP has been activated.
mccCode:
type: string
description: >-
Merchant Category Code is a four-digit number that classifies the
type of goods or service a business offers.
updatedAt:
type: string
description: >-
The string representing the last update for the sub-TPP details, in
ISO 8601 format.
format: string
example: '2022-09-22T17:00:00.000Z'
description: Contains the sub-TPP details.
member.SubTpp.Status:
type: string
example: ACTIVATED
default: INVALID_STATUS
enum:
- INVALID_STATUS
- ACTIVATED
- REJECTED
- AWAITING_APPROVAL
- DEACTIVATED
description: The status of the sub-TPP.
RetrieveSubTppResponse:
type: object
properties:
subTpp:
$ref: '#/components/schemas/member.SubTpp'
RetrieveSubTppsResponse:
type: object
properties:
offset:
type: string
description: The offset of the first item returned in the collection.
example: LerV6Jmex
subTpps:
type: array
description: Contains each sub-TPP member onboarded by the reseller.
items:
$ref: '#/components/schemas/member.SubTpp'
SetWebhookConfigRequest:
type: object
properties:
config:
$ref: '#/components/schemas/Config'
SetWebhookConfigResponse:
type: object
description: No data included or required in the response.
StoreTokenRequestRequest:
type: object
required:
- requestPayload
properties:
requestOptions:
$ref: '#/components/schemas/TokenRequestOptions'
requestPayload:
$ref: '#/components/schemas/TokenRequestPayload'
description: >-
Specifies the information needed to request a transfer, standing order
or access token.
StoreTokenRequestResponse:
type: object
properties:
tokenRequest:
$ref: '#/components/schemas/TokenRequest'
RetrieveTokenRequestResponse:
type: object
properties:
tokenRequest:
$ref: '#/components/schemas/TokenRequest'
RefundResponse:
type: object
properties:
refund:
$ref: '#/components/schemas/Refund'
RefundsResponse:
type: object
properties:
refunds:
type: array
items:
$ref: '#/components/schemas/Refund'
paging:
$ref: '#/components/schemas/PagingInfo'
PayoutResponse:
type: object
properties:
payout:
$ref: '#/components/schemas/Payout'
PayoutsResponse:
type: object
properties:
payouts:
type: array
items:
$ref: '#/components/schemas/Payout'
paging:
$ref: '#/components/schemas/PagingInfo'
UploadKeyAndCertificateResponse:
type: object
properties:
keyId:
type: string
description: The unique identifier for the key.
example: XXXXXXX
PagingInfo:
type: object
properties:
limit:
type: integer
description: >-
The limit (maximum number of records to return) that was sent in the
request. If the actual number of returned records is less then the
limit, there are no more records left to fetch. The maximum
allowed limit is 200. If the passed limit is bigger than this, it
will be set to 200.
format: int32
offset:
type: string
description: Offset for the next page.
example: LerV6Jmex
Amount:
description: The transaction amount and currency.
required:
- currency
- value
type: object
properties:
value:
type: string
description: >-
The transaction amount with up to four digits after the decimal
point.
example: '10.23'
currency:
type: string
description: >-
The ISO 4217 three letter currency code.
example: EUR
RefundDebtorInformation:
description: The debtor information. Account information (one of) is required.
allOf:
- oneOf:
- $ref: '#/components/schemas/SepaAccount'
- $ref: '#/components/schemas/FasterPaymentsAccount'
- type: object
properties:
name:
type: string
description: The owner name for the debtor account.
example: John Smith
ultimateDebtorName:
type: string
description: The ultimate debtor name.
example: John Smith
address:
$ref: '#/components/schemas/Address'
Address:
type: object
properties:
addressLine:
type: array
items:
type: string
example: The Coach House
streetName:
type: string
description: Street number
example: 221B
buildingNumber:
type: string
description: Building number
example: 2C
postCode:
type: string
description: Post Code
example: TR26 1EZ
townName:
type: string
description: Town name
example: Saint Ives
state:
type: string
description: State
example: Cornwall
district:
type: string
description: The district.
country:
type: string
description: Two-letter country code in upper case (ISO 3166-1 alpha-2).
example: GB
description: Address
SepaAccount:
title: SepaAccount
required:
- iban
type: object
properties:
iban:
type: string
description: >-
The International Bank Account Number, used when sending interbank
transfers or wiring money from one bank to another, especially
across international borders. It consists of a two-letter country
code followed by two check digits and up to thirty-five alphanumeric
characters.
example: GB29NWBK60161331926819
bic:
type: string
description: >-
The Business Identifier Code (BIC), ISO
9362, is the address assigned to a bank in order to send
automated payments quickly and accurately to the banks concerned. It
uniquely identifies the name and country, (and sometimes the branch)
of the bank involved. BICs can be either 8 or 11 characters long.
example: BOFIIE2D
description: SEPA account details where the iban is required and the bic is optional.
SepaInstantAccount:
title: SepaInstantAccount
required:
- iban
type: object
properties:
iban:
type: string
description: >-
The International Bank Account Number, used when sending interbank
transfers or wiring money from one bank to another, especially
across international borders. It consists of a two-letter country
code followed by two check digits and up to thirty-five alphanumeric
characters.
example: GB29NWBK60161331926819
bic:
type: string
description: >-
The Business Identifier Code (BIC), ISO
9362, is the address assigned to a bank in order to send
automated payments quickly and accurately to the banks concerned. It
uniquely identifies the name and country, (and sometimes the branch)
of the bank involved. BICs can be either 8 or 11 characters long.
example: BOFIIE2D
description: >-
SEPA Instant account details where the iban is required and the bic is
optional.
FasterPaymentsAccount:
title: FasterPaymentsAccount
required:
- accountNumber
- sortCode
type: object
properties:
accountNumber:
type: string
description: The unique identifier for the bank account in the UK or Ireland.
example: '12345678'
sortCode:
type: string
description: >-
The number assigned to a branch of a bank, typically containing six
digits and most commonly used in the UK and Ireland.
example: '123456'
description: >-
A UK or Irish account where the sort code and account number are
required.
ElixirAccountDebtor:
title: ElixirAccount
oneOf:
- $ref: '#/components/schemas/PLIbanAccount'
description: The Elixir debtor account details.
ElixirAccountCreditor:
title: ElixirAccount
oneOf:
- $ref: '#/components/schemas/PLAccount'
- $ref: '#/components/schemas/PLIbanAccount'
description: The Elixir creditor account details.
PLAccount:
title: PLAccount
required:
- accountNumber
type: object
properties:
accountNumber:
type: string
description: The payee's Elixir-registered bank account number.
example: FRAX82783423
bic:
type: string
description: >-
The Business Identifier Code (BIC), ISO
9362, is the address assigned to a bank in order to send
automated payments quickly and accurately to the banks concerned. It
uniquely identifies the name and country, (and sometimes the branch)
of the bank involved. BICs can be either 8 or 11 characters long.
example: BOFIIE2D
description: >-
Polish account details where the account number is required and the bic
is optional.
PLIbanAccount:
title: PLIbanAccount
required:
- iban
type: object
properties:
iban:
type: string
description: >-
The International Bank Account Number, used when sending interbank
transfers or wiring money from one bank to another, especially
across international borders. It consists of a two-letter country
code followed by two check digits and up to thirty-five alphanumeric
characters.
example: GB29NWBK60161331926819
bic:
type: string
description: >-
The Business Identifier Code (BIC), ISO
9362, is the SWIFT Address assigned to a bank in order to send
automated payments quickly and accurately to the banks concerned. It
uniquely identifies the name and country, (and sometimes the branch)
of the bank involved. BICs are often called SWIFT Codes and can be
either 8 or 11 characters long."
example: BOFIIE2D
description: >-
Polish account details where the iban is required and the bic is
optional.
EUDomesticNonEuroAccountDebtor:
title: EUDomesticNonEuroAccount
oneOf:
- $ref: '#/components/schemas/EUIbanAccount'
- $ref: '#/components/schemas/BbanAccount'
- $ref: '#/components/schemas/ClearingNumberAccount'
description: >-
The payment system within a European country using that country's
non-Euro domestic currency. An IBAN account will require an iban and an
optional bic, a BBAN account will require a bban and an optional bic, a
Clearing Number account will require a bban and a clearingNumber.
EUDomesticNonEuroInstantAccountDebtor:
title: EUDomesticNonEuroInstantAccount
oneOf:
- $ref: '#/components/schemas/EUIbanAccount'
- $ref: '#/components/schemas/BbanAccount'
- $ref: '#/components/schemas/ClearingNumberAccount'
description: >-
The instant payment system within a European country using that
country's non-Euro domestic currency. An IBAN account will require an
iban and an optional bic, a BBAN account will require a bban and an
optional bic, a Clearing Number account will require a bban and a
clearingNumber.
EUDomesticNonEuroAccountCreditor:
title: EUDomesticNonEuroAccount
oneOf:
- $ref: '#/components/schemas/EUIbanAccount'
- $ref: '#/components/schemas/BbanAccount'
- $ref: '#/components/schemas/ClearingNumberAccount'
- $ref: '#/components/schemas/SENoBankIdCreditorAccount'
description: >-
The payment system within a European country using that country's
non-Euro domestic currency. An IBAN account will require an `iban` and
an optional `bic`, a BBAN account will require a `bban` and an optional
`bic`, a Clearing Number account will require a `bban` and a
`clearingNumber`. A SENoBankId account, where the currency is SEK or
NOK, will require an `iban` and `bban` with an optional `bic` and/or
`clearingNumber`. This option is only available for an HP flow that
doesn't have a preselected `bankId`.
EUDomesticNonEuroInstantAccountCreditor:
title: EUDomesticNonEuroInstantAccount
oneOf:
- $ref: '#/components/schemas/EUIbanAccount'
- $ref: '#/components/schemas/BbanAccount'
- $ref: '#/components/schemas/ClearingNumberAccount'
- $ref: '#/components/schemas/SENoBankIdCreditorAccount'
description: >-
The instant payment system within a European country using that
country's non-Euro domestic currency. An IBAN account will require an
`iban` and an optional `bic`, a BBAN account will require a `bban` and
an optional `bic`, a Clearing Number account will require a `bban` and a
`clearingNumber`. A SENoBankId account, where the currency is SEK or
NOK, will require an `iban` and `bban` with an optional `bic` and/or
`clearingNumber`. This option is only available for an HP flow that
doesn't have a preselected `bankId`.
EUIbanAccount:
title: EUIbanAccount
required:
- iban
type: object
properties:
iban:
type: string
description: >-
The International Bank Account Number, used when sending interbank
transfers or wiring money from one bank to another, especially
across international borders. It consists of a two-letter country
code followed by two check digits and up to thirty-five alphanumeric
characters.
example: GB29NWBK60161331926819
bic:
type: string
description: >-
The Business Identifier Code (BIC), ISO
9362, is the SWIFT Address assigned to a bank in order to send
automated payments quickly and accurately to the banks concerned. It
uniquely identifies the name and country, (and sometimes the branch)
of the bank involved. BICs are often called SWIFT Codes and can be
either 8 or 11 characters long."
example: BOFIIE2D
description: Account details where the iban is required and the bic is optional.
BbanAccount:
title: BbanAccount
required:
- bban
type: object
properties:
bban:
type: string
description: >-
Represents a country-specific bank account number. The BBAN is the
last part of the IBAN when used for international funds transfers.
Every country has its own specific BBAN format and length. At
present, there is no common EU or other standard unifying the BBAN.
This is why IBAN was introduced to standardise international bank
transfers.
example: NWBK60161331926819
bic:
type: string
description: >-
The Business Identifier Code (BIC), ISO
9362, is the SWIFT Address assigned to a bank in order to send
automated payments quickly and accurately to the banks concerned. It
uniquely identifies the name and country, (and sometimes the branch)
of the bank involved. BICs are often called SWIFT Codes and can be
either 8 or 11 characters long."
example: BOFIIE2D
description: Account details where the bban is required and the bic is optional.
ClearingNumberAccount:
title: ClearingNumberAccount
required:
- bban
type: object
properties:
bban:
type: string
description: >-
Represents a country-specific bank account number. The BBAN is the
last part of the IBAN when used for international funds transfers.
Every country has its own specific BBAN format and length. At
present, there is no common EU or other standard unifying the BBAN.
This is why IBAN was introduced to standardise international bank
transfers.
example: NWBK60161331926819
clearingNumber:
type: string
description: >-
The bank clearing number or BC number is a number used for the
identification of financial institutions in Switzerland and
Liechtenstein. Bank clearing numbers are connected to the Swiss
Interbank Clearing and the EuroSIC system.
example: 87654321
description: >-
Account details where the bban is required and the clearing number is
optional.
SENoBankIdAccount:
title: SENoBankIdAccount
required:
- iban
- bban
type: object
properties:
iban:
type: string
description: >-
The International Bank Account Number, used when sending interbank
transfers or wiring money from one bank to another, especially
across international borders. It consists of a two-letter country
code followed by two check digits and up to thirty-five alphanumeric
characters.
example: GB29NWBK60161331926819
bban:
type: string
description: >-
Represents a country-specific bank account number. The BBAN is the
last part of the IBAN when used for international funds transfers.
Every country has its own specific BBAN format and length. At
present, there is no common EU or other standard unifying the BBAN.
This is why IBAN was introduced to standardise international bank
transfers.
example: NWBK60161331926819
bic:
type: string
description: >-
The Business Identifier Code (BIC), ISO
9362, is the SWIFT Address assigned to a bank in order to send
automated payments quickly and accurately to the banks concerned. It
uniquely identifies the name and country, (and sometimes the branch)
of the bank involved. BICs are often called SWIFT Codes and can be
either 8 or 11 characters long."
example: BOFIIE2D
clearingNumber:
type: string
description: >-
The bank clearing number or BC number is a number used for the
identification of financial institutions in Switzerland and
Liechtenstein. Bank clearing numbers are connected to the Swiss
Interbank Clearing and the EuroSIC system.
example: 87654321
description: >-
Account details where the iban and bban are required and the bic and
clearing number are optional. This is ONLY allowed for an HP flow if
there is no `bankId` provided in the initiation AND the currency is SEK
or NOK.
SENoBankIdCreditorAccount:
title: SENoBankIdCreditorAccount
required:
- iban
- bban
type: object
properties:
iban:
type: string
description: >-
The International Bank Account Number, used when sending interbank
transfers or wiring money from one bank to another, especially
across international borders. It consists of a two-letter country
code followed by two check digits and up to thirty-five alphanumeric
characters.
example: GB29NWBK60161331926819
bban:
type: string
description: >-
Represents a country-specific bank account number. The BBAN is the
last part of the IBAN when used for international funds transfers.
Every country has its own specific BBAN format and length. At
present, there is no common EU or other standard unifying the BBAN.
This is why IBAN was introduced to standardise international bank
transfers.
example: NWBK60161331926819
bic:
type: string
description: >-
The Business Identifier Code (BIC), ISO
9362, is the SWIFT Address assigned to a bank in order to send
automated payments quickly and accurately to the banks concerned. It
uniquely identifies the name and country, (and sometimes the branch)
of the bank involved. BICs are often called SWIFT Codes and can be
either 8 or 11 characters long."
example: BOFIIE2D
clearingNumber:
type: string
description: >-
The bank clearing number or BC number is a number used for the
identification of financial institutions in Switzerland and
Liechtenstein. Bank clearing numbers are connected to the Swiss
Interbank Clearing and the EuroSIC system.
example: 87654321
description: >-
Account details where the iban and bban are required and the bic and
clearing number are optional. This is ONLY allowed for an HP flow if
there is no `bankId` provided in the initiation AND the currency is SEK
or NOK.
BankGiroAccount:
title: BankGiroAccount
required:
- bankgiroNumber
type: object
properties:
bankgiroNumber:
type: string
description: >-
The unique identifier for the bank account in Sweden (known in
Swedish as Bankgironummer), it consists of 7 or 8 digits.
example: '56781234'
bic:
type: string
description: >-
The Business Identifier Code (BIC), ISO
9362, is the address assigned to a bank in order to send
automated payments quickly and accurately to the banks concerned. It
uniquely identifies the name and country, (and sometimes the branch)
of the bank involved. BICs can be either 8 or 11 characters long.
example: BOFIIE2D
description: >-
Account details where the bankgiroNumber is required and the bic is
optional.
