As a Revolut Business customer with a Business Account, you can use the Business API to automate your own business processes. Save time, reduce your costs, and avoid errors by using the Business API.
To learn more about the Business API and its features, check the user guides.
You can reach them at any time from the main navigation bar → Guides → Business.
You can view accounts, manage counterparties, make payments or currency exchanges without manual effort in the Web UI:
- Accounting: Account management, Accounting settings, Expense management, Transactions
- Payments:
- Counterparty management
- Payment management: Payment drafts, Payout links, Transfers
- Foreign exchange
- Business team: Card management, Card invitation management, Team member management
- Developer tools: Sandbox simulations, Webhook management
To see the reference for the specific endpoints and operations of this API, browse the menu on the left.
Test the Business API
You can test the Business API in Postman by forking this collection:
Authentication
httpbearerEach Business API request must contain an authorization header in the following format to make a call: Bearer <your_access_token>.
The access token will be obtained the first time you set up your application and has an expiration of 40 minutes.
During setup, a refresh_token will also be obtained which allows to obtain a new access_token.
Never share your client-assertion JWT (JSON web token), access_token and refresh_token with anyone, as these can be used to access your banking data and initiate transactions.
Access tokens can be issued with four security scopes and require a JWT (JSON Web Token) signature to be obtained:
-
READ: Permissions forGEToperations. -
WRITE: Permissions to update counterparties, webhooks, and issue payment drafts. -
PAY: Permissions to initiate or cancel transactions and currency exchanges. -
READ_SENSITIVE_CARD_DATA: Permissions to retrieve sensitive card details.If you enable the
READ_SENSITIVE_CARD_DATAscope for your access token, you must set up IP whitelisting. Failing to do so will prevent you from accessing any Business API endpoint.IP whitelisting means that you must specify an IP or a set of IPs which will be the only IPs from which requests to the API will be accepted. To do so:
- Go to the Revolut Business web app settings → APIs → Business API.
- Select the corresponding API certificate.
- In Production IP whitelist, provide the IP(s) which should be whitelisted. Make sure that the IPs you provide are not local (i.e. private) IP addresses.
- Save the new settings.
To configure your JWT and obtain the refresh and first access tokens, complete the following steps:
Accounting
Manage accounting settings for your business that can be assigned to your financial records such as expenses or bills*.
Create, retrieve, update, and delete settings such as accounting categories, tax rates, and labels.
For more information, see the guides: Manage accounting settings, Manage accounting categories, Manage tax rates and Manage labels and label groups, .
See also the Revolut Help Centre: Expenses and BillPay.
*Some settings are not supported for certain types of financial records. For example, labels cannot be applied to bills. Check the guides for details.
Create an accounting category
Add a new accounting category to the list of accounting categories that can be assigned to your financial records, such as expenses.
This operation is not supported for externally managed accounting categories.
For more details, see the guides: Manage accounting settings and Manage accounting categories.
Request
Response
Resource created
On successful creation, the response returns only the ID of the new resource (i.e. the accounting category), even if the resource has more properties. To get all the details of the accounting category, use the returned resource ID with a GET request.
curl -X POST "https://b2b.revolut.com/api/1.0/accounting-categories" \
-H "Authorization: Bearer <yourSecretApiKey>" \
-H "Content-Type: application/json" \
-d '{
"name": "Transportation",
"code": "400",
"default_tax_rate_id": "e6b84ddb-a127-466b-9a0a-501bda07773f"
}'Authorization
httpbearerEach Business API request must contain an authorization header in the following format to make a call: Bearer <your_access_token>.
The access token will be obtained the first time you set up your application and has an expiration of 40 minutes.
During setup, a refresh_token will also be obtained which allows to obtain a new access_token.
Never share your client-assertion JWT (JSON web token), access_token and refresh_token with anyone, as these can be used to access your banking data and initiate transactions.
Access tokens can be issued with four security scopes and require a JWT (JSON Web Token) signature to be obtained:
-
READ: Permissions forGEToperations. -
WRITE: Permissions to update counterparties, webhooks, and issue payment drafts. -
PAY: Permissions to initiate or cancel transactions and currency exchanges. -
READ_SENSITIVE_CARD_DATA: Permissions to retrieve sensitive card details.If you enable the
READ_SENSITIVE_CARD_DATAscope for your access token, you must set up IP whitelisting. Failing to do so will prevent you from accessing any Business API endpoint.IP whitelisting means that you must specify an IP or a set of IPs which will be the only IPs from which requests to the API will be accepted. To do so:
- Go to the Revolut Business web app settings → APIs → Business API.
- Select the corresponding API certificate.
- In Production IP whitelist, provide the IP(s) which should be whitelisted. Make sure that the IPs you provide are not local (i.e. private) IP addresses.
- Save the new settings.
To configure your JWT and obtain the refresh and first access tokens, complete the following steps:
Request body samples
{
"name": "Transportation",
"code": "400",
"default_tax_rate_id": "e6b84ddb-a127-466b-9a0a-501bda07773f"
}Response body samples
{
"id": "6a37383e-cfd3-4a2f-aa81-e3a6e6939efa"
}Retrieve a list of accounting categories
Get available accounting categories based on the provided query criteria.
The API returns a maximum of 500 accounting categories per request. The default page size is 100.
The accounting categories are sorted by the created_at date in reverse chronological order, and they're paginated.
The page size, that is, the maximum number of accounting categories returned per page is specified by the limit parameter.
- If the number of results exceeds the page size, the response also returns a cursor for the next page under
next_page_token.
To get the next page of results, make a new request using thatnext_page_tokenvalue inpage_token. - If the number of results is smaller than the page size,
next_page_tokenis not returned.
For more details, see the guides: Manage accounting settings and Manage accounting categories.
Request
Response
List of accounting categories and the next page token if the number of results exceeds the page size
curl -X GET "https://b2b.revolut.com/api/1.0/accounting-categories?limit=100&page_token=string" \
-H "Authorization: Bearer <yourSecretApiKey>"Authorization
httpbearerEach Business API request must contain an authorization header in the following format to make a call: Bearer <your_access_token>.
The access token will be obtained the first time you set up your application and has an expiration of 40 minutes.
During setup, a refresh_token will also be obtained which allows to obtain a new access_token.
Never share your client-assertion JWT (JSON web token), access_token and refresh_token with anyone, as these can be used to access your banking data and initiate transactions.
Access tokens can be issued with four security scopes and require a JWT (JSON Web Token) signature to be obtained:
-
READ: Permissions forGEToperations. -
WRITE: Permissions to update counterparties, webhooks, and issue payment drafts. -
PAY: Permissions to initiate or cancel transactions and currency exchanges. -
READ_SENSITIVE_CARD_DATA: Permissions to retrieve sensitive card details.If you enable the
READ_SENSITIVE_CARD_DATAscope for your access token, you must set up IP whitelisting. Failing to do so will prevent you from accessing any Business API endpoint.IP whitelisting means that you must specify an IP or a set of IPs which will be the only IPs from which requests to the API will be accepted. To do so:
- Go to the Revolut Business web app settings → APIs → Business API.
- Select the corresponding API certificate.
- In Production IP whitelist, provide the IP(s) which should be whitelisted. Make sure that the IPs you provide are not local (i.e. private) IP addresses.
- Save the new settings.
To configure your JWT and obtain the refresh and first access tokens, complete the following steps:
Response body samples
{
"next_page_token": "MjAyNi0wMS0wMVQwOToxMzoxNS40MDZaN2RhNTFjZGY0LTZiYjctNDRkNi04OWU1LTc2OWEzZGYxZDc5ZA",
"accounting_categories": [
{
"id": "8d831292-f950-4c5a-83f9-030df8cacd3f",
"name": "Transportation",
"code": "400",
"created_at": "2026-03-11T17:03:25.570942Z",
"updated_at": "2026-03-11T17:03:25.570942Z",
"default_tax_rate_id": "d8f6bf6c-5b70-4c16-9549-5943e67ab009"
},
{
"id": "8d749b93-4a2e-4f28-8b5b-9d64fe2e1d62",
"name": "Office Supplies",
"code": "410",
"created_at": "2026-03-11T17:03:25.570940Z",
"updated_at": "2026-03-11T17:03:25.570940Z",
"default_tax_rate_id": "2a3520af-e6f7-416c-821e-0e83ffac1dfa"
},
{
"id": "3726661e-0e93-4822-8bda-4d1a4c6e7dff",
"name": "Software & Subscriptions",
"code": "420",
"created_at": "2026-03-11T17:03:25.570937Z",
"updated_at": "2026-03-11T17:03:25.570937Z",
"default_tax_rate_id": "6a83d8d8-f5a5-405d-aafd-729786569c2d"
},
{
"id": "b37c42c8-1d42-4ee1-aa7e-348dd06ea69f",
"name": "General Expenses",
"code": "429",
"created_at": "2026-03-11T17:03:25.570927Z",
"updated_at": "2026-03-11T17:03:25.570927Z",
"default_tax_rate_id": "5781063b-d140-4c72-bde9-b8b21e64e3e0"
},
{
"id": "c729ea95-3ae7-4d21-91f7-1a69844175f2",
"name": "Travel & Lodging",
"code": "460",
"created_at": "2026-03-11T17:03:25.570924Z",
"updated_at": "2026-03-11T17:03:25.570924Z",
"default_tax_rate_id": "f2519604-b04a-4a82-9b01-68235c4ad000"
}
]
}Retrieve accounting category details
Get the details of a specific accounting category based on its ID.
The details include the accounting category name, code, and default tax rate, as well as when the accounting category was added to your settings, and when it was last updated.
For more details, see the guides: Manage accounting settings and Manage accounting categories.
Request
Response
Accounting category details
curl -X GET "https://b2b.revolut.com/api/1.0/accounting-categories/123e4567-e89b-12d3-a456-426614174000" \
-H "Authorization: Bearer <yourSecretApiKey>"Authorization
httpbearerEach Business API request must contain an authorization header in the following format to make a call: Bearer <your_access_token>.
The access token will be obtained the first time you set up your application and has an expiration of 40 minutes.
During setup, a refresh_token will also be obtained which allows to obtain a new access_token.
Never share your client-assertion JWT (JSON web token), access_token and refresh_token with anyone, as these can be used to access your banking data and initiate transactions.
Access tokens can be issued with four security scopes and require a JWT (JSON Web Token) signature to be obtained:
-
READ: Permissions forGEToperations. -
WRITE: Permissions to update counterparties, webhooks, and issue payment drafts. -
PAY: Permissions to initiate or cancel transactions and currency exchanges. -
READ_SENSITIVE_CARD_DATA: Permissions to retrieve sensitive card details.If you enable the
READ_SENSITIVE_CARD_DATAscope for your access token, you must set up IP whitelisting. Failing to do so will prevent you from accessing any Business API endpoint.IP whitelisting means that you must specify an IP or a set of IPs which will be the only IPs from which requests to the API will be accepted. To do so:
- Go to the Revolut Business web app settings → APIs → Business API.
- Select the corresponding API certificate.
- In Production IP whitelist, provide the IP(s) which should be whitelisted. Make sure that the IPs you provide are not local (i.e. private) IP addresses.
- Save the new settings.
To configure your JWT and obtain the refresh and first access tokens, complete the following steps:
Response body samples
{
"id": "8d831292-f950-4c5a-83f9-030df8cacd3f",
"name": "Transportation",
"code": "400",
"created_at": "2026-03-11T17:03:25.570942Z",
"updated_at": "2026-03-11T17:03:25.570942Z",
"default_tax_rate_id": "e6b84ddb-a127-466b-9a0a-501bda07773f"
}Update accounting category settings
Update settings for a specific accounting category, based on its ID.
This operation is not supported for externally managed accounting categories.
For more details, see the guides: Manage accounting settings and Manage accounting categories.
Request
Response
Accounting category updated
curl -X PATCH "https://b2b.revolut.com/api/1.0/accounting-categories/123e4567-e89b-12d3-a456-426614174000" \
-H "Authorization: Bearer <yourSecretApiKey>" \
-H "Content-Type: application/json" \
-d '{
"name": "Custom with tax rate",
"code": "998",
"default_tax_rate_id": "e6b84ddb-a127-466b-9a0a-501bda07773f"
}'Authorization
httpbearerEach Business API request must contain an authorization header in the following format to make a call: Bearer <your_access_token>.
The access token will be obtained the first time you set up your application and has an expiration of 40 minutes.
During setup, a refresh_token will also be obtained which allows to obtain a new access_token.
Never share your client-assertion JWT (JSON web token), access_token and refresh_token with anyone, as these can be used to access your banking data and initiate transactions.
Access tokens can be issued with four security scopes and require a JWT (JSON Web Token) signature to be obtained:
-
READ: Permissions forGEToperations. -
WRITE: Permissions to update counterparties, webhooks, and issue payment drafts. -
PAY: Permissions to initiate or cancel transactions and currency exchanges. -
READ_SENSITIVE_CARD_DATA: Permissions to retrieve sensitive card details.If you enable the
READ_SENSITIVE_CARD_DATAscope for your access token, you must set up IP whitelisting. Failing to do so will prevent you from accessing any Business API endpoint.IP whitelisting means that you must specify an IP or a set of IPs which will be the only IPs from which requests to the API will be accepted. To do so:
- Go to the Revolut Business web app settings → APIs → Business API.
- Select the corresponding API certificate.
- In Production IP whitelist, provide the IP(s) which should be whitelisted. Make sure that the IPs you provide are not local (i.e. private) IP addresses.
- Save the new settings.
To configure your JWT and obtain the refresh and first access tokens, complete the following steps:
Request body samples
{
"name": "Custom with tax rate",
"code": "998",
"default_tax_rate_id": "e6b84ddb-a127-466b-9a0a-501bda07773f"
}Response body samples
Delete an accounting category
Delete a specific accounting category, based on its ID.
This operation is not supported for externally managed accounting categories.
Once the accounting category is deleted, it will not be returned by the API or in the Revolut Business app, and:
- You will not be able to assign it to new financial records (e.g. expenses).
- Existing records assigned to this category that have not been completed will be marked as invalid, and you'll need to reassign them to another category.
- Completed records will not be affected by the change.
A successful response does not get any content in return.
For more details, see the guides: Manage accounting settings and Manage accounting categories.
Request
Response
Accounting category deleted
curl -X DELETE "https://b2b.revolut.com/api/1.0/accounting-categories/123e4567-e89b-12d3-a456-426614174000" \
-H "Authorization: Bearer <yourSecretApiKey>"Authorization
httpbearerEach Business API request must contain an authorization header in the following format to make a call: Bearer <your_access_token>.
The access token will be obtained the first time you set up your application and has an expiration of 40 minutes.
During setup, a refresh_token will also be obtained which allows to obtain a new access_token.
Never share your client-assertion JWT (JSON web token), access_token and refresh_token with anyone, as these can be used to access your banking data and initiate transactions.
Access tokens can be issued with four security scopes and require a JWT (JSON Web Token) signature to be obtained:
-
READ: Permissions forGEToperations. -
WRITE: Permissions to update counterparties, webhooks, and issue payment drafts. -
PAY: Permissions to initiate or cancel transactions and currency exchanges. -
READ_SENSITIVE_CARD_DATA: Permissions to retrieve sensitive card details.If you enable the
READ_SENSITIVE_CARD_DATAscope for your access token, you must set up IP whitelisting. Failing to do so will prevent you from accessing any Business API endpoint.IP whitelisting means that you must specify an IP or a set of IPs which will be the only IPs from which requests to the API will be accepted. To do so:
- Go to the Revolut Business web app settings → APIs → Business API.
- Select the corresponding API certificate.
- In Production IP whitelist, provide the IP(s) which should be whitelisted. Make sure that the IPs you provide are not local (i.e. private) IP addresses.
- Save the new settings.
To configure your JWT and obtain the refresh and first access tokens, complete the following steps:
Response body samples
Create a new label group
Add a new group of labels that can be applied to your financial records, such as expenses.
- This operation is not supported for externally managed label groups.
- You can have up to 5 label groups at a time per business.
For more details, see the guides: Manage accounting settings and Manage labels and label groups.
Request
Response
Resource created
On successful creation, the response returns only the ID of the new resource (i.e. the label group), even if the resource has more properties. To get all the details of the label group, use the returned resource ID with a GET request.
curl -X POST "https://b2b.revolut.com/api/1.0/label-groups" \
-H "Authorization: Bearer <yourSecretApiKey>" \
-H "Content-Type: application/json" \
-d '{
"name": "Department",
"labels": [
{
"name": "Sales & Account Management"
},
{
"name": "Product Management"
},
{
"name": "Design & UX"
},
{
"name": "Customer Success"
},
{
"name": "Engineering"
},
{
"name": "Research & Development"
},
{
"name": "Operations"
},
{
"name": "Quality Assurance"
},
{
"name": "Data Science & Analytics"
},
{
"name": "Executive & Leadership"
}
]
}'Authorization
httpbearerEach Business API request must contain an authorization header in the following format to make a call: Bearer <your_access_token>.
The access token will be obtained the first time you set up your application and has an expiration of 40 minutes.
During setup, a refresh_token will also be obtained which allows to obtain a new access_token.
Never share your client-assertion JWT (JSON web token), access_token and refresh_token with anyone, as these can be used to access your banking data and initiate transactions.
Access tokens can be issued with four security scopes and require a JWT (JSON Web Token) signature to be obtained:
-
READ: Permissions forGEToperations. -
WRITE: Permissions to update counterparties, webhooks, and issue payment drafts. -
PAY: Permissions to initiate or cancel transactions and currency exchanges. -
READ_SENSITIVE_CARD_DATA: Permissions to retrieve sensitive card details.If you enable the
READ_SENSITIVE_CARD_DATAscope for your access token, you must set up IP whitelisting. Failing to do so will prevent you from accessing any Business API endpoint.IP whitelisting means that you must specify an IP or a set of IPs which will be the only IPs from which requests to the API will be accepted. To do so:
- Go to the Revolut Business web app settings → APIs → Business API.
- Select the corresponding API certificate.
- In Production IP whitelist, provide the IP(s) which should be whitelisted. Make sure that the IPs you provide are not local (i.e. private) IP addresses.
- Save the new settings.
To configure your JWT and obtain the refresh and first access tokens, complete the following steps:
Request body samples
{
"name": "Department",
"labels": [
{
"name": "Sales & Account Management"
},
{
"name": "Product Management"
},
{
"name": "Design & UX"
},
{
"name": "Customer Success"
},
{
"name": "Engineering"
},
{
"name": "Research & Development"
},
{
"name": "Operations"
},
{
"name": "Quality Assurance"
},
{
"name": "Data Science & Analytics"
},
{
"name": "Executive & Leadership"
}
]
}Response body samples
{
"id": "6a37383e-cfd3-4a2f-aa81-e3a6e6939efa"
}Retrieve a list of label groups
Get available label groups based on the provided query criteria.
The label groups are sorted by the created_at date in reverse chronological order, and they're paginated.
For more details, see the guides: Manage accounting settings and Manage labels and label groups.
Request
Response
List of label groups
curl -X GET "https://b2b.revolut.com/api/1.0/label-groups?limit=100&page_token=string" \
-H "Authorization: Bearer <yourSecretApiKey>"Authorization
httpbearerEach Business API request must contain an authorization header in the following format to make a call: Bearer <your_access_token>.
The access token will be obtained the first time you set up your application and has an expiration of 40 minutes.
During setup, a refresh_token will also be obtained which allows to obtain a new access_token.
Never share your client-assertion JWT (JSON web token), access_token and refresh_token with anyone, as these can be used to access your banking data and initiate transactions.
Access tokens can be issued with four security scopes and require a JWT (JSON Web Token) signature to be obtained:
-
READ: Permissions forGEToperations. -
WRITE: Permissions to update counterparties, webhooks, and issue payment drafts. -
PAY: Permissions to initiate or cancel transactions and currency exchanges. -
READ_SENSITIVE_CARD_DATA: Permissions to retrieve sensitive card details.If you enable the
READ_SENSITIVE_CARD_DATAscope for your access token, you must set up IP whitelisting. Failing to do so will prevent you from accessing any Business API endpoint.IP whitelisting means that you must specify an IP or a set of IPs which will be the only IPs from which requests to the API will be accepted. To do so:
- Go to the Revolut Business web app settings → APIs → Business API.
- Select the corresponding API certificate.
- In Production IP whitelist, provide the IP(s) which should be whitelisted. Make sure that the IPs you provide are not local (i.e. private) IP addresses.
- Save the new settings.
To configure your JWT and obtain the refresh and first access tokens, complete the following steps:
Response body samples
{
"next_page_token": "MjAyNi0wMS0wMVQwOToxMzoxNS40MDZaN2RhNTFjZGY0LTZiYjctNDRkNi04OWU1LTc2OWEzZGYxZDc5ZA",
"label_groups": [
{
"id": "f0e1d2c3-b4a5-4678-9012-3456789abcde",
"name": "Department",
"created_at": "2026-03-19T07:15:00.000000Z",
"updated_at": "2026-03-19T08:45:22.111444Z"
},
{
"id": "f09ad1ad3-a1c0-4c09-b8f8-24b439e72690",
"name": "Employee",
"created_at": "2026-03-11T10:33:51.121090Z",
"updated_at": "2026-03-11T10:33:51.121090Z"
},
{
"id": "a1b2c3d4-e5f6-4a5b-bc6d-7e8f9a0b1c2d",
"name": "Project",
"created_at": "2026-02-01T08:00:00.000000Z",
"updated_at": "2026-02-01T08:00:00.000000Z"
},
{
"id": "5f4e3d2c-1b0a-4987-8765-43210fedcba9",
"name": "Location",
"created_at": "2026-01-15T10:20:30.123456Z",
"updated_at": "2026-03-10T14:45:12.987654Z"
},
{
"id": "98765432-abcd-ef01-2345-67890abcdef0",
"name": "Task",
"created_at": "2025-12-20T11:11:11.000Z",
"updated_at": "2026-03-15T09:30:00.555222Z"
}
]
}Retrieve label group details
Get the details of a specific label group based on the label group ID.
The details include the label group name, as well as when the label group was added to your settings, and when it was last updated.
For more details, see the guides: Manage accounting settings and Manage labels and label groups.
Request
Response
Label group details
curl -X GET "https://b2b.revolut.com/api/1.0/label-groups/123e4567-e89b-12d3-a456-426614174000" \
-H "Authorization: Bearer <yourSecretApiKey>"Authorization
httpbearerEach Business API request must contain an authorization header in the following format to make a call: Bearer <your_access_token>.
The access token will be obtained the first time you set up your application and has an expiration of 40 minutes.
During setup, a refresh_token will also be obtained which allows to obtain a new access_token.
Never share your client-assertion JWT (JSON web token), access_token and refresh_token with anyone, as these can be used to access your banking data and initiate transactions.
Access tokens can be issued with four security scopes and require a JWT (JSON Web Token) signature to be obtained:
-
READ: Permissions forGEToperations. -
WRITE: Permissions to update counterparties, webhooks, and issue payment drafts. -
PAY: Permissions to initiate or cancel transactions and currency exchanges. -
READ_SENSITIVE_CARD_DATA: Permissions to retrieve sensitive card details.If you enable the
READ_SENSITIVE_CARD_DATAscope for your access token, you must set up IP whitelisting. Failing to do so will prevent you from accessing any Business API endpoint.IP whitelisting means that you must specify an IP or a set of IPs which will be the only IPs from which requests to the API will be accepted. To do so:
- Go to the Revolut Business web app settings → APIs → Business API.
- Select the corresponding API certificate.
- In Production IP whitelist, provide the IP(s) which should be whitelisted. Make sure that the IPs you provide are not local (i.e. private) IP addresses.
- Save the new settings.
To configure your JWT and obtain the refresh and first access tokens, complete the following steps:
Response body samples
{
"id": "09ad1ad3-a1c0-4c09-b8f8-24b439e72690",
"name": "Department",
"created_at": "2026-03-11T10:33:51.121090Z",
"updated_at": "2026-03-11T10:33:51.121090Z"
}Update label group settings
Update the name for a specific label group, based on its ID.
This operation is not supported for externally managed label groups.
For more details, see the guides: Manage accounting settings and Manage labels and label groups.
Request
Response
Label group updated
curl -X PATCH "https://b2b.revolut.com/api/1.0/label-groups/123e4567-e89b-12d3-a456-426614174000" \
-H "Authorization: Bearer <yourSecretApiKey>" \
-H "Content-Type: application/json" \
-d '{
"name": "20% VAT"
}'Authorization
httpbearerEach Business API request must contain an authorization header in the following format to make a call: Bearer <your_access_token>.
The access token will be obtained the first time you set up your application and has an expiration of 40 minutes.
During setup, a refresh_token will also be obtained which allows to obtain a new access_token.
