POST/account/check/organisations

API Specification

This API specification contains information on the header, request body and response body required to make a successful request with the IBAN-Name Check API for Organisations. At the bottom, alsyou'll find relevant information about the error scenarios are described.

Click one of the buttons below to download the .YAML with the technical description and model of the API, the postman collection or a set of test cases which can be used on the sandbox environment.

Endpoints

Environment	Endpoint URL
Sandbox	Provided via MSafe after being requested
Production	Provided via MSafe after being requested

Go to Endpoints
Go to Headers
Go to Request body
Go to Response body
Go to Errors

Headers

X-Correlation-Idstringrequired
A unique correlation ID should be sent for every request. Example: 'request1', '123455-dd'.
- Format: Max. 70 characters
  - ^[a-zA-Z0-9\-]{1,70}
Content-Typeapplication/json
Content type and encoding of the request.
AuthorizationBearerrequired
Oauth 2.0 bearer token.
X-End-Userstring
This field is used to identify the endpoint user, customer, department or system.
- In case the customer identifies more departments/end users within the same company which will use the API. Every department could be identified with a unique X-End-User.
- In case the customer is reselling the API as a partner. Every new customer of the partner should be identified with a unique X-End-User.
- Format: Max. 50 characters
  - ^[a-zA-Z0-9\-]{3,50}
X-Software-Supplierstring
It is used in case there is an external software supplier involved. This header must be provided if you are using a third party software supplier. In case the SurePay customer uses more than one software supplier then all of them can be provided in the header.
- Format: Max. 70 characters.
- Example: X-Software-Supplier = "supplierA" / "supplierB" / "supplierC"

Example of Request headers

Header name	Example
X-Correlation-Id	123-456-789-xxy
Content-Type	application/json;charset=utf-8
X-End-User	Example-user-1
Authorization	Bearer <your bearer token>
X-Software-Supplier	softwareSupplier1

Request body

accountIdobjectrequired
Object used to send the account information in the request.
valuestring
The identifier of the account to be checked. The max. allowed length depends on the type.

IBAN - [A-Z]{2,2}[0-9]{2,2}[a-zA-Z0-9]{1,30} (For IBAN, just capital letters are accepted, without white spaces).

SORT_CODE_ACCOUNT_NUMBER - [0-9]{14} - Not supported

ACCOUNT_NUMBER - [0-9]{1,34} - Not supported.

SHORTENED_ACCOUNT - [a-zA-Z0-9]{1,31}.

PHONE - E.164 by ITU-T (Max. 15 characters. No spaces are allowed).

EMAIL - RFC 5322 Official Standard (Example: john.smith@mail.com)

typeenum
Describes the type of the account that needs to be found. For now it can be IBAN, SORT_CODE_ACCOUNT_NUMBER, ACCOUNT_NUMBER, SHORTENED_ACCOUNT, EMAIL or PHONE. Even though there are many types available in the model, only checks with IBANS are functionally available for the EU corporate market.
namestring
Name of the account holder. Mandatory In case of an IBAN-Name Check. Optional when one type of company identifier is added in the request.
- Format: Max. 140 characters. We support special characters and all letters of the extended latin alphabets.
companyIdsobject
The companyIds object can contain multiple sets of companyId value & companyId type.
companyIdValuestring
The input validations are:

NL_KVK - [0-9]{8}

NL_KVK_BRANCH - [0-9]{12}

FR_SIREN - [0-9]{9}

FR_SIRET - [0-9]{14}

UK_CRN - [SC,OC,SO,NI,R,NC,RC,LP, SL, NL]{2,1}[0-9]{6,7} or [0-9]{8}

EU_VAT - Multiple formats. Always starting with the country code. A complete list with all the validations is available on request.

companyIdTypeenum
Describes the type of Company Identifier to be verified. Possible values are: NL_KVK, NL_KVK_BRANCH, FR_SIREN, EU_VAT, FR_SIRET or UK_CRN.
accountTypeenum
This field allows the user to input the account's type to be checked as part of the request.

Possible values are:
- NP
- ORG
bicstring
Describes the BIC for SWIFT use. This field is mandatory for ACCOUNT_NUMBER accountId.type.
- Format: [A-Z]{6,6}[A-Z2-9][A-NP-Z0-9]([A-Z0-9]{3,3}){0,1}
secondaryReferenceIdstring
Secondary Reference Data is information in addition to the SCAN that is entered by the Payer and used by the CoP Responder to enable them to identify the underlying Account Name in their books, within a Collection Account structure. In order to be accepted, the SRD has to be sent in combination with a SORT_CODE_ACCOUNT_NUMBER.
- Format: {1,140}.
birthDatestringNot supported
Account holder's date of birth.
- Format: Date format {1,140} (YYYY-MM-DD).