PlusGiroAccount:
title: PlusGiroAccount
required:
- plusgiroNumber
type: object
properties:
plusgiroNumber:
type: string
description: >-
The unique identifier for the Swedish money transaction system owned
by Nordea.
example: '67812345'
bic:
type: string
description: >-
The Business Identifier Code (BIC), ISO
9362, is the SWIFT Address assigned to a bank in order to send
automated payments quickly and accurately to the banks concerned. It
uniquely identifies the name and country, (and sometimes the branch)
of the bank involved. BICs are often called SWIFT Codes and can be
either 8 or 11 characters long."
example: BOFIIE2D
description: >-
Account details where the plusgiroNumber is required and the bic is
optional.
VirtualAccountCreditor:
title: VirtualAccount
required:
- virtualAccountId
type: object
properties:
virtualAccountId:
type: string
description: >-
The unique identifier for the settlement account. This field is
mandatory for unregulated TPPs.
example: pa:4TXFcixy9yKfEmhad45Jp6Lb34d1:2gFUX1NEGTG
description: The creditor settlement account details.
CorporateApiDebtorInformation:
description: The debtor information.
required:
- accountId
type: object
properties:
accountId:
type: string
description: The ID for the debtor settlement account.
example: a12345
RefundInitiation:
required:
- amount
- localInstrument
- originalPaymentId
- paymentType
- refId
- description
type: object
properties:
description:
type: string
description: The description of the refund.
example: refund for some reason
refId:
$ref: '#/components/schemas/refId'
amount:
$ref: '#/components/schemas/Amount'
originalPaymentId:
$ref: '#/components/schemas/originalPaymentId'
registrationId:
type: string
description: The registration id.
example: regId
localInstrument:
type: string
description: The bank's payment service to be used for making a payment.
example: SEPA_INSTANT
enum:
- SEPA
- SEPA_INSTANT
- FASTER_PAYMENTS
onBehalfOfId:
type: string
description: >-
The `onBehalfOfId` is validated against the sub-TPP id of the member
before initiating the refund. This field is mandatory for
unregulated TPPs.
example: c5a863bc-86f2-4418-a26f-25b24c7983c7
accountVerificationId:
$ref: '#/components/schemas/AccountVerificationId'
corporateApiDebtor:
$ref: '#/components/schemas/CorporateApiDebtorInformation'
description: The Initiation payload for the refund.
ResolvedRefundInitiation:
required:
- amount
- creditor
- debtor
- localInstrument
- originalPaymentId
- paymentType
- refId
type: object
properties:
description:
type: string
description: The description for the refund.
example: refund for some reason
refId:
$ref: '#/components/schemas/refId'
amount:
$ref: '#/components/schemas/Amount'
originalPaymentId:
$ref: '#/components/schemas/originalPaymentId'
registrationId:
type: string
description: The registraion id.
example: regId
localInstrument:
type: string
description: The bank's payment service to be used for making a payment.
example: SEPA_INSTANT
enum:
- SEPA
- SEPA_INSTANT
- FASTER_PAYMENTS
debtor:
$ref: '#/components/schemas/RefundDebtorInformation'
creditor:
$ref: '#/components/schemas/CreditorInformation'
description: The Initiation payload for the refund.
originalPaymentId:
type: string
description: >-
The original payment id from Token.io payments/transfers. This is
required to initiate a refund. Token.io will check the original payment
for the refund validation.
example: t:sdsds:sdsd
Refund:
required:
- createdDateTime
- id
- memberId
- status
- updatedDateTime
type: object
properties:
id:
type: string
description: Token.io-generated refund id.
example: rf:12345abcd:abcd
bankTransactionId:
type: string
description: >-
The transaction id from the bank side. This can be empty if it is
not available from the bank.
example: 2UhwCZ3BMaEcAUK8bZdukor7NL4tH6TBuu6aJMp5KKfX:5zKcENpV
memberId:
$ref: '#/components/schemas/memberId'
createdDateTime:
type: string
description: >-
The date and time this refund object was created (in ISO 8601 format).
example: '2017-04-05T10:43:07.000+00:00'
updatedDateTime:
type: string
description: >-
The date and time the current status, sub status, status reason
information and authentication were last updated (in ISO 8601 format).
example: '2017-04-05T10:45:07.000+00:00'
status:
$ref: '#/components/schemas/StatusRefund'
bankPaymentStatus:
type: string
description: >-
The raw bank status. This can be the ISO 20022
payment status code. See ISO 20022 payment status codes for more
information. This field can be empty if no payment status is
available on bank side.
example: ACCP
statusReasonInformation:
type: string
description: >-
A human-readable description of the reason for the reported status,
which may include a message from the bank. This value should not
exceed 256 characters in length.
example: The payment is settled on debtor side.
initiation:
$ref: '#/components/schemas/ResolvedRefundInitiation'
description: The refund object.
memberId:
type: string
description: The Token.io-assigned member id of the TPP.
example: m:123456abcd:abcd
StatusRefund:
title: StatusRefund
type: string
description: >-
The Token.io Refund Initiation Status.
INITIATION_PENDING - Token.io has received the refund initiation
and the initiation has passed Token.io's
validation.
INITIATION_PROCESSING - the refund is
processing on the bank side. The status can be updated to one of
`INITIATION_COMPLETED`, `INITIATION_REJECTED` or `INITIATION_FAILED`. If
the status is not updated by the bank within a certain period of time,
the status will remain as `INITIATION_PROCESSING` and the corresponding
status reason information field will reflect
this.
INITIATION_COMPLETED - the refund initiation is
successful. This does not guarantee the refund is
settled.
INITIATION_REJECTED - the refund is rejected by
the bank. More details are shared in the corresponding status reason
information.
INITIATION_FAILED - Token.io failed to
create the initiation as a result of failures on the bank side,
e.g. the bank is not available at the
moment.
INITIATION_NO_FINAL_STATUS_AVAILABLE - The
payment status has not been updated for some time and Token.io has
stopped polling it. The recommended maximum polling time is 30 days. The
status will change to `INITIATION_NO_FINAL_STATUS_AVAILABLE` after 30
days if the bank doesn't update the status. This is a final status, but
it doesn't indicate success or failure. Please contact the bank to check
the actual status of the payment.
example: INITIATION_COMPLETED
default: INITIATION_PENDING
enum:
- INITIATION_PENDING
- INITIATION_PROCESSING
- INITIATION_COMPLETED
- INITIATION_REJECTED
- INITIATION_FAILED
- INITIATION_NO_FINAL_STATUS_AVAILABLE
PayoutInitiation:
required:
- amount
- paymentType
- refId
- debtor
- creditor
- description
type: object
properties:
description:
type: string
description: >-
The payment reference, which must consist of at least 6 alphanumeric
characters that are not all the same. Optional, uncounted characters
include space, hyphen(-), full stop (.), ampersand(&), and forward
slash (/). The total of all characters must be no greater than 18
for SCAN (Sort Code and Account Number) payments and 140 for iban
payments.
example: e49j-2145-sp17-k3h0
refId:
$ref: '#/components/schemas/refId'
onBehalfOfId:
type: string
description: >-
The OnBehalfOfId is validated against the sub-TPP id of the member
before initiating the payout. This field is mandatory for
unregulated TPPs.
example: c5a863bc-86f2-4418-a26f-25b24c7983c7
amount:
$ref: '#/components/schemas/Amount'
debtor:
oneOf:
- $ref: '#/components/schemas/CorporateApiDebtorInformation'
creditor:
$ref: '#/components/schemas/CreditorInformationPayout'
description: The initiation payload for the payout.
ResolvedPayoutInitiation:
required:
- amount
- creditor
- debtor
- paymentType
- refId
type: object
properties:
description:
type: string
description: The description for the payout.
example: payout for some reason
refId:
$ref: '#/components/schemas/refId'
amount:
$ref: '#/components/schemas/Amount'
debtor:
oneOf:
- $ref: '#/components/schemas/CorporateApiDebtorInformation'
creditor:
$ref: '#/components/schemas/CreditorInformationPayout'
description: The Initiation payload for the refund.
CreditorInformationPayout:
type: object
properties:
name:
type: string
description: The owner's name for the creditor account.
example: Customer Inc.
ultimateCreditorName:
type: string
description: The ultimate creditor's name.
example: Customer Inc.
bankName:
type: string
description: The creditor's bank name.
iban:
type: string
description: >-
The International Bank Account Number, used when sending interbank
transfers or wiring money from one bank to another, especially
across international borders. It consists of a two-letter country
code followed by two check digits and up to thirty-five alphanumeric
characters.
example: GB29NWBK60161331926819
bic:
type: string
description: >-
The Business Identifier Code (BIC), ISO
9362, is the address assigned to a bank in order to send
automated payments quickly and accurately to the banks concerned. It
uniquely identifies the name and country, (and sometimes the branch)
of the bank involved. BICs can be either 8 or 11 characters long.
example: BOFIIE2D
accountNumber:
type: string
description: The unique identifier for the bank account in the UK or Ireland.
example: '12345678'
sortCode:
type: string
description: >-
The number assigned to a branch of a bank, typically containing six
digits and most commonly used in the UK and Ireland.
example: 123456
accountVerificationId:
$ref: '#/components/schemas/AccountVerificationId'
description: The payout creditor object.
Payout:
required:
- createdDateTime
- id
- memberId
- status
- updatedDateTime
type: object
properties:
id:
type: string
description: Token.io generated payout id.
example: po:yj6sSEf7ZYFP8yxN6XWi1KkMEcB:2gFUX1NDget
bankTransactionId:
type: string
description: >-
The transaction id from the bank side. This can be empty if it is
not available from the bank.
example: 2UhwCZ3BMaEcAUK8bZdukor7NL4tH6TBuu6aJMp5KKfX:5zKcENpV
memberId:
$ref: '#/components/schemas/memberId'
createdDateTime:
type: string
description: >-
The date and time this payout object was created The time this
payment object was created (in ISO 8601 format).
example: '2017-04-05T10:43:07.000+00:00'
updatedDateTime:
type: string
description: >-
The date and time the current status, sub status, status reason
information and authentication were last updated (in ISO 8601 format).
example: '2017-04-05T10:45:07.000+00:00'
status:
$ref: '#/components/schemas/PayoutStatus'
bankPaymentStatus:
type: string
description: >-
The raw bank status. This can be the ISO 20022
payment status code. See ISO 20022 payment status codes for more
information. This field can be empty if no payment status is
available on bank side.
example: ACPC
statusReasonInformation:
type: string
description: >-
A human-readable description of the reason for the reported status,
which may include a message from the bank. This value should not
exceed 256 characters in length.
example: The payment is settled on debtor side.
initiation:
$ref: '#/components/schemas/ResolvedPayoutInitiation'
description: The payout object.
PayoutStatus:
type: string
description: >-
The Token.io Payout Initiation Status.
INITIATION_PENDING -
Token.io has received the payout initiation and the initiation passed
Token.io validation.
INITIATION_PROCESSING - the payout is
processing on the bank side. Status can be updated to one of
INITIATION_COMPLETED, INITIATION_REJECTED or INITIATION_FAILED. If
the status is never updated by the bank within certain period of time,
the status will stay INITIATION_PROCESSING forever and the corresponding
status reason information field will reflect this fact.
INITIATION_COMPLETED - the payout initiation is successful. This does
not guarantee the payout is settled.
INITIATION_REJECTED - the
payout is rejected by the bank. More details are shared in the
corresponding status reason information.
INITIATION_FAILED -
Token.io failed to create the initiation due to failures on the bank
side, e.g. the bank is not available at the moment.
example: INITIATION_COMPLETED
default: INITIATION_PENDING
enum:
- INITIATION_PENDING
- INITIATION_PROCESSING
- INITIATION_COMPLETED
- INITIATION_REJECTED
- INITIATION_FAILED
UploadKeyAndCertificate:
type: object
properties:
upload:
oneOf:
- $ref: '#/components/schemas/keyAndCertificate'
- $ref: '#/components/schemas/keys'
description: Upload a key and certificate.
keyAndCertificate:
type: object
properties:
keyAndCertificate:
$ref: '#/components/schemas/keyAndCertificate_keyAndCertificate'
description: The private key and certificate.
keys:
type: object
properties:
keys:
$ref: '#/components/schemas/keys_keys'
description: The private and public keys to be uploaded.
PeriodicLimit:
required:
- maximumAmount
- periodType
type: object
properties:
maximumAmount:
type: string
description: >-
The transaction amount with up to four digits after the decimal
point.
example: '100.00'
periodType:
type: string
example: DAY
enum:
- DAY
- WEEK
- MONTH
- YEAR
periodAlignment:
type: string
description: >-
This field specifies whether the period starts on the consent start
date or lines up with a calendar. If not specified, the CONSENT
alignment is used. The consent start date is defined by the
`startDateTime` field of the consent (the time element is
disregarded) or the date when consent is created if the
startDateTime is not specified.
example: CALENDAR
enum:
- CONSENT
- CALENDAR
description: >-
The maximum total amount of payments in a given period under this VRP
consent. If the `periodAlignment` is `CALENDAR`, the limit is pro-rated
in the first period to the remaining number of days.
Authentication:
required:
- redirectUrl
type: object
properties:
redirectUrl:
type: string
description: >-
This URL redirects the user in order to authorize the consent
creation.
example: http://psu-redirect.com
description: >-
The authentication operation required to proceed with consent creation.
This is present when the consent initiation request has been created at
the bank, but the consent hasn't been authorized or rejected yet.
Vrp:
required:
- createdDateTime
- id
- initiation
- memberId
- status
- updatedDateTime
type: object
properties:
id:
type: string
description: The Token.io generated VRP id.
example: vrp:12345abcd:abcd
memberId:
$ref: '#/components/schemas/memberId'
initiation:
$ref: '#/components/schemas/VrpInitiation'
createdDateTime:
type: string
description: >-
The time when this VRP object was created (in ISO 8601 format).
example: '2017-04-05T10:43:07.123Z'
updatedDateTime:
type: string
description: >-
The date and time this VRP object was last updated (in ISO 8601 format).
example: '2017-04-05T10:45:07.123Z'
status:
$ref: '#/components/schemas/VrpStatus'
bankVrpId:
type: string
description: >-
The VRP id from the bank. This field can be empty if the VRP id
isn't available on the bank's side.
example: 4vn6aDyMiwBYbPDN
bankVrpStatus:
type: string
description: >-
The raw bank status. This field can be empty if payment status isn't
available on the bank's side.
example: AcceptedCreditSettlementCompleted
statusReasonInformation:
type: string
description: >-
A human-readable description of the reason for the reported status,
which may include a message from the bank. This value should not
exceed 256 characters in length.
example: The payment is settled on the debtor's side.
refundDetails:
$ref: '#/components/schemas/RefundDetails'
description: The VRP object.
VrpInitiation:
required:
- amount
- consentId
- refId
- remittanceInformationPrimary
type: object
properties:
consentId:
type: string
description: The id of the VRP consent.
example: vc:12345abcd:abcd
refId:
$ref: '#/components/schemas/refId'
remittanceInformationPrimary:
$ref: '#/components/schemas/remittanceInformationPrimary'
remittanceInformationSecondary:
$ref: '#/components/schemas/remittanceInformationSecondary'
amount:
$ref: '#/components/schemas/Amount'
confirmFunds:
type: boolean
description: >-
A flag indicating whether the bank should do a funds confirmation
check before accepting the payment. If set to `true`, the funds will
be checked.
example: false
default: false
risk:
$ref: '#/components/schemas/Risk'
description: The VRP initiation object.
remittanceInformationPrimary:
type: string
description: >-
The primary field for remittance information. This should contain a
reference, as assigned by the creditor, to unambiguously refer to the
payment transactions under this consent. The value of this field should
appear on the bank statement and reconciliation file, irrespective of
the payment network being used. We recommend that the
`remittanceInformationPrimary` field should not contain special
characters (the allowed characters are the 26-letter Latin alphabet, the
numerical digits from 0-9 and the hyphen '-') as banks may remove these
when sending this field to the beneficiary. This field should not exceed
35 characters in length (18 characters for UK Faster Payments).
example: Sweepco
remittanceInformationSecondary:
type: string
description: >-
The secondary field for remittance information. The information supplied
should enable the reconciliation of an entry in an unstructured form.
Depending on the payment network, information from this field may or may
not be included in the bank statement and reconciliation file. We
recommend that the `remittanceInformationSecondary` field should not
contain special characters (the allowed characters are the 26-letter
Latin alphabet, the numerical digits from 0-9 and the hyphen '-') as
banks may remove these when sending this field to the beneficiary. This
field should not exceed 140 characters in length.
example: Secondary remittance information.
VrpStatus:
type: string
description: >-
The Token.io VRP status.
INITIATION_PENDING - Token.io
has received the payment initiation request and it has passed Token.io's
validation.
