Validate an account name (CoP)
Use Confirmation of Payee (CoP) to validate a UK counterparty's account name against their account number and sort code when adding a counterparty or making a payment to a new or existing counterparty.
For more details, see: Tutorials: Validate an account name (CoP).
Confirmation of Payee is an account name checking system in the UK that helps clients to make sure payments aren't sent to the wrong bank or building society account.
When performing the check, you must specify the account type by providing the name for either an individual (personal account) or a company (business account).
The CoP check does not protect you against all kinds of fraud.
It only checks if the name you provided for an account matches that account's details.
Even if the counterparty's details match, you should still exercise due caution when transferring funds.
This functionality is only available to UK-based businesses. If you would like to make use of it, please contact Revolut API Support.
Each Business API request must contain an authorization header in the following format to make a call:
The access token will be obtained the first time you set up your application and has an expiration of 40 minutes.
During setup, a
refresh_token will also be obtained which allows to obtain a new
Never share your client-assertion JWT (JSON web token),
refresh_token with anyone, as these can be used to access your banking data and initiate transactions.
Access tokens can be issued with four security scopes and require a JWT (JSON Web Token) signature to be obtained:
READ: Permissions for
WRITE: Permissions to update counterparties, webhooks, and issue payment drafts.
PAY: Permissions to initiate or cancel transactions and currency exchanges.
READ_SENSITIVE_CARD_DATA: Permissions to retrieve sensitive card details.caution
If you enable the
READ_SENSITIVE_CARD_DATAscope for your access token, you must set up IP whitelisting. Failing to do so will prevent you from accessing any Business API endpoint.
IP whitelisting means that you must specify an IP or a set of IPs which will be the only IPs from which requests to the API will be accepted. To do so:
- In the Revolut Business app, select the corresponding API certificate.
- In Production IP whitelist, provide the IP(s) which should be whitelisted, and save.
To configure your JWT and obtain the refresh and first access tokens, complete the following steps:
Counterparty account details
Account name validation result