Response body

nameMatchResultenumAlways returned
Describes the result of the account name check:
- MATCH - when the provided name matches the value of the account holder name held by the source.
- CLOSE_MATCH - when the provided name closely resembles the value of the account holder name held by the source.
- NO_MATCH - when the provided name does not match the value of the account holder name held by the source.
- COULD_NOT_MATCH - when the provided name could not be matched against the source data. This could have several reasons:
  - SurePay does not have the data of this specific bank account in order to successfully do the matching.
  - There is no name provided in the input, so there is no input name to match against.
- NAME_TOO_SHORT- when the provided name is too short to perform a match against the value of the account holder name held by the source.
dataUsedForMatchingenum
Describes the data used to reach the match result:
- VERIFIED : Verified is the data that exists at the beneficiary bank.
- DERIVED: Derived is data based on historical transactions.
nameSuggestionstring
The source can disclose the actual account holder name for the sender to verify or update its records. The nameSuggestion is returned when:
- accountType is NP, ORG or UNKNOWN and the nameMatchResult is a CLOSE_MATCH
- accountType is ORG and the nameMatchResult is NO_MATCH.
Depending on the platform that SurePay is connected with and its regional regulations, it is possible that the nameSuggestion is not always disclosed in these scenario's.
companyIdsobject
Object holding the following bank account details.
typestring
Describes the company Id type provided in the request:

NL_KVK

NL_KVK_BRANCH

FR_SIREN

FR_SIRET

UK_CRN

EU_VAT

matchResultenum
Describes the result of the company Id check.

MATCH - Returned when the provided id value matches the value of the company held by the source.

NO_MATCH - Returned when the provided id value does not match the value of the company held by the source.

COULD_NOT_MATCH - Returned when the provided id value could not be matched against the source data.

knownAtBankIdenum
A suggestion of the unique identifier associated with an entity that has been formally acknowledged and verified at its source (the bank).

Returned in case of type = "NL_KVK" and "matchResult" = "NO_MATCH".
accountobjectAlways returned
Object holding the following bank account details.
accountNumberValidationenum
The account validity as determined by SurePay. The possible values are:

VALID - An account that conforms to the standards, e.g. a valid Mod97 calculation for an IBAN.

NOT_VALID - account is an account that does not conform to the standards.

paymentPreValidationenum
Returns the pre-validation status of the payment. Only applicable for SurePay Scheme.

PASS - is returned when the account identification was successfully validated to an account that can receive funds.

WILL_FAIL - is returned if the payment will definitely fail.

WARNING - is returned in case the account identification was not successfully validated to an account that can receive funds, however, the responding bank is unable to provide a definitive answer.

optedOutboolean
Informs whether an account has opted out of the CoP service. Only returned when optedOut is true.
statusenum
The status of the account.

ACTIVE - Account is a valid account and supported for checks.

INACTIVE - Account is a valid account marked as inactive by the account holding bank, by a third party or by SurePay if SurePay has reason to believe that the account should be marked as inactive.

NOT_SUPPORTED - Account status stands for an account that is valid but is not supported to perform any checks.

NOT_FOUND - Account status stands for an account that is valid but could not be found in any of the connected data sources.

UNKNOWN - Account status is for an account that is either found as part of DERIVED data or a NOT_VALID account.

ibanstring
Contains the IBAN of the requested account. Only passed back when using PayID.
accountTypeenum
Describes the type of the account holder. The possible values are:

NP - The bank account holder is a Natural Person.

ORG - The bank account holder is an organisation.

UNKNOWN - The bank account holder is an unknown to us.

If the accountType is provided in the request then the response doesn't disclose the accountType. It only returns the accountTypeMatchResult.
accountTypeMatchResultenum
Describes the result of the account type check.

MATCH - when the provided account type matches the value of the account holder name held by the source.

NO_MATCH - when the provided account type does not match the value of the account holder account type held by the source.

COULD_NOT_MATCH - when the provided account type could not be matched against the source data.

Only returned: WHEN the accountType is provided in the request AND the nameMatchResult and/or a companyIds.matchResult equals MATCH, CLOSE_MATCH or NO_MATCH.
citystring
The residence city of the account holder. Only return in case of NO_MATCH and the value for'accountType' is ORG.
jointAccountboolean
Indicates whether there is more than one account holder associated with the checked account.

true if there is more than 1 account holder. Otherwise, it's retrieved as false.

Only returned in NL and when nameMatchResult is a MATCH or CLOSE_MATCH

numberOfAccountHoldersint
Contains the number of account holders.

Only returned in NL and when nameMatchResult is a MATCH or CLOSE_MATCH

countryCodestring
Two letter country code from the IBAN or derived based on accountId type. In ISO 3166-1 alpha-2 format.