INITIATION_PROCESSING - The VRP request has
been acknowledged by the bank and is now being
processed.
INITIATION_COMPLETED - Payment initiation has
been completed.
INITIATION_REJECTED - The payment has been
rejected.
INITIATION_REJECTED_INSUFFICIENT_FUNDS - The
payment has been rejected because the funds check returned a negative
result.
INITIATION_FAILED - Token.io failed to proceed
with the initiation as a result of problems reaching the
bank.
INITIATION_NO_FINAL_STATUS_AVAILABLE - The payment
status has not been updated for some time and Token.io has stopped
polling it. The recommended maximum polling time is 30 days. The status
will change to `INITIATION_NO_FINAL_STATUS_AVAILABLE` after 30 days if
the bank does not update the status. This is a final status, but it does
not indicate success or failure. Please contact the bank to check the
actual status of the payment.
example: INITIATION_COMPLETED
default: INITIATION_PENDING
enum:
- INITIATION_PENDING
- INITIATION_PROCESSING
- INITIATION_COMPLETED
- INITIATION_REJECTED
- INITIATION_REJECTED_INSUFFICIENT_FUNDS
- INITIATION_FAILED
- INITIATION_NO_FINAL_STATUS_AVAILABLE
VrpConsentResponse:
required:
- vrpConsent
type: object
properties:
vrpConsent:
$ref: '#/components/schemas/VrpConsent'
VrpConsentsResponse:
required:
- pageInfo
- vrpConsents
type: object
properties:
vrpConsents:
type: array
items:
$ref: '#/components/schemas/VrpConsent'
pageInfo:
$ref: '#/components/schemas/PageInfo'
VrpsResponse:
required:
- pageInfo
- vrps
type: object
properties:
vrps:
type: array
items:
$ref: '#/components/schemas/Vrp'
pageInfo:
$ref: '#/components/schemas/PageInfo'
VrpResponse:
type: object
properties:
vrp:
$ref: '#/components/schemas/Vrp'
VrpConsent:
required:
- createdDateTime
- id
- initiation
- memberId
- status
- updatedDateTime
type: object
properties:
id:
type: string
description: The Token.io generated VRP consent id.
example: vc:12345abcd:abcde
memberId:
$ref: '#/components/schemas/memberId'
initiation:
$ref: '#/components/schemas/VrpConsentInitiation'
createdDateTime:
type: string
description: >-
The time this VRP consent object was created (in ISO 8601 format).
example: '2017-04-05T10:43:07.123Z'
updatedDateTime:
type: string
description: >-
The last time this VRP consent object was updated (in ISO 8601 format).
example: '2017-04-05T10:45:07.123Z'
status:
$ref: '#/components/schemas/VrpConsentStatus'
bankVrpConsentId:
type: string
description: >-
The VRP consent id from the bank. This field can be empty if the
consent id isn't available on the bank side.
example: 4jq34dwjgi9MCK2MXB9f7v
bankVrpConsentStatus:
type: string
description: >-
The raw bank status. This field can be empty if the consent status
isn't available on the bank side.
example: AwaitingAuthorization
statusReasonInformation:
type: string
description: >-
A human-readable description of the reason for the reported status,
which may include a message from the bank. This value should not
exceed 256 characters in length.
example: The consent resource is awaiting user authorization.
authentication:
$ref: '#/components/schemas/Authentication'
description: The VRP consent object.
VrpConsentStatus:
type: string
description: >-
The Token.io VRP consent status.
PENDING - Token.io
has received the request to create a VRP consent and the request has
passed Token.io's validation.
PENDING_MORE_INFO - The
initiaion lacks mandatory fields (e.g., `bankId`) that must be
collected before connecting to the
bank.
PENDING_REDIRECT_AUTH - The consent request has
been acknowledged by the bank and Token.io is awaiting user confirmation
at the bank's page.
PENDING_REDIRECT_AUTH_VERIFICATION -
Token.io has received the callback information from the bank and is
currently verifying it with the bank.
AUTHORIZED - the
VRP consent has been successfully authorized.
REJECTED -
The VRP consent has been rejected. More details are shared in the
corresponding `statusReasonInformation` field.
REVOKED -
The VRP consent has been revoked by the user.
FAILED -
Token.io failed to proceed with the consent as a result of problems with
the bank, or because the user has abandoned the request. All `PENDING`
statuses convert to `FAILED` 30 minutes after consent
creation.
example: AUTHORIZED
default: PENDING
enum:
- PENDING
- PENDING_MORE_INFO
- PENDING_REDIRECT_AUTH
- PENDING_REDIRECT_AUTH_VERIFICATION
- AUTHORIZED
- REJECTED
- REVOKED
- FAILED
VrpScheme:
type: string
description: Vrp scheme, only OBL_SWEEPING is supported currently.
example: OBL_SWEEPING
default: OBL_SWEEPING
enum:
- OBL_SWEEPING
VrpConsentInitiation:
required:
- callbackState
- callbackUrl
- creditor
- currency
- localInstrument
- maximumIndividualAmount
- periodicLimits
- refId
- remittanceInformationPrimary
- scheme
type: object
properties:
bankId:
$ref: '#/components/schemas/bankId'
refId:
$ref: '#/components/schemas/refId'
remittanceInformationPrimary:
$ref: '#/components/schemas/remittanceInformationPrimary'
remittanceInformationSecondary:
$ref: '#/components/schemas/remittanceInformationSecondary'
startDateTime:
type: string
description: >-
The date and time from which payments can be made (in ISO 8601 format). Payments initiated before this
time will be rejected. If not provided, the time of consent creation
is used as a default. The date and time cannot be earlier than the
current time.
example: '2017-04-05T10:43:07.123+01:00'
endDateTime:
type: string
description: >-
The date and time before which payments can be made (in ISO 8601 format). Payments initiated after this
time will be rejected.
example: '2017-04-05T10:43:07.132+01:00'
onBehalfOfId:
type: string
description: >-
The id of the ultimate client on whose behalf the consent is
created. If the consent is created on behalf of a sub-TPP, this
field should contain the sub-TPP `referenceId`. This field is
mandatory for unregulated TPPs.
example: 6f34h397-b29h-23b0-s30g-hkd0d2dk4k1s
scheme:
type: string
description: The types of payments that can be made under this VRP consent.
example: OBL_SWEEPING
enum:
- OBL_SWEEPING
localInstrument:
type: string
description: >-
The bank's payment service used for making a payment. Presently only
Faster Payments are supported.
example: FASTER_PAYMENTS
enum:
- FASTER_PAYMENTS
debtor:
$ref: '#/components/schemas/VRPDebtorInformation'
creditor:
$ref: '#/components/schemas/VRPCreditorInformation'
currency:
type: string
description: >-
The ISO 4217 three letter currency code for this VRP
consent. All amounts specified in this consent are in this currency.
All payments created under this consent should use this currency.
example: EUR
minimumIndividualAmount:
type: string
description: >-
The minimum amount for individual payments made under this consent,
with up to four digits after the decimal point It should not exceed
the `maximumIndividualAmount` or any of the periodic limits
`maximumAmount`.
example: '5.0'
maximumIndividualAmount:
type: string
description: >-
The maximum amount for individual payments made under this consent,
with up to four digits after the decimal point.
example: '10000.0'
periodicLimits:
type: array
description: >-
A list of periodic limits that are applied together as an
intersection. At least one should be specified.
items:
$ref: '#/components/schemas/PeriodicLimit'
maximumOccurrences:
type: integer
description: >-
The total number of payments that can be initiated under this
consent. Any new payments will be rejected if the number is over
this limit. This cannot be negative, 0 value is considered as not
set.
example: 3
callbackUrl:
$ref: '#/components/schemas/callbackUrl'
callbackState:
$ref: '#/components/schemas/callbackStatev2'
returnRefundAccount:
type: boolean
description: >-
This field indicates whether the `RefundAccount` object should be
included in the VRP created under this consent.
example: true
default: false
risk:
$ref: '#/components/schemas/Risk'
description: The initiation payload for the VRP consent.
PageInfo:
required:
- limit
type: object
properties:
limit:
maximum: 200
minimum: 1
type: integer
description: >-
The limit (maximum number of objects to return) applied to this
page. The default and maximum allowed limit is 200. If this
limit is exceeded, was not set or was set to 0, it will be set to
200.
format: int32
example: 20
default: 200
offset:
type: string
description: >-
The offset for the current page. If the offset has been provided in
the request, this offset will be equal to the provided one. But if
no offset is provided in the request (i.e. this is the first
page) and the page is not empty, this field will be populated with a
non-empty string. This may be helpful for loading the same page
again, which might not always be possible with an empty offset due
to the dynamic nature of the data. The offset is opaque to a
user and should not be parsed and/or understood in any way.
example: LerV6Jmex
nextOffset:
type: string
description: >-
The offset for the next page. If the page is empty, it is equal to
this page offset. If the page is not empty, but there are no more
objects to load (haveMore = false), it will be empty. The offset
is opaque to a user and should not be parsed and/or understood in
any way.
example: KgwG8Qkat
haveMore:
type: boolean
description: >-
This field indicates whether there are more objects to load,
i.e. whether the next page exists.
example: false
default: false
description: >-
The information about the current page, which also indicates whether the
next page exists.
DebtorInformation:
description: >
Debtor information. Provide either an Account on File OR full Debtor
Account details. These two modes are mutually exclusive.
oneOf:
- $ref: '#/components/schemas/RawDebtorInformation'
- $ref: '#/components/schemas/TokenizedAccountIdentifier'
RawDebtorInformation:
description: Raw debtor information. The account information (one of) is required.
allOf:
- oneOf:
- $ref: '#/components/schemas/SepaAccount'
- $ref: '#/components/schemas/SepaInstantAccount'
- $ref: '#/components/schemas/FasterPaymentsAccount'
- $ref: '#/components/schemas/ElixirAccountDebtor'
- $ref: '#/components/schemas/EUDomesticNonEuroAccountDebtor'
- $ref: '#/components/schemas/EUDomesticNonEuroInstantAccountDebtor'
- $ref: '#/components/schemas/BankGiroAccount'
- $ref: '#/components/schemas/PlusGiroAccount'
- type: object
required:
- name
properties:
name:
type: string
description: The debtor’s account owner name.
ultimateDebtorName:
type: string
description: The ultimate debtor’s name.
address:
$ref: '#/components/schemas/Address'
TokenizedAccountIdentifier:
type: object
properties:
tokenizedAccountId:
type: string
description: Account on File identifier.
required:
- tokenizedAccountId
additionalProperties: false
AccountInformation:
description: The account information for the PSU or Business.
allOf:
- $ref: '#/components/schemas/DebtorAccountDetails'
- type: object
properties:
name:
type: string
description: The owner's name of the debtor account.
example: John Smith
ultimateDebtorName:
type: string
description: The ultimate debtor's name.
example: John Smith
address:
$ref: '#/components/schemas/Address'
DebtorAccountDetails:
description: >
The raw debtor account identifiers. Exactly one format must be used,
depending on the payment instrument and jurisdiction.
oneOf:
- $ref: '#/components/schemas/SepaAccount'
- $ref: '#/components/schemas/SepaInstantAccount'
- $ref: '#/components/schemas/FasterPaymentsAccount'
- $ref: '#/components/schemas/ElixirAccountDebtor'
- $ref: '#/components/schemas/EUDomesticNonEuroAccountDebtor'
- $ref: '#/components/schemas/EUDomesticNonEuroInstantAccountDebtor'
- $ref: '#/components/schemas/BankGiroAccount'
- $ref: '#/components/schemas/PlusGiroAccount'
VRPDebtorInformation:
description: >-
The debtor information. The account identifier (one of) is required if
it's mandatory for the specific bank, or if the TPP decides to pass in
the `debtor` information.
allOf:
- oneOf:
- $ref: '#/components/schemas/FasterPaymentsAccount'
- type: object
properties:
name:
type: string
description: The owner's name for the debtor account.
example: John Smith
ultimateDebtorName:
type: string
description: The ultimate debtor's name.
example: John Smith
address:
$ref: '#/components/schemas/Address'
CreditorInformation:
description: The creditor information. The account information (one of) is required.
allOf:
- oneOf:
- $ref: '#/components/schemas/SepaAccount'
- $ref: '#/components/schemas/SepaInstantAccount'
- $ref: '#/components/schemas/FasterPaymentsAccount'
- $ref: '#/components/schemas/ElixirAccountCreditor'
- $ref: '#/components/schemas/EUDomesticNonEuroAccountCreditor'
- $ref: '#/components/schemas/EUDomesticNonEuroInstantAccountCreditor'
- $ref: '#/components/schemas/BankGiroAccount'
- $ref: '#/components/schemas/PlusGiroAccount'
- $ref: '#/components/schemas/VirtualAccountCreditor'
- type: object
- required:
- name
properties:
name:
type: string
description: >-
The owner's name for the creditor account. This parameter is not
required for settlement accounts.
example: Customer Inc.
ultimateCreditorName:
type: string
description: The ultimate creditor's name.
example: Customer Inc.
address:
$ref: '#/components/schemas/Address'
bankName:
type: string
description: The creditor's bank name.
accountVerificationId:
$ref: '#/components/schemas/AccountVerificationId'
VRPCreditorInformation:
description: The creditor information. The account information (one of) is required.
allOf:
- oneOf:
- $ref: '#/components/schemas/FasterPaymentsAccount'
- type: object
- required:
- name
properties:
name:
type: string
description: The owner's name for the creditor account.
example: Customer Inc.
ultimateCreditorName:
type: string
description: The ultimate creditor's name.
example: Customer Inc.
address:
$ref: '#/components/schemas/Address'
bankName:
type: string
description: The creditor's bank name.
RefundDetails:
required:
- refundAccount
type: object
properties:
refundAccount:
$ref: '#/components/schemas/RefundAccount'
paymentRefundStatus:
type: string
description: The refund status for this payment.
example: NONE
enum:
- NONE
- PARTIAL
- FULL
settledRefundAmount:
allOf:
- description: >-
The total amount of settled refunds (with status
INITIATION_COMPLETED).
- $ref: '#/components/schemas/Amount'
remainingRefundAmount:
allOf:
- description: >-
The remaining amount to be refunded (the payment amount minus
the total amount of non-failed refunds).
- $ref: '#/components/schemas/Amount'
description: >-
The refund-related information for this payment. This field requires
specific permission and is only available if
`paymentInitiation.returnRefundAccount` is set to `true`.
GetBanksV2Response:
type: object
properties:
banks:
type: array
description: >-
This field contains information for each bank matching the request
criteria.
items:
$ref: '#/components/schemas/BankV2'
paging:
$ref: '#/components/schemas/Paging'
rank:
type: integer
description: Sorts banks by rank.
example:
- 1
- 2
- 100
bankSubGroup:
type: string
description: Filters for banks that are part of the bank sub-group specified.
example:
- CMM Grand
- Banque Populaire
- La Banque
PaymentResponse:
type: object
properties:
payment:
$ref: '#/components/schemas/Payment'
PaymentsResponse:
required:
- pageInfo
- payments
type: object
properties:
payments:
type: array
items:
$ref: '#/components/schemas/Payment'
pageInfo:
$ref: '#/components/schemas/PageInfo'
EmbeddedAuthFields:
type: object
properties: {}
additionalProperties:
type: string
description: >-
This field provides a map of all fields requested for embedded
authentication, with their values. The key is the id of the field from
the authentication payload, for which this value is submitted.
example:
'123': SMS message
BankV2:
type: object
properties:
id:
type: string
description: The Token.io bank identifier.
example: ob-modelo
bic:
type: string
description: >-
The Business Identifier Code (BIC), ISO
9362, is the SWIFT Address assigned to a bank in order to send
automated payments quickly and accurately to the banks concerned. It
uniquely identifies the name and country, (and sometimes the branch)
of the bank involved. BICs are often called SWIFT Codes and can be
either 8 or 11 characters long."
example: BOFIIE2D
name:
type: string
description: The commonly recognised name of the bank.
example: GoldBank
logoUri:
type: string
description: The URI of the location of the square bank avatar icon.
example: https://example.com/path/full.png
bankGroup:
type: string
description: The name of the banking group in which this bank holds membership.
example: XYZ-Bank-Group
bankSubGroup:
type: string
description: >-
The name of the sub-banking group in which this bank holds
membership.
example: Sub-XYZ-Bank-Group
countries:
type: array
description: >-
A list of two-letter country code in upper case (ISO 3166-1
alpha-2), in which this bank operates.
items:
type: string
example:
- DE
- IT
openBankingStandard:
$ref: '#/components/schemas/OpenBankingStandard'
initialEmbeddedAuthFields:
$ref: '#/components/schemas/RequiredField'
mandatoryFields:
$ref: '#/components/schemas/MandatoryFieldsv2'
maintenanceWindow:
$ref: '#/components/schemas/MaintenanceWindow'
scaMethods:
$ref: '#/components/schemas/scaMethod'
fieldsFormatInformation:
type: array
description: >-
Contains bank-dependent formatting constraints indicating allowable
characters, if any.
items:
$ref: '#/components/schemas/FieldsFormatInformation'
supportedLocalInstruments:
type: array
description: Payment methods/rails supported by the bank.
example:
- SEPA
- SEPA_INSTANT
- FASTER_PAYMENTS
items:
type: string
operationalTime:
type: string
description: >-
Specifies the bank’s days and hours of operation in a normal week.
