Version: 1.0

Business API

As a Revolut Business customer with a Business Account, you can use the Business API to automate your own business processes. Save time, reduce your costs, and avoid errors by using the Business API.

You can view accounts, manage counterparties, make payments or currency exchanges without manual effort in the Web UI:

• Accounting: Account management, Expense management, Transactions
• Payments:
  • Counterparty management
  • Payment management: Payment drafts, Payout links, Transfers
  • Foreign exchange
• Business team: Card management, Team member management
• Developer tools: Sandbox simulations, Webhook management

To see the reference for the specific endpoints and operations of this API, browse the menu on the left.

To get started with the Business API, check the user guides.

Test the Business API​

You can test the Business API in Postman by forking this collection:

Authentication​

HTTP: Bearer Auth

Each Business API request must contain an authorization header in the following format to make a call: Bearer <your_access_token>.

The access token will be obtained the first time you set up your application and has an expiration of 40 minutes. During setup, a refresh_token will also be obtained which allows to obtain a new access_token.

danger

Never share your client-assertion JWT (JSON web token), access_token and refresh_token with anyone, as these can be used to access your banking data and initiate transactions.

Access tokens can be issued with four security scopes and require a JWT (JSON Web Token) signature to be obtained:

• READ: Permissions for GET operations.

• WRITE: Permissions to update counterparties, webhooks, and issue payment drafts.

• PAY: Permissions to initiate or cancel transactions and currency exchanges.

• READ_SENSITIVE_CARD_DATA: Permissions to retrieve sensitive card details.

  caution

  If you enable the READ_SENSITIVE_CARD_DATA scope for your access token, you must set up IP whitelisting. Failing to do so will prevent you from accessing any Business API endpoint.

  IP whitelisting means that you must specify an IP or a set of IPs which will be the only IPs from which requests to the API will be accepted. To do so:

  1. Go to the Revolut Business web app settings → APIs → Business API.
  2. Select the corresponding API certificate.
  3. In Production IP whitelist, provide the IP(s) which should be whitelisted, and save.

To configure your JWT and obtain the refresh and first access tokens, complete the following steps:

1. Sign up for a Revolut Business account
2. Prepare your Sandbox environment
3. Make your first API request

Security Scheme Type:	http
HTTP Authorization Scheme:	bearer

View Revolut's API specifications on GitHub