Never share your client-assertion JWT (JSON web token), access_token and refresh_token with anyone, as these can be used to access your banking data and initiate transactions.
Access tokens can be issued with four security scopes and require a JWT (JSON Web Token) signature to be obtained:
-
READ: Permissions forGEToperations. -
WRITE: Permissions to update counterparties, webhooks, and issue payment drafts. -
PAY: Permissions to initiate or cancel transactions and currency exchanges. -
READ_SENSITIVE_CARD_DATA: Permissions to retrieve sensitive card details.If you enable the
READ_SENSITIVE_CARD_DATAscope for your access token, you must set up IP whitelisting. Failing to do so will prevent you from accessing any Business API endpoint.IP whitelisting means that you must specify an IP or a set of IPs which will be the only IPs from which requests to the API will be accepted. To do so:
- Go to the Revolut Business web app settings → APIs → Business API.
- Select the corresponding API certificate.
- In Production IP whitelist, provide the IP(s) which should be whitelisted. Make sure that the IPs you provide are not local (i.e. private) IP addresses.
- Save the new settings.
To configure your JWT and obtain the refresh and first access tokens, complete the following steps:
Request body samples
{
"name": "20% VAT"
}Response body samples
Delete a label group
Delete a specific label group, based on its ID.
This operation is not supported for externally managed label groups.
Once the label group is deleted, it will not be returned by the API or in the Revolut Business app, and:
- You will not be able to apply labels from the group to new financial records (e.g. expenses).
- Existing records that have not been completed and that contain labels from this group will be marked as invalid, and you'll need to update them to use different labels.
- Completed records will not be affected by the change.
A successful response does not get any content in return.
For more details, see the guides: Manage accounting settings and Manage labels and label groups.
Request
Response
Label group deleted
curl -X DELETE "https://b2b.revolut.com/api/1.0/label-groups/123e4567-e89b-12d3-a456-426614174000" \
-H "Authorization: Bearer <yourSecretApiKey>"Authorization
httpbearerEach Business API request must contain an authorization header in the following format to make a call: Bearer <your_access_token>.
The access token will be obtained the first time you set up your application and has an expiration of 40 minutes.
During setup, a refresh_token will also be obtained which allows to obtain a new access_token.
Never share your client-assertion JWT (JSON web token), access_token and refresh_token with anyone, as these can be used to access your banking data and initiate transactions.
Access tokens can be issued with four security scopes and require a JWT (JSON Web Token) signature to be obtained:
-
READ: Permissions forGEToperations. -
WRITE: Permissions to update counterparties, webhooks, and issue payment drafts. -
PAY: Permissions to initiate or cancel transactions and currency exchanges. -
READ_SENSITIVE_CARD_DATA: Permissions to retrieve sensitive card details.If you enable the
READ_SENSITIVE_CARD_DATAscope for your access token, you must set up IP whitelisting. Failing to do so will prevent you from accessing any Business API endpoint.IP whitelisting means that you must specify an IP or a set of IPs which will be the only IPs from which requests to the API will be accepted. To do so:
- Go to the Revolut Business web app settings → APIs → Business API.
- Select the corresponding API certificate.
- In Production IP whitelist, provide the IP(s) which should be whitelisted. Make sure that the IPs you provide are not local (i.e. private) IP addresses.
- Save the new settings.
To configure your JWT and obtain the refresh and first access tokens, complete the following steps:
Response body samples
Create a new label
Add a new label to a label group.
This operation is not supported for externally managed labels.
The labels are used for accounting and can be applied to your financial records, such as expenses.
For more details, see the guides: Manage accounting settings and Manage labels and label groups.
Request
Response
Resource created
On successful creation, the response returns only the ID of the new resource (i.e. the label), even if the resource has more properties. To get more details, use the ID of the parent label group to get all the labels from the label group.
curl -X POST "https://b2b.revolut.com/api/1.0/label-groups/123e4567-e89b-12d3-a456-426614174000/labels" \
-H "Authorization: Bearer <yourSecretApiKey>" \
-H "Content-Type: application/json" \
-d '{
"name": "Communications"
}'Authorization
httpbearerEach Business API request must contain an authorization header in the following format to make a call: Bearer <your_access_token>.
The access token will be obtained the first time you set up your application and has an expiration of 40 minutes.
During setup, a refresh_token will also be obtained which allows to obtain a new access_token.
Never share your client-assertion JWT (JSON web token), access_token and refresh_token with anyone, as these can be used to access your banking data and initiate transactions.
Access tokens can be issued with four security scopes and require a JWT (JSON Web Token) signature to be obtained:
-
READ: Permissions forGEToperations. -
WRITE: Permissions to update counterparties, webhooks, and issue payment drafts. -
PAY: Permissions to initiate or cancel transactions and currency exchanges. -
READ_SENSITIVE_CARD_DATA: Permissions to retrieve sensitive card details.If you enable the
READ_SENSITIVE_CARD_DATAscope for your access token, you must set up IP whitelisting. Failing to do so will prevent you from accessing any Business API endpoint.IP whitelisting means that you must specify an IP or a set of IPs which will be the only IPs from which requests to the API will be accepted. To do so:
- Go to the Revolut Business web app settings → APIs → Business API.
- Select the corresponding API certificate.
- In Production IP whitelist, provide the IP(s) which should be whitelisted. Make sure that the IPs you provide are not local (i.e. private) IP addresses.
- Save the new settings.
To configure your JWT and obtain the refresh and first access tokens, complete the following steps:
Request body samples
{
"name": "Communications"
}Response body samples
{
"id": "6a37383e-cfd3-4a2f-aa81-e3a6e6939efa"
}Retrieve a list of labels from a label group
Get labels from a specific label group based on the provided query criteria.
The API returns a maximum of 500 labels per request. The default page size is 100.
The labels are sorted by the created_at date in reverse chronological order, and they're paginated.
The page size, that is, the maximum number of labels returned per page is specified by the limit parameter.
- If the number of results exceeds the page size, the response also returns a cursor for the next page under
next_page_token.
To get the next page of results, make a new request using thatnext_page_tokenvalue inpage_token. - If the number of results is smaller than the page size,
next_page_tokenis not returned.
For more details, see the guides: Manage accounting settings and Manage labels and label groups.
Request
Response
List of labels
curl -X GET "https://b2b.revolut.com/api/1.0/label-groups/123e4567-e89b-12d3-a456-426614174000/labels?limit=100&page_token=string" \
-H "Authorization: Bearer <yourSecretApiKey>"Authorization
httpbearerEach Business API request must contain an authorization header in the following format to make a call: Bearer <your_access_token>.
The access token will be obtained the first time you set up your application and has an expiration of 40 minutes.
During setup, a refresh_token will also be obtained which allows to obtain a new access_token.
Never share your client-assertion JWT (JSON web token), access_token and refresh_token with anyone, as these can be used to access your banking data and initiate transactions.
Access tokens can be issued with four security scopes and require a JWT (JSON Web Token) signature to be obtained:
-
READ: Permissions forGEToperations. -
WRITE: Permissions to update counterparties, webhooks, and issue payment drafts. -
PAY: Permissions to initiate or cancel transactions and currency exchanges. -
READ_SENSITIVE_CARD_DATA: Permissions to retrieve sensitive card details.If you enable the
READ_SENSITIVE_CARD_DATAscope for your access token, you must set up IP whitelisting. Failing to do so will prevent you from accessing any Business API endpoint.IP whitelisting means that you must specify an IP or a set of IPs which will be the only IPs from which requests to the API will be accepted. To do so:
- Go to the Revolut Business web app settings → APIs → Business API.
- Select the corresponding API certificate.
- In Production IP whitelist, provide the IP(s) which should be whitelisted. Make sure that the IPs you provide are not local (i.e. private) IP addresses.
- Save the new settings.
To configure your JWT and obtain the refresh and first access tokens, complete the following steps:
Response body samples
{
"next_page_token": "MjAyNi0wMS0wMVQwOToxMzoxNS40MDZaN2RhNTFjZGY0LTZiYjctNDRkNi04OWU1LTc2OWEzZGYxZDc5ZA",
"labels": [
{
"id": "f0e1d2c3-b4a5-4678-9012-3456789abcde",
"name": "Consultants",
"created_at": "2026-03-19T07:15:00.000000Z",
"updated_at": "2026-03-19T08:45:22.111444Z"
},
{
"id": "f09ad1ad-a1c0-4c09-b8f8-24b439e72690",
"name": "IT & Tech Support",
"created_at": "2026-03-11T10:33:51.121090Z",
"updated_at": "2026-03-11T10:33:51.121090Z"
},
{
"id": "a1b2c3d4-e5f6-4a5b-bc6d-7e8f9a0b1c2d",
"name": "HR & Facility",
"created_at": "2026-02-01T08:00:00.000000Z",
"updated_at": "2026-02-01T08:00:00.000000Z"
},
{
"id": "c3b2a1d0-e9f8-47a6-9d8c-7b6a5f4e3d2c",
"name": "Finance & Legal",
"created_at": "2026-01-22T09:10:15.555000Z",
"updated_at": "2026-01-23T11:00:45.123456Z"
},
{
"id": "d9e8f7a6-b5c4-4321-8765-43210fedcba9",
"name": "Sales & Marketing",
"created_at": "2026-01-20T14:20:00.000000Z",
"updated_at": "2026-01-20T14:20:00.000000Z"
}
]
}Update a label
Update the name for a specific label, based on the IDs of the label and its label group.
This operation is not supported for [externally managed labels]/docs/guides/manage-accounts/accounting/manage-labels-and-label-groups(#externally-managed-settings).
For more details, see the guides: Manage accounting settings and Manage labels and label groups.
Request
Response
Label updated
curl -X PATCH "https://b2b.revolut.com/api/1.0/label-groups/123e4567-e89b-12d3-a456-426614174000/labels/123e4567-e89b-12d3-a456-426614174000" \
-H "Authorization: Bearer <yourSecretApiKey>" \
-H "Content-Type: application/json" \
-d '{
"name": "20% VAT"
}'Authorization
httpbearerEach Business API request must contain an authorization header in the following format to make a call: Bearer <your_access_token>.
The access token will be obtained the first time you set up your application and has an expiration of 40 minutes.
During setup, a refresh_token will also be obtained which allows to obtain a new access_token.
Never share your client-assertion JWT (JSON web token), access_token and refresh_token with anyone, as these can be used to access your banking data and initiate transactions.
Access tokens can be issued with four security scopes and require a JWT (JSON Web Token) signature to be obtained:
-
READ: Permissions forGEToperations. -
WRITE: Permissions to update counterparties, webhooks, and issue payment drafts. -
PAY: Permissions to initiate or cancel transactions and currency exchanges. -
READ_SENSITIVE_CARD_DATA: Permissions to retrieve sensitive card details.If you enable the
READ_SENSITIVE_CARD_DATAscope for your access token, you must set up IP whitelisting. Failing to do so will prevent you from accessing any Business API endpoint.IP whitelisting means that you must specify an IP or a set of IPs which will be the only IPs from which requests to the API will be accepted. To do so:
- Go to the Revolut Business web app settings → APIs → Business API.
- Select the corresponding API certificate.
- In Production IP whitelist, provide the IP(s) which should be whitelisted. Make sure that the IPs you provide are not local (i.e. private) IP addresses.
- Save the new settings.
To configure your JWT and obtain the refresh and first access tokens, complete the following steps:
Request body samples
{
"name": "20% VAT"
}Response body samples
Delete a label
Delete a specific label, based on the IDs of the label and its label group.
This operation is not supported for externally managed labels.
Once the label is deleted, it will not be returned by the API or in the Revolut Business app, and:
- You will not be able to apply it to new financial records (e.g. expenses).
- Existing records with this label that have not been completed will be marked as invalid, and you'll need to update them to use a different label.
- Completed records will not be affected by the change.
A successful response does not get any content in return.
For more details, see the guides: Manage accounting settings and Manage labels and label groups.
Request
Response
Label deleted
curl -X DELETE "https://b2b.revolut.com/api/1.0/label-groups/123e4567-e89b-12d3-a456-426614174000/labels/123e4567-e89b-12d3-a456-426614174000" \
-H "Authorization: Bearer <yourSecretApiKey>"Authorization
httpbearerEach Business API request must contain an authorization header in the following format to make a call: Bearer <your_access_token>.
The access token will be obtained the first time you set up your application and has an expiration of 40 minutes.
During setup, a refresh_token will also be obtained which allows to obtain a new access_token.
Never share your client-assertion JWT (JSON web token), access_token and refresh_token with anyone, as these can be used to access your banking data and initiate transactions.
Access tokens can be issued with four security scopes and require a JWT (JSON Web Token) signature to be obtained:
-
READ: Permissions forGEToperations. -
WRITE: Permissions to update counterparties, webhooks, and issue payment drafts. -
PAY: Permissions to initiate or cancel transactions and currency exchanges. -
READ_SENSITIVE_CARD_DATA: Permissions to retrieve sensitive card details.If you enable the
READ_SENSITIVE_CARD_DATAscope for your access token, you must set up IP whitelisting. Failing to do so will prevent you from accessing any Business API endpoint.IP whitelisting means that you must specify an IP or a set of IPs which will be the only IPs from which requests to the API will be accepted. To do so:
- Go to the Revolut Business web app settings → APIs → Business API.
- Select the corresponding API certificate.
- In Production IP whitelist, provide the IP(s) which should be whitelisted. Make sure that the IPs you provide are not local (i.e. private) IP addresses.
- Save the new settings.
To configure your JWT and obtain the refresh and first access tokens, complete the following steps:
Response body samples
Create a new tax rate
Add a new tax rate to the list of tax rates that can be applied to your financial records, such as expenses.
This operation is not supported for externally managed tax rates.
For more details, see the guides: Manage accounting settings and Manage tax rates.
Request
The tax rate to create.
Response
Resource created
On successful creation, the response returns only the ID of the new resource (i.e. the tax rate), even if the resource has more properties. To get all the details of the tax rate, use the returned resource ID with a GET request.
curl -X POST "https://b2b.revolut.com/api/1.0/tax-rates" \
-H "Authorization: Bearer <yourSecretApiKey>" \
-H "Content-Type: application/json" \
-d '{
"name": "20% (VAT on Expenses)",
"percentage": 20
}'Authorization
httpbearerEach Business API request must contain an authorization header in the following format to make a call: Bearer <your_access_token>.
The access token will be obtained the first time you set up your application and has an expiration of 40 minutes.
During setup, a refresh_token will also be obtained which allows to obtain a new access_token.
Never share your client-assertion JWT (JSON web token), access_token and refresh_token with anyone, as these can be used to access your banking data and initiate transactions.
Access tokens can be issued with four security scopes and require a JWT (JSON Web Token) signature to be obtained:
-
READ: Permissions forGEToperations. -
WRITE: Permissions to update counterparties, webhooks, and issue payment drafts. -
PAY: Permissions to initiate or cancel transactions and currency exchanges. -
READ_SENSITIVE_CARD_DATA: Permissions to retrieve sensitive card details.If you enable the
READ_SENSITIVE_CARD_DATAscope for your access token, you must set up IP whitelisting. Failing to do so will prevent you from accessing any Business API endpoint.IP whitelisting means that you must specify an IP or a set of IPs which will be the only IPs from which requests to the API will be accepted. To do so:
- Go to the Revolut Business web app settings → APIs → Business API.
- Select the corresponding API certificate.
- In Production IP whitelist, provide the IP(s) which should be whitelisted. Make sure that the IPs you provide are not local (i.e. private) IP addresses.
- Save the new settings.
To configure your JWT and obtain the refresh and first access tokens, complete the following steps:
Request body samples
{
"name": "20% (VAT on Expenses)",
"percentage": 20
}Response body samples
{
"id": "6a37383e-cfd3-4a2f-aa81-e3a6e6939efa"
}Retrieve a list of tax rates
Get available tax rates based on the provided query criteria.
The API returns a maximum of 500 tax rates per request. The default page size is 100.
The tax rates are sorted by the created_at date in reverse chronological order, and they're paginated.
The page size, that is, the maximum number of tax rates returned per page is specified by the limit parameter.
- If the number of results exceeds the page size, the response also returns a cursor for the next page under
next_page_token.
To get the next page of results, make a new request using thatnext_page_tokenvalue inpage_token. - If the number of results is smaller than the page size,
next_page_tokenis not returned.
For more details, see the guides: Manage accounting settings and Manage tax rates.
Request
Response
List of tax rates
curl -X GET "https://b2b.revolut.com/api/1.0/tax-rates?limit=100&page_token=string" \
-H "Authorization: Bearer <yourSecretApiKey>"Authorization
httpbearerEach Business API request must contain an authorization header in the following format to make a call: Bearer <your_access_token>.
The access token will be obtained the first time you set up your application and has an expiration of 40 minutes.
During setup, a refresh_token will also be obtained which allows to obtain a new access_token.
Never share your client-assertion JWT (JSON web token), access_token and refresh_token with anyone, as these can be used to access your banking data and initiate transactions.
Access tokens can be issued with four security scopes and require a JWT (JSON Web Token) signature to be obtained:
-
READ: Permissions forGEToperations. -
WRITE: Permissions to update counterparties, webhooks, and issue payment drafts. -
PAY: Permissions to initiate or cancel transactions and currency exchanges. -
READ_SENSITIVE_CARD_DATA: Permissions to retrieve sensitive card details.If you enable the
READ_SENSITIVE_CARD_DATAscope for your access token, you must set up IP whitelisting. Failing to do so will prevent you from accessing any Business API endpoint.IP whitelisting means that you must specify an IP or a set of IPs which will be the only IPs from which requests to the API will be accepted. To do so:
- Go to the Revolut Business web app settings → APIs → Business API.
- Select the corresponding API certificate.
- In Production IP whitelist, provide the IP(s) which should be whitelisted. Make sure that the IPs you provide are not local (i.e. private) IP addresses.
- Save the new settings.
To configure your JWT and obtain the refresh and first access tokens, complete the following steps:
Response body samples
{
"next_page_token": "MjAyNi0wMS0wMVQwOToxMzoxNS40MDZaN2RhNTFjZGY0LTZiYjctNDRkNi04OWU1LTc2OWEzZGYxZDc5ZA",
"tax_rates": [
{
"id": "f0e1d2c3-b4a5-4678-9012-3456789abcde",
"name": "Import Duty Surcharge",
"created_at": "2026-03-19T07:15:00.000000Z",
"updated_at": "2026-03-19T08:45:22.111444Z",
"percentage": 12.75
},
{
"id": "f09ad1ad3-a1c0-4c09-b8f8-24b439e72690",
"name": "20% (VAT on Expenses)",
"created_at": "2026-03-11T10:33:51.121090Z",
"updated_at": "2026-03-11T10:33:51.121090Z",
"percentage": 20
},
{
"id": "a1b2c3d4-e5f6-4a5b-bc6d-7e8f9a0b1c2d",
"name": "Reduced Rate Food & Beverage",
"created_at": "2026-02-01T08:00:00.000000Z",
"updated_at": "2026-02-01T08:00:00.000000Z",
"percentage": 5.5
},
{
"id": "5f4e3d2c-1b0a-4987-8765-43210fedcba9",
"name": "Standard Output Tax (High)",
"created_at": "2026-01-15T10:20:30.123456Z",
"updated_at": "2026-03-10T14:45:12.987654Z",
"percentage": 20
},
{
"id": "98765432-abcd-ef01-2345-67890abcdef0",
"name": "Exempt Financial Services",
"created_at": "2025-12-20T11:11:11.000Z",
"updated_at": "2026-03-15T09:30:00.555222Z",
"percentage": 0
}
]
}Retrieve tax rate details
Get the details of a specific tax rate based on the tax rate ID.
The details include the tax rate name and percentage, as well as when the tax rate was added to your settings, and when it was last updated.
For more details, see the guides: Manage accounting settings and Manage tax rates.
Request
Response
Tax rate details
curl -X GET "https://b2b.revolut.com/api/1.0/tax-rates/123e4567-e89b-12d3-a456-426614174000" \
-H "Authorization: Bearer <yourSecretApiKey>"Authorization
httpbearerEach Business API request must contain an authorization header in the following format to make a call: Bearer <your_access_token>.
The access token will be obtained the first time you set up your application and has an expiration of 40 minutes.
During setup, a refresh_token will also be obtained which allows to obtain a new access_token.
Never share your client-assertion JWT (JSON web token), access_token and refresh_token with anyone, as these can be used to access your banking data and initiate transactions.
Access tokens can be issued with four security scopes and require a JWT (JSON Web Token) signature to be obtained:
-
READ: Permissions forGEToperations. -
WRITE: Permissions to update counterparties, webhooks, and issue payment drafts. -
PAY: Permissions to initiate or cancel transactions and currency exchanges. -
READ_SENSITIVE_CARD_DATA: Permissions to retrieve sensitive card details.If you enable the
READ_SENSITIVE_CARD_DATAscope for your access token, you must set up IP whitelisting. Failing to do so will prevent you from accessing any Business API endpoint.IP whitelisting means that you must specify an IP or a set of IPs which will be the only IPs from which requests to the API will be accepted. To do so:
- Go to the Revolut Business web app settings → APIs → Business API.
- Select the corresponding API certificate.
- In Production IP whitelist, provide the IP(s) which should be whitelisted. Make sure that the IPs you provide are not local (i.e. private) IP addresses.
- Save the new settings.
To configure your JWT and obtain the refresh and first access tokens, complete the following steps:
Response body samples
{
"id": "09ad1ad3-a1c0-4c09-b8f8-24b439e72690",
"name": "20% (VAT on Expenses)",
"created_at": "2026-03-11T10:33:51.121090Z",
"updated_at": "2026-03-11T10:33:51.121090Z",
"percentage": 20
}Update tax rate settings
Update settings for a specific tax rate, based on its ID.
This operation is not supported for externally managed tax rates.
For more details, see the guides: Manage accounting settings and Manage tax rates.
Request
Response
Tax rate updated
curl -X PATCH "https://b2b.revolut.com/api/1.0/tax-rates/123e4567-e89b-12d3-a456-426614174000" \
-H "Authorization: Bearer <yourSecretApiKey>" \
-H "Content-Type: application/json" \
-d '{
"name": "20% VAT"
}'Authorization
httpbearerEach Business API request must contain an authorization header in the following format to make a call: Bearer <your_access_token>.
The access token will be obtained the first time you set up your application and has an expiration of 40 minutes.
During setup, a refresh_token will also be obtained which allows to obtain a new access_token.
Never share your client-assertion JWT (JSON web token), access_token and refresh_token with anyone, as these can be used to access your banking data and initiate transactions.
Access tokens can be issued with four security scopes and require a JWT (JSON Web Token) signature to be obtained:
-
READ: Permissions forGEToperations. -
WRITE: Permissions to update counterparties, webhooks, and issue payment drafts. -
PAY: Permissions to initiate or cancel transactions and currency exchanges. -
READ_SENSITIVE_CARD_DATA: Permissions to retrieve sensitive card details.If you enable the
READ_SENSITIVE_CARD_DATAscope for your access token, you must set up IP whitelisting. Failing to do so will prevent you from accessing any Business API endpoint.IP whitelisting means that you must specify an IP or a set of IPs which will be the only IPs from which requests to the API will be accepted. To do so:
- Go to the Revolut Business web app settings → APIs → Business API.
- Select the corresponding API certificate.
- In Production IP whitelist, provide the IP(s) which should be whitelisted. Make sure that the IPs you provide are not local (i.e. private) IP addresses.
- Save the new settings.
To configure your JWT and obtain the refresh and first access tokens, complete the following steps:
Request body samples
{
"name": "20% VAT"
}Response body samples
Delete a tax rate
Delete a specific tax rate, based on its ID.
This operation is not supported for externally managed tax rates.
Once the tax rate is deleted, it will not be returned by the API or in the Revolut Business app, and:
- You will not be able to apply it to new financial records (e.g. expenses).
- Existing records with this tax rate that have not been completed will be marked as invalid, and you'll need to update them to use a different tax rate.
- Completed records will not be affected by the change.
A successful response does not get any content in return.
For more details, see the guides: Manage accounting settings and Manage tax rates.
Request
Response
Tax rate deleted
curl -X DELETE "https://b2b.revolut.com/api/1.0/tax-rates/123e4567-e89b-12d3-a456-426614174000" \
-H "Authorization: Bearer <yourSecretApiKey>"Authorization
httpbearerEach Business API request must contain an authorization header in the following format to make a call: Bearer <your_access_token>.
The access token will be obtained the first time you set up your application and has an expiration of 40 minutes.
During setup, a refresh_token will also be obtained which allows to obtain a new access_token.
Never share your client-assertion JWT (JSON web token), access_token and refresh_token with anyone, as these can be used to access your banking data and initiate transactions.