Does not take into account bank-specific public holidays, which may
or may not be considered out-of-operation time.
example: MON to FRI, 00:00 to 24:00 GMT+1
transactionHistoryLimit:
type: integer
description: >-
Defines the number of transaction history records allowed per page,
-1 (unlimited) or a positive integer (record limit).
format: int32
example: 65
default: -1
supportsAccountList:
type: boolean
description: The bank connection supports fetching accounts.
format: boolean
example: true
supportsAccountDetails:
type: boolean
description: The bank connection supports fetching account details.
format: boolean
example: true
supportsAccountBalance:
type: boolean
description: The bank connection supports fetching account balances.
format: boolean
example: true
supportsTransactionList:
type: boolean
description: The bank connection supports fetching transactions.
format: boolean
example: true
supportsTransactionDetails:
type: boolean
description: The bank connection supports fetching transaction details.
format: boolean
example: true
supportsStandingOrderList:
type: boolean
description: The bank connection supports the fetching standing orders.
format: boolean
example: true
supportsTransactionsDateFilter:
type: boolean
description: >-
The bank connection supports feting transactions using a date
filter.
format: boolean
example: true
requiresOneStepPayment:
type: boolean
description: The bank connection only supports immediate redemption of transfers.
format: boolean
example: true
supportsSinglePayment:
type: boolean
description: The bank connection supports single immediate payments.
format: boolean
example: true
supportsScheduledPayment:
type: boolean
description: The bank connection supports future dated scheduled payments.
format: boolean
example: true
supportsSendPayment:
type: boolean
description: The bank connection supports payment initiation.
format: boolean
example: false
default: false
supportsReceivePayment:
type: boolean
description: The bank connection supports the receipt of payments.
format: boolean
example: false
default: false
supportsStandingOrder:
type: boolean
description: The bank connection supports recurring payments/standing orders.
format: boolean
example: true
supportsReturnRefundAccount:
type: boolean
description: The bank connection supports requesting of refund accounts.
format: boolean
example: true
supportsFundsConfirmation:
type: boolean
description: The bank connection supports confirmation of available funds.
format: boolean
example: true
supportsVariableRecurringPayment:
x-internal: true
type: boolean
description: The bank connection supports variable recurring payments.
format: boolean
example: true
MandatoryFieldsv2:
type: array
description: >-
Contains the fields required by the bank, which the TPP must populate in
the token request, where applicable.
items:
$ref: '#/components/schemas/MandatoryFieldsv2_inner'
PaymentInitiation:
description: >-
The initiation payload for the payment. All standard flow types — amount
and remittanceInformationPrimary are required.
type: object
properties:
bankId:
$ref: '#/components/schemas/bankId'
refId:
$ref: '#/components/schemas/refId'
remittanceInformationPrimary:
$ref: '#/components/schemas/remittanceInformationPrimary'
remittanceInformationSecondary:
$ref: '#/components/schemas/remittanceInformationSecondary'
onBehalfOfId:
type: string
description: >-
The id of the ultimate client on whose behalf the consent is
created. If the consent is created on behalf of a sub-TPP, this
field should contain the sub-TPP `referenceId`. This field is
mandatory for unregulated TPPs.
example: c5a863bc-86f2-4418-a26f-25b24c7983c7
vrpConsentId:
type: string
description: Only for Variable recurring payments (VRP). VRP consent id.
amount:
$ref: '#/components/schemas/Amount'
localInstrument:
$ref: '#/components/schemas/LocalInstrument'
debtor:
$ref: '#/components/schemas/DebtorInformation'
description: The bank details for the debtor account.
creditor:
$ref: '#/components/schemas/CreditorInformation'
description: The bank details for the creditor account.
executionDate:
type: string
description: >-
This field specifies the future date for executing the payment in ISO 8601 format.". ***This field is optional and
can only be used if the bank supports scheduled payments and the
customer has permission to initiate future dated payments.***
example: '2023-04-29'
confirmFunds:
type: boolean
description: >-
This field determines whether the bank will carry out a funds
confirmation check before accepting the payment. Default = false.
example: false
returnRefundAccount:
type: boolean
description: >-
Supported banks will provide the debtor account details selected by
the user during authorization. Default = false.
example: false
disableFutureDatedPaymentConversion:
type: boolean
description: >-
This field determines whether an auto-conversion of a single
immediate payment to a future dated payment can be disabled. This
may be required if the payment was initiated outside bank working
hours. Default = false.
example: false
returnTokenizedAccount:
type: boolean
description: >-
This field generates tokenized account ID for given debtor account
details.
example: true
callbackUrl:
$ref: '#/components/schemas/callbackUrl'
callbackState:
$ref: '#/components/schemas/callbackStatev2'
chargeBearer:
$ref: '#/components/schemas/ChargeBearer'
risk:
$ref: '#/components/schemas/Risk'
flowType:
$ref: '#/components/schemas/PaymentFlowType'
externalPsuReference:
$ref: '#/components/schemas/ExternalPsuReference'
required:
- flowType
- callbackUrl
- creditor
- localInstrument
- refId
- amount
- remittanceInformationPrimary
LocalInstrument:
type: string
description: >-
The bank's payment service used to make the payment. Depending on
which local instrument you select, you will require different account
identifiers in the `debtor` and `creditor` objects. The `creditor`
object is mandatory, but the `debtor` object is only required if it is
mandatory for a specific bank. However, if the TPP decides to provide
debtor details, account identifier field(s) within the `debtor` object
are mandatory. The fields within the `creditor` and `debtor`
objects are populated as follows:
FASTER_PAYMENTS require
the `sortCode` and `accountNumber` to be
populated.
SEPA and SEPA_INSTANT require the
`iban`, the `bic` is optional.
ELIXIR requires
either the `iban` or the Polish domestic `accountNumber`, the `bic` is
optional.
BANKGIRO requires the `bankgiroNumber`,
the `bic` is optional.
PLUSGIRO requires the
`plusgiroNumber`, the `bic` is
optional.
EU_DOMESTIC_NON_EURO and
EU_DOMESTIC_NON_EURO_INSTANT require either the `iban` or `bban`,
the `bic` is optional, OR the `bban` is required and `clearingNumber` is
optional. For an HP flow that doesn't have a preselected `bankId`, a
SENoBankId account, where the currency is SEK or NOK, will require an
`iban` and `bban` with an optional `bic` and/or
`clearingNumber`.
AUTO_SELECT enables smart routing
functionality where Token.io automatically selects the most optimal
payment rail based on the provided payment value and bank capabilities.
This reduces the complexity for TPPs by eliminating the need to specify
the exact local instrument.
example: SEPA
enum:
- SEPA
- SEPA_INSTANT
- FASTER_PAYMENTS
- ELIXIR
- EU_DOMESTIC_NON_EURO
- EU_DOMESTIC_NON_EURO_INSTANT
- BANKGIRO
- PLUSGIRO
- AUTO_SELECT
PaymentRefundStatus:
type: string
description: The refund status for this payment.
example: NONE
enum:
- NONE
- PARTIAL
- FULL
ExternalPsuReference:
type: string
maxLength: 64
description: >-
An external reference provided by the TPP (Third Party Provider) to
uniquely identify the PSU (Payment Service User).
example: psu external reference 12345
OnBehalfOfId:
type: string
description: >-
The on-behalf-of ID is validated against the sub-TPP id of the member.
This field is mandatory for unregulated TPPs.
example: c5a863bc-86f2-4418-a26f-25b24c7983c7
Payment:
required:
- createdDateTime
- id
- initiation
- memberId
- status
- updatedDateTime
type: object
properties:
id:
type: string
description: The Token.io generated payment id.
example: pm:12345abcd:abcd
memberId:
$ref: '#/components/schemas/memberId'
initiation:
$ref: '#/components/schemas/PaymentInitiation'
convertedToFutureDatedPayment:
type: boolean
description: >-
This field indicates whether a payment has been converted from a
single immediate payment to a future dated payment. This can happen
if the payment is initiatied outside bank working hours and
`paymentInitiation.disableFutureDatedPaymentConversion` = false.
example: false
default: false
refundDetails:
$ref: '#/components/schemas/RefundDetails'
status:
$ref: '#/components/schemas/PaymentStatus'
statusReasonInformation:
type: string
description: >-
A human-readable description of the reason for the reported status,
which may include a message from the bank. This value should not
exceed 256 characters in length.
example: The payment is settled on the debtor side.
bankPaymentStatus:
type: string
description: >-
The raw bank status. This can be the ISO 20022
payment status code. See ISO 20022 payment status codes for more
information. This field can be empty if no payment status is
available on bank side.
example: ACPC
bankPaymentId:
type: string
description: >-
The payment id from the bank. Not all banks provide this. This field
can be left empty if information is not available from the bank
side.
example: '1231423'
bankTransactionId:
type: string
description: >-
The transaction id from the bank when the transaction is settled.
Not all banks provide this. This field can be left empty if
information is not available from the bank.
example: 2UhwCZ3BMaEcAUK8bZdukor7NL4tH6TBuu6aJMp5KKfX:5zKcENpV
bankVrpId:
type: string
description: >-
Present only if payment is VRP. The VRP id from the bank. This field
can be empty if the VRP id isn't available on the bank's side.
bankVrpStatus:
type: string
description: >-
Present only if payment is VRP. The raw bank status. This field can
be empty if payment status isn't available on the bank's side.
example: AcceptedCreditSettlementCompleted
authentication:
$ref: '#/components/schemas/Authenticationv2'
createdDateTime:
type: string
description: >-
The date and time this payment object was created (in ISO 8601 format).
example: '2023-04-05T17:02:11.954Z'
updatedDateTime:
type: string
description: >-
The date and time this payment object was last updated (in ISO 8601 format).
example: '2023-04-05T17:02:11.954Z'
errorInfo:
$ref: '#/components/schemas/errorInfo'
paymentLinkStatus:
$ref: '#/components/schemas/PaymentLinkStatus'
description: The payment object.
errorInfo:
required:
- httpErrorCode
type: object
properties:
httpErrorCode:
type: integer
description: The HTTP error code.
example: 503
message:
type: string
description: The message accompanying the HTTP error code.
example: 'UNAVAILABLE: HTTP connection failed'
tokenExternalError:
type: boolean
description: >-
Is set to `true` the error is external, e.g., a 5xx error
resulting from the bank. This field can be populated as a result of
both 4xx and 5xx errors. We recommend that you only rely on it for
5xx errors.
example: true
tokenTraceId:
type: string
description: >-
The unique trace identifier, captured from the originating request
and sent to the bank to be stored with the request throughout its
lifecycle. It serves primarily as an audit-trail aid, for debugging
the message exchange flow during sandbox testing, and for issue
resolution in production.
example: eASI3Onqkpi1unAM59O5
description: >-
This field will be populated if the status is final and the payment is
not successful, or there has been an error that caused payment
rejection, or the bank could not be reached to get a status update.
PaymentStatus:
title: PaymentStatus
type: string
description: >-
The Token.io Payment Status:
INITIATION_PENDING -
Token.io has received the payment initiation and the initiation has
passed Token.io's validation. No action is required; await the bank's
response for the next step, e.g., a webhook with the status
update, or poll the
payment.
INITIATION_PENDING_REDIRECT_AUTH - The payment
request has been acknowledged by the bank and Token.io is awaiting user
confirmation on the bank's page. If Token.io's Hosted Pages is not in
use, you'll need to redirect the user to the url found in the
authentication field and await a callback from the bank (if you're
handling callbacks) or from Token.io (if Token.io handles the callbacks
for you).
INITIATION_PENDING_REDIRECT_PBL – The payment
session has been initialized and the PSU has opened the Pay by Link URL.
At this stage, Token.io’s Hosted Pages will collect any missing
mandatory information (such as amount or reference) from the user before
continuing with the payment initiation process.
INITIATION_PENDING_REDIRECT_AUTH_VERIFICATION - Token.io has
received the callback information from the bank and is currently
verifying it with the bank. No action is required; await the bank's
response for the next step, e.g., a webhook with the status
update, or poll the
payment.
INITIATION_PENDING_REDIRECT_HP - This status can
only be observed if you're using Token.io's Hosted Pages. You'll need to
redirect the user to the url found in the authentication field and await
a callback from Token.io's Hosted Pages after Token.io handles the
entire flow for you.
INITIATION_PENDING_EMBEDDED_AUTH -
Token.io is waiting for the requested input from the user. If Token.io's
Hosted Pages is not in use, you must provide the requested information
to process the payment. Required information can be found in the
authentication object of the
payment.
INITIATION_PENDING_EMBEDDED_AUTH_VERIFICATION -
Token.io is waiting for the bank to process the provided information. No
action is required; await the bank's response for the next step,
e.g., a webhook with the status update, or poll the
payment.
INITIATION_PENDING_DECOUPLED_AUTH - Token.io is
polling status from the bank while the user authenticates in a decoupled
way. No action is required; await the bank's response for the next step,
e.g., a webhook with the status update, or poll the
payment.
INITIATION_PENDING_REDEMPTION - The payment is
ready for a redemption. No action is required; await the bank's response
for the next step, e.g., a webhook with the status update, or
poll the
payment.
INITIATION_PENDING_REDEMPTION_VERIFICATION -
Token.io is waiting for the bank to redeem the payment. No action is
required; await the bank's response for the next step, e.g., a
webhook with the status update, or poll the
payment.
INITIATION_PROCESSING - The payment initiation
request has been acknowledged by the bank and is now being processed. No
action is required; await the bank's response for the next step,
e.g., a webhook with the status update, or a polling call. If
necessary wait for additional webhooks to be sent. If a webhook is not
received, then use a polling call every 120 min. The status can be
updated to one of `INITIATION_COMPLETED`, `INITIATION_REJECTED`,
`INITIATION_NO_FINAL_STATUS_AVAILABLE` or `INITIATION_EXPIRED` (if the
status polling period is exhausted).
INITIATION_COMPLETED
- The final status (usually) indicating that the payment initiation
request has been successfully completed. This doesn't guarantee that the
payment is settled.
INITIATION_REJECTED - The final
status indicating that the payment initiation request has been rejected
by the bank. More details are shared in the corresponding
`statusReasonInformation`
field.
INITIATION_REJECTED_INSUFFICIENT_FUNDS - The final
status indicating that the payment initiation request has been rejected
due to insufficient funds.
INITIATION_FAILED - The final
status indicating that Token.io failed to proceed with the initiation
due to problems with reaching the bank, or because payment
authentication has not been completed within the allowed time period.
More details are shared in the corresponding `statusReasonInformation`
field.
INITIATION_DECLINED - The final status indicating
that the payment initiation request has been declined, in most cases
actively by the user.
INITIATION_EXPIRED - The final
status, indicating that the bank has not responded to the payment
initiation request within the allowed time
period.
INITIATION_NO_FINAL_STATUS_AVAILABLE - Payment
status has not been updated for some time and Token.io has given up
polling it. This is a final status, but it does not indicate success or
failure. Please contact the bank to check the actual status of the
payment.
SETTLEMENT_IN_PROGRESS - This status is provided
when a Token.io settlement account is used as the beneficiary for the
payment, and replaces the payment initiation status. Token.io is waiting
for the payment to reach the payee bank. No action is required; await
the next step, e.g., Token.io sends a webhook with the status
update, or a polling call. The status will change to
`SETTLEMENT_IN_PROGRESS` soon after receives the final status from the
debtor bank.
SETTLEMENT_COMPLETED - This status is
provided when a Token.io settlement account is used as the beneficiary
for the payment, and replaces the payment initiation status. The payment
has reached the payee bank and Token.io has matched the transaction in
the TPP’s settlement account to the initiated payment. For instant
payments, `SETTLEMENT_COMPLETED` will be achieved within 30-45 minutes
from payment initiation, at the latest. For non-instant payments, the
time to reach `SETTLEMENT_COMPLETED` will depend on the clearing period
for the payment.
