Trusted IBANs- Copy for LLMCopy page as Markdown for LLMs
- View as Markdown
Open this page as Markdown - Open in ChatGPTGet insights from ChatGPT
- Open in ClaudeGet insights from Claude
- Connect to CursorInstall MCP server on Cursor
- Connect to VS CodeInstall MCP server on VS Code
- Copy for LLMCopy page as Markdown for LLMs
- View as MarkdownOpen this page as Markdown
- Open in ChatGPTGet insights from ChatGPT
- Open in ClaudeGet insights from Claude
- Connect to CursorInstall MCP server on Cursor
- Connect to VS CodeInstall MCP server on VS Code
The Trusted IBANs feature allows customers to create a "whitelist" of trusted beneficiaries for their account.
Once an IBAN is added to this list, future SEPA Credit Transfers to that beneficiary do not require Strong Customer Authentication (SCA). This allows for a frictionless payment experience for known and verified recipients.
- High Security Setup: Adding or removing a Trusted IBAN is a sensitive action and always requires SCA.
- Frictionless Payments: Subsequent transfers to these IBANs skip the SCA challenge.
- Standing Orders:
- Creation: You can create Standing/Timed orders to Trusted IBANs without SCA.
- Modification: Updating or deleting an existing order still requires SCA, even if the beneficiary is trusted.
The endpoints to Add and Remove Trusted IBANs trigger a Change Request. The action is not complete until the customer authorizes it via their 2FA method (e.g., SMS OTP or Device Signing).
Call this endpoint to initiate the request. You must specify the person_id of the authorized user who will perform the SCA challenge.
Request:
POST /v1/accounts/{account_id}/trusted_ibans{
"iban": "DE12345678901234567890",
"person_id": "123456789" // Required: The user authorizing this action
}Response (Change Request): The API returns 202 Accepted with a change request object. You must now guide the user to authorize this request.
{
"id": "change_request_id_123",
"status": "AUTHORIZATION_REQUIRED",
"updated_at": "2023-10-27T10:00:00Z",
"url": ":env/v1/change_requests/:id/authorize"
}- Next Step: Handle the Change Request Process to finalize the addition.
Retrieve the current whitelist for the account.
GET /v1/accounts/{account_id}/trusted_ibansResponse:
[
{
"id": "trusted_iban_id_999",
"iban": "DE12345678901234567890",
"approved_by": "123456789"
}
]Removing a beneficiary is also a sensitive action requiring SCA.
Request:
DELETE /v1/accounts/{account_id}/trusted_ibans/{trusted_iban_id}?person_id={person_id}You must provide the person_id of the user initiating the deletion as a query parameter.
Response: Returns a 202 Accepted status with a Change Request object (similar to step 1), which must be authorized to complete the deletion.
You can use the following webhook to be notified when a trusted IBAN is confirmed. The webhook includes information about the trusted IBAN and the person who approved the action.
TRUSTED_IBAN_CONFIRMED- Triggered when the SCA process is successfully completed.