Access tokens can be issued with four security scopes and require a JWT (JSON Web Token) signature to be obtained:
-
READ: Permissions forGEToperations. -
WRITE: Permissions to update counterparties, webhooks, and issue payment drafts. -
PAY: Permissions to initiate or cancel transactions and currency exchanges. -
READ_SENSITIVE_CARD_DATA: Permissions to retrieve sensitive card details.If you enable the
READ_SENSITIVE_CARD_DATAscope for your access token, you must set up IP whitelisting. Failing to do so will prevent you from accessing any Business API endpoint.IP whitelisting means that you must specify an IP or a set of IPs which will be the only IPs from which requests to the API will be accepted. To do so:
- Go to the Revolut Business web app settings → APIs → Business API.
- Select the corresponding API certificate.
- In Production IP whitelist, provide the IP(s) which should be whitelisted. Make sure that the IPs you provide are not local (i.e. private) IP addresses.
- Save the new settings.
To configure your JWT and obtain the refresh and first access tokens, complete the following steps:
Response body samples
Accounts
Get the balances, full banking details, and other details of your business accounts.
For more information, see the guides: Get your account details.
Retrieve all accounts
Get a list of all your accounts.
For more information, see the guides: Get your account details.
Response
List of business accounts
curl -X GET "https://b2b.revolut.com/api/1.0/accounts" \
-H "Authorization: Bearer <yourSecretApiKey>"Authorization
httpbearerEach Business API request must contain an authorization header in the following format to make a call: Bearer <your_access_token>.
The access token will be obtained the first time you set up your application and has an expiration of 40 minutes.
During setup, a refresh_token will also be obtained which allows to obtain a new access_token.
Never share your client-assertion JWT (JSON web token), access_token and refresh_token with anyone, as these can be used to access your banking data and initiate transactions.
Access tokens can be issued with four security scopes and require a JWT (JSON Web Token) signature to be obtained:
-
READ: Permissions forGEToperations. -
WRITE: Permissions to update counterparties, webhooks, and issue payment drafts. -
PAY: Permissions to initiate or cancel transactions and currency exchanges. -
READ_SENSITIVE_CARD_DATA: Permissions to retrieve sensitive card details.If you enable the
READ_SENSITIVE_CARD_DATAscope for your access token, you must set up IP whitelisting. Failing to do so will prevent you from accessing any Business API endpoint.IP whitelisting means that you must specify an IP or a set of IPs which will be the only IPs from which requests to the API will be accepted. To do so:
- Go to the Revolut Business web app settings → APIs → Business API.
- Select the corresponding API certificate.
- In Production IP whitelist, provide the IP(s) which should be whitelisted. Make sure that the IPs you provide are not local (i.e. private) IP addresses.
- Save the new settings.
To configure your JWT and obtain the refresh and first access tokens, complete the following steps:
Response body samples
[
{
"id": "b7ec67d3-5af1-42c8-bece-3d28nlmo894d",
"name": "International account",
"balance": 3171.89,
"currency": "GBP",
"state": "active",
"public": false,
"created_at": "2022-08-05T14:29:22.215785Z",
"updated_at": "2022-08-05T14:29:22.215785Z"
},
{
"id": "bssc67d3-5afd-42c2-bece-3d28nlmo894d",
"name": "International account 2",
"balance": 411561.89,
"currency": "EUR",
"state": "active",
"public": true,
"created_at": "2022-08-25T14:29:22.215785Z",
"updated_at": "2022-08-30T14:29:22.215785Z"
}
]Retrieve an account
Get the information about one of your accounts. Specify the account by its ID.
For more information, see the guides: Get your account details.
Request
Response
The information about a specific account
curl -X GET "https://b2b.revolut.com/api/1.0/accounts/123e4567-e89b-12d3-a456-426614174000" \
-H "Authorization: Bearer <yourSecretApiKey>"Authorization
httpbearerEach Business API request must contain an authorization header in the following format to make a call: Bearer <your_access_token>.
The access token will be obtained the first time you set up your application and has an expiration of 40 minutes.
During setup, a refresh_token will also be obtained which allows to obtain a new access_token.
Never share your client-assertion JWT (JSON web token), access_token and refresh_token with anyone, as these can be used to access your banking data and initiate transactions.
Access tokens can be issued with four security scopes and require a JWT (JSON Web Token) signature to be obtained:
-
READ: Permissions forGEToperations. -
WRITE: Permissions to update counterparties, webhooks, and issue payment drafts. -
PAY: Permissions to initiate or cancel transactions and currency exchanges. -
READ_SENSITIVE_CARD_DATA: Permissions to retrieve sensitive card details.If you enable the
READ_SENSITIVE_CARD_DATAscope for your access token, you must set up IP whitelisting. Failing to do so will prevent you from accessing any Business API endpoint.IP whitelisting means that you must specify an IP or a set of IPs which will be the only IPs from which requests to the API will be accepted. To do so:
- Go to the Revolut Business web app settings → APIs → Business API.
- Select the corresponding API certificate.
- In Production IP whitelist, provide the IP(s) which should be whitelisted. Make sure that the IPs you provide are not local (i.e. private) IP addresses.
- Save the new settings.
To configure your JWT and obtain the refresh and first access tokens, complete the following steps:
Response body samples
{
"id": "b7ec67d3-5af1-42c8-bece-3d28nlmo894d",
"name": "International account",
"balance": 3171.89,
"currency": "GBP",
"state": "active",
"public": false,
"created_at": "2022-08-05T14:29:22.215785Z",
"updated_at": "2022-08-05T14:29:22.215785Z"
}Retrieve account's full bank details
Get all the bank details of one of your accounts. Specify the account by its ID.
For more information, see the guides: Get your account details.
Request
Response
The bank details of a specific account
Indicates the payment scheme used to execute transactions.
curl -X GET "https://b2b.revolut.com/api/1.0/accounts/123e4567-e89b-12d3-a456-426614174000/bank-details" \
-H "Authorization: Bearer <yourSecretApiKey>"Authorization
httpbearerEach Business API request must contain an authorization header in the following format to make a call: Bearer <your_access_token>.
The access token will be obtained the first time you set up your application and has an expiration of 40 minutes.
During setup, a refresh_token will also be obtained which allows to obtain a new access_token.
Never share your client-assertion JWT (JSON web token), access_token and refresh_token with anyone, as these can be used to access your banking data and initiate transactions.
Access tokens can be issued with four security scopes and require a JWT (JSON Web Token) signature to be obtained:
-
READ: Permissions forGEToperations. -
WRITE: Permissions to update counterparties, webhooks, and issue payment drafts. -
PAY: Permissions to initiate or cancel transactions and currency exchanges. -
READ_SENSITIVE_CARD_DATA: Permissions to retrieve sensitive card details.If you enable the
READ_SENSITIVE_CARD_DATAscope for your access token, you must set up IP whitelisting. Failing to do so will prevent you from accessing any Business API endpoint.IP whitelisting means that you must specify an IP or a set of IPs which will be the only IPs from which requests to the API will be accepted. To do so:
- Go to the Revolut Business web app settings → APIs → Business API.
- Select the corresponding API certificate.
- In Production IP whitelist, provide the IP(s) which should be whitelisted. Make sure that the IPs you provide are not local (i.e. private) IP addresses.
- Save the new settings.
To configure your JWT and obtain the refresh and first access tokens, complete the following steps:
Response body samples
[
{
"iban": "GB66REVO00996995908888",
"bic": "REVOGB21",
"beneficiary": "International account",
"beneficiary_address": {
"street_line1": "Revolut LTD",
"street_line2": "1 Canada Square",
"city": "London",
"country": "GB",
"postcode": "E14 5AB"
},
"bank_country": "GB",
"pooled": false,
"schemes": [
"swift"
],
"estimated_time": {
"unit": "days",
"min": 1,
"max": 3
}
}
]Cards
Manage cards issued for your business, freeze, unfreeze, lock, unlock, terminate and update card settings, such as spending limits and merchant controls.
- This feature is not available in Sandbox.
- To increase your account's card limits, please contact Revolut API Support.
For more information, see the guides: Manage cards for your business.
To prepare virtual cards for team members who have not completed onboarding yet, use Card invitations instead.
Retrieve a list of cards
Get the list of all cards in your organisation.
The results are paginated and sorted by the created_at date in reverse chronological order.
- This feature is not available in Sandbox.
- To increase your account's card limits, please contact Revolut API Support.
For more information, see the guides: Manage cards.
Request
Response
List of cards of the business
A list of cards.
curl -X GET "https://b2b.revolut.com/api/1.0/cards?created_before=the%20date-time%20at%20which%20the%20request%20is%20made&limit=100" \
-H "Authorization: Bearer <yourSecretApiKey>"Authorization
httpbearerEach Business API request must contain an authorization header in the following format to make a call: Bearer <your_access_token>.
The access token will be obtained the first time you set up your application and has an expiration of 40 minutes.
During setup, a refresh_token will also be obtained which allows to obtain a new access_token.
Never share your client-assertion JWT (JSON web token), access_token and refresh_token with anyone, as these can be used to access your banking data and initiate transactions.
Access tokens can be issued with four security scopes and require a JWT (JSON Web Token) signature to be obtained:
-
READ: Permissions forGEToperations. -
WRITE: Permissions to update counterparties, webhooks, and issue payment drafts. -
PAY: Permissions to initiate or cancel transactions and currency exchanges. -
READ_SENSITIVE_CARD_DATA: Permissions to retrieve sensitive card details.If you enable the
READ_SENSITIVE_CARD_DATAscope for your access token, you must set up IP whitelisting. Failing to do so will prevent you from accessing any Business API endpoint.IP whitelisting means that you must specify an IP or a set of IPs which will be the only IPs from which requests to the API will be accepted. To do so:
- Go to the Revolut Business web app settings → APIs → Business API.
- Select the corresponding API certificate.
- In Production IP whitelist, provide the IP(s) which should be whitelisted. Make sure that the IPs you provide are not local (i.e. private) IP addresses.
- Save the new settings.
To configure your JWT and obtain the refresh and first access tokens, complete the following steps:
Response body samples
[
{
"id": "aa14a9af-d7a7-4214-a743-lok818f74bd0",
"holder_id": "173ab846-de2a-1234-5678-160bd2e660e6",
"created_at": "2025-09-15T11:04:11.047305Z",
"updated_at": "2025-09-17T08:32:11.024721Z",
"virtual": true,
"last_digits": "2671",
"expiry": "09/2030",
"label": "Kirby Janette",
"state": "active",
"spending_limits": {
"single": {
"amount": 200.22,
"currency": "GBP"
},
"month": {
"amount": 200.44,
"currency": "GBP"
}
},
"spending_period": {
"start_date": "2025-09-20",
"end_date": "2026-12-20",
"end_date_action": "terminate"
},
"categories": [
"restaurants",
"groceries"
],
"merchant_controls": {
"control_type": "block",
"merchant_ids": [
"46df0a1b-3678-4ded-9cf5-9f4da1b5019d",
"e8a87432-f71e-4deb-be84-969a02792929"
]
},
"countries": [
"GB",
"SG"
],
"accounts": [
"f52c6c84-26b9-4e95-bbcf-99ed6523fb51"
]
},
{
"id": "b8b56da4-1fde-4320-a8d7-cb7560252f7e",
"created_at": "2025-09-15T11:04:11.047305Z",
"updated_at": "2025-09-15T11:04:11.047305Z",
"virtual": false,
"last_digits": "2672",
"expiry": "09/2030",
"state": "active"
}
]Create a card
Create a new team member card, company card, or auto-issued card.
When using the API, you can create only virtual cards. To create a physical card, use the Revolut Business app.
- This feature is not available in Sandbox.
- To increase your account's card limits, please contact Revolut API Support.
For more information, see the guides: Manage cards.
Request
Response
Information about the created card
curl -X POST "https://b2b.revolut.com/api/1.0/cards" \
-H "Authorization: Bearer <yourSecretApiKey>" \
-H "Content-Type: application/json" \
-d '{
"request_id": "7a10f3eb-fe56-4699-9bd0-044a63508828",
"holder_id": "173ab846-de2a-1234-5678-160bd2e660e6",
"virtual": true,
"label": "Kirby Janette",
"spending_limits": {
"single": {
"amount": 200.22,
"currency": "GBP"
},
"week": {
"amount": 200.44,
"currency": "GBP"
}
},
"spending_period": {
"end_date": "2026-12-15",
"end_date_action": "terminate"
},
"categories": [
"groceries",
"restaurants"
],
"merchant_controls": {
"control_type": "block",
"merchant_ids": [
"46df0a1b-3678-4ded-9cf5-9f4da1b5019d",
"e8a87432-f71e-4deb-be84-969a02792929"
]
},
"countries": [
"GB",
"SG"
],
"accounts": [
"75aa436d-2a04-4ab9-af14-ed0955769b8c"
]
}'Authorization
httpbearerEach Business API request must contain an authorization header in the following format to make a call: Bearer <your_access_token>.
The access token will be obtained the first time you set up your application and has an expiration of 40 minutes.
During setup, a refresh_token will also be obtained which allows to obtain a new access_token.
Never share your client-assertion JWT (JSON web token), access_token and refresh_token with anyone, as these can be used to access your banking data and initiate transactions.
Access tokens can be issued with four security scopes and require a JWT (JSON Web Token) signature to be obtained:
-
READ: Permissions forGEToperations. -
WRITE: Permissions to update counterparties, webhooks, and issue payment drafts. -
PAY: Permissions to initiate or cancel transactions and currency exchanges. -
READ_SENSITIVE_CARD_DATA: Permissions to retrieve sensitive card details.If you enable the
READ_SENSITIVE_CARD_DATAscope for your access token, you must set up IP whitelisting. Failing to do so will prevent you from accessing any Business API endpoint.IP whitelisting means that you must specify an IP or a set of IPs which will be the only IPs from which requests to the API will be accepted. To do so:
- Go to the Revolut Business web app settings → APIs → Business API.
- Select the corresponding API certificate.
- In Production IP whitelist, provide the IP(s) which should be whitelisted. Make sure that the IPs you provide are not local (i.e. private) IP addresses.
- Save the new settings.
To configure your JWT and obtain the refresh and first access tokens, complete the following steps:
Request body samples
{
"request_id": "7a10f3eb-fe56-4699-9bd0-044a63508828",
"holder_id": "173ab846-de2a-1234-5678-160bd2e660e6",
"virtual": true,
"label": "Kirby Janette",
"spending_limits": {
"single": {
"amount": 200.22,
"currency": "GBP"
},
"week": {
"amount": 200.44,
"currency": "GBP"
}
},
"spending_period": {
"end_date": "2026-12-15",
"end_date_action": "terminate"
},
"categories": [
"groceries",
"restaurants"
],
"merchant_controls": {
"control_type": "block",
"merchant_ids": [
"46df0a1b-3678-4ded-9cf5-9f4da1b5019d",
"e8a87432-f71e-4deb-be84-969a02792929"
]
},
"countries": [
"GB",
"SG"
],
"accounts": [
"75aa436d-2a04-4ab9-af14-ed0955769b8c"
]
}Response body samples
{
"id": "aa14a9af-d7a7-4214-a743-lok818f74bd0",
"holder_id": "173ab846-de2a-1234-5678-160bd2e660e6",
"created_at": "2025-09-15T11:04:11.047305Z",
"updated_at": "2025-09-15T11:04:11.047305Z",
"virtual": true,
"last_digits": "2671",
"expiry": "09/2030",
"label": "Kirby Janette",
"state": "active",
"spending_limits": {
"single": {
"amount": 200.22,
"currency": "GBP"
}
},
"spending_period": {
"end_date": "2026-12-15",
"end_date_action": "terminate",
"week": {
"amount": 200.44,
"currency": "GBP"
}
},
"categories": [
"restaurants",
"groceries"
],
"merchant_controls": {
"control_type": "block",
"merchant_ids": [
"46df0a1b-3678-4ded-9cf5-9f4da1b5019d",
"e8a87432-f71e-4deb-be84-969a02792929"
]
},
"countries": [
"GB",
"SG"
],
"accounts": [
"f52c6c84-26b9-4e95-bbcf-99ed6523fb51"
]
}Retrieve card details
Get the details of a specific card, based on its ID.
- This feature is not available in Sandbox.
- To increase your account's card limits, please contact Revolut API Support.
For more information, see the guides: Manage cards.
Request
Response
Information about the card
curl -X GET "https://b2b.revolut.com/api/1.0/cards/123e4567-e89b-12d3-a456-426614174000" \
-H "Authorization: Bearer <yourSecretApiKey>"Authorization
httpbearerEach Business API request must contain an authorization header in the following format to make a call: Bearer <your_access_token>.
The access token will be obtained the first time you set up your application and has an expiration of 40 minutes.
During setup, a refresh_token will also be obtained which allows to obtain a new access_token.
Never share your client-assertion JWT (JSON web token), access_token and refresh_token with anyone, as these can be used to access your banking data and initiate transactions.
Access tokens can be issued with four security scopes and require a JWT (JSON Web Token) signature to be obtained:
-
READ: Permissions forGEToperations. -
WRITE: Permissions to update counterparties, webhooks, and issue payment drafts. -
PAY: Permissions to initiate or cancel transactions and currency exchanges. -
READ_SENSITIVE_CARD_DATA: Permissions to retrieve sensitive card details.If you enable the
READ_SENSITIVE_CARD_DATAscope for your access token, you must set up IP whitelisting. Failing to do so will prevent you from accessing any Business API endpoint.IP whitelisting means that you must specify an IP or a set of IPs which will be the only IPs from which requests to the API will be accepted. To do so:
- Go to the Revolut Business web app settings → APIs → Business API.
- Select the corresponding API certificate.
- In Production IP whitelist, provide the IP(s) which should be whitelisted. Make sure that the IPs you provide are not local (i.e. private) IP addresses.
- Save the new settings.
To configure your JWT and obtain the refresh and first access tokens, complete the following steps:
Response body samples
{
"id": "aa14a9af-d7a7-4214-a743-lok818f74bd0",
"holder_id": "173ab846-de2a-1234-5678-160bd2e660e6",
"created_at": "2025-09-15T11:04:11.047305Z",
"updated_at": "2025-09-17T08:32:11.024721Z",
"virtual": true,
"last_digits": "2671",
"expiry": "09/2030",
"label": "Kirby Janette",
"state": "active",
"spending_limits": {
"single": {
"amount": 200.22,
"currency": "GBP"
},
"month": {
"amount": 200.44,
"currency": "GBP"
}
},
"spending_period": {
"start_date": "2025-09-20",
"end_date": "2026-12-20",
"end_date_action": "terminate"
},
"categories": [
"restaurants",
"groceries"
],
"merchant_controls": {
"control_type": "block",
"merchant_ids": [
"46df0a1b-3678-4ded-9cf5-9f4da1b5019d",
"e8a87432-f71e-4deb-be84-969a02792929"
]
},
"countries": [
"GB",
"SG"
],
"accounts": [
"f52c6c84-26b9-4e95-bbcf-99ed6523fb51"
]
}Update card settings
Update settings for a specific card, based on its ID.
- This feature is not available in Sandbox.
- To increase your account's card limits, please contact Revolut API Support.
Some spend control parameters can affect one another. When updating spend controls, review the resulting settings in the response to ensure they reflect the configuration you intended.
For more information, see the guides: Manage cards.
Request
Response
Information about the updated card
If you modify the card's spending period in the request, the card's state returned in the response might not yet reflect those changes.
This is because these spending period locks are applied to the card asynchronously, which might result in a slight delay in the card's state update.
To re-check the state, fetch the card's details.
curl -X PATCH "https://b2b.revolut.com/api/1.0/cards/123e4567-e89b-12d3-a456-426614174000" \
-H "Authorization: Bearer <yourSecretApiKey>" \
-H "Content-Type: application/json" \
-d '{
"label": "New card label",
"spending_limits": {
"single": {
"amount": 100,
"currency": "GBP"
},
"month": {
"amount": 300,
"currency": "GBP"
}
},
"spending_period": {
"start_date": "2025-09-18",
"end_date": "2026-12-20",
"end_date_action": "lock"
},
"categories": [
"services",
"shopping",
"furniture"
],
"merchant_controls": {
"control_type": "block",
"merchant_ids": [
"46df0a1b-3678-4ded-9cf5-9f4da1b5019d",
"e8a87432-f71e-4deb-be84-969a02792929",
"3f09819f-63d1-473a-966c-54d8b9f43a93"
]
},
"countries": [
"GB",
"SG",
"ES"
],
"accounts": [
"f52c6c84-26b9-4e95-bbcf-99ed6523fb51",
"9ae4345a-5ee5-496b-b776-241fcc5a5ba4"
]
}'Authorization
httpbearerEach Business API request must contain an authorization header in the following format to make a call: Bearer <your_access_token>.
The access token will be obtained the first time you set up your application and has an expiration of 40 minutes.
During setup, a refresh_token will also be obtained which allows to obtain a new access_token.
Never share your client-assertion JWT (JSON web token), access_token and refresh_token with anyone, as these can be used to access your banking data and initiate transactions.
Access tokens can be issued with four security scopes and require a JWT (JSON Web Token) signature to be obtained:
-
READ: Permissions forGEToperations. -
WRITE: Permissions to update counterparties, webhooks, and issue payment drafts. -
PAY: Permissions to initiate or cancel transactions and currency exchanges. -
READ_SENSITIVE_CARD_DATA: Permissions to retrieve sensitive card details.If you enable the
READ_SENSITIVE_CARD_DATAscope for your access token, you must set up IP whitelisting. Failing to do so will prevent you from accessing any Business API endpoint.IP whitelisting means that you must specify an IP or a set of IPs which will be the only IPs from which requests to the API will be accepted. To do so:
- Go to the Revolut Business web app settings → APIs → Business API.
- Select the corresponding API certificate.
- In Production IP whitelist, provide the IP(s) which should be whitelisted. Make sure that the IPs you provide are not local (i.e. private) IP addresses.
- Save the new settings.
To configure your JWT and obtain the refresh and first access tokens, complete the following steps:
Request body samples
{
"label": "New card label",
"spending_limits": {
"single": {
"amount": 100,
"currency": "GBP"
},
"month": {
"amount": 300,
"currency": "GBP"
}
},
"spending_period": {
"start_date": "2025-09-18",
"end_date": "2026-12-20",
"end_date_action": "lock"
},
"categories": [
"services",
"shopping",
"furniture"
],
"merchant_controls": {
"control_type": "block",
"merchant_ids": [
"46df0a1b-3678-4ded-9cf5-9f4da1b5019d",
"e8a87432-f71e-4deb-be84-969a02792929",
"3f09819f-63d1-473a-966c-54d8b9f43a93"
]
},
"countries": [
"GB",
"SG",
"ES"
],
"accounts": [
"f52c6c84-26b9-4e95-bbcf-99ed6523fb51",
"9ae4345a-5ee5-496b-b776-241fcc5a5ba4"
]
}Response body samples
{
"id": "aa14a9af-d7a7-4214-a743-lok818f74bd0",
"holder_id": "173ab846-de2a-1234-5678-160bd2e660e6",
"created_at": "2025-09-15T11:04:11.047305Z",
"updated_at": "2025-09-17T08:32:11.024721Z",
"virtual": true,
"last_digits": "2671",
"expiry": "09/2030",
"label": "New card label",
"state": "locked",
"spending_limits": {
"single": {
"amount": 100,
"currency": "GBP"
},
"week": {
"amount": 300,
"currency": "GBP"
}
},
"spending_period": {
"start_date": "2025-09-18",
"end_date": "2026-12-20",
"end_date_action": "lock"
},
"categories": [
"services",
"shopping",
"furniture"
],
"merchant_controls": {
"control_type": "block",
"merchant_ids": [
"46df0a1b-3678-4ded-9cf5-9f4da1b5019d",
"e8a87432-f71e-4deb-be84-969a02792929",
"3f09819f-63d1-473a-966c-54d8b9f43a93"
]
},
"countries": [
"GB",
"SG",
"ES"
],
"accounts": [
"f52c6c84-26b9-4e95-bbcf-99ed6523fb51",
"9ae4345a-5ee5-496b-b776-241fcc5a5ba4"
]
}Terminate a card
Terminate a specific card, based on its ID.
Once the card is terminated, it will not be returned by the API.
A successful response does not get any content in return.
- This feature is not available in Sandbox.
- To increase your account's card limits, please contact Revolut API Support.
For more information, see the guides: Manage cards.
Request
Response
Card successfully terminated
curl -X DELETE "https://b2b.revolut.com/api/1.0/cards/123e4567-e89b-12d3-a456-426614174000" \
-H "Authorization: Bearer <yourSecretApiKey>"Authorization
httpbearerEach Business API request must contain an authorization header in the following format to make a call: Bearer <your_access_token>.
The access token will be obtained the first time you set up your application and has an expiration of 40 minutes.
During setup, a refresh_token will also be obtained which allows to obtain a new access_token.
