Open Banking API
Upload a payment file
api
post
/file-payment-consents/{ConsentId}/file

Upload a payment file

Use this endpoint to upload a file for the given file payment consent.

For the format of the CSV file, check the requets body details.

note

Download an example CSV file.

For more information, see Tutorials: Create a file payment.

Authorization

Each Open Banking API must contain an authorization header in the following format to make a call: Bearer <yourAccessToken>.

Before you start, ensure that you've got an access token with the correct scope using the /token endpoint. You need to get the authorization code first and exchange it for an access token.

danger

Never share your access_token with anyone, as it can be used to access the banking data that you have access to and initiate transactions.

For more information, see Tutorial: Get account and transaction information and Tutorial: Initiate your first payment as examples.

x-jws-signature

Open Banking API Payment requests additionally require a JSON Web Signature (JWS) which needs to be added to the header of the request. The JWS signature must be obtained using the full content of the payload.

Request

Path Parameters
Path Parameters

The ID of the account access consent.

Header Parameters
Header Parameters

The unique ID of the ASPSP that the request is issued to. The ID of Revolut is 001580000103UAvAAM.

Pattern: Value must match regular expression ^(Mon|Tue|Wed|Thu|Fri|Sat|Sun), \d{2} (Jan|Feb|Mar|Apr|May|Jun|Jul|Aug|Sep|Oct|Nov|Dec) \d{4} \d{2}:\d{2}:\d{2} (GMT|UTC)$

The date and time when the PSU last logged in with the TPP.

All dates in the HTTP headers are represented as RFC 7231 Full Dates. For example: Sun, 10 Sep 2017 19:43:31 UTC.

The IP address of the PSU if the PSU is logged in with the TPP.

An RFC4122 UUID used as a correlation ID.

The access token that you've generated. For more information, see Generate an access token.

Possible length: <= 40 characters
Pattern: Value must match regular expression ^(?!\s)(.*)(\S)$

Each request is processed only once per x-idempotency-key. The idempotency key is valid for 24 hours.

A detached JWS signature of the body of the payload.

The user agent that the PSU is using.

Request body
Body string 

The CSV payments file. Provided as CSV-formatted text representing file payments, or as the path to the CSV payments file preceded by @. For the format of the CSV file, check the details below.

The format of the payment file:
FIELDREQUIREDDESCRIPTION
NameYesCan contain up to 80 characters. If recipient type is INDIVIDUAL, this field must contain a first and a last name, separated by a space.
Recipient typeYesCan be either INDIVIDUAL or COMPANY.
Account numberFor UK transfersMust contain valid account number if provided.
Sort code or Routing numberFor UK transfersMust contain valid sort code or routing number if provided.
IBANFor SEPA transfersMust contain valid IBAN if provided.
BICFor SEPA transfersMust contain valid BIC if provided.
Recipient bank countryYesMust contain valid ISO 3166-1 country code.
CurrencyYesMust contain valid ISO 4217 currency code.
AmountYesMust match the following pattern [0-9]*(\.[0-9]*)?.
Payment referenceYesCan contain up to 100 characters.
Recipient countryNoMust contain valid ISO 3166-1 country code if provided.
State or provinceNoCan contain up to 50 characters.
Address line 1NoCan contain up to 50 characters.
Address line 2NoCan contain up to 50 characters.
CityNoCan contain up to 50 characters.
Postal codeNoCan contain up to 50 characters.

Response

File Payment CSV Uploaded

HTTP Headers
HTTP Headers

An RFC4122 UUID used as a correlation ID.

Response body
Body object 

An empty JSON object ({}) is returned.

Was this page helpful?
Loading...