This field is only returned if the nameMatchResult and/or a companyIds.matchResult equals MATCH, CLOSE_MATCH or NO_MATCH.
schemeenumAlways returned
The supported platforms used for the IBAN-Name Check: SWIFT, COP_UK, SEPAMAIL, SurePay.
schemeDataenum
Contains the response information that SurePay receives based on the used scheme.

Request

POST

/account/check/organisations

{
    "accountId": {
        "value": "NL72SRPY0000000001",
        "type": "IBAN"
    },
    "name": "David Alex Miller"
}

Response

{
    "nameMatchResult": "MATCH",
    "dataUsedForMatching": "VERIFIED",
    "account": {
        "accountNumberValidation": "VALID",
        "paymentPreValidation": "PASS",
        "status": "ACTIVE",
        "accountType": "NP",
        "jointAccount": false,
        "numberOfAccountHolders": 1,
        "countryCode": "NL"
    },
    "scheme": "SurePay"
}

Status and error codes

The IBAN-Name Check API for Organisations, offered by SurePay, follows the industry standard of using HTTP response codes to provide feedback on the success or failure of an API request. Responses in the 2xx range are indicative of successful transactions, while responses in the 4xx range signify an error related to the provided data, such as a missing parameter or failed charge. In rare cases, responses in the 5xx range indicate an issue with SurePay's servers.

Error response body

errorsArray of objects
errorCodeString
The error code that represents the functional error. All the functional errors are described in the Functional Errors table.
messageString
The description of the error occurred.

Example - Array of error messages

[
    {
        "errorCode": "INVALID_CORRELATION_ID",
        "message": "Invalid correlation ID in the request headers"
    }
]

Technical Errors

HTTP Status Code	Description
400 - Bad request	The server could not understand the request due to invalid syntax. This may occur if the request contains malformed JSON, missing required parameters, or incorrect URL parameters. Please review your request format and try again.
401 - Unauthorised	The request lacks valid authentication credentials. This may happen if the authorization header is missing or contains an invalid token. Ensure you are providing a valid token in the request header.
403 - Forbidden	The server understood the request but refuses to authorize it. This can occur if the provided token has insufficient permissions or violates a security policy. Verify that your token has the correct scope and necessary permissions.
500 - Internal server error	The server encountered an unexpected condition that prevented it from fulfilling the request. This may be due to an issue with the API gateway or an internal service. The response body might contain additional details based on the connected schema. Please try again later.
502 - Bad Gateway	The server, while acting as a gateway or proxy, received an invalid response from the upstream server. This can indicate issues with the server the API is trying to communicate with. Please try again later.
503 - Service Unavailable	The server is currently unable to handle the request due to temporary overloading or maintenance of the server. This is usually a temporary state. Please try again after some time.

Error response

[
    {
        "errorCode": "INVALID_ACCOUNT_ID",
        "message": "The provided IBAN contains spaces or special characters"
    }
]

Functional errors

HTTP 400 - Bad Request

If the client's submitted request does not pass the validations, the service will return an Error Response object with the details of the issue. The possible ‘errorCodes’ are gathered in the following table:

Functional error	Description
INVALID_ACCOUNT_ID	The value provided `‘accountId.value’` exceeds the maximum length (140 characters) or contains spaces or any of the following special characters `!"#$%&'`
INVALID_REQUEST	The provided JSON in the request has to follow the expected format. See the format expected in the ‘Request Body’ section.
NAME_NOT_PROVIDED	The request is missing a value in the ‘name’ request field.
INVALID_CORRELATION_ID	A correlation ID is invalid if: it does not match the regular expression, its length is shorter than 1, its length is longer than 70 characters
INVALID_ID_TYPE	The provided `‘accountId.type’` is different than those supported by SurePay: IBAN, SortCodeAccountNumber, NL_KVK, NL_KVK_BRANCH, EU_VAT, FR_SIREN, FR_SIRET and UK_CRN.
INVALID_COMPANY_ID	The value provided for any of the ‘companyId.type’ fields exceeds the maximum length (140 characters) or contains spaces or any of the following special characters !"#$%&'*+,-./:;
INVALID_ACCOUNT_TYPE	The provided input is different from `‘ORG’` or `‘NP’` and cannot be handled by the system.
NAME_TOO_LONG	When the value in the `‘name’` request field exceeds the maximum length (140 characters).
INVALID_SOFTWARE_SUPPLIER	The provided software supplier does not match the regular expression.

HTTP 400 - Bad Request

[
    {
        "errorCode": "INVALID_ACCOUNT_ID",
        "message": "The provided IBAN contains spaces or special characters"
    }
]

More like this

Quick Setup - IBAN-Name Check API for Organisations

Quick configuration guide to set up IBAN-Name Check API for Organisations quickly.

API Specification - VOP Requester API for Banks in EU

API documentation which defines the content and functionalities of the Account Check for Banks.

Use Cases - IBAN-Name Check API for Organisations

Use cases of the IBAN-Name Check API for Organisations