SETTLEMENT_INCOMPLETE – This status is
provided when a Token.io settlement account is used as the beneficiary
for the payment, and replaces the payment initiation status.
Reconciliation has failed. This happens when Token.io doesn't find the
corresponding transaction in the TPP’s settlement account
automatically.
CANCELED – The final status indicating
that the payment has been canceled.
During settlement of a
settlement accounts payment, the status update job will run first for up
to 30 days. Payment will then enter into a 'final' status, normally
`INITIATION_COMPLETED`. Once the status update job has run, the
reconciliation job looks for matching inbound payments. For SEPA
payments:
if a matching inbound payment is found within 15 days
of the final payment status update -> `SETTLEMENT_COMPLETED`
if
no matching inbound payment is found within 15 days of the final payment
status update -> `SETTLEMENT_INCOMPLETE`
For SEPA Instant
payments:
if a matching inbound payment is found within 1 day of
the final payment status update -> `SETTLEMENT_COMPLETED`
if no
matching inbound payment is found within 1 day of the final payment
status update -> `SETTLEMENT_INCOMPLETE`
example: INITIATION_COMPLETED
enum:
- INITIATION_PENDING
- INITIATION_PENDING_REDIRECT_AUTH
- INITIATION_PENDING_REDIRECT_AUTH_VERIFICATION
- INITIATION_PENDING_REDIRECT_HP
- INITIATION_PENDING_REDIRECT_PBL
- INITIATION_PENDING_EMBEDDED_AUTH
- INITIATION_PENDING_EMBEDDED_AUTH_VERIFICATION
- INITIATION_PENDING_DECOUPLED_AUTH
- INITIATION_PENDING_REDEMPTION
- INITIATION_PENDING_REDEMPTION_VERIFICATION
- INITIATION_PROCESSING
- INITIATION_COMPLETED
- INITIATION_REJECTED
- INITIATION_REJECTED_INSUFFICIENT_FUNDS
- INITIATION_FAILED
- INITIATION_DECLINED
- INITIATION_EXPIRED
- INITIATION_NO_FINAL_STATUS_AVAILABLE
- SETTLEMENT_IN_PROGRESS
- SETTLEMENT_COMPLETED
- SETTLEMENT_INCOMPLETE
- CANCELED
PaymentLinkStatus:
type: string
description: >-
If the payment was initiated using a Pay by Link flow type, this shows
the status of the payment link. For all other flows, this field is
empty.
LINK_ACTIVE – The payment link is active and can
be used to initiate a payment.
LINK_EXPIRED – The payment
link has expired and can no longer be used.
LINK_CANCELED
– The payment link has been canceled by the TPP or system and cannot be
used.
LINK_REDEEMED – The payment link has been redeemed
and the payment has been initiated.
example: LINK_ACTIVE
enum:
- LINK_ACTIVE
- LINK_EXPIRED
- LINK_CANCELED
- LINK_REDEEMED
Risk:
type: object
properties:
psuId:
type: string
description: The merchant's unique customer identifier for the user.
example: '0000789123'
paymentContextCode:
$ref: '#/components/schemas/PaymentContextCode'
paymentPurposeCode:
type: string
description: >-
The category code conforming to the Recommended UK Purpose Code in
the ISO 20022 Payment Messaging List, related to the
type of services or goods corresponding to the underlying purpose of
the payment. This list applies to all banks that follow ISO 20022.
CASH - CashManagementTransfer
CORT -
TradeSettlementPayment
DVPM -
DeliveryAgainstPayment
INTC -
IntraCompanyPayment
TREA -
TreasuryPayment
SUPP - SupplierPayment
default: CASH
example: DVPM
enum:
- CASH
- CORT
- DVPM
- INTC
- TREA
- SUPP
merchantCategoryCode:
type: string
description: >-
The category code conforming to ISO
18245, relating to the type of services or goods provided by the
merchant. A list of codes can be purchased here."
example: '4812'
beneficiaryAccountType:
type: string
description: This information should be provided if the `AccountType` is known.
example: BUSINESS
enum:
- PERSONAL
- JOINT_PERSONAL
- PERSONAL_SAVINGS_ACCOUNT
- BUSINESS
- BUSINESS_SAVINGS_ACCOUNT
- CHARITY
- COLLECTION
- CORPORATE
- GOVERNMENT
- EWALLET
- INVESTMENT
- ISA
- PREMIER
- WEALTH
- PENSION
contractPresentIndicator:
type: boolean
description: >-
This field indicates whether a Payee has a contractual relationship
with the Payment Initiation Service Provider (PISP).
example: true
beneficiaryPrepopulatedIndicator:
type: boolean
description: >-
This field indicates whether the Payment Initiation Service Provider
(PISP) has immutably prepopulated payment details for the user.
example: true
deliveryAddress:
$ref: '#/components/schemas/DeliveryAddress'
description: >-
This field is used to specify additional details for the risk scoring of
payments.
PaymentFlowType:
title: PaymentFlowType
type: string
description: >-
The integration option requested by the TPP.
API_ONLY -
This is the default. The TPP owns the user experience including bank
selection logic, collection of mandatory fields, and embedded and
decoupled authentication methods. This option is only used for API-only
integrations.
FULL_HOSTED_PAGES - The TPP uses Token.io’s
hosted pages to manage the full bank selection and credential collection
(if relevant) of the payment initiation experience. This option is only
used for Hosted Pages integrations.
EMBEDDED_HOSTED_PAGES
- The TPP uses Token.io’s hosted pages to manage the credential
collection (if relevant) of the payment initiation experience. bankId is
required when EMBEDDED_HOSTED_PAGES is selected as the `flowType`. This
option is only used for API-only integrations.
example: FULL_HOSTED_PAGES
enum:
- API_ONLY
- FULL_HOSTED_PAGES
- EMBEDDED_HOSTED_PAGES
RefundAccount:
description: The account to which the refund should be sent.
allOf:
- oneOf:
- $ref: '#/components/schemas/SepaInstantAccount'
- $ref: '#/components/schemas/SepaAccount'
- $ref: '#/components/schemas/FasterPaymentsAccount'
- type: object
properties:
name:
type: string
description: The name of the account owner.
example: John Smith
Authenticationv2:
type: object
description: >-
The authentication operation required to proceed with payment creation.
This is present when additional steps are required to authorize the
payment.
oneOf:
- $ref: '#/components/schemas/RedirectUrl'
- $ref: '#/components/schemas/EmbeddedAuth'
RedirectUrl:
required:
- redirectUrl
type: object
properties:
redirectUrl:
type: string
description: >-
The url used to redirect the user to in order to authorize the
consent creation. This should be populated if the payment status is
`INITIATION_PENDING_REDIRECT_AUTH`. If the status is:
`INITIATION_PENDING_REDIRECT_AUTH`, the authentication object should
have the `redirectUrl`. Redirect the user to this url in order to
proceed with the flow. If the status is:
`INITIATION_PENDING_REDIRECT_PBL`, the authentication object will
contain the payment link (redirect url). Redirect the user to this
url to initiate the Pay by Link Hosted Pages flow, where any missing
information (such as amount or reference) can be collected before
proceeding with payment authentication. If the TPP is
responsible for handling the callbacks, the bank will callback to
the TPP's callbackUrl provided in the payment initiation, after the
user finishes authentication at the bank. Send the query of the
bank's callback url to Token.io via the `POST /callback/initiation`
endpoint to proceed with the flow. Otherwise Token.io will
receive the callback from the bank and callback the TPP when the
bank callback is processed. Fetch the payment object and check its
status for further steps, if any.
example: http://psu-redirect.com
EmbeddedAuth:
required:
- fields
type: object
properties:
description:
type: string
description: >-
The text displayed to a user. This should contain the instructions
the user needs to proceed with the authentication.
example: Instructions for authentication.
image:
type: string
description: A Base64 representation of an image displayed to the user.
example: YWJAeXoyWhAeXohteQ
flickerCode:
type: string
description: The Flicker code displayed to the user.
example: FLICKERCODE
fields:
type: array
description: >-
The required fields. The values for these are collected from the
user.
items:
$ref: '#/components/schemas/RequiredField'
isRetry:
type: boolean
description: >-
This field indicates whether the previously submitted values are
incorrect and whether the user needs to retry. If `isRetry` = true,
the values are resubmitted. Default = false.
example: false
description: >-
Information and fields presented to the user in order to collect the
requested data. This should be populated if the payment status is
`INITIATION_PENDING_EMBEDDED_AUTH`. If the status is:
INITIATION_PENDING_EMBEDDED_AUTH, the authentication object should list
the required embedded fields. Collect the data from the user and provide
it using POST /v2/payments/{paymentId}/embedded-auth to proceed with the
flow.
RequiredField:
required:
- displayName
- id
- type
type: object
properties:
type:
type: string
description: >-
The `type` determines how the field is presented to the user.
FIELD - displays a form with a text input field; use
`displayName` value to add a label.
PASSWORD -
displays a form with a password input field; use `displayName` value
to add a label.
CHOICE_FIELD - displays a form that
allows the user to choose one of the provided options; use
`displayName` value to add a label.
enum:
- FIELD
- PASSWORD
- CHOICE_FIELD
id:
type: string
description: The ID used when passing the value of this field to Token.io.
example: '67891234'
displayName:
type: string
description: The name of the requested field displayed to the user.
example: 'Password:'
additionalInformation:
type: string
description: Additional information about this field.
example: This field is required.
options:
type: array
description: >-
A list of options for the user to select from. For example, it can
be an SCA method choice (SMS message, phone call etc.), or
confirm/decline options for a confirmation page. The customer sends
one of the values back to Token.io with the corresponding id.
items:
type: string
description: >-
Contains information used in embedded authentication flows. These are
optional credential request fields.
Error:
type: object
properties:
message:
type: string
description: A description of the error.
example: This is a description of the error.
tokenTraceId:
type: string
description: The trace identifier for the given call.
example: '5678912345'
description: >-
The request does not have valid authentication credentials needed to
perform the operation.
BadRequestError:
type: object
description: >-
The request contains invalid, missing, or improperly formatted
parameters.
properties:
message:
type: string
description: A description of the validation issue with the request.
example: The field 'accountNumber' is missing or invalid.
tokenTraceId:
type: string
description: The trace identifier for the given call.
example: '5678912345'
ErrorWithCode:
required:
- errorCode
- message
type: object
properties:
errorCode:
type: string
description: A textual error code categorising the error.
example: InternalServerError
message:
type: string
description: >-
A description of the error that occurred and a possible way to fix
it.
example: '`RefId` should not be longer than 35 symbols.'
description: Error object providing details about the error.
allOf:
- $ref: '#/components/schemas/Error'
FieldError:
title: FieldError
required:
- paths
type: object
properties:
paths:
type: array
description: A list of paths to the problematic fields.
items:
type: string
description: A reference to the JSON path of the field that caused the error.
example: initiation.refId
description: >-
An error object providing details about an error caused by a particular
field or fields in the request. Possible error code values include:
Field.NotUnique - The field value should be unique,
but it isn't.
Field.Expected - A field is
expected/required but is missing altogether.
Field.InvalidFormat - A field is present but has an invalid
format. This includes invalid value type (e.g., not a number
where a number is expected) and an invalid format (e.g., a value
is too long).
Field.Invalid - A field is present but
has an invalid value. This covers all cases, where a field is present
and invalid, that are not covered by `Field.InvalidFormat`.
allOf:
- $ref: '#/components/schemas/ErrorWithCode'
TokenBankError:
type: object
properties:
errorCode:
example: FieldBank.RegistrationNotFound
bankId:
$ref: '#/components/schemas/bankId'
description: >-
Error object providing details about an error related to the debtor
bank. Possible error code values include:
-
`Bank.RegistrationNotFound` - unable to find registration of the calling
member with the given bank
- `Bank.FeatureNotSupported` -
bank does not support VRP
allOf:
- $ref: '#/components/schemas/ErrorWithCode'
PaymentNotFoundError:
required:
- paymentId
type: object
properties:
errorCode:
example: NOT_FOUND
paymentId:
type: string
description: The requested entity, the `paymentID`, was not found.
example: pm2:12345abcd:abcde
description: >-
The error object returned when given payment cannot be found:
ResourceNotFound.
allOf:
- $ref: '#/components/schemas/ErrorWithCode'
PermissionDeniedError:
type: object
properties:
errorCode:
example: PermissionDenied
description: >-
The error returned when the member is not authorized to perform the
given operation: PermissionDenied. This error message will be
accompanied by the reason from the bank. Typically this means the access
token has expired and the user must re-authenticate with the bank.
allOf:
- $ref: '#/components/schemas/ErrorWithCode'
TokenizedPermissionDeniedError:
type: object
allOf:
- $ref: '#/components/schemas/ErrorWithCode'
description: >-
The error returned when the operation is not permitted for the tokenized
account. Typically, this occurs when the member is not authorized to
perform the given operation
properties:
errorCode:
example: PermissionDenied
ResourceExhaustedError:
required:
- paymentId
type: object
properties:
errorCode:
example: RESOURCE_EXHAUSTED
paymentId:
type: string
description: The maximum number of requests has been reached.
example: Resource exhausted. Check quota.
description: Resource exhausted. Too many requests.
allOf:
- $ref: '#/components/schemas/ErrorWithCode'
NotImplementedError:
required:
- paymentId
type: object
properties:
errorCode:
example: UNIMPLEMENTED
paymentId:
type: string
description: The operation was not implemented,supported or enabled by the bank.
example: Not implemented.
description: The operation was not implemented, supported or enabled by the bank.
allOf:
- $ref: '#/components/schemas/ErrorWithCode'
ServiceUnavailableError:
required:
- paymentId
type: object
properties:
errorCode:
example: UNAVAILABLE
paymentId:
type: string
description: >-
The service is unavailable, likely due to a transient condition;
this is usually corrected with a retry.
example: Unavailable
description: >-
Service is unavailable, likely due to a transient condition; this is
usually corrected with a retry.
allOf:
- $ref: '#/components/schemas/ErrorWithCode'
GatewayTimeoutError:
required:
- paymentId
type: object
properties:
errorCode:
example: DEADLINE_EXCEEDED
paymentId:
type: string
description: The deadline expired before the operation could complete.
example: Deadline exceeded.
description: The deadline expired before the operation could complete.
allOf:
- $ref: '#/components/schemas/ErrorWithCode'
PanDetectedError:
type: object
properties:
errorCode:
example: PanDetected
description: >-
Error object retured when PAN is detected in the submitted initiation
payload. The error code value is `PanDetected`.
allOf:
- $ref: '#/components/schemas/ErrorWithCode'
VrpConsentNotFoundError:
required:
- vrpConsentId
type: object
properties:
errorCode:
example: Resource.NotFound
vrpConsentId:
type: string
description: VRP consent id.
example: vc:12345abcd:abcde
description: >-
Error object returned when given VRP consent cannot be found. The error
code value is `Resource.NotFound`.
allOf:
- $ref: '#/components/schemas/ErrorWithCode'
VrpConsentNotAuthorizedError:
required:
- vrpConsentId
type: object
properties:
errorCode:
example: Resource.ConsentNotAuthorized
vrpConsentId:
type: string
description: The VRP consent id.
example: vc:12345abcd:abcde
description: >-
Error object retured when operation requires the VRP consent to be
authorized, but it is not. The error code value is
`Resource.ConsentNotAuthorized`.
allOf:
- $ref: '#/components/schemas/ErrorWithCode'
VrpConsentViolationError:
required:
- vrpConsentId
type: object
properties:
errorCode:
example: Rules.VrpConsentViolation
vrpConsentId:
type: string
description: VRP consent id.
example: vc:12345abcd:abcde
description: >-
Error object returned in the case of a control parameter violation or a
field mismatch with what is requested in the consent. The error code
value is Rules.VrpConsentViolation.
allOf:
- $ref: '#/components/schemas/ErrorWithCode'
VrpNotFoundError:
required:
- vrpId
type: object
properties:
errorCode:
example: Resource.NotFound
vrpId:
type: string
description: VRP id.
example: vrp:12345abcd:abcde
description: >-
Error object returned when the given VRP cannot be found. The error code
value is `Resource.NotFound`.
allOf:
- $ref: '#/components/schemas/ErrorWithCode'
ServerError:
type: object
properties:
message:
type: string
description: A description of the error.
example: This is a description of the error.
tokenTraceId:
type: string
description: The trace identifier for the given call.
