Info

These endpoints filter and fetch the list of Token.io-connected banks, get information on specific banks, and initiate authorization with a user-selected bank. Click an item below to expand/collapse its content.

ids | string array – query parameter, optional; when specified, returns banks with an id (bankId) matching any one of those specified (case-insensitive); max 1000. Note: Will return exact (full string) matches only.

search | string – query parameter, optional; when specified, returns banks with a 'name' or 'identifier' containing the given search string (case-insensitive)

tppId | string – query parameter, optional; when specified, returns banks integrated with this TPP's tppId string

bankCode | string – query parameter, optional; filter for banks with a BIC (BLZ for German banks only) matching the given value; Note: BIC must have a string length of 8 or 11; BLZ must be string length of 8

countries | string array – query parameter, optional; ISO 3166-1 Alpha 2 country code in upper case; only banks located in these countries are returned

supports_information.bank_features.value | boolean($boolean) – query parameter, optional; bank connection supports account information services

supports_send_payment.bank_features.valueboolean($boolean) – query parameter, optional; bank connection supports TPP payment initiation

supports_balance.bank_features.value | boolean($boolean) – query parameter, optional; bank connection supports TPP retrieval of account balances

supports_standing_order.bank_features.value | boolean($boolean) – query parameter, optional; bank connection supports recurring payments

supports_bulk_transfer.bank_features.value | boolean($boolean) – query parameter, optional; bank connection supports bulk/batch payments

requires_one_step_payment.bank_features.value | boolean($boolean) – query parameter, optional; bank connection only supports immediate redemption of transfer tokens

supports_linking_uri.bank_features.value | boolean($boolean) – query parameter, optional; bank connection supports linking with bank-linking URI

supports_funds_confirmation.bank_features.value | boolean($boolean) – query parameter, optional; bank connection supports confirmation of available funds

memberId | string – query parameter, optional; Token-assigned memberId of the TPP

supported_transfer_destination_types | string array – query parameter, optional; payment methods/rails supported by the bank; available values: ach, bacs, bankgiro, blueCash, chaps, custom, elixir, euDomesticNonEuro, expressElixir, fasterPayments, hsvp, plusgiro, sepa, sepaInstant, sorbnet, swift, target2, and token

countries | string array – list of ISO 3166-1 alpha-2 country codes in upper case

400 Bad Request | status=INVALID_ARGUMENT.withDescription(error) – client specified an invalid argument

401 Unauthorized | status=UNAUTHENTICATED.withDescription(error) – request does not have valid authentication credentials needed to perform the operation

403 Forbidden | status=PERMISSION_DENIED.withDescription(error) – caller does not have the required permission to execute the operation specified. This error message will be accompanied by the reason from the bank. Typically means the access token has expired and the TPP needs its user to re-authenticate with the bank

404 Not Found | status=NOT_FOUND.withDescription(error) – requested entity, such as a file or directory, was not found

429 Too Many Requests | status=RESOURCE_EXHAUSTED.withDescription(error) – resource, such as a per-user quota or file system, is exhausted (out of space)

500 Internal Server Error | status=INTERNAL.withDescription(error) – could refer to either an error on Token’s end or an error on the bank’s end. When the bank reports a 5xx error, Token sets token-external-error=true as a header in the HTTP response, indicating that the "internal" error originates from the bank. When one of Token's internal services fails or when the bank reports a 4xx error, this header is not populated. The absence of this response header should be interpreted as token-external-error=false.

501 Not Implemented | status=UNIMPLEMENTED.withDescription(error) – operation not implemented / supported / enabled by the bank

503 Service Unavailable | status=UNAVAILABLE.withDescription(error) – service is unavailable, likely due to a transient condition; usually corrected with a retry

504 Gateway Timeout | status=DEADLINE_EXCEEDED.withDescription(error) – deadline expired before operation could complete

 

page | integer($int32) – query parameter, optional; index of the current page

perPage | integer($int32) – query parameter, optional; number of records per page

sort | string – query parameter, optional; key to sort the result; can be name, provider, or country; default = name (i.e., bank name)

memberId | string – query parameter, optional; Token-assigned memberId of the TPP

ids | string array – query parameter, optional; when specified, returns banks with an id (bankId) matching any one of those specified (case-insensitive); max 1000. Note: Will return exact (full string) matches only.

search | string – query parameter, optional; when specified, returns banks with a 'name' or 'identifier' containing the given search string (case-insensitive)

tppId | string – query parameter, optional; when specified, returns banks integrated with this TPP's tppId string

bankCode | string – query parameter, optional; filter for banks with a BIC (BLZ for German banks only) matching the given value; Note: BIC must have a string length of 8 or 11; BLZ must be string length of 8

countries | string array – query parameter, optional; ISO 3166-1 Alpha 2 country code in upper case; only banks located in these countries are returned

supports_information.bank_features.value | boolean($boolean) – query parameter, optional; bank connection supports account information services

supports_send_payment.bank_features.valueboolean($boolean) – query parameter, optional; bank connection supports TPP payment initiation

supports_standing_order.bank_features.value | boolean($boolean) – query parameter, optional; bank connection supports scheduled recurring payments

