FAQs

This error can be returned by the /token endpoint when you have changed your transport certificate or, in some cases, when your certificate's distinguished name (DN) contains special characters.

• If you have just obtained a new transport certificate, check the guide on how to rotate your certificate.
• If you have already rotated your certificate and are unable to access the API with the new certificate, reach out to us providing the details:
  1. Make a request to the /distinguished-name endpoint.
  2. Save the full response to a plaintext file, and email it to our API Support team.

Yes. In fact, we recommend that you register separate applications for separate use cases, especially if those applications serve different purposes or correspond to different customer-facing applications.

Every application that you register gets a distinct client_id, which you must provide when obtaining the client_credentials access tokens. See an example here.

There is no downtime for rotating signing certificates. However, when rotating transport certificates, there might be some downtime if the distinguished name of the new certificate is different from the previous one's.

To learn how to rotate the certificates, see the guide: Update application certificates.

Check the JWT parameters, especially the request JWT parameter from the authorisation URL:

1. Check that the JWT parameters, especially the request parameter, are correct.
2. Make sure that the JSON Web key set (JWKS) endpoint of your application is publicly accessible. The link must contain only a raw JSON.
3. Make sure your JWKS contains a JWK for the kid you are using in your JWT.
4. Make sure that the n parameter (for RSA keys) or x and y parameters (for EC256 keys) in the JWK match those of your signing certificate.
   tip

   Check how to calculate the keys.

5. For you to be able to create payment consents, the JWK must contain the signing certificate in the x5c parameter.

You can make a preliminary validation of your JWK below. To validate the n, x or y parameters, include the x5c parameter.

This error is returned when you call some PIS endpoints. Those endpoints require a x-jws-signature header to be included.

1. Double check that the signature is included and correctly formatted.
   tip

   Learn how to work with JSON web signatures.

   Pay special attention to the JSON formatting applied to your JWS and your request payload.
2. Additionally, make sure your that your JWKS is correct, and that it contains a JWK for the kid you are using in your JWS.

When you register an Open Banking application, it has access to certain regions, depending on the certificate which is being used.

For more information, check the guide: Global customer access controls.

• For AIS consents, the user must have the permissions to manage integrations, view accounts, and view transactions.
• For PIS consents, the user must have enough permissions to initiate a transaction of the same amount in the application not subject to additional approval rules.

In addition to the above, the PSU must have their ID verified in the Revolut Business account.

This can happen when you are querying the consent with an incorrect application.

1. Check which application you used to obtain the access token. It must be the same application that was used to create the consent.
2. If you have created multiple applications with the same certificate, make sure that you provide the correct client_id when requesting the access token.

There are several restrictions which apply to the timeframe within which you can query PSU transactions.

• When creating a consent, you can define the optional parametrs: ExpirationDateTime, TransactionFromDateTime and TransactionToDateTime. If those dates are provided, no transaction which occurred before TransactionFromDateTime or after TransactionToDateTime will be returned. Additionally, the consent will expire after ExpirationDateTime, which means you will no longer be able to query transactions past this date.

• Additionally, if a request for transactions is made later than 5 minutes after the user authorised the consent, no transactions older than 90 days are returned, even if the TransactionFromDateTime is set to an earlier date. Those 90 days are counted from the moment the request for the transactions is made.

• When the PSU authorises the consent, you will get an access token linked to that consent with a validity that will depend on the region assigned to your application:

  • 50 years for the UK,
  • 180 days for the EU.

  After your access token expires, the user must reauthorise the consent (or authorise a new consent) in order for you to maintain the access.

Yes. By default, all payments are sent via instant payment schemes if the recipient's bank supports them. However, we cannot specify which payment scheme is used for a particular payment.

By default, all payments are processed via instant schemes, and they typically return the AcceptedSettlementCompleted status after just a few seconds. However, in certain cases, a payment might take longer:

• If the payment has the status Pending, it means that it has not yet been submitted for processing. This might happen if the payment is still pending some internal checks.

• If the payment has the status AcceptedSettlementInProcess, it means that it has already been submitted for processing.

  A payment which is not sent via an instant payment scheme might remain in this status for several hours or days, depending on when the payment is executed and which payment scheme is used. After this status, the payment is expected to transition to AcceptedSettlementCompleted, unless it is rejected by the recipient's bank or an unexpected technical issue occurs.

By default, all EUR domestic payments are processed via SEPA Instant. However, in some cases, when this is not possible, the payment is sent via SEPA credit transfer.

When processing a SEPA Instant transaction from any Revolut user, if the recipient's bank returns some specific error indicating that SEPA Instant is not supported, the affected IBAN or BIC might be temporarily excluded from future SEPA Instant payments. If that happens, it affects not just this user but also any other Revolut user initiating a SEPA transaction to this IBAN or BIC, regardless of whether the payment is initiated via the Open Banking API or from the Revolut app.

If you experience this issue and need further assistance, please contact our API Support team.