example: '5678912345'
description: >-
This could refer to either an error by the payment service provider or
the bank. When the bank reports a 5xx error, `"token-external-error":
"true"` is set as a header in the HTTP response, indicating that the
"internal" error originates from the bank. When one of the payment
service providers internal services fails or when the bank reports a 4xx
error, this header is not populated. The absence of this response header
should be interpreted as `"token-external-error": "false"`.
allOf:
- $ref: '#/components/schemas/ErrorWithCode'
InternalServiceError:
type: object
description: >-
The server encountered an unexpected internal condition while processing
the request.
properties:
message:
type: string
description: A description of the internal failure.
example: An unexpected error occurred while storing the account details.
tokenTraceId:
type: string
description: The trace identifier for the given call.
example: '5678912345'
inline_response_400:
type: object
properties:
error:
$ref: '#/components/schemas/Error'
inline_response_400_bad_request:
type: object
description: >-
Response returned when the request contains invalid, missing, or
improperly formatted parameters.
properties:
error:
$ref: '#/components/schemas/BadRequestError'
inline_response_401:
type: object
properties:
error:
$ref: '#/components/schemas/Error'
inline_response_403:
required:
- error
type: object
properties:
error:
$ref: '#/components/schemas/PermissionDeniedError'
inline_response_403_1:
required:
- error
type: object
properties:
error:
$ref: '#/components/schemas/TokenizedPermissionDeniedError'
inline_response_404:
required:
- error
type: object
properties:
error:
$ref: '#/components/schemas/PaymentNotFoundError'
inline_response_429:
required:
- error
type: object
properties:
error:
$ref: '#/components/schemas/ResourceExhaustedError'
inline_response_500:
properties:
error:
allOf:
- type: object
properties:
errorCode:
type: string
description: This is a textual error code categorising the error.
example: InternalServerError
- $ref: '#/components/schemas/ServerError'
inline_response_500_internal:
type: object
properties:
error:
$ref: '#/components/schemas/InternalServiceError'
description: >-
Returned when the server fails to complete the request due to an
unexpected internal error.
inline_response_501:
required:
- error
type: object
properties:
error:
$ref: '#/components/schemas/NotImplementedError'
inline_response_503:
required:
- error
type: object
properties:
error:
$ref: '#/components/schemas/ServiceUnavailableError'
inline_response_504:
required:
- error
type: object
properties:
error:
$ref: '#/components/schemas/GatewayTimeoutError'
inline_response_400_1:
required:
- error
type: object
properties:
error:
$ref: '#/components/schemas/FieldError'
vrpconsents_body:
required:
- initiation
type: object
properties:
initiation:
$ref: '#/components/schemas/VrpConsentInitiation'
pispConsentAccepted:
$ref: '#/components/schemas/pispConsentAccepted'
inline_response_400_2:
required:
- error
type: object
properties:
error:
oneOf:
- $ref: '#/components/schemas/FieldError'
- $ref: '#/components/schemas/PanDetectedError'
- $ref: '#/components/schemas/TokenBankError'
inline_response_404_1:
required:
- error
type: object
properties:
error:
$ref: '#/components/schemas/VrpConsentNotFoundError'
inline_response_400_3:
required:
- error
type: object
properties:
error:
oneOf:
- $ref: '#/components/schemas/FieldError'
- $ref: '#/components/schemas/PanDetectedError'
- $ref: '#/components/schemas/VrpConsentNotAuthorizedError'
- $ref: '#/components/schemas/VrpConsentViolationError'
inline_response_404_2:
required:
- error
type: object
properties:
error:
$ref: '#/components/schemas/VrpNotFoundError'
refunds_body:
required:
- initiation
type: object
properties:
initiation:
$ref: '#/components/schemas/RefundInitiation'
payouts_body:
required:
- initiation
type: object
properties:
initiation:
$ref: '#/components/schemas/PayoutInitiation'
refund_registrations_body:
oneOf:
- $ref: '#/components/schemas/BnppRegistrationPayload'
PayoutRegisterResponse:
type: object
properties:
registration:
$ref: '#/components/schemas/Registration'
BnppRegistrationPayload:
title: BnppRegistrationPayload
type: object
properties:
bnpp:
$ref: '#/components/schemas/BnppRegistrationPayload_bnpp'
GetPayoutRegistrationResponse:
type: object
properties:
registration:
$ref: '#/components/schemas/Registration'
Registration:
required:
- createdDateTime
- id
- product
- registration
type: object
properties:
id:
type: string
description: >-
registration id is the id user gets from the post registration end
point.
example: 123e4567-e89b-12d3-a456-426614174000
createdDateTime:
type: string
description: >-
The time when this registraion object was created (in ISO 8601 format).
example: '2017-04-05T10:43:07.000+00:00'
product:
type: string
description: REFUND
example: REFUND
allOf:
- oneOf:
- $ref: '#/components/schemas/BnppRegistrationPayload'
EmptyResponse:
type: object
description: No data returned in the successful response.
BnppRegistrationPayload_bnpp:
required:
- appId
- appSecret
- debtor
- signingKeyId
- tokenSigningKeyId
type: object
properties:
appId:
type: string
description: The app id from BNP Paribas registration.
example: myAppId
appSecret:
type: string
description: The app secret from BNP Paribas registration.
example: myAppSecret
signingKeyId:
type: string
description: The signing key id from BNP Paribas registration.
example: mySigningKeyId
tokenSigningKeyId:
$ref: '#/components/schemas/tokenSigningKeyId'
debtor:
$ref: '#/components/schemas/BnppDebtorInformation'
tokenSigningKeyId:
title: KeyId
type: string
description: >-
An id generated by Token.io when the signing key is stored in Token.io's
system.
example: 123e4567-e89b-12d3-a456-426614174000
BnppDebtorInformation:
allOf:
- oneOf:
- $ref: '#/components/schemas/SepaAccount'
- $ref: '#/components/schemas/FasterPaymentsAccount'
- type: object
properties:
name:
type: string
description: The owner name for the debtor account.
example: John Smith
ultimateDebtorName:
type: string
description: The ultimate debtor name.
example: John Smith
description: The debtor information. Account information (one of) is required.
v2_payments_body:
required:
- initiation
type: object
properties:
initiation:
$ref: '#/components/schemas/PaymentInitiation'
pispConsentAccepted:
$ref: '#/components/schemas/pispConsentAccepted'
initialEmbeddedAuth:
type: object
properties: {}
additionalProperties:
type: string
description: >-
This field provides a map of the initial embedded authentication
fields, with their values. The list of the required initial
credentials can be found in the bank metadata. Please use the id of
each field as a key in the map.
Using this field is
optional. Even if a bank requires initial embedded authentication
fields, you may choose not to populate the `initialEmbeddedAuth`
field. In this case you'll be able to provide these fields later in
the flow as part of an embedded authentication step.
example:
username: John Smith
CreatePaymentLinkRequest:
required:
- paymentTemplate
type: object
properties:
paymentTemplate:
$ref: '#/components/schemas/PaymentTemplate'
linkConfig:
$ref: '#/components/schemas/LinkConfig'
description: Request payload to create a payment link.
PaymentTemplate:
required:
- localInstrument
- creditor
- refId
type: object
properties:
id:
type: string
description: Payment template ID
example: pt-019daa05-dcf3-7920-87fc-53b36d58deea
amount:
type: object
required:
- currency
properties:
currency:
type: string
description: >-
The ISO 4217 three letter currency code.
example: EUR
value:
type: string
description: >-
The transaction amount with up to four digits after the decimal
point. Omit for variable amount payment links where the payer
provides the amount.
example: '10.00'
localInstrument:
$ref: '#/components/schemas/LocalInstrument'
creditor:
$ref: '#/components/schemas/CreditorInformation'
refId:
type: string
maxLength: 13
description: >-
Reference ID for the payment, TPP provided base reference. The
system will derive a unique per payment reference from this value
when the link is used (e.g., by appending a unique suffix). The
exact generated reference is returned in the created payment.
example: COFFEESHOP123
remittanceInformationPrimary:
$ref: '#/components/schemas/remittanceInformationPrimary'
remittanceInformationSecondary:
$ref: '#/components/schemas/remittanceInformationSecondary'
externalPsuReference:
$ref: '#/components/schemas/ExternalPsuReference'
callbackUrl:
$ref: '#/components/schemas/callbackUrl'
chargeBearer:
$ref: '#/components/schemas/ChargeBearer'
confirmFunds:
type: boolean
description: Fund confirmation check
returnRefundAccount:
type: boolean
description: Return refund account information
onBehalfOfId:
$ref: '#/components/schemas/OnBehalfOfId'
risk:
$ref: '#/components/schemas/Risk'
description: >-
The payment template containing payment details. The amount.currency is
always required. For fixed amount payment links, both amount.currency
and amount.value must be provided. For variable amount payment links
where the payer provides the amount, omit amount.value.
LinkConfig:
type: object
properties:
maxUsageCount:
type: integer
format: int32
default: 10000000
description: >-
Maximum number of times the link can be used. If omitted, defaults
to 10000000.
example: 100
perPaymentAmountLimit:
type: string
pattern: ^\d+(\.\d{1,2})?$
description: Per payment amount limit value
example: '100.00'
totalAmountLimit:
type: string
pattern: ^\d+(\.\d{1,2})?$
description: Total amount limit value
example: '5000.00'
expiresAt:
type: string
format: date-time
description: >-
The time and date the link will expire (in ISO 8601 format)
example: '2026-12-31T23:59:59Z'
description: Link configuration with usage limits and expiration.
PaymentLink:
required:
- id
- memberId
- status
- createdAt
- paymentTemplate
- linkConfig
- url
type: object
properties:
id:
type: string
description: Payment link ID
example: pl-019c8a02-a30e-7307-83da-7428239da59d
memberId:
type: string
description: >-
The Token.io-assigned member identifier of the TPP that created the
payment link
example: m:member123:token456
status:
$ref: '#/components/schemas/PaymentLinkStatusFilter'
createdAt:
type: string
format: date-time
description: >-
Creation timestamp (in ISO 8601 format)
example: '2026-01-01T00:00:00Z'
paymentTemplate:
$ref: '#/components/schemas/PaymentTemplate'
linkConfig:
$ref: '#/components/schemas/LinkConfig'
url:
type: string
format: uri
description: The payment link URL
example: >-
https://app.token.io/pay-by-link/pl-019c8a02-a30e-7307-83da-7428239da59d
currentUsage:
$ref: '#/components/schemas/CurrentUsage'
description: The payment link object.
CurrentUsage:
type: object
properties:
remainingCount:
type: integer
format: int32
minimum: 0
description: Number of remaining uses
example: 77
remainingAmount:
type: string
pattern: ^\d+(\.\d{1,2})?$
description: Remaining amount that can be used
example: '4100.00'
description: Current usage statistics for the payment link.
PaymentLinkStatusFilter:
type: string
description: >-
Status of the payment link:
LINK_ACTIVE - Link is active
and can be used
LINK_EXPIRED - Link has
expired
LINK_CANCELED - Link has been manually
canceled
USAGE_LIMIT_REACHED - Maximum usage count has
been reached
AMOUNT_LIMIT_REACHED - Total amount limit
has been reached
example: LINK_ACTIVE
enum:
- LINK_ACTIVE
- LINK_EXPIRED
- LINK_CANCELED
- USAGE_LIMIT_REACHED
- AMOUNT_LIMIT_REACHED
PaymentLinkResponse:
required:
- paymentLink
type: object
properties:
paymentLink:
$ref: '#/components/schemas/PaymentLink'
description: Response containing a payment link.
PaymentLinksResponse:
required:
- paymentLinks
- pageInfo
type: object
properties:
paymentLinks:
type: array
items:
$ref: '#/components/schemas/PaymentLink'
pageInfo:
$ref: '#/components/schemas/PageInfo'
description: Response containing a list of payment links with pagination info.
CreateTokenizedAccountRequest:
type: object
required:
- accountDetails
properties:
accountDetails:
$ref: '#/components/schemas/AccountInformation'
bankId:
type: string
description: Identifier of the bank where the account belongs.
example: ob-modelo
pispConsentAccepted:
type: boolean
description: >-
This flag indicates whether the user has granted consent for the payment
in the TPP's user interface.
example: false
default: false
paymentIdEmbeddedAuthBody:
type: object
properties:
embeddedAuth:
$ref: '#/components/schemas/EmbeddedAuthFields'
inline_response_400_4:
required:
- error
type: object
properties:
error:
oneOf:
- $ref: '#/components/schemas/FieldError'
- $ref: '#/components/schemas/TokenBankError'
keyAndCertificate_keyAndCertificate:
type: object
properties:
privateKey:
type: string
description: The key used for the refund.
example: xxxxxxxx
certificate:
type: string
description: The certificate used for the refund.
example: xxxxx
certificateName:
type: string
description: The name of the certificate used for the refund.
example: QWAC_PSDGB-FCA-795904
description: Contains information about the key and certificate.
keys_keys:
type: object
properties:
privateKey:
type: string
description: The private key used for the refund.
example: xxxxxxxx
publicKey:
type: string
description: The public key used for the refund.
example: xxxxx
MandatoryFieldsv2_inner:
type: object
properties:
products:
type: array
description: The products this mandatory fields entry applies to.
items:
type: string
example: SIP
fieldPaths:
type: array
description: The paths to the mandatory fields for this entry.
items:
type: string
example: initiation.debtor
paymentTypes:
type: array
description: >-
The types of payments (International/Domestic) this mandatory fields
entry applies to.
items:
type: string
example: International
localInstruments:
type: array
description: The local instruments this mandatory fields entry applies to.
items:
type: string
example: SEPA
CreateVirtualAccountRequest:
required:
- currency
- country
type: object
properties:
accountNickName:
type: string
description: >-
The alias name that identifies the settlement account. May contain
up to 50 characters including letters, numbers, hyphens,
underscores, and spaces.
example: Account Alias
currency:
type: string
description: >-
The ISO 4217 three letter currency code.
example: EUR
onBehalfOfId:
type: string
description: >-
The id of the ultimate client on whose behalf the account is
created. If the account is created on behalf of a sub-TPP, this
field will contain the sub-TPP `referenceId`. This field is
mandatory for unregulated TPPs.
example: c5a863bc-86f2-4418-a26f-25b24c7983c7
country:
maxLength: 2
minLength: 2
type: string
description: Two-letter country code in upper case (ISO 3166-1 alpha-2).
example: GB
description: Contains the request payload to create a settlement account.
CreateVirtualAccountResponse:
type: object
properties:
virtualAccount:
$ref: '#/components/schemas/VirtualAccount'
description: Contains the response to the submitted request.
GetVirtualAccountByIdResponse:
type: object
properties:
virtualAccount:
$ref: '#/components/schemas/VirtualAccount'
description: Contains the response to the create settlement account request.
GetVirtualAccountsResponse:
type: object
properties:
pageInfo:
$ref: '#/components/schemas/PageInfo'
virtualAccount:
items:
$ref: '#/components/schemas/VirtualAccount'
type: array
description: Contains the response to the get settlement accounts request.
