Skip to content

Token.io's Open Banking API for TPPs

Token.io's Open Banking API

Token.io Support: support.token.io

The Token.io Open Banking API enables you to connect securely with banks for a range of services.

Using our API you can:

  • provide authorized access to an authenticated user's account information
  • get information on specific banks
  • initiate authorization with a user-selected bank
  • initate and track single immediate payments and future dated payments
  • use variable recurring payments (VRP) to grant long-held consents to Payment Initiation Service Providers (PISPs) to initiate series of payments from users' bank accounts
  • carry out settlements, payments and refunds using our settlement accounts

For more information see our developer documentation.

Download OpenAPI description
index.json
index.yaml
Languages
Servers
https://api.token.io/

Payments v2

These endpoints enable you to make v2 single immediate payments and future dated payments using the redirect, embedded and decoupled flows.

Operations

Tokenized Account

These endpoints enable you to generate tokenized account id from the provided account details.

Operations

Create tokenized account

Request

The POST /tokenized-accounts endpoint generates a tokenized account ID for the provided account details. The returned tokenized ID enables Third Party Providers (TPPs) to reference the account details in subsequent API calls.

Security
Bearer or BasicAuth
Bodyapplication/jsonrequired
accountDetailsSepaAccount (object) or SepaInstantAccount (object) or FasterPaymentsAccount (object) or ElixirAccount (PLIbanAccount (object)) or (EUDomesticNonEuroAccount (EUIbanAccount (object) or BbanAccount (object) or ClearingNumberAccount (object))) or (EUDomesticNonEuroInstantAccount (EUIbanAccount (object) or BbanAccount (object) or ClearingNumberAccount (object))) or BankGiroAccount (object) or PlusGiroAccount (object)(AccountInformation)required

The account information for the PSU or Business.

One of:

SEPA account details where the iban is required and the bic is optional.

accountDetails.​ibanstringrequired

The International Bank Account Number, used when sending interbank transfers or wiring money from one bank to another, especially across international borders. It consists of a two-letter country code followed by two check digits and up to thirty-five alphanumeric characters.

Example: "GB29NWBK60161331926819"
accountDetails.​bicstring

The Business Identifier Code (BIC), ISO 9362, is the address assigned to a bank in order to send automated payments quickly and accurately to the banks concerned. It uniquely identifies the name and country, (and sometimes the branch) of the bank involved. BICs can be either 8 or 11 characters long.

Example: "BOFIIE2D"
accountDetails.​namestring

The owner's name of the debtor account.

Example: "John Smith"
accountDetails.​ultimateDebtorNamestring

The ultimate debtor's name.

Example: "John Smith"
accountDetails.​addressobject(Address)

Address

bankIdstring

Identifier of the bank where the account belongs.

Example: "ob-modelo"
curl -i -X POST \
  https://api.token.io/tokenized-accounts \
  -H 'Authorization: Bearer <YOUR_JWT_HERE>' \
  -H 'Content-Type: application/json' \
  -d '{
    "accountDetails": {
      "iban": "GB29NWBK60161331926819",
      "bic": "BOFIIE2D",
      "name": "John Smith",
      "ultimateDebtorName": "John Smith",
      "address": {
        "addressLine": [
          "The Coach House"
        ],
        "streetName": "221B",
        "buildingNumber": "2C",
        "postCode": "TR26 1EZ",
        "townName": "Saint Ives",
        "state": "Cornwall",
        "district": "string",
        "country": "GB"
      }
    },
    "bankId": "ob-modelo"
  }'

Responses

Successful response

Bodyapplication/json
tokenizedAccountIdstring

The tokenized account id of the provided account details.

Example: "tai:4HoNxTfhn9EjwNnQmjGCsWsuYS7S:5zJAqBcE"
Response
application/json
{
  "tokenizedAccountId": "tai:4HoNxTfhn9EjwNnQmjGCsWsuYS7S:5zJAqBcE"
}

Get tokenized account

Request

The GET /tokenized-accounts/{tokenizedAccountId} endpoint retrieves a single tokenized account.

Security
Bearer or BasicAuth
Path
tokenizedAccountIdstringrequired

The tokenized account id.

curl -i -X GET \
  'https://api.token.io/tokenized-accounts/{tokenizedAccountId}' \
  -H 'Authorization: Bearer <YOUR_JWT_HERE>'

Responses

Successful response

Bodyapplication/json
accountDetailsSepaAccount (object) or SepaInstantAccount (object) or FasterPaymentsAccount (object) or ElixirAccount (PLIbanAccount (object)) or (EUDomesticNonEuroAccount (EUIbanAccount (object) or BbanAccount (object) or ClearingNumberAccount (object))) or (EUDomesticNonEuroInstantAccount (EUIbanAccount (object) or BbanAccount (object) or ClearingNumberAccount (object))) or BankGiroAccount (object) or PlusGiroAccount (object)(AccountInformation)

The account information for the PSU or Business.

One of:

SEPA account details where the iban is required and the bic is optional.

Response
application/json
{
  "accountDetails": {
    "iban": "GB29NWBK60161331926819",
    "bic": "BOFIIE2D",
    "name": "John Smith",
    "ultimateDebtorName": "John Smith",
    "address": {}
  }
}

Delete tokenized account

Request

The DELETE /tokenized-accounts/{tokenizedAccountId} endpoint deletes a single tokenized account.

Security
Bearer or BasicAuth
Path
tokenizedAccountIdstringrequired

The tokenized account id.

curl -i -X DELETE \
  'https://api.token.io/tokenized-accounts/{tokenizedAccountId}' \
  -H 'Authorization: Bearer <YOUR_JWT_HERE>'

Responses

Successful response

Bodyapplication/json
object(DeleteTokenizedAccountResponse)

No data returned in the successful response.

Response
application/json
{}

Requests - for Payments v1 or AIS

These endpoints allow you to initiate a Payments v1 request or an AIS request, and retrieve the status of the request.

Operations

Transfers - for Payments v1

These endpoints relate to transfers, which are requests to move money between accounts.

Operations

Variable Recurring Payments

These endpoints enable you to initiate Variable Recurring Payments (VRP).

Operations

Refunds

These endpoints allow you to handle registration, posting, and retrieval of refunds associated with original transaction account information.

Operations

Payouts

These endpoints allow you to make payouts.

Operations

Settlement Accounts

These endpoints provide authorized access to an authenticated user's settlement account information, enabling you to create settlement accounts, retrieve settlement account details, transactions and payouts, and manage settlement rules.

Operations

Accounts

These endpoints provide authorized access to an authenticated user's account information.

Operations

Tokens

These endpoints retrieve all tokens, a filtered list of tokens, or a specific token, as well as allowing you to cancel an existing token.

Operations

Banks v1

These endpoints filter and fetch the list of connected banks, get information on specific banks, and initiate authorization with user-selected banks using Payments v1.

Operations

Banks v2

This endpoint filters and fetches the list of connected banks, gets information on specific banks, and initiates authorization with user-selected banks using Payments v2.

Operations

Sub-TPPs

These endpoints are for resellers using Token.io's licence to create, retrieve and delete sub-TPPs.

Operations

Authentication keys

These endpoints are for managing the public keys that are used for JWT authentication.

Operations

Reports

These endpoints retrieve the current AIS and PIS status of connected banks.

Operations

Webhooks

These endpoints configure, retrieve and remove webhooks. See Webhooks for more details.

Operations

Verification

Operations
© 2025 TOKEN, INC. ALL RIGHTS RESERVED.