Never share your client-assertion JWT (JSON web token), access_token and refresh_token with anyone, as these can be used to access your banking data and initiate transactions.
Access tokens can be issued with four security scopes and require a JWT (JSON Web Token) signature to be obtained:
-
READ: Permissions forGEToperations. -
WRITE: Permissions to update counterparties, webhooks, and issue payment drafts. -
PAY: Permissions to initiate or cancel transactions and currency exchanges. -
READ_SENSITIVE_CARD_DATA: Permissions to retrieve sensitive card details.If you enable the
READ_SENSITIVE_CARD_DATAscope for your access token, you must set up IP whitelisting. Failing to do so will prevent you from accessing any Business API endpoint.IP whitelisting means that you must specify an IP or a set of IPs which will be the only IPs from which requests to the API will be accepted. To do so:
- Go to the Revolut Business web app settings → APIs → Business API.
- Select the corresponding API certificate.
- In Production IP whitelist, provide the IP(s) which should be whitelisted. Make sure that the IPs you provide are not local (i.e. private) IP addresses.
- Save the new settings.
To configure your JWT and obtain the refresh and first access tokens, complete the following steps:
Response body samples
Update card contacts
Update the list of card contacts (contact_ids) for a company card.
- This feature is not available in Sandbox.
- To increase your account's card limits, please contact Revolut API Support.
You can only update cards with existing contacts. If a card does not have any contacts assigned, this operation is not allowed.
On success, the updated list of contacts is returned.
This operation overrides the existing contacts. This means that it removes the current list completely, and replaces it with the new one provided in this request.
If you want to add new contacts for the card instead of replacing the existing ones, make sure that you fetch the existing contacts first, and include them in your request.
For more information, see the guides: Manage cards.
Request
The list of contacts for a company card.
min items: 1max items: 5unique itemsOne of the card's contacts.
Response
Updated list of contacts
The list of contacts for a company card.
min items: 1max items: 5unique itemsOne of the card's contacts.
curl -X PUT "https://b2b.revolut.com/api/1.0/cards/123e4567-e89b-12d3-a456-426614174000/contacts" \
-H "Authorization: Bearer <yourSecretApiKey>" \
-H "Content-Type: application/json" \
-d '[
"3ea984a5-d599-4c97-b2b3-c6c12bb9b5e9",
"02b969cb-b984-4a70-873d-f93220805e5e",
"36d9604d-4821-45fc-bf1a-a2881f6336c0"
]'Authorization
httpbearerEach Business API request must contain an authorization header in the following format to make a call: Bearer <your_access_token>.
The access token will be obtained the first time you set up your application and has an expiration of 40 minutes.
During setup, a refresh_token will also be obtained which allows to obtain a new access_token.
Never share your client-assertion JWT (JSON web token), access_token and refresh_token with anyone, as these can be used to access your banking data and initiate transactions.
Access tokens can be issued with four security scopes and require a JWT (JSON Web Token) signature to be obtained:
-
READ: Permissions forGEToperations. -
WRITE: Permissions to update counterparties, webhooks, and issue payment drafts. -
PAY: Permissions to initiate or cancel transactions and currency exchanges. -
READ_SENSITIVE_CARD_DATA: Permissions to retrieve sensitive card details.If you enable the
READ_SENSITIVE_CARD_DATAscope for your access token, you must set up IP whitelisting. Failing to do so will prevent you from accessing any Business API endpoint.IP whitelisting means that you must specify an IP or a set of IPs which will be the only IPs from which requests to the API will be accepted. To do so:
- Go to the Revolut Business web app settings → APIs → Business API.
- Select the corresponding API certificate.
- In Production IP whitelist, provide the IP(s) which should be whitelisted. Make sure that the IPs you provide are not local (i.e. private) IP addresses.
- Save the new settings.
To configure your JWT and obtain the refresh and first access tokens, complete the following steps:
Request body samples
[
"3ea984a5-d599-4c97-b2b3-c6c12bb9b5e9",
"02b969cb-b984-4a70-873d-f93220805e5e",
"36d9604d-4821-45fc-bf1a-a2881f6336c0"
]Response body samples
[
"3ea984a5-d599-4c97-b2b3-c6c12bb9b5e9",
"02b969cb-b984-4a70-873d-f93220805e5e",
"36d9604d-4821-45fc-bf1a-a2881f6336c0"
]Update card references
Update the list of references (references) for a company or auto-issued card.
- This feature is not available in Sandbox.
- To increase your account's card limits, please contact Revolut API Support.
References can be amended up to 10 times. Reference names must be unique.
References are only supported for cards owned by the business (i.e. company or auto-issued cards).
They can't be added to team member cards (i.e. with holder_id present).
The references recorded on a transaction are those assigned to the card at the time the transaction took place. If the references are amended, they will only be applied to future transactions. Existing transaction are not affected.
On success, the updated list of references is returned.
This operation overrides the existing references. This means that it removes the current list completely, and replaces it with the new one provided in this request.
If you want to add references to the card instead of replacing the existing ones, make sure that you fetch the existing references first, and include them in your request.
To delete existing references without adding new ones, simply provide an empty list.
For more information, see the guides: Manage cards.
Request
References for the card. Up to 5 name-value pairs assigned to the card for tracking.
Each time the card is used, the references are recorded in the transaction details (card.references), helping track transactions made with this card.
The names must be unique. The references can be amended up to 10 times.
References are only supported for cards owned by the business (i.e. company or auto-issued cards).
They are not supported for team member cards (i.e. with holder_id present).
The references recorded on a transaction are those assigned to the card at the time the transaction took place. If the references are amended, they will only be applied to future transactions. Existing transaction are not affected.
min items: 1max items: 5unique itemsResponse
Updated list of references.
Up to 5 name-value pairs assigned to the card for tracking.
References for the card. Up to 5 name-value pairs assigned to the card for tracking.
The names must be unique. The references can be amended up to 10 times.
min items: 1max items: 5unique itemscurl -X PUT "https://b2b.revolut.com/api/1.0/cards/123e4567-e89b-12d3-a456-426614174000/references" \
-H "Authorization: Bearer <yourSecretApiKey>" \
-H "Content-Type: application/json" \
-d '[
{
"name": "Budget",
"value": "Engagement"
},
{
"name": "Department",
"value": "Business"
}
]'Authorization
httpbearerEach Business API request must contain an authorization header in the following format to make a call: Bearer <your_access_token>.
The access token will be obtained the first time you set up your application and has an expiration of 40 minutes.
During setup, a refresh_token will also be obtained which allows to obtain a new access_token.
Never share your client-assertion JWT (JSON web token), access_token and refresh_token with anyone, as these can be used to access your banking data and initiate transactions.
Access tokens can be issued with four security scopes and require a JWT (JSON Web Token) signature to be obtained:
-
READ: Permissions forGEToperations. -
WRITE: Permissions to update counterparties, webhooks, and issue payment drafts. -
PAY: Permissions to initiate or cancel transactions and currency exchanges. -
READ_SENSITIVE_CARD_DATA: Permissions to retrieve sensitive card details.If you enable the
READ_SENSITIVE_CARD_DATAscope for your access token, you must set up IP whitelisting. Failing to do so will prevent you from accessing any Business API endpoint.IP whitelisting means that you must specify an IP or a set of IPs which will be the only IPs from which requests to the API will be accepted. To do so:
- Go to the Revolut Business web app settings → APIs → Business API.
- Select the corresponding API certificate.
- In Production IP whitelist, provide the IP(s) which should be whitelisted. Make sure that the IPs you provide are not local (i.e. private) IP addresses.
- Save the new settings.
To configure your JWT and obtain the refresh and first access tokens, complete the following steps:
Request body samples
[
{
"name": "Budget",
"value": "Engagement"
},
{
"name": "Department",
"value": "Business"
}
]Response body samples
[
{
"name": "Budget",
"value": "Engagement"
},
{
"name": "Department",
"value": "Business"
}
]Freeze a card
Freeze a card to make it temporarily unavailable for spending.
You can only freeze a card that is in the state active.
A successful freeze changes the card's state to frozen, and no content is returned in the response.
- This feature is not available in Sandbox.
- To increase your account's card limits, please contact Revolut API Support.
For more information, see the guides: Manage cards.
Request
Response
Card successfully frozen
curl -X POST "https://b2b.revolut.com/api/1.0/cards/123e4567-e89b-12d3-a456-426614174000/freeze" \
-H "Authorization: Bearer <yourSecretApiKey>"Authorization
httpbearerEach Business API request must contain an authorization header in the following format to make a call: Bearer <your_access_token>.
The access token will be obtained the first time you set up your application and has an expiration of 40 minutes.
During setup, a refresh_token will also be obtained which allows to obtain a new access_token.
Never share your client-assertion JWT (JSON web token), access_token and refresh_token with anyone, as these can be used to access your banking data and initiate transactions.
Access tokens can be issued with four security scopes and require a JWT (JSON Web Token) signature to be obtained:
-
READ: Permissions forGEToperations. -
WRITE: Permissions to update counterparties, webhooks, and issue payment drafts. -
PAY: Permissions to initiate or cancel transactions and currency exchanges. -
READ_SENSITIVE_CARD_DATA: Permissions to retrieve sensitive card details.If you enable the
READ_SENSITIVE_CARD_DATAscope for your access token, you must set up IP whitelisting. Failing to do so will prevent you from accessing any Business API endpoint.IP whitelisting means that you must specify an IP or a set of IPs which will be the only IPs from which requests to the API will be accepted. To do so:
- Go to the Revolut Business web app settings → APIs → Business API.
- Select the corresponding API certificate.
- In Production IP whitelist, provide the IP(s) which should be whitelisted. Make sure that the IPs you provide are not local (i.e. private) IP addresses.
- Save the new settings.
To configure your JWT and obtain the refresh and first access tokens, complete the following steps:
Response body samples
Unfreeze a card
Unfreeze a card to re-enable spending for that card.
You can only unfreeze a card that is in the state frozen.
A successful unfreeze changes the card's state back to active, and no content is returned in the response.
- This feature is not available in Sandbox.
- To increase your account's card limits, please contact Revolut API Support.
For more information, see the guides: Manage cards.
Request
Response
Card successfully unfrozen
curl -X POST "https://b2b.revolut.com/api/1.0/cards/123e4567-e89b-12d3-a456-426614174000/unfreeze" \
-H "Authorization: Bearer <yourSecretApiKey>"Authorization
httpbearerEach Business API request must contain an authorization header in the following format to make a call: Bearer <your_access_token>.
The access token will be obtained the first time you set up your application and has an expiration of 40 minutes.
During setup, a refresh_token will also be obtained which allows to obtain a new access_token.
Never share your client-assertion JWT (JSON web token), access_token and refresh_token with anyone, as these can be used to access your banking data and initiate transactions.
Access tokens can be issued with four security scopes and require a JWT (JSON Web Token) signature to be obtained:
-
READ: Permissions forGEToperations. -
WRITE: Permissions to update counterparties, webhooks, and issue payment drafts. -
PAY: Permissions to initiate or cancel transactions and currency exchanges. -
READ_SENSITIVE_CARD_DATA: Permissions to retrieve sensitive card details.If you enable the
READ_SENSITIVE_CARD_DATAscope for your access token, you must set up IP whitelisting. Failing to do so will prevent you from accessing any Business API endpoint.IP whitelisting means that you must specify an IP or a set of IPs which will be the only IPs from which requests to the API will be accepted. To do so:
- Go to the Revolut Business web app settings → APIs → Business API.
- Select the corresponding API certificate.
- In Production IP whitelist, provide the IP(s) which should be whitelisted. Make sure that the IPs you provide are not local (i.e. private) IP addresses.
- Save the new settings.
To configure your JWT and obtain the refresh and first access tokens, complete the following steps:
Response body samples
Lock a card
Apply an admin lock to a card to make it temporarily unavailable for spending.
A successful lock changes the card's state to locked, and no content is returned in the response.
- This feature is not available in Sandbox.
- To increase your account's card limits, please contact Revolut API Support.
For more information, see the guides: Manage cards.
Request
Response
Card successfully locked
curl -X POST "https://b2b.revolut.com/api/1.0/cards/123e4567-e89b-12d3-a456-426614174000/lock" \
-H "Authorization: Bearer <yourSecretApiKey>"Authorization
httpbearerEach Business API request must contain an authorization header in the following format to make a call: Bearer <your_access_token>.
The access token will be obtained the first time you set up your application and has an expiration of 40 minutes.
During setup, a refresh_token will also be obtained which allows to obtain a new access_token.
Never share your client-assertion JWT (JSON web token), access_token and refresh_token with anyone, as these can be used to access your banking data and initiate transactions.
Access tokens can be issued with four security scopes and require a JWT (JSON Web Token) signature to be obtained:
-
READ: Permissions forGEToperations. -
WRITE: Permissions to update counterparties, webhooks, and issue payment drafts. -
PAY: Permissions to initiate or cancel transactions and currency exchanges. -
READ_SENSITIVE_CARD_DATA: Permissions to retrieve sensitive card details.If you enable the
READ_SENSITIVE_CARD_DATAscope for your access token, you must set up IP whitelisting. Failing to do so will prevent you from accessing any Business API endpoint.IP whitelisting means that you must specify an IP or a set of IPs which will be the only IPs from which requests to the API will be accepted. To do so:
- Go to the Revolut Business web app settings → APIs → Business API.
- Select the corresponding API certificate.
- In Production IP whitelist, provide the IP(s) which should be whitelisted. Make sure that the IPs you provide are not local (i.e. private) IP addresses.
- Save the new settings.
To configure your JWT and obtain the refresh and first access tokens, complete the following steps:
Response body samples
Unlock a card
Unlock a card locked with an admin lock or spending period settings to make it available for spending again.
- This feature is not available in Sandbox.
- To increase your account's card limits, please contact Revolut API Support.
If a card has a spending_period set and is locked due to being outside of that period, unlocking the card removes this spending period completely, including the end date.
If you want to unlock such a card but keep its spending period end date:
- Fetch the card's details.
- Save the
spending_period.end_dateandspending_period.end_date_actionsettings. - Unlock the card.
- Update the card's
spending_periodby re-adding the saved settings.
If both start and end dates for the spending period are provided, and the card is locked due to those dates, to unlock such a card, update its spending_period settings instead.
A successful unlock changes the card's state to active, and no content is returned in the response.
For more information, see the guides: Manage cards.
Request
Response
Card successfully unlocked
curl -X POST "https://b2b.revolut.com/api/1.0/cards/123e4567-e89b-12d3-a456-426614174000/unlock" \
-H "Authorization: Bearer <yourSecretApiKey>"Authorization
httpbearerEach Business API request must contain an authorization header in the following format to make a call: Bearer <your_access_token>.
The access token will be obtained the first time you set up your application and has an expiration of 40 minutes.
During setup, a refresh_token will also be obtained which allows to obtain a new access_token.
Never share your client-assertion JWT (JSON web token), access_token and refresh_token with anyone, as these can be used to access your banking data and initiate transactions.
Access tokens can be issued with four security scopes and require a JWT (JSON Web Token) signature to be obtained:
-
READ: Permissions forGEToperations. -
WRITE: Permissions to update counterparties, webhooks, and issue payment drafts. -
PAY: Permissions to initiate or cancel transactions and currency exchanges. -
READ_SENSITIVE_CARD_DATA: Permissions to retrieve sensitive card details.If you enable the
READ_SENSITIVE_CARD_DATAscope for your access token, you must set up IP whitelisting. Failing to do so will prevent you from accessing any Business API endpoint.IP whitelisting means that you must specify an IP or a set of IPs which will be the only IPs from which requests to the API will be accepted. To do so:
- Go to the Revolut Business web app settings → APIs → Business API.
- Select the corresponding API certificate.
- In Production IP whitelist, provide the IP(s) which should be whitelisted. Make sure that the IPs you provide are not local (i.e. private) IP addresses.
- Save the new settings.
To configure your JWT and obtain the refresh and first access tokens, complete the following steps:
Response body samples
Retrieve sensitive card details
Get sensitive details of a specific card, based on its ID.
Requires the READ_SENSITIVE_CARD_DATA token scope. For more information, see the Authorization section.
- This feature is not available in Sandbox.
- To increase your account's card limits, please contact Revolut API Support.
For more information, see the guides: Manage cards.
Request
Response
Sensitive details of the card
curl -X GET "https://b2b.revolut.com/api/1.0/cards/123e4567-e89b-12d3-a456-426614174000/sensitive-details" \
-H "Authorization: Bearer <yourSecretApiKey>"Authorization
httpbearerEach Business API request must contain an authorization header in the following format to make a call: Bearer <your_access_token>.
The access token will be obtained the first time you set up your application and has an expiration of 40 minutes.
During setup, a refresh_token will also be obtained which allows to obtain a new access_token.
Never share your client-assertion JWT (JSON web token), access_token and refresh_token with anyone, as these can be used to access your banking data and initiate transactions.
Access tokens can be issued with four security scopes and require a JWT (JSON Web Token) signature to be obtained:
-
READ: Permissions forGEToperations. -
WRITE: Permissions to update counterparties, webhooks, and issue payment drafts. -
PAY: Permissions to initiate or cancel transactions and currency exchanges. -
READ_SENSITIVE_CARD_DATA: Permissions to retrieve sensitive card details.If you enable the
READ_SENSITIVE_CARD_DATAscope for your access token, you must set up IP whitelisting. Failing to do so will prevent you from accessing any Business API endpoint.IP whitelisting means that you must specify an IP or a set of IPs which will be the only IPs from which requests to the API will be accepted. To do so:
- Go to the Revolut Business web app settings → APIs → Business API.
- Select the corresponding API certificate.
- In Production IP whitelist, provide the IP(s) which should be whitelisted. Make sure that the IPs you provide are not local (i.e. private) IP addresses.
- Save the new settings.
To configure your JWT and obtain the refresh and first access tokens, complete the following steps:
Response body samples
{
"pan": "4111111111111111",
"cvv": "123",
"expiry": "06/2030"
}Card invitations
Use card invitations to pre-create cards for team members who have not yet onboarded. Once the team member completes onboarding, the card is automatically issued as per the configuration specified in the invitation. You can also retrieve and update the invitations, or cancel them if they're no longer needed.
- This feature is not available in Sandbox.
- To increase your account's card limits, please contact Revolut API Support.
For more information, see the guides: Manage card invitations.
Create a card invitation
Create an invitation for a virtual team member card for a new, not-yet-onboarded team member. When the team member completes onboarding before the invitation's expiry date, the invitation will automatically be claimed, and the card will then be issued for the team member immediately.
- This feature is not available in Sandbox.
- To increase your account's card limits, please contact Revolut API Support.
For more information, see the guides: Manage card invitations.
Request
Response
Successfully created card invitation
curl -X POST "https://b2b.revolut.com/api/1.0/card-invitations" \
-H "Authorization: Bearer <yourSecretApiKey>" \
-H "Content-Type: application/json" \
-d '{
"request_id": "4016b891-bb50-4bd2-8a1b-adb74f4aacdd",
"holder_id": "3791712d-e5b5-4d5f-b1f1-79a93d57e08b",
"virtual": true
}'Authorization
httpbearerEach Business API request must contain an authorization header in the following format to make a call: Bearer <your_access_token>.
The access token will be obtained the first time you set up your application and has an expiration of 40 minutes.
During setup, a refresh_token will also be obtained which allows to obtain a new access_token.
Never share your client-assertion JWT (JSON web token), access_token and refresh_token with anyone, as these can be used to access your banking data and initiate transactions.
Access tokens can be issued with four security scopes and require a JWT (JSON Web Token) signature to be obtained:
-
READ: Permissions forGEToperations. -
WRITE: Permissions to update counterparties, webhooks, and issue payment drafts. -
PAY: Permissions to initiate or cancel transactions and currency exchanges. -
READ_SENSITIVE_CARD_DATA: Permissions to retrieve sensitive card details.If you enable the
READ_SENSITIVE_CARD_DATAscope for your access token, you must set up IP whitelisting. Failing to do so will prevent you from accessing any Business API endpoint.IP whitelisting means that you must specify an IP or a set of IPs which will be the only IPs from which requests to the API will be accepted. To do so:
- Go to the Revolut Business web app settings → APIs → Business API.
- Select the corresponding API certificate.
- In Production IP whitelist, provide the IP(s) which should be whitelisted. Make sure that the IPs you provide are not local (i.e. private) IP addresses.
- Save the new settings.
To configure your JWT and obtain the refresh and first access tokens, complete the following steps:
Request body samples
{
"request_id": "4016b891-bb50-4bd2-8a1b-adb74f4aacdd",
"holder_id": "3791712d-e5b5-4d5f-b1f1-79a93d57e08b",
"virtual": true
}Response body samples
{
"id": "4016b891-bb50-4bd2-8a1b-adb74f4aacdd",
"state": "created",
"created_at": "2025-11-21T00:00:00Z",
"updated_at": "2025-11-21T00:00:00Z",
"expiry_date": "2025-12-06T00:00:00Z",
"holder_id": "3791712d-e5b5-4d5f-b1f1-79a93d57e08b",
"virtual": true,
"label": "Dariel Pattie",
"spending_limits": {
"single": {
"amount": 50,
"currency": "GBP"
},
"week": {
"amount": 250,
"currency": "GBP"
}
},
"spending_period": {
"end_date": "2026-12-31",
"end_date_action": "lock"
},
"categories": [
"groceries",
"restaurants"
],
"merchant_controls": {
"control_type": "block",
"merchant_ids": [
"14c8d663-2093-4086-96ed-334a4011333f",
"06e0f7fa-38a2-4fcf-a115-df5caf190b55"
]
},
"countries": [
"GB"
],
"accounts": [
"26a852b8-4046-4e71-949d-22f4cb6be26a"
]
}Retrieve a list of card invitations
Get the list of all card invitations in your organisation.
The results are paginated and sorted by the created_at date in reverse chronological order.
- This feature is not available in Sandbox.
- To increase your account's card limits, please contact Revolut API Support.
For more information, see the guides: Manage card invitations.
Request
Response
The list of card invitations for your business
A list of card invitations
curl -X GET "https://b2b.revolut.com/api/1.0/card-invitations?created_before=the%20date-time%20at%20which%20the%20request%20is%20made&limit=100&state=%5B%5D" \
-H "Authorization: Bearer <yourSecretApiKey>"Authorization
httpbearerEach Business API request must contain an authorization header in the following format to make a call: Bearer <your_access_token>.
The access token will be obtained the first time you set up your application and has an expiration of 40 minutes.
During setup, a refresh_token will also be obtained which allows to obtain a new access_token.
Never share your client-assertion JWT (JSON web token), access_token and refresh_token with anyone, as these can be used to access your banking data and initiate transactions.
Access tokens can be issued with four security scopes and require a JWT (JSON Web Token) signature to be obtained:
-
READ: Permissions forGEToperations. -
WRITE: Permissions to update counterparties, webhooks, and issue payment drafts. -
PAY: Permissions to initiate or cancel transactions and currency exchanges. -
READ_SENSITIVE_CARD_DATA: Permissions to retrieve sensitive card details.If you enable the
READ_SENSITIVE_CARD_DATAscope for your access token, you must set up IP whitelisting. Failing to do so will prevent you from accessing any Business API endpoint.IP whitelisting means that you must specify an IP or a set of IPs which will be the only IPs from which requests to the API will be accepted. To do so:
- Go to the Revolut Business web app settings → APIs → Business API.
- Select the corresponding API certificate.
- In Production IP whitelist, provide the IP(s) which should be whitelisted. Make sure that the IPs you provide are not local (i.e. private) IP addresses.
- Save the new settings.
