Skip to content
/
Submit a public key

Token.io's Open Banking API for TPPs

Token.io's Open Banking API

Token.io Support: support.token.io

The Token.io Open Banking API enables you to connect securely with banks for a range of services.

Using our API you can:

  • provide authorized access to an authenticated user's account information
  • get information on specific banks
  • initiate authorization with a user-selected bank
  • initate and track single immediate payments and future dated payments
  • use variable recurring payments (VRP) to grant long-held consents to Payment Initiation Service Providers (PISPs) to initiate series of payments from users' bank accounts
  • carry out settlements, payments and refunds using our settlement accounts

For more information see our developer documentation.

Download OpenAPI description
index.json
index.yaml
Languages
Servers
https://api.token.io

Payments v2

Creates and initiates a single immediate payment or a future-dated payment. Also supports initiating a Variable Recurring Payment (VRP) using an existing VRP mandate that has been created and authorised via the /vrp-consent endpoint.

Operations

Requests - for Payments v1 or AIS

These endpoints allow you to initiate a Payments v1 request or an AIS request, and retrieve the status of the request.

Operations

Transfers - for Payments v1

These endpoints relate to transfers, which are requests to move money between accounts.

Operations

Variable Recurring Payments

These endpoints enable you to initiate Variable Recurring Payments (VRP). Note, that VRP is also available in Payments v2 API.

Operations

Refunds

These endpoints allow you to handle registration, posting, and retrieval of refunds associated with original transaction account information.

Operations

Payouts

These endpoints allow you to make payouts.

Operations

Settlement Accounts

These endpoints provide authorized access to an authenticated user's settlement account information, enabling you to create settlement accounts, retrieve settlement account details, transactions and payouts, and manage settlement rules.

Operations

Accounts

These endpoints provide authorized access to an authenticated user's account information.

Operations

Tokens

These endpoints retrieve all tokens, a filtered list of tokens, or a specific token, as well as allowing you to cancel an existing token.

Operations

Banks v1

These endpoints filter and fetch the list of connected banks, get information on specific banks, and initiate authorization with user-selected banks using Payments v1.

Operations

Banks v2

This endpoint filters and fetches the list of connected banks, gets information on specific banks, and initiates authorization with user-selected banks using Payments v2.

Operations

Sub-TPPs

These endpoints are for resellers using Token.io's licence to create, retrieve and delete sub-TPPs.

Operations

Authentication keys

These endpoints are for managing the public keys that are used for JWT authentication.

Operations

Submit a public key

Request

The POST /member/{memberId}/keys endpoint submits a public key for authentication, for the specified member.

Security
Bearer or BasicAuth
Path
memberIdstringrequired

This id specifies the member for whom the public key is to be submitted.

Example: m:3qVTbXqXZza2VTKa28BPbExmxz9t:5zKtXEAq
Bodyapplication/jsonrequired
keyAlgorithmstring

The security algorithm designed to protect the public key, e.g. ED25519, ECDSA_SHA256, RS256.

Example: "ED25519"
publicKeystring

The public key of the key pair to be uploaded. This key verifies that the payload has been signed by the owner of the private key.
For example:

  • Base64 URL format: _yDSz-_vUL92ezh5fJVhKpdbvwOKghDXQsaqDwGKi_A
  • PEM format: -----BEGIN PUBLIC KEY----- MCowBQYDK2VwAyEAGxDta2XXlr6Vxqk4kJq3+bLowoimRo+B52stoO7AWNg= -----END PUBLIC KEY-----

Example: "-----BEGIN PUBLIC KEY-----\nMCowBQYDK2VwAyEAGxDta2XXlr6Vxqk4kJq3+bLowoimRo+B52stoO7AWNg=\n-----END PUBLIC KEY-----"
curl -i -X POST \
  https://api.token.io/member/m:3qVTbXqXZza2VTKa28BPbExmxz9t:5zKtXEAq/keys \
  -H 'Authorization: Bearer <YOUR_JWT_HERE>' \
  -H 'Content-Type: application/json' \
  -d '{
    "keyAlgorithm": "ED25519",
    "publicKey": "-----BEGIN PUBLIC KEY-----\nMCowBQYDK2VwAyEAGxDta2XXlr6Vxqk4kJq3+bLowoimRo+B52stoO7AWNg=\n-----END PUBLIC KEY-----"
  }'

Responses

Successful response

Bodyapplication/json
keyIdstring

The unique identifier for the public key.

Example: "_NouLPTuo7WBLBV6"
Response
application/json
{
  "keyId": "_NouLPTuo7WBLBV6"
}

Get public keys

Request

The GET /member/{memberId}/keys endpoint retrieves a list of all public keys, for the specified member.

Security
Bearer or BasicAuth
Path
memberIdstringrequired

This id specifies the member for whom the public keys are to be retrieved.

Example: m:3qVTbXqXZza2VTKa28BPbExmxz9t:5zKtXEAq
curl -i -X GET \
  https://api.token.io/member/m:3qVTbXqXZza2VTKa28BPbExmxz9t:5zKtXEAq/keys \
  -H 'Authorization: Bearer <YOUR_JWT_HERE>'

Responses

Successful response

Bodyapplication/jsonArray [
keyArray of objects(GetKey)

Contains each public key that has been uploaded.

]
Response
application/json
[
  {
    "key": []
  }
]

Get a public key

Request

The GET /member/{memberId}/keys/{keyId} endpoint retrieves the details of a specific public key, for the specified member.

Security
Bearer or BasicAuth
Path
memberIdstringrequired

This id specifies the member for whom the public key is to be retrieved.

Example: m:3qVTbXqXZza2VTKa28BPbExmxz9t:5zKtXEAq
keyIdstringrequired

This id specifies the public key to be retrieved.

Example: cJSOA7nQscQBScnE
curl -i -X GET \
  https://api.token.io/member/m:3qVTbXqXZza2VTKa28BPbExmxz9t:5zKtXEAq/keys/cJSOA7nQscQBScnE \
  -H 'Authorization: Bearer <YOUR_JWT_HERE>'

Responses

Successful response

Bodyapplication/json
keyArray of objects(GetKey)
Response
application/json
{
  "key": [
    {}
  ]
}

Delete a public key

Request

The DELETE /member/{memberId}/keys/{keyId} endpoint deletes an existing public key, for the specified member.

Security
Bearer or BasicAuth
Path
memberIdstringrequired

This id specifies the member for whom the public key is to be deleted.

Example: m:3qVTbXqXZza2VTKa28BPbExmxz9t:5zKtXEAq
keyIdstringrequired

This id specifies the public key to be deleted.

Example: eep-VtCNYXo00LIS
curl -i -X DELETE \
  https://api.token.io/member/m:3qVTbXqXZza2VTKa28BPbExmxz9t:5zKtXEAq/keys/eep-VtCNYXo00LIS \
  -H 'Authorization: Bearer <YOUR_JWT_HERE>'

Responses

Successful response

Bodyapplication/json
object(DeleteKeyResponse)

No data returned in the successful response.

Response
application/json
{}

Reports

These endpoints retrieve the current AIS and PIS status of connected banks.

Operations

Webhooks

These endpoints configure, retrieve and remove webhooks. See Webhooks for more details.

Operations

Verification

Operations
© 2025 TOKEN, INC. ALL RIGHTS RESERVED.