VOP Requester Bulk API for Banks

This section describes version 1 of the VOP Requester Bulk API for Banks which is used by EU/Non EU banks or other PSP's in the batch payments journey as a pre-payment beneficiary name validation and to comply with all requirements set forth by the EPC Rulebook as part of the Instant Payments Regulation.

Document History

VersionDateDescription
1.015 Jan 2025Original Digital Version. Aligned with PDF V1.0

Endpoints

EnvironmentEndpoint URL
SandboxProvided via MSafe after being requested
ProductionProvided via MSafe after being requested

Go directly to

About version 1 of the VOP Requester Bulk API for Banks

The SurePay Verification of Payee Bulk API allows Requesting PSPs (Payment Service Providers) to submit batch files for feedback on the accuracy of beneficiary details before processing payments. This pre-payment verification helps prevent fraud and errors, fostering trust and confidence in the payment process.

Overview

What's new?

Version 1 of the VOP Bulk API introduces several new use cases as outlined in the EPC VOP Rulebook and API specifications:

  • Multiple Checks: The ability to send and receive multiple checks in one request.
  • Organisation ID verification: Checking against an organisation ID (e.g. VAT or LEI number) is introduced.
  • Additional information about the account number: Additional information can be included with the account number, enabling the responding Payment Service Provider (PSP) to accurately determine the correct account holder for matching.
  • BIC routing: The Bank Identifier Code (BIC) of the responding PSP as well as the requesting PSP is added. This ensures, correct routing through the EDS and correct identification of both parties as well as enhancing the overall security and reliability of the process.
  • Alignment with ISO 20022: The API is based on the ISO 20022 standard, ensuring consistency with the specifications as published by the EPC.

Banks

A visual representation of how the EPC Verification of Payee Bulk API works

How does it work?

The SurePay EPC Verification of Payee Bulk API consists of a bulk upload, an intelligent algorithm, a status check and the results file that can be easily integrated into the bank's batch payments environment through the API's described in this document. The logic can be summarised as follows:

  • The Bulk Solution is integrated with all relevant VOP participants, enabling it to submit VOP requests and process their responses.
  • When a Bulk API request is submitted with a specified dataset (from the PSP), the Bulk Solution responds with a Task ID. This Task ID allows the payer to check the request's status and retrieve the results once processing is complete.
  • The Bulk Solution queues the bulk file and processes each entry by generating a VOP request, identifying the respective payee's VOP endpoint, and submitting the request. The responding PSP may be part of the SurePay ecosystem or external. If within the SurePay ecosystem, the response may include additional data points beyond the VOP Scheme API.
  • Once all VOP responses are received, the Bulk API generates a response file for the payer, containing all the relevant information as specified in this document.
  • The Task ID's status is updated throughout the process, as outlined in this document, allowing the payer to track progress and determine when the response file is ready.
  • When the Bulk response file is ready for retrieval, the status is updated, and the PSP can retrieve the responses using the specified endpoint.
  • Each individual record within the Bulk request includes a unique reference to ensure traceability throughout the processing chain.
  • A single Bulk request can include up to 100,000 individual records or a maximum file size of 100MB, whichever limit is reached first.
  • The solution operates asynchronously and offers three endpoints:
    • An endpoint to submit bulk requests
    • An endpoint to check the status of a bulk request
    • An endpoint to retrieve results once processing is complete
  • Rate limits are applied to prevent system overload and ensure efficient processing of records.

Bulk API Sequence Diagram

A sequence diagram illustrating the flow of the request

It is up to the bank how best to implement the check in its batch payment processes, what the outcome will look like, and what messages to show customers. Surepay also offers additional services on top of our EPC Verification of Payee Bulk API:

  • Fraud Risk Indicator: Fraud Risk Indicator (FRI) is a solution on top of EPC Verification of Payee which provides additional data points; risk indicators that will help the bank to determine whether there’s an increased risk or a decreased risk of fraud.
  • Switching Information: Enables Banks to perform an additional check on the IBAN entered by the user to see if the payee has switched banks.

Access needs to be requested separately and induce additional costs.

Performance and Availability

The Bulk API will comply with the highest availability standards, as it will be available 24/7, allowing the consumers to submit name-matching requests without downtime. All SLA’s in relation to availability, support and resolution times are defined in a separate Service Level Agreement (SLA) document in agreement with the PSP to which the service is provided.

Encoding and Special Characters

The API requests and responses must use a UTF-8 character encoding. This is the default character encoding for JSON (RFC 7158 - Section 8.1).

Security

The API is designed for usage by a trusted backend or middleware service. Each individual connection between SurePay and the bank is secured by:

  • HTTPS only
  • IP whitelisting
  • Oauth 2.0

Non secure devices like mobile apps are not permitted to connect directly, nor can the API be directly integrated into web pages. Only a server-server connection is permitted. If a connection is compromised, SurePay can disconnect it.

The interface is based on various premises, these premises are:

  • The SurePay API client is a trusted partner.
  • On SurePay client side, security measures are implemented, such as handling DoS attacks.
  • Additional data fields will not break the connection on the client side (backward compatibility support).
  • We support SSL session reuse.

We wish you a smooth implementation! We always look to improve the implementation experience of our customers, so if you have any questions or feedback on the documentation or the process, please let us know at info@surepay.nl.

Get started with the EPC Verification of Payee Bulk API for Banks

API Specification
Go directly to our specifications or scroll down and continue to the next section where you will find information on how to connect to our API.
Add-on feature: Fraud Risk Indicator
Learn more about our add-on feature to fight APP fraud more easily at your bank!
Add-on feature: Switching Information
Learn more about our add-on feature to inform your customers about their payee's new IBAN!
Next