To configure your JWT and obtain the refresh and first access tokens, complete the following steps:
Response body samples
[
{
"id": "4016b891-bb50-4bd2-8a1b-adb74f4aacdd",
"state": "created",
"created_at": "2025-11-21T00:00:00Z",
"updated_at": "2025-11-21T00:00:00Z",
"expiry_date": "2025-12-06T00:00:00Z",
"holder_id": "3791712d-e5b5-4d5f-b1f1-79a93d57e08b",
"virtual": true,
"label": "Dariel Pattie",
"spending_limits": {
"single": {
"amount": 50,
"currency": "GBP"
},
"week": {
"amount": 250,
"currency": "GBP"
}
},
"spending_period": {
"end_date": "2026-12-31",
"end_date_action": "lock"
},
"categories": [
"groceries",
"restaurants"
],
"merchant_controls": {
"control_type": "block",
"merchant_ids": [
"14c8d663-2093-4086-96ed-334a4011333f",
"06e0f7fa-38a2-4fcf-a115-df5caf190b55"
]
},
"countries": [
"GB"
],
"accounts": [
"26a852b8-4046-4e71-949d-22f4cb6be26a"
]
},
{
"id": "809d745d-9598-4680-8464-d82113e9024b",
"state": "redeemed",
"created_at": "2025-11-21T00:00:00Z",
"updated_at": "2025-11-23T09:01:13Z",
"card_id": "744b29d4-19e9-40f8-89e6-bfb264ef5710",
"holder_id": "19c76bef-3583-4848-af09-4b2a96c75a14",
"virtual": true,
"label": "Manuel Haleigh - WFH",
"spend_program": {
"label": "WFH equipment"
},
"spending_period": {
"start_date": "2025-11-23",
"end_date": "2025-12-23",
"end_date_action": "terminate"
},
"categories": [
"furniture",
"hardware"
],
"countries": [
"GB"
],
"accounts": [
"6b472c0e-f595-4681-88b4-76eaa0522824"
]
},
{
"id": "0c0d252e-5fff-498e-83f8-f9b635904275",
"state": "expired",
"created_at": "2025-11-22T00:00:00Z",
"updated_at": "2025-11-30T00:00:00Z",
"holder_id": "5ea0ffa1-5dc5-43c4-ac5e-b9e0deb9ec12",
"virtual": true,
"label": "Valeria Keone - meals",
"spending_limits": {
"single": {
"amount": 50,
"currency": "GBP"
},
"week": {
"amount": 250,
"currency": "GBP"
}
},
"spending_period": {
"start_date": "2025-11-29",
"end_date": "2025-12-29",
"end_date_action": "terminate"
},
"categories": [
"groceries",
"restaurants"
],
"merchant_controls": {
"control_type": "block",
"merchant_ids": [
"14c8d663-2093-4086-96ed-334a4011333f",
"06e0f7fa-38a2-4fcf-a115-df5caf190b55"
]
},
"countries": [
"GB"
],
"accounts": [
"6b472c0e-f595-4681-88b4-76eaa0522824"
]
},
{
"id": "9ab6019a-6a26-41f8-b034-44b591f8b1a8",
"state": "failed",
"created_at": "2025-11-27T00:00:00Z",
"updated_at": "2025-11-27T00:00:00Z",
"holder_id": "af686385-4ec0-4139-a4a0-963ee9fa5bc8",
"virtual": true,
"label": "Connor Thato - meals",
"spending_period": {
"start_date": "2025-12-01",
"end_date": "2026-01-01",
"end_date_action": "terminate"
},
"categories": [
"groceries",
"restaurants"
],
"merchant_controls": {
"control_type": "block",
"merchant_ids": [
"14c8d663-2093-4086-96ed-334a4011333f",
"06e0f7fa-38a2-4fcf-a115-df5caf190b55"
]
},
"countries": [
"GB"
],
"accounts": [
"6b472c0e-f595-4681-88b4-76eaa0522824"
]
},
{
"id": "bfc40b73-1e8b-4cba-ad7d-2f54ee707a21",
"state": "failed",
"created_at": "2025-11-28T00:00:00Z",
"updated_at": "2025-12-02T11:31:15Z",
"virtual": true,
"label": "Natália Popović - offb",
"spending_period": {
"start_date": "2025-11-30",
"end_date": "2026-11-30",
"end_date_action": "terminate"
},
"categories": [
"groceries",
"restaurants"
],
"merchant_controls": {
"control_type": "block",
"merchant_ids": [
"14c8d663-2093-4086-96ed-334a4011333f",
"06e0f7fa-38a2-4fcf-a115-df5caf190b55"
]
},
"countries": [
"GB"
],
"accounts": [
"6b472c0e-f595-4681-88b4-76eaa0522824"
]
}
]Retrieve card invitation details
Get the details of a specific card invitation, based on its ID.
- This feature is not available in Sandbox.
- To increase your account's card limits, please contact Revolut API Support.
For more information, see the guides: Manage card invitations.
Request
Response
Information about the card invitation
curl -X GET "https://b2b.revolut.com/api/1.0/card-invitations/123e4567-e89b-12d3-a456-426614174000" \
-H "Authorization: Bearer <yourSecretApiKey>"Authorization
httpbearerEach Business API request must contain an authorization header in the following format to make a call: Bearer <your_access_token>.
The access token will be obtained the first time you set up your application and has an expiration of 40 minutes.
During setup, a refresh_token will also be obtained which allows to obtain a new access_token.
Never share your client-assertion JWT (JSON web token), access_token and refresh_token with anyone, as these can be used to access your banking data and initiate transactions.
Access tokens can be issued with four security scopes and require a JWT (JSON Web Token) signature to be obtained:
-
READ: Permissions forGEToperations. -
WRITE: Permissions to update counterparties, webhooks, and issue payment drafts. -
PAY: Permissions to initiate or cancel transactions and currency exchanges. -
READ_SENSITIVE_CARD_DATA: Permissions to retrieve sensitive card details.If you enable the
READ_SENSITIVE_CARD_DATAscope for your access token, you must set up IP whitelisting. Failing to do so will prevent you from accessing any Business API endpoint.IP whitelisting means that you must specify an IP or a set of IPs which will be the only IPs from which requests to the API will be accepted. To do so:
- Go to the Revolut Business web app settings → APIs → Business API.
- Select the corresponding API certificate.
- In Production IP whitelist, provide the IP(s) which should be whitelisted. Make sure that the IPs you provide are not local (i.e. private) IP addresses.
- Save the new settings.
To configure your JWT and obtain the refresh and first access tokens, complete the following steps:
Response body samples
{
"id": "4016b891-bb50-4bd2-8a1b-adb74f4aacdd",
"state": "created",
"created_at": "2025-11-21T00:00:00Z",
"updated_at": "2025-11-21T00:00:00Z",
"expiry_date": "2025-12-06T00:00:00Z",
"holder_id": "3791712d-e5b5-4d5f-b1f1-79a93d57e08b",
"virtual": true,
"label": "Dariel Pattie",
"spending_limits": {
"single": {
"amount": 50,
"currency": "GBP"
},
"week": {
"amount": 250,
"currency": "GBP"
}
},
"spending_period": {
"end_date": "2026-12-31",
"end_date_action": "lock"
},
"categories": [
"groceries",
"restaurants"
],
"merchant_controls": {
"control_type": "block",
"merchant_ids": [
"14c8d663-2093-4086-96ed-334a4011333f",
"06e0f7fa-38a2-4fcf-a115-df5caf190b55"
]
},
"countries": [
"GB"
],
"accounts": [
"26a852b8-4046-4e71-949d-22f4cb6be26a"
]
}Update card invitation settings
Update settings for a specific card invitation, based on its ID.
You can update successfully created invitations that have not been claimed yet (state=created).
- This feature is not available in Sandbox.
- To increase your account's card limits, please contact Revolut API Support.
Some spend control parameters can affect one another. When updating spend controls, review the resulting settings in the response to ensure they reflect the configuration you intended.
For more information, see the guides: Manage card invitations.
Request
Response
Information about the updated card invitation
curl -X PATCH "https://b2b.revolut.com/api/1.0/card-invitations/123e4567-e89b-12d3-a456-426614174000" \
-H "Authorization: Bearer <yourSecretApiKey>" \
-H "Content-Type: application/json" \
-d '{
"label": "New card label",
"spending_limits": {
"single": {
"amount": 100,
"currency": "GBP"
},
"month": {
"amount": 300,
"currency": "GBP"
}
},
"spending_period": {
"start_date": "2025-12-20",
"end_date": "2027-12-20",
"end_date_action": "lock"
},
"categories": [
"services",
"shopping",
"furniture"
],
"merchant_controls": {
"control_type": "block",
"merchant_ids": [
"46df0a1b-3678-4ded-9cf5-9f4da1b5019d",
"e8a87432-f71e-4deb-be84-969a02792929",
"3f09819f-63d1-473a-966c-54d8b9f43a93"
]
},
"countries": [
"GB",
"SG",
"ES"
],
"accounts": [
"f52c6c84-26b9-4e95-bbcf-99ed6523fb51",
"9ae4345a-5ee5-496b-b776-241fcc5a5ba4"
]
}'Authorization
httpbearerEach Business API request must contain an authorization header in the following format to make a call: Bearer <your_access_token>.
The access token will be obtained the first time you set up your application and has an expiration of 40 minutes.
During setup, a refresh_token will also be obtained which allows to obtain a new access_token.
Never share your client-assertion JWT (JSON web token), access_token and refresh_token with anyone, as these can be used to access your banking data and initiate transactions.
Access tokens can be issued with four security scopes and require a JWT (JSON Web Token) signature to be obtained:
-
READ: Permissions forGEToperations. -
WRITE: Permissions to update counterparties, webhooks, and issue payment drafts. -
PAY: Permissions to initiate or cancel transactions and currency exchanges. -
READ_SENSITIVE_CARD_DATA: Permissions to retrieve sensitive card details.If you enable the
READ_SENSITIVE_CARD_DATAscope for your access token, you must set up IP whitelisting. Failing to do so will prevent you from accessing any Business API endpoint.IP whitelisting means that you must specify an IP or a set of IPs which will be the only IPs from which requests to the API will be accepted. To do so:
- Go to the Revolut Business web app settings → APIs → Business API.
- Select the corresponding API certificate.
- In Production IP whitelist, provide the IP(s) which should be whitelisted. Make sure that the IPs you provide are not local (i.e. private) IP addresses.
- Save the new settings.
To configure your JWT and obtain the refresh and first access tokens, complete the following steps:
Request body samples
{
"label": "New card label",
"spending_limits": {
"single": {
"amount": 100,
"currency": "GBP"
},
"month": {
"amount": 300,
"currency": "GBP"
}
},
"spending_period": {
"start_date": "2025-12-20",
"end_date": "2027-12-20",
"end_date_action": "lock"
},
"categories": [
"services",
"shopping",
"furniture"
],
"merchant_controls": {
"control_type": "block",
"merchant_ids": [
"46df0a1b-3678-4ded-9cf5-9f4da1b5019d",
"e8a87432-f71e-4deb-be84-969a02792929",
"3f09819f-63d1-473a-966c-54d8b9f43a93"
]
},
"countries": [
"GB",
"SG",
"ES"
],
"accounts": [
"f52c6c84-26b9-4e95-bbcf-99ed6523fb51",
"9ae4345a-5ee5-496b-b776-241fcc5a5ba4"
]
}Response body samples
{
"id": "4016b891-bb50-4bd2-8a1b-adb74f4aacdd",
"state": "created",
"created_at": "2025-11-21T00:00:00Z",
"updated_at": "2025-11-21T10:27:15Z",
"expiry_date": "2025-12-06T00:00:00Z",
"holder_id": "3791712d-e5b5-4d5f-b1f1-79a93d57e08b",
"virtual": true,
"label": "New card label",
"spending_limits": {
"single": {
"amount": 100,
"currency": "GBP"
},
"week": {
"amount": 300,
"currency": "GBP"
}
},
"spending_period": {
"start_date": "2025-12-20",
"end_date": "2027-12-20",
"end_date_action": "lock"
},
"categories": [
"services",
"shopping",
"furniture"
],
"merchant_controls": {
"control_type": "block",
"merchant_ids": [
"46df0a1b-3678-4ded-9cf5-9f4da1b5019d",
"e8a87432-f71e-4deb-be84-969a02792929",
"3f09819f-63d1-473a-966c-54d8b9f43a93"
]
},
"countries": [
"GB",
"SG",
"ES"
],
"accounts": [
"f52c6c84-26b9-4e95-bbcf-99ed6523fb51",
"9ae4345a-5ee5-496b-b776-241fcc5a5ba4"
]
}Cancel a card invitation
Cancel a specific card invitation, based on its ID.
- This feature is not available in Sandbox.
- To increase your account's card limits, please contact Revolut API Support.
You can cancel successfully created invitations that have not been claimed yet (state=created).
Once the card invitation is cancelled, it cannot be claimed or reactivated.
A successful response does not get any content in return.
For more information, see the guides: Manage card invitations.
Request
Response
Card invitation successfully cancelled
curl -X POST "https://b2b.revolut.com/api/1.0/card-invitations/{cardInvitationId}/cancel" \
-H "Authorization: Bearer <yourSecretApiKey>"Authorization
httpbearerEach Business API request must contain an authorization header in the following format to make a call: Bearer <your_access_token>.
The access token will be obtained the first time you set up your application and has an expiration of 40 minutes.
During setup, a refresh_token will also be obtained which allows to obtain a new access_token.
Never share your client-assertion JWT (JSON web token), access_token and refresh_token with anyone, as these can be used to access your banking data and initiate transactions.
Access tokens can be issued with four security scopes and require a JWT (JSON Web Token) signature to be obtained:
-
READ: Permissions forGEToperations. -
WRITE: Permissions to update counterparties, webhooks, and issue payment drafts. -
PAY: Permissions to initiate or cancel transactions and currency exchanges. -
READ_SENSITIVE_CARD_DATA: Permissions to retrieve sensitive card details.If you enable the
READ_SENSITIVE_CARD_DATAscope for your access token, you must set up IP whitelisting. Failing to do so will prevent you from accessing any Business API endpoint.IP whitelisting means that you must specify an IP or a set of IPs which will be the only IPs from which requests to the API will be accepted. To do so:
- Go to the Revolut Business web app settings → APIs → Business API.
- Select the corresponding API certificate.
- In Production IP whitelist, provide the IP(s) which should be whitelisted. Make sure that the IPs you provide are not local (i.e. private) IP addresses.
- Save the new settings.
To configure your JWT and obtain the refresh and first access tokens, complete the following steps:
Response body samples
Counterparties
Manage counterparties that you intend to transact with.
Request and response examples can vary based on the account provider's location and type of the counterparty. For more information, see the guides: Create a counterparty.
In the Sandbox environment, you cannot add real people and businesses as Revolut counterparties.
Therefore, to help you simulate Create a counterparty requests, we have created some test accounts for counterparties of profile type personal.
To add a counterparty via Revtag, use one of these pairs for the name and revtag fields respectively:
Test User 1&john1pvkiTest User 2&john2pvki- ...
Test User 9&john9pvki
Validate an account name (CoP/VoP)
Validate a counterparty's account name against their account details when adding a counterparty or making a transfer to a new or existing counterparty.
The CoP check is not a complete fraud-prevention tool, and it does not guarantee the person is who they claim to be. It only confirms that the name and account details your provide match the bank's records.
Even if the counterparty's details match, you should still exercise due caution when transferring funds.
- This feature is only available to businesses in the supported regions. Additionally, to get access to CoP in the UK, eligible businesses must contact Revolut API Support.
- In Sandbox, this feature is only available for testing.
While incomplete or invalid requests will return production-like error responses, complete and valid requests in Sandbox do not undergo real validation and will always return
cannot_be_checked.
The validation relies on different underlying services, depending on the recipient's payment scheme (region and currency). These factors determine which fields you must provide and what response you get.
- For examples, refer to the request body samples.
- For more information, see the guides: Validate an account name (CoP/VoP).
Request
Response
Account name validation result
-
The actual results returned in the response come from the CoP services, not from Revolut. The Business API passes them on as received.
Because of this, the descriptions below should be treated as an approximation rather than complete documentation.
-
The responses differ depending on the CoP service, even when the schema appears the same. Make sure that you refer to the appropriate response variant.
curl -X POST "https://b2b.revolut.com/api/1.0/account-name-validation" \
-H "Authorization: Bearer <yourSecretApiKey>" \
-H "Content-Type: application/json" \
-d '{
"sort_code": "54-01-05",
"account_no": "12345678",
"individual_name": {
"first_name": "John",
"last_name": "Smith"
}
}'Authorization
httpbearerEach Business API request must contain an authorization header in the following format to make a call: Bearer <your_access_token>.
The access token will be obtained the first time you set up your application and has an expiration of 40 minutes.
During setup, a refresh_token will also be obtained which allows to obtain a new access_token.
Never share your client-assertion JWT (JSON web token), access_token and refresh_token with anyone, as these can be used to access your banking data and initiate transactions.
Access tokens can be issued with four security scopes and require a JWT (JSON Web Token) signature to be obtained:
-
READ: Permissions forGEToperations. -
WRITE: Permissions to update counterparties, webhooks, and issue payment drafts. -
PAY: Permissions to initiate or cancel transactions and currency exchanges. -
READ_SENSITIVE_CARD_DATA: Permissions to retrieve sensitive card details.If you enable the
READ_SENSITIVE_CARD_DATAscope for your access token, you must set up IP whitelisting. Failing to do so will prevent you from accessing any Business API endpoint.IP whitelisting means that you must specify an IP or a set of IPs which will be the only IPs from which requests to the API will be accepted. To do so:
- Go to the Revolut Business web app settings → APIs → Business API.
- Select the corresponding API certificate.
- In Production IP whitelist, provide the IP(s) which should be whitelisted. Make sure that the IPs you provide are not local (i.e. private) IP addresses.
- Save the new settings.
To configure your JWT and obtain the refresh and first access tokens, complete the following steps:
Request body samples
{
"sort_code": "54-01-05",
"account_no": "12345678",
"individual_name": {
"first_name": "John",
"last_name": "Smith"
}
}Response body samples
{
"result_code": "matched",
"individual_name": {
"first_name": "John",
"last_name": "Smith"
}
}Retrieve a list of counterparties
Get all the counterparties that you have created, or use the query parameters to filter the results.
The counterparties are sorted by the created_at date in reverse chronological order.
The returned counterparties are paginated.
The maximum number of counterparties returned per page is specified by the limit parameter.
To get to the next page, make a new request and use the created_at date of the last counterparty returned in the previous response.
For more information, see the guides: Retrieve counterparties.
Request
Response
List of your counterparties
curl -X GET "https://b2b.revolut.com/api/1.0/counterparties?name=string&account_no=string&sort_code=string&iban=string&bic=string&created_before=the%20date-time%20at%20which%20the%20request%20is%20made&limit=100" \
-H "Authorization: Bearer <yourSecretApiKey>"Authorization
httpbearerEach Business API request must contain an authorization header in the following format to make a call: Bearer <your_access_token>.
The access token will be obtained the first time you set up your application and has an expiration of 40 minutes.
During setup, a refresh_token will also be obtained which allows to obtain a new access_token.
Never share your client-assertion JWT (JSON web token), access_token and refresh_token with anyone, as these can be used to access your banking data and initiate transactions.
Access tokens can be issued with four security scopes and require a JWT (JSON Web Token) signature to be obtained:
-
READ: Permissions forGEToperations. -
WRITE: Permissions to update counterparties, webhooks, and issue payment drafts. -
PAY: Permissions to initiate or cancel transactions and currency exchanges. -
READ_SENSITIVE_CARD_DATA: Permissions to retrieve sensitive card details.If you enable the
READ_SENSITIVE_CARD_DATAscope for your access token, you must set up IP whitelisting. Failing to do so will prevent you from accessing any Business API endpoint.IP whitelisting means that you must specify an IP or a set of IPs which will be the only IPs from which requests to the API will be accepted. To do so:
- Go to the Revolut Business web app settings → APIs → Business API.
- Select the corresponding API certificate.
- In Production IP whitelist, provide the IP(s) which should be whitelisted. Make sure that the IPs you provide are not local (i.e. private) IP addresses.
- Save the new settings.
To configure your JWT and obtain the refresh and first access tokens, complete the following steps:
Response body samples
[
{
"id": "239d6f1f-2222-4ae6-1111-5cc603341b4e",
"name": "Jane Doe Co.",
"profile_type": "business",
"state": "created",
"created_at": "2022-09-14T14:47:12.273718Z",
"updated_at": "2022-09-14T14:47:12.273718Z",
"accounts": [
{
"iban": "GB66REVO00996995908786",
"bic": "REVOGB21",
"id": "b209281b-aakk-9911-8d83-ac72469cef8f",
"name": "Jane Doe Co.",
"bank_country": "GB",
"currency": "EUR",
"type": "external"
}
]
},
{
"id": "8e0e9886-0af1-4b0c-acf4-111180d2892b",
"name": "John Smith",
"revtag": "johnsmith",
"profile_type": "personal",
"country": "GB",
"state": "created",
"created_at": "2022-09-14T14:41:39.312017Z",
"updated_at": "2022-09-14T14:41:39.312017Z"
},
{
"id": "11cae5ef-ec24-401d-98a3-e5baa0041671",
"name": "John Smith Co.",
"revtag": "jsmithco1",
"profile_type": "business",
"country": "GB",
"state": "created",
"created_at": "2025-09-16T09:34:41.790401Z",
"updated_at": "2025-09-16T09:34:41.790401Z",
"accounts": [
{
"id": "ad3c3b03-611e-461e-99b2-572f4785e44b",
"name": "Main GBP",
"currency": "GBP",
"type": "revolut"
},
{
"id": "67fe3eaa-c994-40c0-b3e0-7b6bfe0cedca",
"name": "Main EUR",
"currency": "EUR",
"type": "revolut"
}
]
},
{
"id": "e7e36cce-2e9c-4e96-818e-1c2fed325852",
"name": "John Doe Co.",
"profile_type": "business",
"state": "created",
"created_at": "2022-08-14T14:34:11.168340Z",
"updated_at": "2022-08-14T14:34:11.168340Z",
"accounts": [
{
"account_no": "12345674",
"sort_code": "540107",
"id": "e277b2bd-3a6d-423b-933d-3d425094bb13",
"name": "John Doe Co.",
"bank_country": "GB",
"currency": "GBP",
"type": "external"
}
]
},
{
"id": "239d6f1f-2222-4ae6-1111-5cc603341b4e",
"name": "Bleu Blanc Conseil SARL",
"profile_type": "business",
"state": "created",
"created_at": "2022-09-14T14:47:12.273718Z",
"updated_at": "2022-09-14T14:47:12.273718Z",
"accounts": [
{
"iban": "FR1420041010050500013M02606",
"bic": "PSSTFRPPLIL",
"id": "b209281b-aakk-9911-8d83-ac72469cef8f",
"name": "Bleu Blanc Conseil SARL",
"bank_country": "FR",
"currency": "EUR",
"type": "external"
}
]
},
{
"id": "b8ce3922-d518-4ae6-9426-e8cc117e5332",
"name": "Johann Meier Co.",
"profile_type": "business",
"state": "created",
"created_at": "2023-08-10T12:43:20.273500Z",
"updated_at": "2026-01-30T12:43:20.273500Z",
"accounts": [
{
"iban": "CH9300762011623852957",
"bic": "UBSWCHZH80A",
"id": "d95bc455-f495-4f18-95fa-32f99479318c",
"name": "Johann Meier Co.",
"bank_country": "CH",
"currency": "EUR",
"type": "external"
}
]
},
{
"id": "173e6a6b-d955-465f-8f31-7f6f7c03927c",
"name": "Edelweiss Handel GmbH",
"profile_type": "business",
"state": "created",
"created_at": "2023-08-10T12:43:20.273500Z",
"updated_at": "2026-01-32T10:54:03.350240Z",
"accounts": [
{
"iban": "CH5604835012345678009",
"bic": "UBSWCHZH80A",
"id": "b3cc43e8-f141-459b-9bd5-3505cf9797f8",
"name": "Edelweiss Handel GmbH",
"bank_country": "CH",
"currency": "CHF",
"type": "external"
}
]
},
{
"id": "1d9013c8-84bf-474c-b3d9-690f2ae2e65c",
"name": "Jane Doe",
"state": "created",
"created_at": "2024-01-10T15:32:10.172300Z",
"updated_at": "2024-01-10T15:32:10.172300Z",
"cards": [
{
"id": "0130f363-eeaf-4aa8-b77f-a6a629c603f5",
"name": "Jane Doe",
"last_digits": 1234,
"scheme": "visa",
"country": "GB",
"currency": "GBP"
},
{
"id": "fa05f2e5-d253-4661-85cc-bcff98b136ac",
"name": "Jane Doe",
"last_digits": 5678,
"scheme": "mastercard",
"country": "GB",
"currency": "GBP"
}
]
}
]Create a counterparty
Create a new counterparty to transact with.
Revtags in Sandbox
In the Sandbox environment, you cannot add real people and businesses as Revolut counterparties.
To help you simulate adding counterparties using Revtag, we created some test accounts of profile type personal that you can use.
Test accounts for Sandbox
To add a counterparty via Revtag, use one of these pairs for the name and revtag fields respectively:
Test User 1&john1pvkiTest User 2&john2pvki- ...
Test User 9&john9pvki
Address field recommendations
Some payment rails may have stricter requirements regarding the address field – for example, by also requiring the region field.
This is why we recommend that you use all available address fields (including street_line1, region and city) when creating a counterparty.
This significantly reduces the risk of any disruption to payments made via the API.
Multiple counterparties with the same details
You cannot create multiple counterparties with the same Revtag. This restriction does not apply to other details. For example:
- Revtag: If you've already added
johnsmithas a Revolut counterparty, you can't add another counterparty with thejohnsmithRevtag. If you try to do so, you'll get an error. - Other details: If you've added John Smith as an individual UK counterparty using GBP with
sort_code=54-01-05andaccount_no=12345678, you can still use the same details to create another counterparty.