supports_bulk_transfer.bank_features.value | boolean($boolean) – query parameter, optional; bank connection supports bulk/batch payments

requires_one_step_payment.bank_features.value | boolean($boolean) – query parameter, optional; bank connection only supports immediate redemption of transfer tokens

supports_funds_confirmation.bank_features.value | boolean($boolean) – query parameter, optional; bank connection supports confirmation of available funds

bics | string array – query parameter, optional; business identifier codes (also known as SWIFT code) used to identify banks and financial institutions globally; must be either 8 or 11 digits

supported_transfer_destination_types | string array – query parameter, optional; payment methods/rails supported by the bank; available values: ach, bacs, bankgiro, blueCash, chaps, custom, elixir, euDomesticNonEuro, expressElixir, fasterPayments, hsvp, plusgiro, sepa, sepaInstant, sorbnet, swift, target2, and token

bankGroup | string – name of banking group in which this bank holds membership

bic | string – this bank's business identifier code (also known as SWIFT code); either 8 or 11 digits

countries | string array – list of ISO 3166 alpha-2 country codes in which this bank operates

description | string – description of the credentials

displayName | string – display name of the credential

id | string – specifies the identifier to be used when passing the value of this credential

options | string array – optional, used when there are multiple options; e.g., SMS message, phone call

type | string – specifies the type of credential; available values: INVALID, FIELD (input field), PASSWORD (password input field), PSU_MESSAGE (message string presented to the user), IMAGE (image presented to PSU for authentication, FLICKER (security-sensitive code ), DECOUPLED (only description needs to be populated)

image | string – base64 representation of an image (use Base64 Image Maker or your own preferred method to convert an image to a base64 string)

flicker-code | string – code representing a flicker

name | string – name of field in token requestpayload with bank-imposed formatting constraints; e.g., description

path | stringobject.field path indicating the constrained field's position in token requestPayload; e.g., credentials.credentials1

constraint | string – regex specifying allowed characters; e.g., ^[A-Za-z0-9?:().\/,\u0027+\-\s]*$

id | string – Token bank identifier

identifier | string – optional identifier of the bank; not guaranteed to be unique across all banks; BLZ for German banks

logoUri | string – URi pointing to the bank's logo

value | boolean($boolean)true =mandatory; false = not mandatory

value | boolean($boolean)true =mandatory; false = not mandatory

value | boolean($boolean)true =mandatory; false = not mandatory

value | boolean($boolean)true =mandatory; false = not mandatory

fields | string array – lists common API fields which must be included in the token request

value | boolean($boolean)true =mandatory; false = not mandatory

polishApiFields | string array – lists other Polish API fields which must be included in the token request

value | boolean($boolean)true =mandatory; false = not mandatory

stetFields | string array – lists other STET API fields which must be included in the token request

value | boolean($boolean)true =mandatory; false = not mandatory

value | boolean($boolean)true =mandatory; false = not mandatory

value | boolean($boolean)true =mandatory; false = not mandatory

value | boolean($boolean)true =mandatory; false = not mandatory

fields | string array – lists common API fields which must be included in the token request

value | boolean($boolean)true =mandatory; false = not mandatory

polishApiFields | string array – lists other Polish API fields which must be included in the token request

value | boolean($boolean)true =mandatory; false = not mandatory

stetFields | string array – lists other STET API fields which must be included in the token request

value | boolean($boolean)true =mandatory; false = not mandatory

value | boolean($boolean)true =mandatory; false = not mandatory

value | boolean($boolean)true =mandatory; false = not mandatory

value | boolean($boolean)true =mandatory; false = not mandatory

fields | string array – lists common API fields which must be included in the token request

value | boolean($boolean)true =mandatory; false = not mandatory

polishApiFields | string array – lists other Polish API fields which must be included in the token request

value | boolean($boolean)true =mandatory; false = not mandatory

stetFields | string array – lists other STET API fields which must be included in the token request

value | boolean($boolean)true =mandatory; false = not mandatory

value | boolean($boolean)true =mandatory; false = not mandatory

value | boolean($boolean)true =mandatory; false = not mandatory

value | boolean($boolean)true =mandatory; false = not mandatory

fields | string array – lists common API fields which must be included in the token request

value | boolean($boolean)true =mandatory; false = not mandatory

polishApiFields | string array – lists other Polish API fields which must be included in the token request

value | boolean($boolean)true =mandatory; false = not mandatory

stetFields | string array – lists other STET API fields which must be included in the token request

name | string – commonly recognized name of the bank

openBankingStandard | string – specifies API standard adopted by the bank; available values: Invalid_Standard, UK_Open_Banking_Standard, Starling_Bank_API, PolishAPI, STET_PSD2_API, Citi_Handlowy_PSD2_API, NextGenPSD2, Slovak_Banking_API_Standard, Czech_Open_Banking_Standard, American_Express_PSD2_API, or Budapest_Bank_API; default = Invalid_Standard

operationalTime | string – optional, specifies the bank’s days and hours of operation in a normal week (ex. "MON to FRI, 00:00 to 24:00 GMT+1"); does not take into account bank-specific public holidays, which may or may not be considered out-of-operation time

