Business API
Move money between your accounts

Move money between your accounts

Move money between the Revolut accounts of the business in the same currency.

The resulting transaction has the type transfer.

For more information, see the guides: Send money.

Access Token

Each Business API request must contain an authorization header in the following format to make a call: Bearer <your_access_token>.

The access token will be obtained the first time you set up your application and has an expiration of 40 minutes. During setup, a refresh_token will also be obtained which allows to obtain a new access_token.


Never share your client-assertion JWT (JSON web token), access_token and refresh_token with anyone, as these can be used to access your banking data and initiate transactions.

Access tokens can be issued with four security scopes and require a JWT (JSON Web Token) signature to be obtained:

  • READ: Permissions for GET operations.

  • WRITE: Permissions to update counterparties, webhooks, and issue payment drafts.

  • PAY: Permissions to initiate or cancel transactions and currency exchanges.

  • READ_SENSITIVE_CARD_DATA: Permissions to retrieve sensitive card details.


    If you enable the READ_SENSITIVE_CARD_DATA scope for your access token, you must set up IP whitelisting. Failing to do so will prevent you from accessing any Business API endpoint.

    IP whitelisting means that you must specify an IP or a set of IPs which will be the only IPs from which requests to the API will be accepted. To do so:

    1. In the Revolut Business app, select the corresponding API certificate.
    2. In Production IP whitelist, provide the IP(s) which should be whitelisted, and save.

To configure your JWT and obtain the refresh and first access tokens, complete the following steps:

  1. Sign up for a Revolut Business account
  2. Prepare your Sandbox environment
  3. Make your first API request


Create a transfer

Request body
Body object

Possible values: <= 40 characters

The ID of the request, provided by you. It helps you identify the transaction in your system.


To ensure that a transfer is not processed multiple times if there are network or system errors, the same request_id should be used for requests related to the same transfer.

The ID of the source account that you transfer the funds from.

The ID of the target account that you transfer the funds to.

The amount of the funds to be transferred.

Possible values: Value must match regular expression ^[A-Z]{3}$

ISO 4217 currency code in upper case.

The reference for the funds transfer.


The information about the transfer created

Response body
Body object

The ID of the transaction created.

Possible values: [created, pending, completed, declined, failed, reverted]

Indicates the transaction state. Possible values:

  • created: The transaction has been created and is either processed asynchronously or scheduled for a later time.
  • pending: The transaction is pending until it's being processed. If the transfer is made between Revolut accounts, this state is skipped and the transaction is executed instantly.
  • completed: The transaction was successful.
  • declined: The transaction was unsuccessful. This can happen for a variety of reasons, for example, insufficient account balance, wrong receiver information, etc.
  • failed: The transaction was unsuccessful. This can happen for a variety of reasons, for example, invalid API calls, blocked payments, etc.
  • reverted: The transaction was reverted. This can happen for a variety of reasons, for example, the receiver being inaccessible.

The date and time the transaction was created in ISO 8601 format.

The date and time the transaction was completed in ISO 8601 format.

Was this page helpful?