Counterparty name
When creating a counterparty, ensure that you use the correct field to define the counterparty's name.
| Counterparty type | Name field to use when added with: | |
|---|---|---|
| Revtag | Other details | |
| Individual | name (string) | individual_name (object with string subfields for first and last name) |
| Company | name (string) | company_name (string) |
For more information, see the guides: Create a counterparty.
Request
Response
Added counterparty
curl -X POST "https://b2b.revolut.com/api/1.0/counterparty" \
-H "Authorization: Bearer <yourSecretApiKey>" \
-H "Content-Type: application/json" \
-d '{
"profile_type": "personal",
"name": "John Smith",
"revtag": "johnsmith"
}'Authorization
httpbearerEach Business API request must contain an authorization header in the following format to make a call: Bearer <your_access_token>.
The access token will be obtained the first time you set up your application and has an expiration of 40 minutes.
During setup, a refresh_token will also be obtained which allows to obtain a new access_token.
Never share your client-assertion JWT (JSON web token), access_token and refresh_token with anyone, as these can be used to access your banking data and initiate transactions.
Access tokens can be issued with four security scopes and require a JWT (JSON Web Token) signature to be obtained:
-
READ: Permissions forGEToperations. -
WRITE: Permissions to update counterparties, webhooks, and issue payment drafts. -
PAY: Permissions to initiate or cancel transactions and currency exchanges. -
READ_SENSITIVE_CARD_DATA: Permissions to retrieve sensitive card details.If you enable the
READ_SENSITIVE_CARD_DATAscope for your access token, you must set up IP whitelisting. Failing to do so will prevent you from accessing any Business API endpoint.IP whitelisting means that you must specify an IP or a set of IPs which will be the only IPs from which requests to the API will be accepted. To do so:
- Go to the Revolut Business web app settings → APIs → Business API.
- Select the corresponding API certificate.
- In Production IP whitelist, provide the IP(s) which should be whitelisted. Make sure that the IPs you provide are not local (i.e. private) IP addresses.
- Save the new settings.
To configure your JWT and obtain the refresh and first access tokens, complete the following steps:
Request body samples
{
"profile_type": "personal",
"name": "John Smith",
"revtag": "johnsmith"
}Response body samples
{
"id": "54ee57d7-1234-abcd-1234-0e1f79164d5e",
"name": "John Smith",
"revtag": "johnsmith",
"profile_type": "personal",
"country": "GB",
"state": "created",
"created_at": "2023-07-26T09:34:41.790401Z",
"updated_at": "2023-07-26T09:34:41.790401Z"
}Retrieve a counterparty
Get the information about a specific counterparty by ID.
Request
Response
The information about a specific counterparty
curl -X GET "https://b2b.revolut.com/api/1.0/counterparty/123e4567-e89b-12d3-a456-426614174000" \
-H "Authorization: Bearer <yourSecretApiKey>"Authorization
httpbearerEach Business API request must contain an authorization header in the following format to make a call: Bearer <your_access_token>.
The access token will be obtained the first time you set up your application and has an expiration of 40 minutes.
During setup, a refresh_token will also be obtained which allows to obtain a new access_token.
Never share your client-assertion JWT (JSON web token), access_token and refresh_token with anyone, as these can be used to access your banking data and initiate transactions.
Access tokens can be issued with four security scopes and require a JWT (JSON Web Token) signature to be obtained:
-
READ: Permissions forGEToperations. -
WRITE: Permissions to update counterparties, webhooks, and issue payment drafts. -
PAY: Permissions to initiate or cancel transactions and currency exchanges. -
READ_SENSITIVE_CARD_DATA: Permissions to retrieve sensitive card details.If you enable the
READ_SENSITIVE_CARD_DATAscope for your access token, you must set up IP whitelisting. Failing to do so will prevent you from accessing any Business API endpoint.IP whitelisting means that you must specify an IP or a set of IPs which will be the only IPs from which requests to the API will be accepted. To do so:
- Go to the Revolut Business web app settings → APIs → Business API.
- Select the corresponding API certificate.
- In Production IP whitelist, provide the IP(s) which should be whitelisted. Make sure that the IPs you provide are not local (i.e. private) IP addresses.
- Save the new settings.
To configure your JWT and obtain the refresh and first access tokens, complete the following steps:
Response body samples
{
"id": "8e0e9886-0af1-4b0c-acf4-111180d2892b",
"name": "John Smith",
"revtag": "johnsmith",
"profile_type": "personal",
"country": "GB",
"state": "created",
"created_at": "2022-09-14T14:41:39.312017Z",
"updated_at": "2022-09-14T14:41:39.312017Z"
}Delete a counterparty
Delete a counterparty with the given ID. When a counterparty is deleted, you cannot make any payments to the counterparty.
Request
Response
The counterparty deleted
curl -X DELETE "https://b2b.revolut.com/api/1.0/counterparty/123e4567-e89b-12d3-a456-426614174000" \
-H "Authorization: Bearer <yourSecretApiKey>"Authorization
httpbearerEach Business API request must contain an authorization header in the following format to make a call: Bearer <your_access_token>.
The access token will be obtained the first time you set up your application and has an expiration of 40 minutes.
During setup, a refresh_token will also be obtained which allows to obtain a new access_token.
Never share your client-assertion JWT (JSON web token), access_token and refresh_token with anyone, as these can be used to access your banking data and initiate transactions.
Access tokens can be issued with four security scopes and require a JWT (JSON Web Token) signature to be obtained:
-
READ: Permissions forGEToperations. -
WRITE: Permissions to update counterparties, webhooks, and issue payment drafts. -
PAY: Permissions to initiate or cancel transactions and currency exchanges. -
READ_SENSITIVE_CARD_DATA: Permissions to retrieve sensitive card details.If you enable the
READ_SENSITIVE_CARD_DATAscope for your access token, you must set up IP whitelisting. Failing to do so will prevent you from accessing any Business API endpoint.IP whitelisting means that you must specify an IP or a set of IPs which will be the only IPs from which requests to the API will be accepted. To do so:
- Go to the Revolut Business web app settings → APIs → Business API.
- Select the corresponding API certificate.
- In Production IP whitelist, provide the IP(s) which should be whitelisted. Make sure that the IPs you provide are not local (i.e. private) IP addresses.
- Save the new settings.
To configure your JWT and obtain the refresh and first access tokens, complete the following steps:
Response body samples
Expenses
Get the list of all the expenses, or use the filters to narrow down the results. You can also get a specific expense, or get a receipt related to an expense by providing their respective IDs.
This feature is not available in Sandbox.
For more information, see the guides: Retrieve expenses and receipts.
Retrieve a list of expenses
Get all your expenses, or use the query parameters to filter the results.
The expenses are sorted by the expense_date value in reverse chronological order, and they're paginated.
The maximum number of expenses returned per page is specified by the count parameter.
To get the next page of results, make a new request and use the expense_date value from the last item of the previous page as the value for the to parameter.
The data enriched by the user, for example, VAT and cost centre, is returned under splits[].tax_rate and labels, respectively.
- The API returns a maximum of 500 expenses per request.
- This feature is not available in Sandbox.
For more information, see the guides: Retrieve expenses and receipts.
Request
Response
List of expenses
curl -X GET "https://b2b.revolut.com/api/1.0/expenses?from=2024-01-01T00%3A00%3A00Z&to=2024-01-01T00%3A00%3A00Z&count=100&state=missing_info&transaction_type=atm" \
-H "Authorization: Bearer <yourSecretApiKey>"Authorization
httpbearerEach Business API request must contain an authorization header in the following format to make a call: Bearer <your_access_token>.
The access token will be obtained the first time you set up your application and has an expiration of 40 minutes.
During setup, a refresh_token will also be obtained which allows to obtain a new access_token.
Never share your client-assertion JWT (JSON web token), access_token and refresh_token with anyone, as these can be used to access your banking data and initiate transactions.
Access tokens can be issued with four security scopes and require a JWT (JSON Web Token) signature to be obtained:
-
READ: Permissions forGEToperations. -
WRITE: Permissions to update counterparties, webhooks, and issue payment drafts. -
PAY: Permissions to initiate or cancel transactions and currency exchanges. -
READ_SENSITIVE_CARD_DATA: Permissions to retrieve sensitive card details.If you enable the
READ_SENSITIVE_CARD_DATAscope for your access token, you must set up IP whitelisting. Failing to do so will prevent you from accessing any Business API endpoint.IP whitelisting means that you must specify an IP or a set of IPs which will be the only IPs from which requests to the API will be accepted. To do so:
- Go to the Revolut Business web app settings → APIs → Business API.
- Select the corresponding API certificate.
- In Production IP whitelist, provide the IP(s) which should be whitelisted. Make sure that the IPs you provide are not local (i.e. private) IP addresses.
- Save the new settings.
To configure your JWT and obtain the refresh and first access tokens, complete the following steps:
Response body samples
[
{
"id": "8decf9f8-053e-46cb-92d8-a7b450fe5ae0",
"state": "approved",
"transaction_type": "card_payment",
"description": "Printer paper",
"submitted_at": "2024-09-13T20:48:40.912Z",
"completed_at": "2024-09-13T20:48:40.948Z",
"payer": "Ray Trenfield",
"merchant": "Best Printers Company",
"transaction_id": "163e0ef6-2414-4fcf-846f-1f871059d506",
"expense_date": "2024-09-13T18:47:01.782Z",
"splits": [
{
"amount": {
"amount": 15.39,
"currency": "GBP"
},
"category": {
"id": "71b9ec74-d5ff-4aa1-a489-f8dc39d4c9b7",
"name": "Printing & Stationery",
"code": "461"
},
"tax_rate": {
"id": "5704fdd2-bac2-42ec-bab0-e075182260be",
"name": "VAT",
"percentage": 20
}
},
{
"amount": {
"amount": 8.99,
"currency": "GBP"
},
"category": {
"id": "a5532a5e-d859-4795-967b-14723f8920ea",
"name": "Groceries",
"code": "555"
},
"tax_rate": {
"id": "d92efe31-fc26-4364-af4b-3630c1057ece",
"name": "No VAT",
"percentage": 0
}
}
],
"labels": {
"Office supplies": [
"photocopying"
],
"Department": [
"HR"
]
},
"receipt_ids": [
"84c0169a-37f9-4bfa-ab1e-f2c81dbc34cf"
],
"spent_amount": {
"amount": 24.38,
"currency": "GBP"
}
},
{
"id": "8498b232-28ba-4baf-b33d-22fb464e83c8",
"state": "missing_info",
"transaction_type": "fee",
"description": "Expenses app charges",
"payer": "Bingston Labs",
"transaction_id": "91b56d41-7b42-40e8-8970-0082cf965e6e",
"expense_date": "2024-09-04T13:39:18.606Z",
"splits": [
{
"amount": {
"amount": 17.68,
"currency": "EUR"
},
"category": {
"id": "95bf2a30-7284-4664-989a-1dcb51e2053a",
"name": "General Expenses",
"code": "429"
},
"tax_rate": {
"id": "812f50e7-37b3-480b-a7c4-2ad08442f7cf",
"name": "20% (VAT on Expenses)",
"percentage": 20
}
}
],
"labels": {},
"receipt_ids": [
"d97d062f-5aae-4a0c-b5f3-52ae134d384d"
],
"spent_amount": {
"amount": 17.68,
"currency": "EUR"
}
},
{
"id": "a0e0294e-0460-42f4-bd97-f969469f1afc",
"state": "missing_info",
"transaction_type": "mileage_reimbursement",
"payer": "John Smith",
"expense_date": "2025-10-6T08:34:18.123Z",
"splits": [
{
"amount": {
"amount": 25.99,
"currency": "EUR"
},
"category": {
"id": "dab86546-a442-464a-9bad-18a826542b03",
"name": "Vehicle Operating Expenses"
},
"tax_rate": {
"id": "728980d1-aa76-44f5-8902-53520160bfeb",
"name": "20% Fuel bills",
"percentage": 20
}
}
],
"labels": {},
"receipt_ids": [],
"spent_amount": {
"amount": 25.99,
"currency": "EUR"
}
}
]Retrieve an expense
Get the information about a specific expense by ID.
The data enriched by the user, for example, VAT and cost centre, is returned under splits[].tax_rate and labels, respectively.
This feature is not available in Sandbox.
For more information, see the guides: Retrieve expenses and receipts.
Request
Response
Expense
curl -X GET "https://b2b.revolut.com/api/1.0/expenses/123e4567-e89b-12d3-a456-426614174000" \
-H "Authorization: Bearer <yourSecretApiKey>"Authorization
httpbearerEach Business API request must contain an authorization header in the following format to make a call: Bearer <your_access_token>.
The access token will be obtained the first time you set up your application and has an expiration of 40 minutes.
During setup, a refresh_token will also be obtained which allows to obtain a new access_token.
Never share your client-assertion JWT (JSON web token), access_token and refresh_token with anyone, as these can be used to access your banking data and initiate transactions.
Access tokens can be issued with four security scopes and require a JWT (JSON Web Token) signature to be obtained:
-
READ: Permissions forGEToperations. -
WRITE: Permissions to update counterparties, webhooks, and issue payment drafts. -
PAY: Permissions to initiate or cancel transactions and currency exchanges. -
READ_SENSITIVE_CARD_DATA: Permissions to retrieve sensitive card details.If you enable the
READ_SENSITIVE_CARD_DATAscope for your access token, you must set up IP whitelisting. Failing to do so will prevent you from accessing any Business API endpoint.IP whitelisting means that you must specify an IP or a set of IPs which will be the only IPs from which requests to the API will be accepted. To do so:
- Go to the Revolut Business web app settings → APIs → Business API.
- Select the corresponding API certificate.
- In Production IP whitelist, provide the IP(s) which should be whitelisted. Make sure that the IPs you provide are not local (i.e. private) IP addresses.
- Save the new settings.
To configure your JWT and obtain the refresh and first access tokens, complete the following steps:
Response body samples
{
"id": "8decf9f8-053e-46cb-92d8-a7b450fe5ae0",
"state": "approved",
"transaction_type": "card_payment",
"description": "Printer paper",
"submitted_at": "2024-09-13T20:48:40.912Z",
"completed_at": "2024-09-13T20:48:40.948Z",
"payer": "Ray Trenfield",
"merchant": "Best Printers Company",
"transaction_id": "163e0ef6-2414-4fcf-846f-1f871059d506",
"expense_date": "2024-09-13T18:47:01.782Z",
"splits": [
{
"amount": {
"amount": 15.39,
"currency": "GBP"
},
"category": {
"id": "71b9ec74-d5ff-4aa1-a489-f8dc39d4c9b7",
"name": "Printing & Stationery",
"code": "461"
},
"tax_rate": {
"id": "5704fdd2-bac2-42ec-bab0-e075182260be",
"name": "VAT",
"percentage": 20
}
},
{
"amount": {
"amount": 8.99,
"currency": "GBP"
},
"category": {
"id": "a5532a5e-d859-4795-967b-14723f8920ea",
"name": "Groceries",
"code": "555"
},
"tax_rate": {
"id": "d92efe31-fc26-4364-af4b-3630c1057ece",
"name": "No VAT",
"percentage": 0
}
}
],
"labels": {
"Office supplies": [
"photocopying"
],
"Department": [
"HR"
]
},
"receipt_ids": [
"84c0169a-37f9-4bfa-ab1e-f2c81dbc34cf"
],
"spent_amount": {
"amount": 24.38,
"currency": "GBP"
}
}Retrieve a receipt related to an expense
Get the receipt related to an expense by providing the receipt's ID.
This feature is not available in Sandbox.
For more information, see the guides: Retrieve expenses and receipts.
Request
Response
Receipt content. The exact format depends on the receipt.
curl -X GET "https://b2b.revolut.com/api/1.0/expenses/123e4567-e89b-12d3-a456-426614174000/receipts/123e4567-e89b-12d3-a456-426614174000/content" \
-H "Authorization: Bearer <yourSecretApiKey>"Authorization
httpbearerEach Business API request must contain an authorization header in the following format to make a call: Bearer <your_access_token>.
The access token will be obtained the first time you set up your application and has an expiration of 40 minutes.
During setup, a refresh_token will also be obtained which allows to obtain a new access_token.
Never share your client-assertion JWT (JSON web token), access_token and refresh_token with anyone, as these can be used to access your banking data and initiate transactions.
Access tokens can be issued with four security scopes and require a JWT (JSON Web Token) signature to be obtained:
-
READ: Permissions forGEToperations. -
WRITE: Permissions to update counterparties, webhooks, and issue payment drafts. -
PAY: Permissions to initiate or cancel transactions and currency exchanges. -
READ_SENSITIVE_CARD_DATA: Permissions to retrieve sensitive card details.If you enable the
READ_SENSITIVE_CARD_DATAscope for your access token, you must set up IP whitelisting. Failing to do so will prevent you from accessing any Business API endpoint.IP whitelisting means that you must specify an IP or a set of IPs which will be the only IPs from which requests to the API will be accepted. To do so:
- Go to the Revolut Business web app settings → APIs → Business API.
- Select the corresponding API certificate.
- In Production IP whitelist, provide the IP(s) which should be whitelisted. Make sure that the IPs you provide are not local (i.e. private) IP addresses.
- Save the new settings.
To configure your JWT and obtain the refresh and first access tokens, complete the following steps:
Response body samples
"@sample-receipt.pdf"Foreign exchange
Retrieve information on exchange rates between currencies, buy and sell currencies.
For more information, see the guides: Exchange money.
Get an exchange rate
Get the sell exchange rate between two currencies.
You can check the currencies supported in Production in the Revolut Help Centre. Some of these currencies might not be available in Sandbox.
For more information, see the guides: Exchange money.
Request
Response
The exchange rate information
curl -X GET "https://b2b.revolut.com/api/1.0/rate?from=string&amount=1.00&to=string" \
-H "Authorization: Bearer <yourSecretApiKey>"Authorization
httpbearerEach Business API request must contain an authorization header in the following format to make a call: Bearer <your_access_token>.
The access token will be obtained the first time you set up your application and has an expiration of 40 minutes.
During setup, a refresh_token will also be obtained which allows to obtain a new access_token.
Never share your client-assertion JWT (JSON web token), access_token and refresh_token with anyone, as these can be used to access your banking data and initiate transactions.
Access tokens can be issued with four security scopes and require a JWT (JSON Web Token) signature to be obtained:
-
READ: Permissions forGEToperations. -
WRITE: Permissions to update counterparties, webhooks, and issue payment drafts. -
PAY: Permissions to initiate or cancel transactions and currency exchanges. -
READ_SENSITIVE_CARD_DATA: Permissions to retrieve sensitive card details.If you enable the
READ_SENSITIVE_CARD_DATAscope for your access token, you must set up IP whitelisting. Failing to do so will prevent you from accessing any Business API endpoint.IP whitelisting means that you must specify an IP or a set of IPs which will be the only IPs from which requests to the API will be accepted. To do so:
- Go to the Revolut Business web app settings → APIs → Business API.
- Select the corresponding API certificate.
- In Production IP whitelist, provide the IP(s) which should be whitelisted. Make sure that the IPs you provide are not local (i.e. private) IP addresses.
- Save the new settings.
To configure your JWT and obtain the refresh and first access tokens, complete the following steps:
Response body samples
{
"from": {
"amount": 1,
"currency": "EUR"
},
"to": {
"amount": 1,
"currency": "USD"
},
"rate": 1.0044090351,
"fee": {
"amount": 0,
"currency": "EUR"
},
"rate_date": "2022-08-31T17:30:34Z"
}Exchange money
Exchange money using one of these methods:
-
Sell currency: You know the amount of currency to sell. For example, you want to exchange 135.5 USD to some EUR.
Specify the amount in the
fromobject. -
Buy currency: You know the amount of currency to buy. For example, you want to exchange some USD to 200 EUR.
Specify the amount in the
toobject.
You must specify the amount field only once, either in the from object or in the to object.
You can check the currencies supported in Production in the Revolut Help Centre. Some of these currencies might not be available in Sandbox.
For more information, see the guides: Exchange money.
Request
Response
Exchange operation details
curl -X POST "https://b2b.revolut.com/api/1.0/exchange" \
-H "Authorization: Bearer <yourSecretApiKey>" \
-H "Content-Type: application/json" \
-d '{
"from": {
"account_id": "af98333c-ea53-482b-93c2-1fa5e4eae671",
"currency": "USD",
"amount": 135.5
},
"to": {
"account_id": "b7ec67d3-5af1-42c8-bece-3d285774894d",
"currency": "EUR"
},
"reference": "exchange",
"request_id": "A1pH4num3ric2"
}'Authorization
httpbearerEach Business API request must contain an authorization header in the following format to make a call: Bearer <your_access_token>.
The access token will be obtained the first time you set up your application and has an expiration of 40 minutes.
During setup, a refresh_token will also be obtained which allows to obtain a new access_token.
Never share your client-assertion JWT (JSON web token), access_token and refresh_token with anyone, as these can be used to access your banking data and initiate transactions.
Access tokens can be issued with four security scopes and require a JWT (JSON Web Token) signature to be obtained:
-
READ: Permissions forGEToperations. -
WRITE: Permissions to update counterparties, webhooks, and issue payment drafts. -
PAY: Permissions to initiate or cancel transactions and currency exchanges. -
READ_SENSITIVE_CARD_DATA: Permissions to retrieve sensitive card details.If you enable the
READ_SENSITIVE_CARD_DATAscope for your access token, you must set up IP whitelisting. Failing to do so will prevent you from accessing any Business API endpoint.IP whitelisting means that you must specify an IP or a set of IPs which will be the only IPs from which requests to the API will be accepted. To do so:
- Go to the Revolut Business web app settings → APIs → Business API.
- Select the corresponding API certificate.
- In Production IP whitelist, provide the IP(s) which should be whitelisted. Make sure that the IPs you provide are not local (i.e. private) IP addresses.
- Save the new settings.
To configure your JWT and obtain the refresh and first access tokens, complete the following steps:
Request body samples
{
"from": {
"account_id": "af98333c-ea53-482b-93c2-1fa5e4eae671",
"currency": "USD",
"amount": 135.5
},
"to": {
"account_id": "b7ec67d3-5af1-42c8-bece-3d285774894d",
"currency": "EUR"
},
"reference": "exchange",
"request_id": "A1pH4num3ric2"
}Response body samples
{
"id": "630f9c2e-2e74-a06d-ab61-deb7ggkkd6cb",
"state": "completed",
"created_at": "2022-08-31T17:36:46.656876Z",
"completed_at": "2022-08-31T17:36:46.657239Z"
}Get exchange reasons
Depending on the country and the amount of funds to be exchanged, you might be required to provide an exchange reason. With this endpoint, you can retrieve all exchange reasons available to your business account.
After you retrieve the results, use the appropriate reason code in the exchange_reason_code field when exchanging money or making a payment that involves foreign currency exchange.
Response
List of exchange reasons
The list of available exchange reasons.
curl -X GET "https://b2b.revolut.com/api/1.0/exchange-reasons" \
-H "Authorization: Bearer <yourSecretApiKey>"Authorization
httpbearerEach Business API request must contain an authorization header in the following format to make a call: Bearer <your_access_token>.
The access token will be obtained the first time you set up your application and has an expiration of 40 minutes.
During setup, a refresh_token will also be obtained which allows to obtain a new access_token.
Never share your client-assertion JWT (JSON web token), access_token and refresh_token with anyone, as these can be used to access your banking data and initiate transactions.
Access tokens can be issued with four security scopes and require a JWT (JSON Web Token) signature to be obtained:
-
READ: Permissions forGEToperations. -
WRITE: Permissions to update counterparties, webhooks, and issue payment drafts. -
PAY: Permissions to initiate or cancel transactions and currency exchanges. -
READ_SENSITIVE_CARD_DATA: Permissions to retrieve sensitive card details.If you enable the
READ_SENSITIVE_CARD_DATAscope for your access token, you must set up IP whitelisting. Failing to do so will prevent you from accessing any Business API endpoint.IP whitelisting means that you must specify an IP or a set of IPs which will be the only IPs from which requests to the API will be accepted. To do so:
- Go to the Revolut Business web app settings → APIs → Business API.
- Select the corresponding API certificate.
- In Production IP whitelist, provide the IP(s) which should be whitelisted. Make sure that the IPs you provide are not local (i.e. private) IP addresses.
- Save the new settings.