VirtualAccount.Status:
example: ACTIVE
default: INVALID
type: string
enum:
- INVALID
- ACTIVE
- CLOSED
- BLOCKED
- CLIENT_BLOCKED
VirtualAccount:
type: object
properties:
accountId:
type: string
description: >-
The system-generated, unique id which specifies the settlement
account.
example: pa:8DbPteGnytmMbKXdnWTReeRB6cYWKXZ84JgLTBC7fKL4:5zKcENpV
accountName:
type: string
description: The name of this account.
example: Account Name
accountNickName:
type: string
description: The alias name that identifies the settlement account.
example: Account Alias
accountNumber:
type: string
description: The unique identifier for the bank account in the UK or Ireland.
example: '12345678'
availableBalance:
type: string
description: >-
The available account balance at the time of the query. For example,
the previous day's closing balance +/- transactions during the day,
and any overdraft facilities.
example: 1572.38
bic:
type: string
description: >-
The Business Identifier Code (BIC), ISO
9362, is the SWIFT Address assigned to a bank in order to send
automated payments quickly and accurately to the banks concerned. It
uniquely identifies the name and country, (and sometimes the branch)
of the bank involved. BICs are often called SWIFT Codes and can be
either 8 or 11 characters long."
example: BOFIIE2D
bookedBalance:
type: string
description: >-
The account balance pending clearance, which may include uncleared
items and any transactions yet to settle.
example: 1282.79
clearedBalance:
type: string
description: >-
The cash balance in an account that can be immediately withdrawn or
used in financial transactions. Until funds have cleared, they're
considered to be pending and customers are unable to use them in
transactions.
example: 1167.32
country:
type: string
description: Two-letter country code in upper case (ISO 3166-1 alpha-2).
example: GB
createdDateTime:
type: string
description: >-
The date this account was created (in ISO 8601 format).
format: string
example: '2023-04-05T10:43:07.000+00:00'
currency:
type: string
description: >-
The ISO 4217 three letter currency code.
example: EUR
iban:
type: string
description: >-
The International Bank Account Number, used when sending interbank
transfers or wiring money from one bank to another, especially
across international borders. It consists of a two-letter country
code followed by two check digits and up to thirty-five alphanumeric
characters.
example: GB29NWBK60161331926819
sortCode:
type: string
description: >-
The number assigned to a branch of a bank, typically containing six
digits and most commonly used in the UK and Ireland.
example: 123456
status:
$ref: '#/components/schemas/VirtualAccount.Status'
updatedDateTime:
type: string
description: >-
The date and time this account was last updated (in ISO 8601 format).
format: string
onBehalfOfId:
type: string
description: >-
The id of the ultimate client on whose behalf the account is
created. If the account is created on behalf of a sub-TPP, this
field will contain the sub-TPP `referenceId`. This field is
mandatory for unregulated TPPs.
example: c5a863bc-86f2-4418-a26f-25b24c7983c7
CreateVirtualAccountSettlementRuleRequest:
required:
- accountId
- payeeAccountDetails
- amountType
- amountValue
- timeInterval
- intradayIntervalHours
type: object
properties:
accountId:
type: string
description: >-
The system-generated, unique id which specifies the settlement
account.
example: pa:8DbPteGnytmMbKXdnWTReeRB6cYWKXZ84JgLTBC7fKL4:5zKcENpV
payeeAccountDetails:
$ref: '#/components/schemas/Creditor'
amountType:
$ref: '#/components/schemas/AmountType'
amountValue:
type: string
description: The value of the amount.
example: 10
timeInterval:
$ref: '#/components/schemas/TimeInterval'
effectiveFrom:
type: string
description: >-
The start date of the settlement rule is formatted as
`YYYY-MM-DDTHH:MM:SSZ`.
example: '2024-01-01T12:34:56Z'
effectiveTo:
type: string
description: >-
The end date of the settlement rule is formatted as
`YYYY-MM-DDTHH:MM:SSZ`.
example: '2024-12-01T12:34:56Z'
intradayIntervalHours:
type: integer
description: The intraday interval hours.
format: int32
example: 2
intradayIntervalMinutes:
type: integer
description: The intraday interval minutes.
format: int32
example: 10
description:
type: string
description: >
The description used for payouts created due to this rule.
The maximum length is 18 characters and allowed characters are
alphanumeric, space, hyphen (-), period (.), ampersand (&), and
forward slash (/).
maxLength: 18
pattern: ^[a-zA-Z0-9-.&/ ]+$
example: Auto Payout
description: Contains the request payload to create a settlement rule.
CreateVirtualAccountSettlementRuleResponse:
type: object
properties:
settlementRuleId:
type: string
format: uuid
description: The id of the settlement rule.
example: 123e4567-e89b-12d3-a456-426614174000
description: Contains the response of the create a settlement rule request.
GetVirtualAccountSettlementRuleResponse:
type: object
properties:
settlementRule:
$ref: '#/components/schemas/SettlementRule'
description: Contains the response of the get settlement rule request.
DeleteVirtualAccountSettlementRuleResponse:
type: object
description: No data returned in the successful response.
GetVirtualAccountSettlementRulesRequest:
type: object
properties:
accountId:
type: string
description: The settlement account id.
example: pa:8DbPteGnytmMbKXdnWTReeRB6cYWKXZ84JgLTBC7fKL4:5zKcENpV
status:
$ref: '#/components/schemas/SettlementRuleStatus'
description: Contains the request payload to get settlement rules.
GetVirtualAccountSettlementPayoutsRequest:
type: object
properties:
accountId:
type: string
description: The settlement account id.
example: pa:8DbPteGnytmMbKXdnWTReeRB6cYWKXZ84JgLTBC7fKL4:5zKcENpV
limit:
type: integer
description: The maximum number of items to return in the response.
format: int32
example: 10
offset:
type: string
description: The offset of the first item to return in the response.
example: LerV6Jmex
settlementRuleId:
type: string
description: The id of the settlement rule.
example: 123e4567-e89b-12d3-a456-426614174000
startDate:
type: string
description: The start date of the settlement rule payout.
example: '2024-01-01'
endDate:
type: string
description: The end date of the settlement rule payout.
example: '2024-12-01'
ids:
type: array
items:
type: string
description: The list of payout ids.
example:
- 123e4567-e89b-12d3-a456-426614174000
invertIds:
type: boolean
description: >-
If true, the response will contain all settlement rule payouts
except those specified in the `ids` field.
example: false
statuses:
type: array
items:
type: string
description: The list of payout statuses.
example:
- INITIATION_PENDING
- INITIATION_PROCESSING
invertStatuses:
type: boolean
description: >-
If true, the response will contain all settlement rule payouts
except those specified in the `statuses` field.
example: false
refIds:
type: array
items:
type: string
description: The list of settlement payout reference ids.
example:
- ShBdcTeqFabqJJhUF
description: Contains the request payload to get settlement payouts.
GetVirtualAccountSettlementRulesResponse:
type: object
properties:
settlementRule:
type: array
items:
$ref: '#/components/schemas/SettlementRule'
description: Contains the response of the get settlement rules request.
GetVirtualAccountSettlementPayoutsResponse:
type: object
properties:
pageInfo:
$ref: '#/components/schemas/PageInfo'
payouts:
items:
type: array
$ref: '#/components/schemas/SettlementRulePayout'
description: Contains the response of the get settlement payouts request.
SettlementRulePayout:
type: object
properties:
id:
type: string
description: The Token.io generated payout id.
example: py:12345abcd:abcd
bankTransactionId:
type: string
description: >-
The transaction id from the bank side. This can be empty if it is
not available from the bank.
example: 2UhwCZ3BMaEcAUK8bZdukor7NL4tH6TBuu6aJMp5KKfX:5zKcENpV
memberId:
$ref: '#/components/schemas/memberId'
createdDateTime:
type: string
description: >-
The date and time this payout object was created The time this
payment object was created (in ISO 8601 format).
example: '2024-04-05T00:00:00.000+00:00'
updatedDateTime:
type: string
description: >-
The date and time the current status, sub status, status reason
information and authentication were last updated (in ISO 8601 format).
example: '2024-04-05T00:00:00.000+00:00'
status:
$ref: '#/components/schemas/PayoutStatus'
bankPaymentStatus:
type: string
description: >-
The raw bank status. This can be the ISO 20022
payment status code. See ISO 20022 payment status codes for more
information. This field can be empty if no payment status is
available on bank side.
example: ACPC
statusReasonInformation:
type: string
description: >-
A human-readable description of the reason for the reported status,
which may include a message from the bank. This value should not
exceed 256 characters in length.
example: The payment is settled on debtor side.
initiation:
$ref: '#/components/schemas/PayoutInitiation'
reference:
type: string
description: The reference id of the payout.
example: ShBdcTeqFabqJJhUF
description:
type: string
description: The description of the payout.
example: Description of the payout
settlementRuleId:
type: string
description: The id of the settlement rule.
example: 123e4567-e89b-12d3-a456-426614174000
description: The payout object.
SettlementRule:
type: object
properties:
settlementRuleId:
type: string
format: uuid
description: The id of the settlement rule.
payerAccountId:
type: string
description: The id of the payer settlement account.
payeeAccountDetails:
$ref: '#/components/schemas/Creditor'
amountType:
$ref: '#/components/schemas/AmountType'
amountValue:
type: string
description: The value of the amount.
effectiveFrom:
type: string
description: >-
The start date of the settlement rule is formatted as `YYYY-MM-DD`
if the time interval is not INTRADAY. Otherwise, it is formatted as
`YYYY-MM-DDTHH:MM:SSZ`.
effectiveTo:
type: string
description: >-
The end date of the settlement rule is formatted as `YYYY-MM-DD` if
the time interval is not INTRADAY. Otherwise, it is formatted as
`YYYY-MM-DDTHH:MM:SSZ`.
timeInterval:
$ref: '#/components/schemas/TimeInterval'
description:
type: string
description: >
The description used for payouts created due to this rule.
The maximum length is 18 characters and allowed characters are
alphanumeric, space, hyphen (-), period (.), ampersand (&), and
forward slash (/).
maxLength: 18
pattern: ^[a-zA-Z0-9-.&/ ]+$
example: Auto Payout
status:
$ref: '#/components/schemas/SettlementRuleStatus'
Creditor:
type: object
properties:
name:
type: string
description: The owner name for the creditor account.
example: Customer Inc.
ultimateCreditorName:
type: string
description: The ultimate creditor name.
example: Customer Inc.
bankName:
type: string
description: The creditor's bank name.
accountNumber:
type: string
description: The unique identifier for the bank account in the UK or Ireland.
example: '12345678'
bic:
type: string
description: >-
The Business Identifier Code (BIC), ISO
9362, is the SWIFT Address assigned to a bank in order to send
automated payments quickly and accurately to the banks concerned. It
uniquely identifies the name and country, (and sometimes the branch)
of the bank involved. BICs are often called SWIFT Codes and can be
either 8 or 11 characters long."
example: HBUKGB7F261
iban:
type: string
description: >-
The International Bank Account Number, used when sending interbank
transfers or wiring money from one bank to another, especially
across international borders. It consists of a two-letter country
code followed by two check digits and up to thirty-five alphanumeric
characters.
example: GB29NWBK60161331926819
sortCode:
type: string
description: >-
The number assigned to a branch of a bank, typically containing six
digits and most commonly used in the UK and Ireland.
example: 123456
SettlementRuleStatus:
description: The status of the settlement rule.
type: string
enum:
- ACTIVE
- INACTIVE
AmountType:
description: The type of the amount.
type: string
enum:
- FIXED_VALUE
- PERCENTAGE
- BALANCE_TO_RETAIN
TimeInterval:
description: The time interval.
type: string
enum:
- INTRADAY
- DAILY
- WEEKLY
- MONTHLY
- QUARTERLY
- HALF_YEARLY
- YEARLY
MaintenanceWindow:
description: Details of the bank's planned or unplanned maintenance window.
type: array
items:
$ref: '#/components/schemas/maintenance'
maintenance:
type: object
properties:
startTime:
type: string
description: >-
The start time of the maintenance window (in ISO 8601 format).
example: '2023-05-03T12:28:20.466Z'
endTime:
type: string
description: >-
The end time of the maintenance window (in ISO 8601 format).
example: '2023-05-03T12:40:25.47Z'
type:
type: string
description: >-
The bank status:
NO_DOWNTIME_EXPECTED - the bank is
currently connected, accepting API calls, and returning appropriate
responses
DOWNTIME_EXPECTED - there is a planned
outage between the `startTime` and `endTime`
specified
OUTAGE - connection interrupted; the bank
cannot currently accept API calls for this service between the
`startTime` and `endTime` specified
Decoupled - User
receives sms / notification during authentication at
bank
Confirmation Page - User is presented with a page
where they confirm authentication.
Multi-redirect -
Intermediate steps as part of authentication flow for user at
bank.
Embedded single step - Capture of fields for
credentials in a single step.
Embedded multi-step -
Multiple steps in capture of credential fields from user.
example: REDIRECT
default: INVALID_SCA_METHOD
enum:
- INVALID_SCA_METHOD
- REDIRECT
- DECOUPLED
- CONFIRMATION_PAGE
- MULTI_REDIRECT
- EMBEDDED_SINGLE_STEP
- EMBEDDED_MULTI_STEP
StandingOrder:
type: object
properties:
createdAtMs:
type: string
description: >-
Specifies the time the transfer was created; timestamp (UTC) in
milliseconds, 1 day (24 hours) = 8640000000, 1 hour = 36000000, and
1 minute = 60000.
format: string
example: 1729212980771
creditorEndpoint:
$ref: '#/components/schemas/CreditorEndpoint'
frequency:
type: string
description: >-
Specifies the ISO 20022 code for the scheduled frequency of
standing order payments occurring between the first and final
payments. Options:
DAIL - daily/once a day
WEEK -
weekly/once a week
TOWK - twice weekly/two times a
week
MNTH - monthly/once a month
TOMN - twice
monthly/two times a month
QUTR - quarterly/once every three
months
SEMI - semi-annually/twice a year
YEAR -
annually/once a year
example: WEEK
id:
type: string
description: >-
The standing order identifier; labelled standingOrderId in specific
standing order access requests.
example: tt:83KiRJuXmEDV5m2b8ZvLGE91ELf7PPw5BaDab98kMguu:3VMczyq7r7b6HwC
providerStandingOrderDetails:
$ref: '#/components/schemas/ProviderStandingOrderDetails'
status:
$ref: '#/components/schemas/StandingOrderStatus'
tokenId:
type: string
description: >-
Access token ID of the account information request authorised by the
account holder.
example: tt:8zK1dic95omjWb72gvc3z3ELKbTNfnGd89MbDnM73er4:ZhBVAJSH8DeU1
tokenSubmissionId:
type: string
description: >-
The submission ID of the standing order information request; it
points to the token submission and is only set for Token.io standing
orders.
example: '12345678'
description: Contains the list of requested standing order records retrieved.
StandingOrderStatus:
type: string
example: PROCESSING
description: The current status of the standing order.
default: INVALID
enum:
- INVALID
- ACTIVE
- INACTIVE
- PROCESSING
- FAILED
- UNKNOWN
GetStandingOrderResponse:
type: object
properties:
standingOrder:
$ref: '#/components/schemas/StandingOrder'
status:
$ref: '#/components/schemas/RequestStatus'
GetStandingOrdersResponse:
type: object
properties:
offset:
type: string
description: The offset of the first item returned in the collection.
example: LerV6Jmex
standingOrders:
type: array
items:
$ref: '#/components/schemas/StandingOrder'
status:
$ref: '#/components/schemas/RequestStatus'
CreditorEndpoint:
type: object
properties:
account:
$ref: '#/components/schemas/BankAccount'
accountFeatures:
$ref: '#/components/schemas/AccountFeatures'
metadata:
$ref: '#/components/schemas/StandingOrderMetadataEntry'
accountIdentifier:
$ref: '#/components/schemas/AccountIdentifier'
bankId:
$ref: '#/components/schemas/bankId'
bic:
type: string
description: >-
The Business Identifier Code (BIC), ISO
9362, is the SWIFT Address assigned to a bank in order to send
automated payments quickly and accurately to the banks concerned. It
uniquely identifies the name and country, (and sometimes the branch)
of the bank involved. BICs are often called SWIFT Codes and can be
either 8 or 11 characters long."
example: BOFIIE2D
customerData:
$ref: '#/components/schemas/CustomerData'
ProviderStandingOrderDetails:
type: object
properties:
cma9StandingOrderDetails:
$ref: '#/components/schemas/Cma9StandingOrderDetails'
BankAccount:
type: object
description: Specifies information about the bank account.
oneOf:
- title: Custom
properties:
custom:
$ref: '#/components/schemas/Custom'
- title: Domestic
properties:
domestic:
$ref: '#/components/schemas/Domestic'
- title: Iban
properties:
iban:
$ref: '#/components/schemas/Iban'
- title: token
properties:
token:
$ref: '#/components/schemas/StandingOrderToken'
Custom:
type: object
properties:
bankId:
$ref: '#/components/schemas/bankId'
payload:
type: string
description: The standing order payload.
example: sdfjds12-f85-46b0-8058-343dek543grt
description: Custom authorization.
Domestic:
type: object
properties:
accountNumber:
type: string
description: The unique identifier for the bank account.
example: '12345678'
bankCode:
type: string
description: >-
The number assigned to a branch of a bank, typically containing six
digits and most commonly used in the UK and Ireland.
example: '123456'
country:
type: string
description: Two-letter country code in upper case (ISO 3166-1 alpha-2).
example: GB
description: A domestic bank account in the UK.
Iban:
type: object
properties:
bic:
type: string
description: >-
The Business Identifier Code (BIC), ISO
9362, is the SWIFT Address assigned to a bank in order to send
automated payments quickly and accurately to the banks concerned. It
uniquely identifies the name and country, (and sometimes the branch)
of the bank involved. BICs are often called SWIFT Codes and can be
either 8 or 11 characters long."
example: BOFIIE2D
iban:
type: string
description: >-
The International Bank Account Number. This consists of a two-letter
country code followed by two check digits and up to thirty-five
alphanumeric characters.
example: GB29NWBK60161331926819
StandingOrderMetadataEntry:
type: object
additionalProperties:
type: string
description: >-
Additional fields returned by the bank at its option in response to your
particular request. The presence and type of metadata are entirely
dependent on the bank and generally comprise additional information
about the account or the transaction pertinent to your specific use
case. How you use this information, when included in the bank's
response, is at your discretion.
