COP UK Requester API Specification
This chapter contains information on the header, request body and response body required to make a successful request with the Confirmation of Payee API. At the bottom of the page, also information about the error scenario’s are described.
Click one of the buttons below to download the .YAML with the technical description and model of the API, the postman collection or a set of testcases which can be used on the sandbox environment.
Endpoints
Environment | Endpoint URL |
---|---|
Sandbox | Provided via MSafe after being requested |
Production | Provided via MSafe after being requested |
Request Headers
Request body
SchemeName
enumrequiredAccountType
enumrequiredIdentification
stringrequiredName
stringrequiredSecondaryIdentification
string
Response body
The response has a different structure depending on the API call results.
- Successful response (HTTP 200 - described below)
- Error response (HTTPXXX - described in Errors)
SurePay maps the response directly from the responding COP participant and it follows all guidelines specified in the Pay.UK CoP Technical Guide with one exception, which is reason code:
SCNF
.
Matched
booleanAlways returnedReasonCode
enumname
string
Request
{
"SchemeName": "SortCodeAccountNumber",
"AccountType": "Personal",
"Identification": "99999200000001",
"Name": ",,David Martin"
}
Response
{
{
"Matched": true
}
}
Status and error codes
Errors respect standard HTTP status codes in the 4xx and 5xx range. In some situations an error json object is included in the body, most notably when status code is 400 - Bad Request. The chosen structure is consistent with the error structure in the Pay.UK CoP specification.
Error response body
Code
stringAlways returnedId
stringMessage
stringAlways returnedErrors
Array
Technical Errors
HTTP Status Code | Description |
---|---|
400 - Bad request | Request has malformed missing or non-compliant JSON body or URL parameters. |
401 - Unauthorised | Authorization header missing or invalid token. |
403 - Forbidden | Token has incorrect scope or a security policy was violated. |
405 - Method not allowed | The client tried to access the resource with a method that is not supported. |
406 - Not accepted | The request contained an accept header that requested a content-type other than application/JSON and a character set other than UTF-8. |
429 - Too many requests | Too many requests towards endpoint. In this case the response contains a Retry-After header indicating how long the consumer must wait before retrying the operation. |
500 - Internal server error | Something went wrong on the API gateway or service. In this case the body might contain extra details. This error can also be returned if the upstream service returns an error. All CoP participants error messages, will be reported from the Gateway API perspective as “500 Internal server error” errors with detailed information provided within the Errors array in the error message body. |
503 - Service unavailable | The service is down for maintenance. |
504 - Internal server error | There was no timely response from an upstream server that was needed to complete the request. This can happen if there was no response from the responding participant’s CoP endpoint. |
Error response
{
"Code": "400 Bad Request",
"Message": "BAD_REQUEST",
"Errors": [
{
"ErrorCode": "INVALID_VALUE",
"Message": "Invalid value in the request body.",
"Path": "identification"
}
]
}