To configure your JWT and obtain the refresh and first access tokens, complete the following steps:
Response body samples
{
"0": {
"code": "business_expense_and_claims",
"name": "Business expense and claims"
},
"1": {
"code": "fees_and_charges",
"name": "Fees and charges"
},
"2": {
"code": "fund_transfer_and_intracompany_payment",
"name": "Fund transfer and intracompany payment"
},
"3": {
"code": "gifts_and_donations",
"name": "Gifts and donations"
},
"4": {
"code": "government_services_and_tax",
"name": "Government services and tax"
},
"5": {
"code": "insurance",
"name": "Insurance"
},
"6": {
"code": "inventory",
"name": "Inventory"
},
"7": {
"code": "investment_dividend_and_interest",
"name": "Investment, dividend and interest"
},
"8": {
"code": "loan_and_loan_repayment",
"name": "Loan and loan repayment"
},
"9": {
"code": "marketing",
"name": "Marketing"
},
"10": {
"code": "payment_for_goods_and_services",
"name": "Payment for goods and services"
},
"11": {
"code": "payroll",
"name": "Payroll"
},
"12": {
"code": "refund",
"name": "Refund"
},
"13": {
"code": "rental_and_property",
"name": "Rental and property"
},
"14": {
"code": "sales",
"name": "Sales"
},
"15": {
"code": "service_provider_and_software",
"name": "Service provider and software"
},
"16": {
"code": "travel_and_transportation",
"name": "Travel and transportation"
},
"17": {
"code": "utilities",
"name": "Utilities"
}
}Payment drafts
Payment drafts let you prepare payments for future processing, prepare payments that require an approval, or prepare bulk or scheduled payments.
Simply create a draft, and when you're ready, send it for processing as payment. If you or the payment you're making is subject to an approval process, another team member designated as an approver must approve it in the Revolut Business app before the payment can be processed.
You can also retrieve or delete the drafts created with the API.
For more information on use cases and other details, see the guides: Payment drafts.
Retrieve a list of payment drafts
Get the list of payment drafts created with the API that haven't been sent for processing.
Payment drafts created through the Revolut Business app are not retrieved by the API.
The response lists the drafts with their details, such as the number of payments included in the draft, but not the payment details.
For more information, see the guides: Payment drafts.
Response
List of payment drafts
curl -X GET "https://b2b.revolut.com/api/1.0/payment-drafts" \
-H "Authorization: Bearer <yourSecretApiKey>"Authorization
httpbearerEach Business API request must contain an authorization header in the following format to make a call: Bearer <your_access_token>.
The access token will be obtained the first time you set up your application and has an expiration of 40 minutes.
During setup, a refresh_token will also be obtained which allows to obtain a new access_token.
Never share your client-assertion JWT (JSON web token), access_token and refresh_token with anyone, as these can be used to access your banking data and initiate transactions.
Access tokens can be issued with four security scopes and require a JWT (JSON Web Token) signature to be obtained:
-
READ: Permissions forGEToperations. -
WRITE: Permissions to update counterparties, webhooks, and issue payment drafts. -
PAY: Permissions to initiate or cancel transactions and currency exchanges. -
READ_SENSITIVE_CARD_DATA: Permissions to retrieve sensitive card details.If you enable the
READ_SENSITIVE_CARD_DATAscope for your access token, you must set up IP whitelisting. Failing to do so will prevent you from accessing any Business API endpoint.IP whitelisting means that you must specify an IP or a set of IPs which will be the only IPs from which requests to the API will be accepted. To do so:
- Go to the Revolut Business web app settings → APIs → Business API.
- Select the corresponding API certificate.
- In Production IP whitelist, provide the IP(s) which should be whitelisted. Make sure that the IPs you provide are not local (i.e. private) IP addresses.
- Save the new settings.
To configure your JWT and obtain the refresh and first access tokens, complete the following steps:
Response body samples
{
"payment_orders": [
{
"id": "e7e54cb2-861a-aaaa-80e9-3e6600f3db10",
"scheduled_for": "2026-06-24",
"title": "Draft Payment through API",
"payments_count": 1
}
]
}Create a payment draft
Create a payment draft.
When you create a payment draft, it stays a draft until you send it for processing as payment in the Revolut Business app.
Until then, you can delete the draft if you no longer wish to proceed with it.
If you or the payment you're making is subject to an approval process, when you send the draft for processing, the payment goes into the Pending review state.
Before it can be processed, the business owner, administrator, or another team member designated as an approver must approve it in the Revolut Business app.
For more information on use cases and other details, see the guides: Payment drafts.
Request
Response
The ID of the payment draft that was created
curl -X POST "https://b2b.revolut.com/api/1.0/payment-drafts" \
-H "Authorization: Bearer <yourSecretApiKey>" \
-H "Content-Type: application/json" \
-d '{
"title": "Payment Draft Title",
"payments": [
{
"account_id": "2e6de1bf-97ad-478d-aad1-9d7a3cdf70cb",
"receiver": {
"counterparty_id": "a15bcac4-dd42-45ed-a828-6806ccc8bb7e",
"account_id": "2bf609f4-9825-4401-b6f7-960c61f8bee0"
},
"amount": 10,
"currency": "GBP",
"reference": "Payment #123"
}
]
}'Authorization
httpbearerEach Business API request must contain an authorization header in the following format to make a call: Bearer <your_access_token>.
The access token will be obtained the first time you set up your application and has an expiration of 40 minutes.
During setup, a refresh_token will also be obtained which allows to obtain a new access_token.
Never share your client-assertion JWT (JSON web token), access_token and refresh_token with anyone, as these can be used to access your banking data and initiate transactions.
Access tokens can be issued with four security scopes and require a JWT (JSON Web Token) signature to be obtained:
-
READ: Permissions forGEToperations. -
WRITE: Permissions to update counterparties, webhooks, and issue payment drafts. -
PAY: Permissions to initiate or cancel transactions and currency exchanges. -
READ_SENSITIVE_CARD_DATA: Permissions to retrieve sensitive card details.If you enable the
READ_SENSITIVE_CARD_DATAscope for your access token, you must set up IP whitelisting. Failing to do so will prevent you from accessing any Business API endpoint.IP whitelisting means that you must specify an IP or a set of IPs which will be the only IPs from which requests to the API will be accepted. To do so:
- Go to the Revolut Business web app settings → APIs → Business API.
- Select the corresponding API certificate.
- In Production IP whitelist, provide the IP(s) which should be whitelisted. Make sure that the IPs you provide are not local (i.e. private) IP addresses.
- Save the new settings.
To configure your JWT and obtain the refresh and first access tokens, complete the following steps:
Request body samples
{
"title": "Payment Draft Title",
"payments": [
{
"account_id": "2e6de1bf-97ad-478d-aad1-9d7a3cdf70cb",
"receiver": {
"counterparty_id": "a15bcac4-dd42-45ed-a828-6806ccc8bb7e",
"account_id": "2bf609f4-9825-4401-b6f7-960c61f8bee0"
},
"amount": 10,
"currency": "GBP",
"reference": "Payment #123"
}
]
}Response body samples
{
"id": "e7e54cb2-861a-aaaa-80e9-3e6600f3db10"
}Retrieve a payment draft
Get the information about a specific payment draft by ID.
The response lists the details of the payment(s) included in the draft, as well as the draft details.
For more information, see the guides: Payment drafts.
Request
Response
The information about a specific payment draft
curl -X GET "https://b2b.revolut.com/api/1.0/payment-drafts/123e4567-e89b-12d3-a456-426614174000" \
-H "Authorization: Bearer <yourSecretApiKey>"Authorization
httpbearerEach Business API request must contain an authorization header in the following format to make a call: Bearer <your_access_token>.
The access token will be obtained the first time you set up your application and has an expiration of 40 minutes.
During setup, a refresh_token will also be obtained which allows to obtain a new access_token.
Never share your client-assertion JWT (JSON web token), access_token and refresh_token with anyone, as these can be used to access your banking data and initiate transactions.
Access tokens can be issued with four security scopes and require a JWT (JSON Web Token) signature to be obtained:
-
READ: Permissions forGEToperations. -
WRITE: Permissions to update counterparties, webhooks, and issue payment drafts. -
PAY: Permissions to initiate or cancel transactions and currency exchanges. -
READ_SENSITIVE_CARD_DATA: Permissions to retrieve sensitive card details.If you enable the
READ_SENSITIVE_CARD_DATAscope for your access token, you must set up IP whitelisting. Failing to do so will prevent you from accessing any Business API endpoint.IP whitelisting means that you must specify an IP or a set of IPs which will be the only IPs from which requests to the API will be accepted. To do so:
- Go to the Revolut Business web app settings → APIs → Business API.
- Select the corresponding API certificate.
- In Production IP whitelist, provide the IP(s) which should be whitelisted. Make sure that the IPs you provide are not local (i.e. private) IP addresses.
- Save the new settings.
To configure your JWT and obtain the refresh and first access tokens, complete the following steps:
Response body samples
{
"title": "Draft Payment through API",
"scheduled_for": "2026-06-24",
"payments": [
{
"id": "67b38771-3db0-4cf0-bdc0-aaaa1284ab81",
"amount": {
"amount": 123,
"currency": "GBP"
},
"reference": "Draft Payment through API",
"account_id": "05018b0d-e67c-4fec-aaaa-415e9da9432c",
"receiver": {
"counterparty_id": "c71af44d-aaaa-4e1a-84bb-17589c81f022"
},
"state": "CREATED",
"current_charge_options": {
"from": {
"amount": 123,
"currency": "GBP"
},
"to": {
"amount": 123,
"currency": "GBP"
},
"rate": "1.0000",
"fee": {
"amount": 0,
"currency": "GBP"
}
}
}
]
}Delete a payment draft
Delete a payment draft with the given ID.
You can delete a payment draft only if it hasn't been sent for processing.
For more information, see the guides: Payment drafts.
Request
Response
The payment draft was successfully deleted
curl -X DELETE "https://b2b.revolut.com/api/1.0/payment-drafts/123e4567-e89b-12d3-a456-426614174000" \
-H "Authorization: Bearer <yourSecretApiKey>"Authorization
httpbearerEach Business API request must contain an authorization header in the following format to make a call: Bearer <your_access_token>.
The access token will be obtained the first time you set up your application and has an expiration of 40 minutes.
During setup, a refresh_token will also be obtained which allows to obtain a new access_token.
Never share your client-assertion JWT (JSON web token), access_token and refresh_token with anyone, as these can be used to access your banking data and initiate transactions.
Access tokens can be issued with four security scopes and require a JWT (JSON Web Token) signature to be obtained:
-
READ: Permissions forGEToperations. -
WRITE: Permissions to update counterparties, webhooks, and issue payment drafts. -
PAY: Permissions to initiate or cancel transactions and currency exchanges. -
READ_SENSITIVE_CARD_DATA: Permissions to retrieve sensitive card details.If you enable the
READ_SENSITIVE_CARD_DATAscope for your access token, you must set up IP whitelisting. Failing to do so will prevent you from accessing any Business API endpoint.IP whitelisting means that you must specify an IP or a set of IPs which will be the only IPs from which requests to the API will be accepted. To do so:
- Go to the Revolut Business web app settings → APIs → Business API.
- Select the corresponding API certificate.
- In Production IP whitelist, provide the IP(s) which should be whitelisted. Make sure that the IPs you provide are not local (i.e. private) IP addresses.
- Save the new settings.
To configure your JWT and obtain the refresh and first access tokens, complete the following steps:
Response body samples
Payout links
Use payout links to send money without having to request full banking details of the recipient.
The recipient must claim the money before the link expires.
This feature is available in the UK, the EEA, AU, and SG.
For more information, see the guides: Send money via payout link.
Create a payout link
Create a payout link to send money even when you don't have the full banking details of the counterparty.
After you have created the link, send it to the recipient so that they can claim the payment.
This feature is available in the UK, the EEA, AU, and SG.
For more information, see the guides: Send money via payout link.
Request
Response
Created payout link details
curl -X POST "https://b2b.revolut.com/api/1.0/payout-links" \
-H "Authorization: Bearer <yourSecretApiKey>" \
-H "Content-Type: application/json" \
-d '{
"counterparty_name": "string",
"save_counterparty": false,
"request_id": "string",
"account_id": "123e4567-e89b-12d3-a456-426614174000",
"amount": 123,
"currency": "string",
"reference": "a",
"payout_methods": [
"revolut",
"bank_account"
],
"expiry_period": "P7D",
"transfer_reason_code": "string"
}'Authorization
httpbearerEach Business API request must contain an authorization header in the following format to make a call: Bearer <your_access_token>.
The access token will be obtained the first time you set up your application and has an expiration of 40 minutes.
During setup, a refresh_token will also be obtained which allows to obtain a new access_token.
Never share your client-assertion JWT (JSON web token), access_token and refresh_token with anyone, as these can be used to access your banking data and initiate transactions.
Access tokens can be issued with four security scopes and require a JWT (JSON Web Token) signature to be obtained:
-
READ: Permissions forGEToperations. -
WRITE: Permissions to update counterparties, webhooks, and issue payment drafts. -
PAY: Permissions to initiate or cancel transactions and currency exchanges. -
READ_SENSITIVE_CARD_DATA: Permissions to retrieve sensitive card details.If you enable the
READ_SENSITIVE_CARD_DATAscope for your access token, you must set up IP whitelisting. Failing to do so will prevent you from accessing any Business API endpoint.IP whitelisting means that you must specify an IP or a set of IPs which will be the only IPs from which requests to the API will be accepted. To do so:
- Go to the Revolut Business web app settings → APIs → Business API.
- Select the corresponding API certificate.
- In Production IP whitelist, provide the IP(s) which should be whitelisted. Make sure that the IPs you provide are not local (i.e. private) IP addresses.
- Save the new settings.
To configure your JWT and obtain the refresh and first access tokens, complete the following steps:
Request body samples
{
"counterparty_name": "string",
"save_counterparty": false,
"request_id": "string",
"account_id": "123e4567-e89b-12d3-a456-426614174000",
"amount": 123,
"currency": "string",
"reference": "a",
"payout_methods": [
"revolut",
"bank_account"
],
"expiry_period": "P7D",
"transfer_reason_code": "string"
}Response body samples
{
"id": "12dcd8c2-6408-458f-98a9-3f4abc180898",
"state": "active",
"created_at": "2023-07-11T13:55:54.834963Z",
"updated_at": "2023-07-11T13:55:55.082655Z",
"counterparty_name": "John Smith",
"request_id": "5a7fcb46-4be4-47d4-a56f-27a2e5b78dd1",
"expiry_date": "2023-07-18T13:55:55.082280Z",
"payout_methods": [
"revolut",
"bank_account",
"card"
],
"account_id": "85f515e4-588f-4496-a6a5-a7615a193e6b",
"amount": 105.6,
"currency": "GBP",
"url": "https://business.revolut.com/p/uSJVAd5SnP1",
"reference": "Rent",
"transfer_reason_code": "property_rental"
}Retrieve a list of payout links
Get all the links that you have created, or use the query parameters to filter the results.
The links are sorted by the created_at date in reverse chronological order.
The returned links are paginated.
The maximum number of payout links returned per page is specified by the limit parameter.
To get to the next page, make a new request and use the created_at date of the last payout link returned in the previous response.
This feature is available in the UK, the EEA, AU, and SG.
For more information, see the guides: Send money via payout link.
Request
Response
List of your payout links
A list of payout links
curl -X GET "https://b2b.revolut.com/api/1.0/payout-links?state=%5B%5D&created_before=the%20date-time%20at%20which%20the%20request%20is%20made&limit=100" \
-H "Authorization: Bearer <yourSecretApiKey>"Authorization
httpbearerEach Business API request must contain an authorization header in the following format to make a call: Bearer <your_access_token>.
The access token will be obtained the first time you set up your application and has an expiration of 40 minutes.
During setup, a refresh_token will also be obtained which allows to obtain a new access_token.
Never share your client-assertion JWT (JSON web token), access_token and refresh_token with anyone, as these can be used to access your banking data and initiate transactions.
Access tokens can be issued with four security scopes and require a JWT (JSON Web Token) signature to be obtained:
-
READ: Permissions forGEToperations. -
WRITE: Permissions to update counterparties, webhooks, and issue payment drafts. -
PAY: Permissions to initiate or cancel transactions and currency exchanges. -
READ_SENSITIVE_CARD_DATA: Permissions to retrieve sensitive card details.If you enable the
READ_SENSITIVE_CARD_DATAscope for your access token, you must set up IP whitelisting. Failing to do so will prevent you from accessing any Business API endpoint.IP whitelisting means that you must specify an IP or a set of IPs which will be the only IPs from which requests to the API will be accepted. To do so:
- Go to the Revolut Business web app settings → APIs → Business API.
- Select the corresponding API certificate.
- In Production IP whitelist, provide the IP(s) which should be whitelisted. Make sure that the IPs you provide are not local (i.e. private) IP addresses.
- Save the new settings.
To configure your JWT and obtain the refresh and first access tokens, complete the following steps:
Response body samples
{
"0": {
"id": "8e32b08a-e012-4530-bd15-c4e9ebde953d",
"state": "processed",
"created_at": "2024-01-11T14:02:53.472318Z",
"updated_at": "2024-01-11T14:05:02.962886Z",
"counterparty_name": "Jane Doe",
"request_id": "5a7fcb46-4be4-47d4-a56f-27a2e5b78dMM",
"expiry_date": "2023-07-18T14:02:53.717626Z",
"payout_methods": [
"revolut",
"bank_account",
"card"
],
"account_id": "85f515e4-588f-4496-a6a5-a7615a193e6b",
"amount": 5.6,
"currency": "GBP",
"counterparty_id": "2ef4618a-f258-4ac5-a846-ca6e089214f6",
"transaction_id": "64ad618e-655a-a925-8425-2284c03f6c08",
"reference": "Bus ticket",
"transfer_reason_code": "travel"
},
"1": {
"id": "12dcd8c2-6408-458f-98a9-3f4abc180898",
"state": "active",
"created_at": "2023-07-11T13:55:54.834963Z",
"updated_at": "2023-07-11T14:02:12.868346Z",
"counterparty_name": "John Doe",
"request_id": "5a7fcb46-4be4-47d4-a56f-27a2e5b78dd1",
"expiry_date": "2023-07-18T13:55:55.082280Z",
"payout_methods": [
"revolut",
"bank_account"
],
"account_id": "85f515e4-588f-4496-a6a5-a7615a193e6b",
"amount": 105.6,
"currency": "GBP",
"url": "https://business.revolut.com/p/uSJVAd5SnP1",
"reference": "Rent",
"transfer_reason_code": "property_rental"
},
"2": {
"id": "d3b02315-044c-471f-ad41-59d9a4e3c538",
"state": "active",
"created_at": "2023-07-11T13:53:45.986248Z",
"updated_at": "2023-07-11T13:53:46.475470Z",
"counterparty_name": "John Smith",
"request_id": "rev-001",
"expiry_date": "2023-07-18T13:53:46.474777Z",
"payout_methods": [
"revolut"
],
"account_id": "85f515e4-588f-4496-a6a5-a7615a193e6b",
"amount": 15.6,
"currency": "GBP",
"url": "https://business.revolut.com/p/DPYtd2BUUwP",
"reference": "meal delivery"
}
}Retrieve a payout link
Get the information about a specific link by its ID.
This feature is available in the UK, the EEA, AU, and SG.
For more information, see the guides: Send money via payout link.
Request
Response
The information about a specific link
curl -X GET "https://b2b.revolut.com/api/1.0/payout-links/123e4567-e89b-12d3-a456-426614174000" \
-H "Authorization: Bearer <yourSecretApiKey>"Authorization
httpbearerEach Business API request must contain an authorization header in the following format to make a call: Bearer <your_access_token>.
The access token will be obtained the first time you set up your application and has an expiration of 40 minutes.
During setup, a refresh_token will also be obtained which allows to obtain a new access_token.
Never share your client-assertion JWT (JSON web token), access_token and refresh_token with anyone, as these can be used to access your banking data and initiate transactions.
Access tokens can be issued with four security scopes and require a JWT (JSON Web Token) signature to be obtained:
-
READ: Permissions forGEToperations. -
WRITE: Permissions to update counterparties, webhooks, and issue payment drafts. -
PAY: Permissions to initiate or cancel transactions and currency exchanges. -
READ_SENSITIVE_CARD_DATA: Permissions to retrieve sensitive card details.If you enable the
READ_SENSITIVE_CARD_DATAscope for your access token, you must set up IP whitelisting. Failing to do so will prevent you from accessing any Business API endpoint.IP whitelisting means that you must specify an IP or a set of IPs which will be the only IPs from which requests to the API will be accepted. To do so:
- Go to the Revolut Business web app settings → APIs → Business API.
- Select the corresponding API certificate.
- In Production IP whitelist, provide the IP(s) which should be whitelisted. Make sure that the IPs you provide are not local (i.e. private) IP addresses.
- Save the new settings.
To configure your JWT and obtain the refresh and first access tokens, complete the following steps:
Response body samples
{
"id": "12dcd8c2-6408-458f-98a9-3f4abc180898",
"state": "active",
"created_at": "2023-07-11T13:55:54.834963Z",
"updated_at": "2023-07-11T13:55:55.082655Z",
"counterparty_name": "John Smith",
"request_id": "5a7fcb46-4be4-47d4-a56f-27a2e5b78dd1",
"expiry_date": "2023-07-18T13:55:55.082280Z",
"payout_methods": [
"revolut",
"bank_account",
"card"
],
"account_id": "85f515e4-588f-4496-a6a5-a7615a193e6b",
"amount": 105.6,
"currency": "GBP",
"url": "https://business.revolut.com/p/uSJVAd5SnP1",
"reference": "Rent",
"transfer_reason_code": "property_rental"
}Cancel a payout link
Cancel a payout link. You can only cancel a link that hasn't been claimed yet. A successful request does not get any content in response.
This feature is available in the UK, the EEA, AU, and SG.
For more information, see the guides: Send money via payout link.
Request
Response
Payout link has been cancelled
curl -X POST "https://b2b.revolut.com/api/1.0/payout-links/123e4567-e89b-12d3-a456-426614174000/cancel" \
-H "Authorization: Bearer <yourSecretApiKey>"Authorization
httpbearerEach Business API request must contain an authorization header in the following format to make a call: Bearer <your_access_token>.
The access token will be obtained the first time you set up your application and has an expiration of 40 minutes.
During setup, a refresh_token will also be obtained which allows to obtain a new access_token.
Never share your client-assertion JWT (JSON web token), access_token and refresh_token with anyone, as these can be used to access your banking data and initiate transactions.
Access tokens can be issued with four security scopes and require a JWT (JSON Web Token) signature to be obtained:
-
READ: Permissions forGEToperations. -
WRITE: Permissions to update counterparties, webhooks, and issue payment drafts. -
PAY: Permissions to initiate or cancel transactions and currency exchanges. -
READ_SENSITIVE_CARD_DATA: Permissions to retrieve sensitive card details.If you enable the
READ_SENSITIVE_CARD_DATAscope for your access token, you must set up IP whitelisting. Failing to do so will prevent you from accessing any Business API endpoint.IP whitelisting means that you must specify an IP or a set of IPs which will be the only IPs from which requests to the API will be accepted. To do so:
- Go to the Revolut Business web app settings → APIs → Business API.
- Select the corresponding API certificate.
- In Production IP whitelist, provide the IP(s) which should be whitelisted. Make sure that the IPs you provide are not local (i.e. private) IP addresses.
- Save the new settings.
To configure your JWT and obtain the refresh and first access tokens, complete the following steps:
Response body samples
Simulations
The Simulations API is only available in the Sandbox environment. It lets you simulate certain events that are otherwise only possible in the production environment, such as your account's top-up and transfer state changes.
For more information, see the guides: Test your flows with simulations (Sandbox only).
To play around with Sandbox, create a Sandbox account.
Simulate a transfer state update (Sandbox only)
Simulate a transfer state change in the Sandbox environment.
For example, after you make a transfer in Sandbox, you can change its state to completed. The resulting state is final and cannot be changed.
For more information, see the guides: Test your flows with simulations (Sandbox only).
Request
Response
Information about the updated transfer state
curl -X POST "https://b2b.revolut.com/api/1.0/sandbox/transactions/123e4567-e89b-12d3-a456-426614174000/fail" \
-H "Authorization: Bearer <yourSecretApiKey>"Authorization
httpbearerEach Business API request must contain an authorization header in the following format to make a call: Bearer <your_access_token>.
The access token will be obtained the first time you set up your application and has an expiration of 40 minutes.
During setup, a refresh_token will also be obtained which allows to obtain a new access_token.
Never share your client-assertion JWT (JSON web token), access_token and refresh_token with anyone, as these can be used to access your banking data and initiate transactions.
Access tokens can be issued with four security scopes and require a JWT (JSON Web Token) signature to be obtained:
-
READ: Permissions forGEToperations. -
WRITE: Permissions to update counterparties, webhooks, and issue payment drafts. -
PAY: Permissions to initiate or cancel transactions and currency exchanges. -
READ_SENSITIVE_CARD_DATA: Permissions to retrieve sensitive card details.If you enable the
READ_SENSITIVE_CARD_DATAscope for your access token, you must set up IP whitelisting. Failing to do so will prevent you from accessing any Business API endpoint.IP whitelisting means that you must specify an IP or a set of IPs which will be the only IPs from which requests to the API will be accepted. To do so:
- Go to the Revolut Business web app settings → APIs → Business API.
