Skip to content

Token.io's Open Banking API for TPPs

Token.io's Open Banking API

Token.io Support: support.token.io

The Token.io Open Banking API enables you to connect securely with banks for a range of services.

Using our API you can:

  • provide authorized access to an authenticated user's account information
  • get information on specific banks
  • initiate authorization with a user-selected bank
  • initate and track single immediate payments and future dated payments
  • use variable recurring payments (VRP) to grant long-held consents to Payment Initiation Service Providers (PISPs) to initiate series of payments from users' bank accounts
  • carry out settlements, payments and refunds using our settlement accounts

For more information see our developer documentation.

Download OpenAPI description
index.json
index.yaml
Languages
Servers

https://api.token.io/

Payments v2

These endpoints enable you to make v2 single immediate payments and future dated payments using the redirect, embedded and decoupled flows.

Operations

Requests - for Payments v1 or AIS

These endpoints allow you to initiate a Payments v1 request or an AIS request, and retrieve the status of the request.

Operations

Transfers - for Payments v1

These endpoints relate to transfers, which are requests to move money between accounts.

Operations

Variable Recurring Payments

These endpoints enable you to initiate Variable Recurring Payments (VRP).

Operations

Refunds

These endpoints allow you to handle registration, posting, and retrieval of refunds associated with original transaction account information.

Operations

Payouts

These endpoints allow you to make payouts.

Operations

Settlement Accounts

These endpoints provide authorized access to an authenticated user's settlement account information, enabling you to create settlement accounts, retrieve settlement account details, transactions and payouts, and manage settlement rules.

Operations

Accounts

These endpoints provide authorized access to an authenticated user's account information.

Operations

Tokens

These endpoints retrieve all tokens, a filtered list of tokens, or a specific token, as well as allowing you to cancel an existing token.

Operations

Get tokens

Request

The GET /tokens endpoint retrieves a list of all tokens for the authenticated member.

Security
Bearer or BasicAuth
Query
typestring

Specifies the type of token returned.

Default "INVALID"
Enum"INVALID""ACCESS""TRANSFER"
Example: type=ACCESS
page.offsetstring

The offset for the current page. If the offset has been provided in the request, this offset will be equal to the provided one. But if no offset was provided in the request (i.e. this is the first page) and the page is not empty, this field will be populated with a non-empty string. This may be helpful for loading the same page again, which might not always be possible with an empty offset due to a dynamic nature of the data.
The offset is not visible to a user and should not be parsed and/or understood in any way.

Example: page.offset=LerV6Jmex
page.limitinteger(int32)required

The maximum number of records to return. This must be less than 200.

Default 1
Example: page.limit=175
filter.sourceAccountIdstring

Identifies the payer's account.

Example: filter.sourceAccountId=a:J72REftaRoiaDYRDU7M9FDgf8jeh3eqek9DvKeyBWbuA:3VMczyq7r7b6HwC
filter.destinationAccountIdstring

Identifies the payee/beneficiary's account.

Example: filter.destinationAccountId=a:f34VSeqwfWGTGH23vsa2cDgecew209jdvcd5vdfv4vds:5VSWVRqicm4Csa2
filter.startTimeMsstring(string)

The filtered list start timestamp in milliseconds, 1 day (24 hours) = 8640000000, 1 hour = 36000000, and 1 minute = 60000.

Example: filter.startTimeMs=67505
filter.endTimeMsstring(string)

The filtered list end timestamp in milliseconds, 1 day (24 hours) = 8640000000, 1 hour = 36000000, and 1 minute = 60000.

Example: filter.endTimeMs=365650
filter.rolestring

Filters by accountHolder role.

Default "ANY"
Enum"ANY""FROM""TO""ISSUER"
Example: filter.role=ISSUER
filter.actingAsRefIdstring

Filters the list by the sub-TPP identifier generated by Token.io once a TPP has been onboarded.

Example: filter.actingAsRefId=4kwl35c9sp3fwp4xq
curl -i -X GET \
  'https://api.token.io/tokens?type=ACCESS&page.offset=LerV6Jmex&page.limit=175&filter.sourceAccountId=a%3AJ72REftaRoiaDYRDU7M9FDgf8jeh3eqek9DvKeyBWbuA%3A3VMczyq7r7b6HwC&filter.destinationAccountId=a%3Af34VSeqwfWGTGH23vsa2cDgecew209jdvcd5vdfv4vds%3A5VSWVRqicm4Csa2&filter.startTimeMs=67505&filter.endTimeMs=365650&filter.role=ISSUER&filter.actingAsRefId=4kwl35c9sp3fwp4xq' \
  -H 'Authorization: Bearer <YOUR_JWT_HERE>'

Responses

Successful response

Bodyapplication/json
offsetstring

The offset of the first item returned in the collection.