StandingOrderToken:
type: object
properties:
accountId:
type: string
description: >-
The account id. Available account ids can be found in the account
info consent.
memberId:
type: string
description: The Token.io-generated member id for the user/account holder.
example: m:nP4w3u5y8ddrxDJkjimgSX9e4fZ:5zKtXEAq
Cma9StandingOrderDetails:
type: object
properties:
creditorAccount:
allOf:
- $ref: '#/components/schemas/CashAccount'
- description: Specifies the payee's account with the creditor.
finalPaymentAmount:
allOf:
- $ref: '#/components/schemas/Money'
- description: The amount of the final payment.
finalPaymentDateTime:
type: string
description: >-
The date and time of the final payment made under the standing
order.
firstPaymentAmount:
allOf:
- $ref: '#/components/schemas/Money'
- description: The amount of the first payment.
firstPaymentDateTime:
type: string
description: >-
The date and time of the first payment made under the standing
order.
frequency:
type: string
description: >-
Specifies the ISO 20022 code for the scheduled frequency of
standing order payments occurring between the first and final
payments. Options:
DAIL - daily/once a day
WEEK -
weekly/once a week
TOWK - twice weekly/two times a
week
MNTH - monthly/once a month
TOMN - twice
monthly/two times a month
QUTR - quarterly/once every three
months
SEMI - semi-annually/twice a year
YEAR -
annually/once a year
example: WEEK
nextPaymentAmount:
allOf:
- $ref: '#/components/schemas/Money'
- description: The amount of the next payment.
nextPaymentDateTime:
type: string
description: The Date and time of the next standing order payment.
numberOfPayments:
type: integer
format: int32
description: The number of payments made under the standing order.
reference:
type: string
description: The reference for the CMA9 standing order.
description: >-
Specifies applicable non-standard (varied frequency and payment amount)
recurring payment instructions and schedule.
CashAccount:
type: object
properties:
identification:
type: string
name:
type: string
schemeName:
type: string
SubmitKey:
type: object
properties:
keyAlgorithm:
type: string
description: >-
The security algorithm designed to protect the public key,
e.g. ED25519, ECDSA_SHA256, RS256.
example: ED25519
publicKey:
type: string
description: >-
The public key of the key pair to be uploaded. This key verifies
that the payload has been signed by the owner of the private key.
For example:
PEM
format: -----BEGIN PUBLIC KEY-----
MCowBQYDK2VwAyEAGxDta2XXlr6Vxqk4kJq3+bLowoimRo+B52stoO7AWNg=
-----END PUBLIC KEY-----
example: |-
-----BEGIN PUBLIC KEY-----
MCowBQYDK2VwAyEAGxDta2XXlr6Vxqk4kJq3+bLowoimRo+B52stoO7AWNg=
-----END PUBLIC KEY-----
description: Specifies the details of the public key.
KeyId:
type: object
properties:
keyId:
type: string
description: The unique identifier for the public key.
example: _NouLPTuo7WBLBV6
GetKeysResponse:
type: object
properties:
key:
type: array
description: Contains each public key that has been uploaded.
items:
$ref: '#/components/schemas/GetKey'
description: A list of the public keys retrieved.
GetKeyResponse:
type: object
properties:
key:
type: array
items:
$ref: '#/components/schemas/GetKey'
description: The details of the specified public key.
GetKey:
type: object
properties:
id:
type: string
description: The id of the public key that has been uploaded.
example: cJSOA7nQscQBScnE
keyAlgorithm:
type: string
description: >-
The security algorithm designed to protect the public key,
e.g. ED25519, ECDSA_SHA256, RS256.
example: ED25519
publicKey:
type: string
description: >-
The public key of the key pair to be uploaded. This key verifies
that the payload has been signed by the owner of the private key.
For example:
PEM
format: -----BEGIN PUBLIC KEY-----
MCowBQYDK2VwAyEAGxDta2XXlr6Vxqk4kJq3+bLowoimRo+B52stoO7AWNg=
-----END PUBLIC KEY-----
example: |-
-----BEGIN PUBLIC KEY-----
MCowBQYDK2VwAyEAGxDta2XXlr6Vxqk4kJq3+bLowoimRo+B52stoO7AWNg=
-----END PUBLIC KEY-----
expiresAtMs:
type: string
description: >-
The expiry date for the public key in epoch format (the number of
milliseconds that have elapsed since January 1, 1970).
example: 1731530316000
description: The details of the public key that has been uploaded.
DeleteKeyResponse:
type: object
description: No data returned in the successful response.
AccountVerificationRequest:
type: object
required:
- account
properties:
account:
type: object
description: |
Account information for account verification
required:
- name
- currency
- iban
properties:
name:
type: string
description: Name of account holder
currency:
type: string
description: >-
Specifies the currency of the account being verified,
represented in ISO 4217 three-letter format (e.g. EUR). This
ensures accurate matching where account validation rules or
naming conventions may vary by currency.
enum:
- EUR
iban:
type: string
description: >-
The International Bank Account Number (IBAN) which identifies a
bank account across borders
virtualAccountId:
type: string
description: >
The Token settlement account from which the subsequent payout or
refund will be executed.
> **Conditional** - If this verification check is independent of a
Token provided settlement account, this should **NOT** be provided.
AccountVerificationResponse:
type: object
required:
- id
- result
properties:
id:
type: string
example: 01K4SMENHFT2MK5DKVDYWP6M7B
result:
type: object
required:
- status
- reasons
- details
properties:
status:
type: string
description: The outcome of the verification
enum:
- MATCH
- NO_MATCH
- CLOSE_MATCH
- VERIFICATION_NOT_POSSIBLE
reasons:
type: array
description: A more granular reason as to why there was not a full match
items:
type: string
enum:
- UNKNOWN
- EXACT_MATCH
- NAME_MISMATCH
- ACCOUNT_MISMATCH
details:
type: string
description: >-
A human readable explanation for the outcome of the verification
check
matched:
type: object
description: >-
Further details on the attributes that would result in a full
match
properties:
name:
type: string
description: The name matched to the account provided
AccountVerificationId:
type: string
description: >-
The Id returned from the /account-verifications endpoint and used to
identify the account verification relating to the beneficiary of the
payment. Only required for EUR payments.
CreateTokenizedAccountResponse:
type: object
properties:
tokenizedAccountId:
type: string
description: The tokenized account id of the provided account details.
example: tai:4HoNxTfhn9EjwNnQmjGCsWsuYS7S:5zJAqBcE
description: Contains the response of the create a tokenized account request.
GetTokenizedAccountResponse:
type: object
properties:
accountDetails:
$ref: '#/components/schemas/AccountInformation'
description: Contains the response of the get tokenized account request.
DeleteTokenizedAccountResponse:
type: object
description: No data returned in the successful response.
responses:
BadResponse:
description: The client specified an invalid argument
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_400'
InvalidArgumentRequest:
description: The client specified an invalid argument
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_400'
UnauthenticatedResponse:
description: The authorization information is missing or invalid
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_401'
UnexpectedErrorResponse:
description: An unexpected or internal server error
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_500'
PermissionDeniedResponse:
description: Permission to access this endpoint is denied
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_403'
CustomerNotFoundResponse:
description: The requested entity, such as a TPP, was not found
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_404'
AccountNotFoundResponse:
description: The requested entity, such as an account, was not found
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_404'
BadRequestResponse:
description: Bad request
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_400_1'
PaymentNotFoundResponse:
description: The requested entity, such as a payment, was not found
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_404'
SettlementRuleNotFoundResponse:
description: The requested entity, such as a settlement rule, was not found
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_404'
TooManyRequestsResponse:
description: Too many requests
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_429'
NotImplementedResponse:
description: The operation was not implemented
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_501'
ServiceUnavailableResponse:
description: Service is unavailable
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_503'
GatewayTimeoutResponse:
description: Gateway has timed out
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_504'
VrpConsentNotFoundResponse:
description: VRP consent not found
content:
application/json:
schema:
$ref: '#/components/schemas/inline_response_404_1'
parameters:
Paging-Limit:
name: limit
in: query
description: The maximum number of records to return.
required: true
style: form
explode: true
schema:
maximum: 200
minimum: 1
type: integer
format: int32
example: 10
Paging-Offset:
name: offset
in: query
description: The offset from the previous page.
required: false
style: form
explode: true
schema:
type: string
example: LerV6Jmex
FilterRefund-StartDate:
name: startDate
in: query
description: >-
Lower bound for a refund creation date in the format 'YYYY-MM-DD' (UTC
time zone). If specified, only refunds created at or after the given
date will be returned.
required: false
style: form
explode: true
schema:
type: string
example: '2010-01-01'
FilterRefund-EndDate:
name: endDate
in: query
description: >-
Upper bound for a refund creation date in the format 'YYYY-MM-DD' (UTC
time zone). If specified, only refunds created at or before the given
date will be returned.
required: false
style: form
explode: true
schema:
type: string
example: '2010-01-01'
Consent-ID-Header:
name: consentId
in: header
description: The associated account info consent id.
required: true
style: simple
explode: false
schema:
type: string
example: acount-info-consent-1234
PSU-IP-Address:
name: psuIpAddress
in: header
description: >-
The forwarded IP Address header field consists of the corresponding http
request IP Address field between user and TPP. If not available, the TPP
shall use the IP Address used by the TPP when submitting this request.
required: false
style: simple
explode: false
schema:
type: string
format: ipv4
example: 192.168.8.78
PSU-User-Agent:
name: psuUserAgent
in: header
description: >-
The forwarded Agent header field of the HTTP request between user and
TPP, if available.
required: false
style: simple
explode: false
schema:
type: string
PSU-Device-ID:
name: psuDeviceId
in: header
description: >-
The UUID (Universally Unique Identifier) for a user's device, if
available. The UUID identifies either a device or a device dependant
application installation. In case of an installation identification this
ID needs to be unaltered until removal from device.
required: false
style: simple
explode: false
schema:
type: string
format: uuid
example: 99435c7e-ad88-49ec-a2ad-99ddcb1f5555
PSU-Geo-Location:
name: psuGeoLocation
in: header
description: >-
The forwarded Geo Location of the corresponding http request between
user and TPP if available.
required: false
style: simple
explode: false
schema:
pattern: GEO:-?[0-9]{1,2}\.[0-9]{6};-?[0-9]{1,3}\.[0-9]{6}
type: string
example: GEO:52.506931;13.144558
Account-ID:
name: accountId
in: path
description: >-
The account id. Available account ids can be found in the account info
consent.
required: true
style: simple
explode: false
schema:
type: string
example: '1234567890'
Transaction-ID:
name: transactionId
in: path
description: >-
The account id. Available account ids can be found in the account info
consent.
required: true
style: simple
explode: false
schema:
type: string
example: '1234567890'
Payment-ID:
name: paymentId
in: path
description: The payment id.
required: true
style: simple
explode: false
schema:
type: string
example: '1234567890'
Standing-Order-ID:
name: standingOrderId
in: path
description: The standing order id.
required: true
style: simple
explode: false
schema:
type: string
example: '1234567890'
Consent-ID:
name: consentId
in: path
description: The consent id.
required: true
style: simple
explode: false
schema:
type: string
example: '1234567890'
Start-Date:
name: startDate
in: query
description: >-
Optional lower bound for a transaction's booking date as returned by the
bank, in the format 'YYYY-MM-DD' (e.g. '2016-01-01'). If
specified, then only transactions whose bank booking date is equal to or
later than the given date will be regarded.
required: false
style: form
explode: true
schema:
type: string
format: date
example: '2020-12-12'
End-Date:
name: endDate
in: query
description: >-
Optional upper bound for a transaction's booking date as returned by the
bank (= original booking date), in the format 'YYYY-MM-DD' (e.g.
'2016-01-01'). If specified, then only transactions whose bank booking
date is equal to or earlier than the given date will be regarded.
required: false
style: form
explode: true
schema:
type: string
format: date
example: '2020-12-24'
Filter-Ids:
name: ids
in: query
description: >-
Filters payments by their ids - returns only payments with ids listed in
this parameter.
required: false
style: form
explode: true
schema:
type: array
items:
type: string
example:
- pm2:4QExXrhKTxfShBdcTeqFabqJJhUF:2gFUX1NDgpN
- pm2:N5cJDFsQzVca3Qvr8kQocgEnjgX:2gFUX1NEdYA
Filter-InvertIds:
name: invertIds
in: query
description: >-
Invert ids query - returns only payments with ids not listed in the ids
parameter.
required: false
style: form
explode: true
schema:
type: boolean
example: false
Filter-Statuses:
name: statuses
in: query
description: >-
Filters payments by their statuses - returns only payments with statuses
listed in this parameter.
required: false
style: form
explode: true
schema:
type: array
items:
$ref: '#/components/schemas/PaymentStatus'
example:
- INITIATION_COMPLETED
- INITIATION_REJECTED
Filter-InvertStatuses:
name: invertStatuses
in: query
description: >-
Invert statuses query - returns only payments with statuses not listed
in the statuses parameter.
required: false
style: form
explode: true
schema:
type: boolean
example: true
Filter-CreatedAfter:
name: createdAfter
in: query
description: >-
Returns only payments created after this time (in ISO 8601 format).
required: false
style: form
explode: true
schema:
type: string
example: '2022-04-05T17:00:00.000Z'
Filter-CreatedBefore:
name: createdBefore
in: query
description: >-
Returns only payments created before this time (in ISO 8601 format).
required: false
style: form
explode: true
schema:
type: string
example: '2022-04-05T17:00:00.000Z'
Filter-RefIds:
name: refIds
in: query
description: >-
Filters payments by their `refId` values - returns only payments with
`refIds` listed in this parameter.
required: false
style: form
explode: true
schema:
type: array
items:
type: string
example:
- ShBdcTeqFabqJJhUF
- N5cJDFsQzVca3Q
Filter-OnBehalfOfId:
name: onBehalfOfId
in: query
description: >-
Filters payments by the `onBehalfOfId` value - returns only payments
with the `onBehalfOfId` value specified in this parameter. This field is
mandatory for unregulated TPPs.
required: false
style: form
explode: true
schema:
type: string
example: c5a863bc-86f2-4418-a26f-25b24c7983c7
Filter-RefundStatuses:
name: refundStatuses
in: query
description: >-
Filters payments by their refund status values - returns only payments
with refund statuses listed in this parameter.
required: false
style: form
explode: true
schema:
type: array
items:
$ref: '#/components/schemas/PaymentRefundStatus'
example:
- PARTIAL
- NONE
Format-Partial:
name: partial
in: query
description: >-
Returns payments in a partial format - with only id and status fields
populated.
required: false
style: form
explode: true
schema:
type: boolean
example: true
securitySchemes:
Bearer:
type: http
description: >-
**For Production and Sandbox environments.** When using curl
samples the authorization header is given as -H `'Authorization: Bearer
+ JWT'` Please substitute your Bearer key here. For
example: -H `'Authorization: Bearer
eyJhbGciOiJFZERTQSIsImtpZCI6IjF4N2RmNHZ1RlVIWVFDYTciLCJtaWQiOiJtOlhUalhlMkFQZTRvdmVaalE4cHoyNGdEbUZEcTo1ekt0WEVBcSIsImhvc3QiOiJsb2NhbGhvc3Q6ODAwMCIsIm1ldGhvZCI6IlBPU1QiLCJwYXRoIjoiL2JhbmtzL2lyb24vdXNlcnMiLCJleHAiOjE1ODYyOTczNDQ3ODd9..bi3wxEoMHIul_F2f7gCDvgjHQKCjIyP9_SkQns-yXpS0UqoaOqSJrW89COexU71gt-mH3jH6mtp2aksEywvFDg'` Enter
the JWT Bearer token only (see JWT Authentication for more information).
scheme: bearer
bearerFormat: JWT
BasicAuth:
type: apiKey
description: >-
**For Sandbox environment only.** When using curl samples the
authorization header is given as -H `'Authorization:
YOUR_API_KEY_HERE'` Please substitute your Basic key here. For
example: -H `'Authorization: Basic
bS0zanhoS3pqRjRSWFQ1dHZLTlhMQU14cm80d0E1LTV6S3RYRUFxOmU1MWZjZDQ0LTM5MGQtNDYxZi04YjA0LTEyMjcxOTg4YWYwNg=='`
name: Authorization
in: header