requiresOneStepPayment | boolean($boolean) – bank connection only supports immediate redemption of transfer tokens

supportedTransferDestinationTypes | string array –payment methods/rails supported by the bank; available values: ach, bacs, bankgiro, blueCash, chaps, custom, elixir, euDomesticNonEuro, expressElixir, fasterPayments, hsvp, plusgiro, sepa, sepaInstant, sorbnet, swift, target2, and token

supportsBulkTransfer | boolean($boolean) – bank connection supports bulk/batch payments

supportsFundsConfirmation | boolean($boolean) – bank connection supports confirmation of available funds

supportsGetConsent | boolean($boolean) – bank connection supports retrieving user consent

supportsInformation | boolean($boolean) – bank connection supports account information services

supportsSendPayment | boolean($boolean) – bank connection supports TPP payment initiation

supportsStandingOrder | boolean($boolean) – bank connection supports scheduled recurring payments

supportsTransactionsDateFilter | boolean($boolean) – bank connection supports specifying startDate and endDate for filtering transaction lookups

transactionHistoryLimit | integer($int32) –defines the number of transaction history records allowed per page: -1 (unlimited) or a positive integer (record limit); default = -1

page | integer($int32) – index of the current page

pageCount | integer($int32) – number of records per page

perPage | integer($int32) – number of total pages

totalCount | integer($int32) – number of total records

400 Bad Request | status=INVALID_ARGUMENT.withDescription(error) – client specified an invalid argument

401 Unauthorized | status=UNAUTHENTICATED.withDescription(error) – request does not have valid authentication credentials needed to perform the operation

403 Forbidden | status=PERMISSION_DENIED.withDescription(error) – caller does not have the required permission to execute the operation specified. This error message will be accompanied by the reason from the bank. Typically means the access token has expired and the TPP needs its user to re-authenticate with the bank

404 Not Found | status=NOT_FOUND.withDescription(error) – requested entity, such as a file or directory, was not found

429 Too Many Requests | status=RESOURCE_EXHAUSTED.withDescription(error) – resource, such as a per-user quota or file system, is exhausted (out of space)

500 Internal Server Error | status=INTERNAL.withDescription(error) – could refer to either an error on Token’s end or an error on the bank’s end. When the bank reports a 5xx error, Token sets token-external-error=true as a header in the HTTP response, indicating that the "internal" error originates from the bank. When one of Token's internal services fails or when the bank reports a 4xx error, this header is not populated. The absence of this response header should be interpreted as token-external-error=false.

501 Not Implemented | status=UNIMPLEMENTED.withDescription(error) – operation not implemented / supported / enabled by the bank

503 Service Unavailable | status=UNAVAILABLE.withDescription(error) – service is unavailable, likely due to a transient condition; usually corrected with a retry

504 Gateway Timeout | status=DEADLINE_EXCEEDED.withDescription(error) – deadline expired before operation could complete

 

bankId | stringrequired in path; Token bank identifier (identical to id in GET /banks response)

aliasTypes | string array– specifies the types of alias supported; available values: INVALID, UNKNOWN, EMAIL, PHONE, DOMAIN, USERNAME, BANK, CUSTOM, or EIDAS; default = INVALID

bankLinkingUri | string – OAuth starting URI

customAliasLabel | string – optional; label to be displayed if bank supports custom aliases

linkingUri | stringbankAuthorization JSON starting URI

realm | string array– optional; lists the various realms of the bank

redirectUriRegex | stringbankAuthorization JSON success URI pattern

400 Bad Request | status=INVALID_ARGUMENT.withDescription(error) – client specified an invalid argument

401 Unauthorized | status=UNAUTHENTICATED.withDescription(error) – request does not have valid authentication credentials needed to perform the operation

403 Forbidden | status=PERMISSION_DENIED.withDescription(error) – caller does not have the required permission to execute the operation specified. This error message will be accompanied by the reason from the bank. Typically means the access token has expired and the TPP needs its user to re-authenticate with the bank

404 Not Found | status=NOT_FOUND.withDescription(error) – requested entity, such as a file or directory, was not found

429 Too Many Requests | status=RESOURCE_EXHAUSTED.withDescription(error) – resource, such as a per-user quota or file system, is exhausted (out of space)

500 Internal Server Error | status=INTERNAL.withDescription(error) – could refer to either an error on Token’s end or an error on the bank’s end. When the bank reports a 5xx error, Token sets token-external-error=true as a header in the HTTP response, indicating that the "internal" error originates from the bank. When one of Token's internal services fails or when the bank reports a 4xx error, this header is not populated. The absence of this response header should be interpreted as token-external-error=false.

501 Not Implemented | status=UNIMPLEMENTED.withDescription(error) – operation not implemented / supported / enabled by the bank

503 Service Unavailable | status=UNAVAILABLE.withDescription(error) – service is unavailable, likely due to a transient condition; usually corrected with a retry

504 Gateway Timeout | status=DEADLINE_EXCEEDED.withDescription(error) – deadline expired before operation could complete