Example: "LerV6Jmex"
tokensArray of objects(Token)

Contains the details of each requested token returned according to the request's filtering parameters.

Response
application/json
{
  "offset": "LerV6Jmex",
  "tokens": [
    {}
  ]
}

Get a token

Request

The GET /tokens/{tokenId} endpoint retrieves information about a specific token for the authenticated member.

Security
Bearer or BasicAuth
Path
tokenIdstringrequired

Identifies a unique authorization token for a transfer, standing order, or account information access.

Example: tt:8zK1dic95omjWb72gvc3z3ELKbTNfnGd89MbDnM73er4:ZhBVAJSH8DeU1
curl -i -X GET \
  https://api.token.io/tokens/tt:8zK1dic95omjWb72gvc3z3ELKbTNfnGd89MbDnM73er4:ZhBVAJSH8DeU1 \
  -H 'Authorization: Bearer <YOUR_JWT_HERE>'

Responses

Successful response

Bodyapplication/json
tokenobject(Token)

Contains the details of each requested token returned according to the request's filtering parameters

Response
application/json
{
  "token": {
    "id": "ta:3eYPU1BEKKunfmYgQuSKXFCeo851C5Y3XiZW3XA465TU:5zKtXEAq",
    "payload": {},
    "payloadSignatures": [],
    "replacedByTokenId": "ta:BzFCFwVt5zrt6rdcHJK5imf2HXbGdVdyHKpWQZbgzL5s:qXTkpBAZVbXMxk9vi",
    "tokenRequestId": "rq:ej5ACWNwi1EcqBeuDPc4Z8C4Bgc:5zKtXEAq"
  }
}

Cancel a token

Request

The PUT /tokens/{tokenId}/cancel endpoint cancels a given token.

Security
Bearer or BasicAuth
Path
tokenIdstringrequired

Identifies a unique authorization token for a transfer, standing order, or account information access.

Example: ta:3eYPU1BEKKunfmYgQuSKXFCeo851C5Y3XiZW3XA465TU:5zKtXEAq
Headers
token-customer-ip-addressstring(ipv4)

The user's IP address if the user is currently logged in with the TPP. If the customer IP address is supplied (recommended), it is inferred that the user is present during the session (i.e., the request is user-initiated; adding a customer-initiated = true header makes this explicit). For AIS calls, if the customer's IP address is not provided in the request, the bank assumes it is a TPP-initiated request and may limit the TPP to 4 TPP-initiated access attempts within a given 24-hour period.

Example: 172.16.254.1
customer-initiatedboolean

Informs the bank that the API call was explicitly initiated by the user. This is useful in circumnavigating bank restrictions that impose a 4-times-a-day (i.e., within the same 24-hour period) access limit on the same AISP, in accordance with RTS regulations.

Example: true
token-customer-device-idstring

Obtained by the TPP from details in the user agent information of the user.

Example: 00000000-00000000-01234567-89ABCDEF
curl -i -X PUT \
  https://api.token.io/tokens/ta:3eYPU1BEKKunfmYgQuSKXFCeo851C5Y3XiZW3XA465TU:5zKtXEAq/cancel \
  -H 'Authorization: Bearer <YOUR_JWT_HERE>' \
  -H 'customer-initiated: true' \
  -H 'token-customer-device-id: 00000000-00000000-01234567-89ABCDEF' \
  -H 'token-customer-ip-address: 172.16.254.1'

Responses

Successful response

Bodyapplication/json
resultobject(TokenOperationResult)

Contains details about the canceled token.

Response
application/json
{
  "result": {
    "status": "SUCCESS",
    "token": {}
  }
}

Banks v1

These endpoints filter and fetch the list of connected banks, get information on specific banks, and initiate authorization with user-selected banks using Payments v1.

Operations

Banks v2

This endpoint filters and fetches the list of connected banks, gets information on specific banks, and initiates authorization with user-selected banks using Payments v2.

Operations

Sub-TPPs

These endpoints are for resellers using Token.io's licence to create, retrieve and delete sub-TPPs.

Operations

Authentication keys

These endpoints are for managing the public keys that are used for JWT authentication.

Operations

Reports

These endpoints retrieve the current AIS and PIS status of connected banks.

Operations

Webhooks

These endpoints configure, retrieve and remove webhooks. See Webhooks for more details.

Operations