VOP Requester Bulk API for Banks

This section describes the VOP Requester API for Banks, which is used by EU and non-EU banks or other PSPs in the batch payments journey for pre-payment beneficiary name validation and to comply with all requirements set forth by the EPC Rulebook as part of the Instant Payments Regulation.

Document History

VersionDateDescription
1.015 Jan 2025Original Digital Version. Aligned with PDF V1.0
2.020 Mar 2025Page format and grammar changes.

Endpoints

EnvironmentEndpoint URL
SandboxAvailable on request
ProductionAvailable on request

Go directly to

Overview

The VOP Requester Bulk API allows Requesting PSPs (Payment Service Providers) to submit batch files for feedback on the accuracy of beneficiary details before processing payments. This pre-payment verification helps prevent fraud and errors, fostering trust and confidence in the payment process.

What's new?

The VOP Requester Bulk API introduces several new use cases as outlined in the EPC VOP Rulebook and API specifications:

  • Multiple Checks: The ability to send and receive multiple checks in one request.
  • Organisation ID verification: Checking against an organisation ID (e.g., VAT or LEI number) is introduced.
  • Additional information about the account number: Additional information can be included with the account number, enabling the responding Payment Service Provider (PSP) to accurately determine the correct account holder for matching.
  • BIC routing: The Bank Identifier Code (BIC) of both the responding PSP and the requesting PSP is added. This ensures correct routing through the EDS, accurate identification of both parties, and enhances the overall security and reliability of the process.
  • Alignment with ISO 20022: The API is based on the ISO 20022 standard, ensuring consistency with the specifications published by the EPC.

How does it work?

The VOP Requester Bulk API consists of a bulk upload, an intelligent algorithm, a status check and the results file that can be easily integrated into the PSPs batch payments environment through the API's described in this document. The flow of a batch file goes as follows:

  1. The Bulk Solution is integrated with all relevant VOP participants, enabling it to submit VOP requests and process their responses.
  2. When a Bulk API request is submitted with a specified dataset from the PSP, the Bulk Solution responds with a Task ID. This Task ID allows the payer to check the request's status and retrieve the results once processing is complete.
  3. The Bulk Solution queues the bulk file and processes each entry by generating a VOP request, identifying the respective payee's VOP endpoint, and submitting the request. The responding PSP may be part of the SurePay ecosystem or external. If within the SurePay ecosystem, the response may include additional data points beyond the VOP Scheme API.
  4. Once all VOP responses are received, the Bulk API generates a response file for the payer, containing all relevant information as specified in this document.
  5. The Task ID status is updated throughout the process, as outlined in this document, allowing the payer to track progress and determine when the response file is ready.
  6. When the bulk response file is ready for retrieval, the status is updated, and the PSP can retrieve the responses using the specified endpoint.
  7. Each individual record within the bulk request includes a unique reference to ensure traceability throughout the processing chain.
  8. A single bulk request can include up to 100,000 individual records or a maximum file size of 100 MB, whichever limit is reached first.
  9. The solution operates asynchronously and offers three endpoints:
    -- An endpoint to submit bulk requests
    -- An endpoint to check the status of a bulk request
    -- An endpoint to retrieve results once processing is complete
  10. Rate limits are applied to prevent system overload and ensure efficient processing of records.

A visual representation of how the EPC Verification of Payee Bulk API works Banks

A sequence diagram illustrating the flow of the request Bulk API Sequence Diagram

It is up to the bank to decide how best to implement the check in its batch payment processes, what the outcome will look like, and what messages to show customers. SurePay also offers additional services on top of our VOP Requester Bulk API for Banks:

  • Fraud Risk Indicator: The Fraud Risk Indicator (FRI) is a solution built on top of the VOP Requester API, providing additional data points — risk indicators that help the bank determine whether there’s an increased or decreased risk of fraud.
  • Switching Information: Enables banks to perform an additional check on the IBAN entered by the user to see if the payee has switched banks.

Access needs to be requested separately and may incur additional costs.

Performance and Availability

The Bulk API will comply with the highest availability standards, operating 24/7 and allowing consumers to submit name-matching requests without downtime. All SLAs related to availability, support, and resolution times are defined in a separate Service Level Agreement (SLA) document, agreed upon with the PSP to which the service is provided.

Encoding and Special Characters

API requests and responses must use UTF-8 character encoding, which is the default encoding for JSON (RFC 7158 - Section 8.1).

Security

The API is designed for use by a trusted backend or middleware service. Each individual connection between SurePay and the bank is secured by:

  • HTTPS only
  • IP whitelisting
  • OAuth 2.0

Non-secure devices, like mobile apps, are not permitted to connect directly, nor can the API be directly integrated into web pages. Only server-to-server connections are permitted. If a connection is compromised, SurePay can disconnect it.

The interface is based on several key premises:

  • The SurePay API client is a trusted partner.
  • On the SurePay client side, security measures are implemented, such as handling DoS attacks.
  • Additional data fields will not break the connection on the client side (backward compatibility support).
  • SSL session reuse is supported.

We wish you a smooth implementation! We are always looking to improve our customers' implementation experience, so if you have any questions or feedback on the documentation or the process, please let us know at info@surepay.nl.

Get started with the EPC Verification of Payee Bulk API for Banks

API Specification
Go directly to our specifications or scroll down and continue to the next section where you will find information on how to connect to our API.
Add-on feature: Fraud Risk Indicator
Learn more about our add-on feature to fight APP fraud more easily at your bank!
Add-on feature: Switching Information
Learn more about our add-on feature to inform your customers about their payee's new IBAN!
Next