- Select the corresponding API certificate.
- In Production IP whitelist, provide the IP(s) which should be whitelisted. Make sure that the IPs you provide are not local (i.e. private) IP addresses.
- Save the new settings.
To configure your JWT and obtain the refresh and first access tokens, complete the following steps:
Response body samples
{
"id": "a6ea39d7-62c9-481c-8ba6-8a887a44c486",
"state": "completed",
"created_at": "2023-01-23T08:39:35.811005Z",
"completed_at": "2023-01-23T08:39:35.811005Z"
}Simulate an account top-up (Sandbox only)
Simulate a top-up of your account in the Sandbox environment.
This is useful during testing, when you run out of money in your test account and need to add more.
For more information, see the guides: Test your flows with simulations (Sandbox only).
Request
Response
Information about the top-up state
curl -X POST "https://b2b.revolut.com/api/1.0/sandbox/topup" \
-H "Authorization: Bearer <yourSecretApiKey>" \
-H "Content-Type: application/json" \
-d '{
"account_id": "e042f1fe-f721-49cc-af82-db7a6c46944f",
"amount": 100,
"currency": "GBP",
"reference": "Test Top-up",
"state": "completed"
}'Authorization
httpbearerEach Business API request must contain an authorization header in the following format to make a call: Bearer <your_access_token>.
The access token will be obtained the first time you set up your application and has an expiration of 40 minutes.
During setup, a refresh_token will also be obtained which allows to obtain a new access_token.
Never share your client-assertion JWT (JSON web token), access_token and refresh_token with anyone, as these can be used to access your banking data and initiate transactions.
Access tokens can be issued with four security scopes and require a JWT (JSON Web Token) signature to be obtained:
-
READ: Permissions forGEToperations. -
WRITE: Permissions to update counterparties, webhooks, and issue payment drafts. -
PAY: Permissions to initiate or cancel transactions and currency exchanges. -
READ_SENSITIVE_CARD_DATA: Permissions to retrieve sensitive card details.If you enable the
READ_SENSITIVE_CARD_DATAscope for your access token, you must set up IP whitelisting. Failing to do so will prevent you from accessing any Business API endpoint.IP whitelisting means that you must specify an IP or a set of IPs which will be the only IPs from which requests to the API will be accepted. To do so:
- Go to the Revolut Business web app settings → APIs → Business API.
- Select the corresponding API certificate.
- In Production IP whitelist, provide the IP(s) which should be whitelisted. Make sure that the IPs you provide are not local (i.e. private) IP addresses.
- Save the new settings.
To configure your JWT and obtain the refresh and first access tokens, complete the following steps:
Request body samples
{
"account_id": "e042f1fe-f721-49cc-af82-db7a6c46944f",
"amount": 100,
"currency": "GBP",
"reference": "Test Top-up",
"state": "completed"
}Response body samples
{
"id": "330953b8-b089-4cfd-9f03-e88173d64248",
"state": "completed",
"created_at": "2023-01-23T08:39:35.811005Z",
"completed_at": "2023-01-23T08:39:35.811005Z"
}Team members
Retrieve information on existing team members of your organisation, delete team members, and invite new members.
For more information, see the guides: Manage team members.
Retrieve a list of team members
Get information about all the team members of your business.
The results are paginated and sorted by the created_at date in reverse chronological order.
For more information, see the guides: Manage team members.
Request
Response
Information about team members of the business
curl -X GET "https://b2b.revolut.com/api/1.0/team-members?created_before=the%20date-time%20at%20which%20the%20request%20is%20made&limit=100" \
-H "Authorization: Bearer <yourSecretApiKey>"Authorization
httpbearerEach Business API request must contain an authorization header in the following format to make a call: Bearer <your_access_token>.
The access token will be obtained the first time you set up your application and has an expiration of 40 minutes.
During setup, a refresh_token will also be obtained which allows to obtain a new access_token.
Never share your client-assertion JWT (JSON web token), access_token and refresh_token with anyone, as these can be used to access your banking data and initiate transactions.
Access tokens can be issued with four security scopes and require a JWT (JSON Web Token) signature to be obtained:
-
READ: Permissions forGEToperations. -
WRITE: Permissions to update counterparties, webhooks, and issue payment drafts. -
PAY: Permissions to initiate or cancel transactions and currency exchanges. -
READ_SENSITIVE_CARD_DATA: Permissions to retrieve sensitive card details.If you enable the
READ_SENSITIVE_CARD_DATAscope for your access token, you must set up IP whitelisting. Failing to do so will prevent you from accessing any Business API endpoint.IP whitelisting means that you must specify an IP or a set of IPs which will be the only IPs from which requests to the API will be accepted. To do so:
- Go to the Revolut Business web app settings → APIs → Business API.
- Select the corresponding API certificate.
- In Production IP whitelist, provide the IP(s) which should be whitelisted. Make sure that the IPs you provide are not local (i.e. private) IP addresses.
- Save the new settings.
To configure your JWT and obtain the refresh and first access tokens, complete the following steps:
Response body samples
[
{
"email": "john.doe@example.com",
"id": "76969b71-a123-42dc-b874-a34688d7bba4",
"role_id": "owner",
"state": "active",
"first_name": "John",
"last_name": "Doe",
"created_at": "2022-09-07T09:19:31.592368Z",
"updated_at": "2022-09-07T09:21:24.346670Z"
},
{
"email": "john.smith@example.com",
"id": "168922e1-594f-4ca0-93b2-56b742f3936b",
"role_id": "024abb3d-06da-4701-9254-dfcc3da38385",
"state": "active",
"created_at": "2022-09-07T09:19:32.592368Z",
"updated_at": "2022-09-07T09:21:25.346670Z"
}
]Invite a new member to your business
Invite a new member to your business account.
When you invite a new team member to your business account, an invitation is sent to their email address that you provided in this request. To join your business account, the new team member has to accept this invitation.
For more information, see the guides: Manage team members.
Request
Response
Information about the new member
curl -X POST "https://b2b.revolut.com/api/1.0/team-members" \
-H "Authorization: Bearer <yourSecretApiKey>" \
-H "Content-Type: application/json" \
-d '{
"email": "john.smith@example.com",
"role_id": "0098ac28-b92f-435e-a3a2-2829d3918dfb"
}'Authorization
httpbearerEach Business API request must contain an authorization header in the following format to make a call: Bearer <your_access_token>.
The access token will be obtained the first time you set up your application and has an expiration of 40 minutes.
During setup, a refresh_token will also be obtained which allows to obtain a new access_token.
Never share your client-assertion JWT (JSON web token), access_token and refresh_token with anyone, as these can be used to access your banking data and initiate transactions.
Access tokens can be issued with four security scopes and require a JWT (JSON Web Token) signature to be obtained:
-
READ: Permissions forGEToperations. -
WRITE: Permissions to update counterparties, webhooks, and issue payment drafts. -
PAY: Permissions to initiate or cancel transactions and currency exchanges. -
READ_SENSITIVE_CARD_DATA: Permissions to retrieve sensitive card details.If you enable the
READ_SENSITIVE_CARD_DATAscope for your access token, you must set up IP whitelisting. Failing to do so will prevent you from accessing any Business API endpoint.IP whitelisting means that you must specify an IP or a set of IPs which will be the only IPs from which requests to the API will be accepted. To do so:
- Go to the Revolut Business web app settings → APIs → Business API.
- Select the corresponding API certificate.
- In Production IP whitelist, provide the IP(s) which should be whitelisted. Make sure that the IPs you provide are not local (i.e. private) IP addresses.
- Save the new settings.
To configure your JWT and obtain the refresh and first access tokens, complete the following steps:
Request body samples
{
"email": "john.smith@example.com",
"role_id": "0098ac28-b92f-435e-a3a2-2829d3918dfb"
}Response body samples
{
"email": "john.smith@example.com",
"id": "76969b71-a123-42dc-b874-a34688d7bba4",
"role_id": "0098ac28-b92f-435e-a3a2-2829d3918dfb",
"created_at": "2022-09-07T09:19:31.592368Z",
"updated_at": "2022-09-07T09:21:24.346670Z"
}Delete a team member
Delete a specific member of your team.
This action does not delete the person’s Revolut Business user account – it only removes them from your team. They will lose access to your Revolut Business account and team but can still log in to Revolut Business. Their user account will remain linked to any other teams and accounts it’s associated with.
For more information, see the guides: Manage team members.
Request
Response
Team member was deleted
curl -X DELETE "https://b2b.revolut.com/api/1.0/team-members/123e4567-e89b-12d3-a456-426614174000" \
-H "Authorization: Bearer <yourSecretApiKey>"Authorization
httpbearerEach Business API request must contain an authorization header in the following format to make a call: Bearer <your_access_token>.
The access token will be obtained the first time you set up your application and has an expiration of 40 minutes.
During setup, a refresh_token will also be obtained which allows to obtain a new access_token.
Never share your client-assertion JWT (JSON web token), access_token and refresh_token with anyone, as these can be used to access your banking data and initiate transactions.
Access tokens can be issued with four security scopes and require a JWT (JSON Web Token) signature to be obtained:
-
READ: Permissions forGEToperations. -
WRITE: Permissions to update counterparties, webhooks, and issue payment drafts. -
PAY: Permissions to initiate or cancel transactions and currency exchanges. -
READ_SENSITIVE_CARD_DATA: Permissions to retrieve sensitive card details.If you enable the
READ_SENSITIVE_CARD_DATAscope for your access token, you must set up IP whitelisting. Failing to do so will prevent you from accessing any Business API endpoint.IP whitelisting means that you must specify an IP or a set of IPs which will be the only IPs from which requests to the API will be accepted. To do so:
- Go to the Revolut Business web app settings → APIs → Business API.
- Select the corresponding API certificate.
- In Production IP whitelist, provide the IP(s) which should be whitelisted. Make sure that the IPs you provide are not local (i.e. private) IP addresses.
- Save the new settings.
To configure your JWT and obtain the refresh and first access tokens, complete the following steps:
Response body samples
Retrieve team roles
Get the list of roles for your business.
The results are paginated and sorted by the created_at date in reverse chronological order.
For more information, see the guides: Manage team members.
Request
Response
Information about roles of the business
curl -X GET "https://b2b.revolut.com/api/1.0/roles?created_before=the%20date-time%20at%20which%20the%20request%20is%20made&limit=100" \
-H "Authorization: Bearer <yourSecretApiKey>"Authorization
httpbearerEach Business API request must contain an authorization header in the following format to make a call: Bearer <your_access_token>.
The access token will be obtained the first time you set up your application and has an expiration of 40 minutes.
During setup, a refresh_token will also be obtained which allows to obtain a new access_token.
Never share your client-assertion JWT (JSON web token), access_token and refresh_token with anyone, as these can be used to access your banking data and initiate transactions.
Access tokens can be issued with four security scopes and require a JWT (JSON Web Token) signature to be obtained:
-
READ: Permissions forGEToperations. -
WRITE: Permissions to update counterparties, webhooks, and issue payment drafts. -
PAY: Permissions to initiate or cancel transactions and currency exchanges. -
READ_SENSITIVE_CARD_DATA: Permissions to retrieve sensitive card details.If you enable the
READ_SENSITIVE_CARD_DATAscope for your access token, you must set up IP whitelisting. Failing to do so will prevent you from accessing any Business API endpoint.IP whitelisting means that you must specify an IP or a set of IPs which will be the only IPs from which requests to the API will be accepted. To do so:
- Go to the Revolut Business web app settings → APIs → Business API.
- Select the corresponding API certificate.
- In Production IP whitelist, provide the IP(s) which should be whitelisted. Make sure that the IPs you provide are not local (i.e. private) IP addresses.
- Save the new settings.
To configure your JWT and obtain the refresh and first access tokens, complete the following steps:
Response body samples
[
{
"id": "owner",
"name": "Owner",
"created_at": "2023-09-07T09:21:12.962303Z",
"updated_at": "2023-09-07T09:21:12.962303Z"
},
{
"id": "member",
"name": "Member",
"created_at": "2023-09-07T09:21:12.962303Z",
"updated_at": "2023-09-07T09:21:12.962303Z"
},
{
"id": "viewer",
"name": "Viewer",
"created_at": "2023-09-07T09:21:12.962303Z",
"updated_at": "2023-09-07T09:21:12.962303Z"
},
{
"id": "a40b6121-350b-4d2e-9ba1-9dab61a18d46",
"name": "Example custom role",
"created_at": "2023-09-07T09:21:12.963143Z",
"updated_at": "2023-09-07T09:21:12.963143Z"
}
]Transactions
Get the details of your transactions.
An incoming or outgoing payment is represented as a transaction.
For more information, see the guides: Retrieve transactions.
Retrieve a list of transactions
Retrieve the historical transactions based on the provided query criteria.
The transactions are sorted by the created_at date in reverse chronological order, and they're paginated.
The maximum number of transactions returned per page is specified by the count parameter.
To get the next page of results, make a new request and use the created_at date from the last item of the previous page as the value for the to parameter.
The API returns a maximum of 1,000 transactions per request.
For more details, see the guides: Retrieve transaction data.
Request
Response
List of historical transactions retrieved
curl -X GET "https://b2b.revolut.com/api/1.0/transactions?from=date-time%20or%20date&to=the%20date-time%20at%20which%20the%20request%20is%20made&account=123e4567-e89b-12d3-a456-426614174000&count=100&type=atm" \
-H "Authorization: Bearer <yourSecretApiKey>"Authorization
httpbearerEach Business API request must contain an authorization header in the following format to make a call: Bearer <your_access_token>.
The access token will be obtained the first time you set up your application and has an expiration of 40 minutes.
During setup, a refresh_token will also be obtained which allows to obtain a new access_token.
Never share your client-assertion JWT (JSON web token), access_token and refresh_token with anyone, as these can be used to access your banking data and initiate transactions.
Access tokens can be issued with four security scopes and require a JWT (JSON Web Token) signature to be obtained:
-
READ: Permissions forGEToperations. -
WRITE: Permissions to update counterparties, webhooks, and issue payment drafts. -
PAY: Permissions to initiate or cancel transactions and currency exchanges. -
READ_SENSITIVE_CARD_DATA: Permissions to retrieve sensitive card details.If you enable the
READ_SENSITIVE_CARD_DATAscope for your access token, you must set up IP whitelisting. Failing to do so will prevent you from accessing any Business API endpoint.IP whitelisting means that you must specify an IP or a set of IPs which will be the only IPs from which requests to the API will be accepted. To do so:
- Go to the Revolut Business web app settings → APIs → Business API.
- Select the corresponding API certificate.
- In Production IP whitelist, provide the IP(s) which should be whitelisted. Make sure that the IPs you provide are not local (i.e. private) IP addresses.
- Save the new settings.
To configure your JWT and obtain the refresh and first access tokens, complete the following steps:
Response body samples
[
{
"id": "630f9890-95e3-add1-be4a-95f126988221",
"type": "transfer",
"state": "pending",
"request_id": "invoice00912345",
"created_at": "2024-08-31T17:21:20.364171Z",
"updated_at": "2024-08-31T17:21:20.364171Z",
"reference": "invoice00912345",
"legs": [
{
"leg_id": "630f9890-95e3-add1-0000-95f1269f0000",
"account_id": "812fff9a-3b0c-4ad1-b41a-cc60899d9900",
"counterparty": {
"account_type": "revolut",
"account_id": "e0af9f24-504c-4c5d-bd1d-07edf9f49876"
},
"amount": -1.16,
"currency": "EUR",
"bill_amount": -1,
"bill_currency": "GBP",
"description": "To John Doe"
}
]
},
{
"id": "640c2b97-aaaa-1234-aaaa-c47a165c2e7e",
"type": "card_payment",
"state": "completed",
"request_id": "REVP:8988a9a0-aaaa-1234-aaaa-5bcc66d938bf",
"created_at": "2024-03-11T07:19:51.302559Z",
"updated_at": "2024-03-12T02:13:36.842322Z",
"completed_at": "2024-03-12T02:13:36.836595Z",
"merchant": {
"name": "Acme Corp.",
"city": "New York",
"category_code": "7311",
"country": "USA"
},
"legs": [
{
"leg_id": "640c2b97-aaaa-1234-aaaa-c47a165c2e7e",
"account_id": "92e43866-aaaa-1234-aaaa-6e31dd23f024",
"amount": -47.8,
"fee": 0.66,
"currency": "AED",
"bill_amount": -13,
"bill_currency": "USD",
"description": "Acm *1234mn1ha2",
"balance": 7.74
}
],
"card": {
"id": "2b1a31bc-4795-4f95-b939-ae9cf911dc6e",
"card_number": "516760******1234",
"first_name": "John",
"last_name": "Smith",
"phone": "+12412341234"
}
},
{
"id": "6886001b-c4a4-4920-912b-c9d7d2575bf7",
"type": "card_payment",
"state": "completed",
"request_id": "REVP:5b3dc80d-f77b-4073-b245-d05f0acd348f",
"created_at": "2025-09-11T07:19:51.302559Z",
"updated_at": "2025-09-12T02:13:36.842322Z",
"completed_at": "2025-03-12T02:13:36.836595Z",
"merchant": {
"name": "Alfa",
"city": "Paris",
"category_code": "7311",
"country": "FRA"
},
"legs": [
{
"leg_id": "0e82681d-10db-40b7-b6c8-f99c595f1c82",
"account_id": "5e85a129-74c9-4714-bbd2-d762b42b15fb",
"amount": -153.32,
"fee": 0,
"currency": "EUR",
"description": "Al 1234abcxyz0",
"balance": 3210.43
}
],
"card": {
"id": "12d6d4c2-288b-4670-8297-444720bd811b",
"card_number": "456230******1433",
"references": [
{
"name": "PNR",
"value": "RT12345"
},
{
"name": "Traveller",
"value": "John Smith"
}
]
}
}
]Retrieve a transaction
Retrieve the details of a specific transaction. The details can include, for example, cardholder details for card payments.
You can retrieve a transaction with its details either by its transaction ID or by the request ID that was provided for this transaction at the time of its creation, for example, when you created a payment.
-
To retrieve a transaction by its transaction ID, use:
/transaction/{transaction_id} -
To retrieve a transaction by a request ID provided at transaction creation, use:
/transaction/{request_id}?id_type=request_idDue to idempotency expiry, only transactions created within the last 2 weeks can be retrieved using their
request_id.
For more details, see the guides: Retrieve transaction data.
Request
Response
The information about a specific transaction
curl -X GET "https://b2b.revolut.com/api/1.0/transaction/string?id_type=request_id" \
-H "Authorization: Bearer <yourSecretApiKey>"Authorization
httpbearerEach Business API request must contain an authorization header in the following format to make a call: Bearer <your_access_token>.
The access token will be obtained the first time you set up your application and has an expiration of 40 minutes.
During setup, a refresh_token will also be obtained which allows to obtain a new access_token.
Never share your client-assertion JWT (JSON web token), access_token and refresh_token with anyone, as these can be used to access your banking data and initiate transactions.
Access tokens can be issued with four security scopes and require a JWT (JSON Web Token) signature to be obtained:
-
READ: Permissions forGEToperations. -
WRITE: Permissions to update counterparties, webhooks, and issue payment drafts. -
PAY: Permissions to initiate or cancel transactions and currency exchanges. -
READ_SENSITIVE_CARD_DATA: Permissions to retrieve sensitive card details.If you enable the
READ_SENSITIVE_CARD_DATAscope for your access token, you must set up IP whitelisting. Failing to do so will prevent you from accessing any Business API endpoint.IP whitelisting means that you must specify an IP or a set of IPs which will be the only IPs from which requests to the API will be accepted. To do so:
- Go to the Revolut Business web app settings → APIs → Business API.
- Select the corresponding API certificate.
- In Production IP whitelist, provide the IP(s) which should be whitelisted. Make sure that the IPs you provide are not local (i.e. private) IP addresses.
- Save the new settings.
To configure your JWT and obtain the refresh and first access tokens, complete the following steps:
Response body samples
{
"id": "640dc0b7-1234-aaaa-1234-92ac4de1dacd",
"type": "exchange",
"state": "completed",
"request_id": "d8f041ab-1234-aaaa-1234-78b6a0b2801f",
"created_at": "2023-03-12T12:08:07.833414Z",
"updated_at": "2023-03-12T12:08:07.833414Z",
"completed_at": "2023-03-12T12:08:07.833705Z",
"legs": [
{
"leg_id": "640dc0a7-aaaa-a5b5-aaaa-92ac4de1dacd",
"account_id": "0d1848dc-aaaa-4a9a-aaaa-cae53cbd4baf",
"amount": -1,
"currency": "GBP",
"bill_amount": -8.39,
"bill_currency": "DKK",
"description": "Exchanged to DKK",
"balance": 8.74
},
{
"leg_id": "640dc0a7-aaaa-a5b5-aaaa-92ac4de1dacd",
"account_id": "246bc9de-aaaa-4f86-aaaa-4d291a5d0390",
"amount": 8.39,
"fee": 0.08,
"currency": "DKK",
"description": "Exchanged from GBP Main",
"balance": 19.33
}
]
}Transfers
Move funds in the same currency between accounts of your business, or make payments to your counterparties.
For more details, see the guides: Send money.
Create a transfer to another account or card
Make a payment to a counterparty. You can choose either a bank transfer or a card transfer. The resulting transaction has the type transfer.
If you make the payment to another Revolut account, either business or personal, the transaction is executed instantly.
If the counterparty has multiple payment methods available, for example, 2 accounts, or 1 account and 1 card, you must specify the account or card to which you want to transfer the money (receiver.account_id or receiver.card_id respectively) .
For more details, see the guides: Send money via bank transfer and Card transfers.
Request
Response
The information about the created transfer
curl -X POST "https://b2b.revolut.com/api/1.0/pay" \
-H "Authorization: Bearer <yourSecretApiKey>" \
-H "Content-Type: application/json" \
-d '{
"request_id": "A1pH4num3ric",
"account_id": "af98333c-ea53-482b-93c2-1fa5e4eae671",
"receiver": {
"counterparty_id": "49c6a48b-6b58-40a0-b974-0b8c4888c8a7",
"account_id": "9116f03a-c074-4585-b261-18a706b3768b"
},
"amount": 10,
"charge_bearer": "shared",
"currency": "EUR",
"reference": "To John Doe"
}'Authorization
httpbearerEach Business API request must contain an authorization header in the following format to make a call: Bearer <your_access_token>.
The access token will be obtained the first time you set up your application and has an expiration of 40 minutes.
During setup, a refresh_token will also be obtained which allows to obtain a new access_token.
Never share your client-assertion JWT (JSON web token), access_token and refresh_token with anyone, as these can be used to access your banking data and initiate transactions.
Access tokens can be issued with four security scopes and require a JWT (JSON Web Token) signature to be obtained:
-
READ: Permissions forGEToperations. -
WRITE: Permissions to update counterparties, webhooks, and issue payment drafts. -
PAY: Permissions to initiate or cancel transactions and currency exchanges. -
READ_SENSITIVE_CARD_DATA: Permissions to retrieve sensitive card details.If you enable the
READ_SENSITIVE_CARD_DATAscope for your access token, you must set up IP whitelisting. Failing to do so will prevent you from accessing any Business API endpoint.IP whitelisting means that you must specify an IP or a set of IPs which will be the only IPs from which requests to the API will be accepted. To do so:
- Go to the Revolut Business web app settings → APIs → Business API.
- Select the corresponding API certificate.
- In Production IP whitelist, provide the IP(s) which should be whitelisted. Make sure that the IPs you provide are not local (i.e. private) IP addresses.
- Save the new settings.
To configure your JWT and obtain the refresh and first access tokens, complete the following steps:
Request body samples
{
"request_id": "A1pH4num3ric",
"account_id": "af98333c-ea53-482b-93c2-1fa5e4eae671",
"receiver": {
"counterparty_id": "49c6a48b-6b58-40a0-b974-0b8c4888c8a7",
"account_id": "9116f03a-c074-4585-b261-18a706b3768b"
},
"amount": 10,
"charge_bearer": "shared",
"currency": "EUR",
"reference": "To John Doe"
}Response body samples
{
"id": "630f9a62-e488-a9ce-a2d3-a30kkkke03f0",
"state": "pending",
"created_at": "2022-08-31T17:29:06.625613Z"
}Move money between your accounts
Move money between the Revolut accounts of the business in the same currency.
The resulting transaction has the type transfer.
For more information, see the guides: Send money.
Request
Response
The information about the transfer created
curl -X POST "https://b2b.revolut.com/api/1.0/transfer" \
-H "Authorization: Bearer <yourSecretApiKey>" \
-H "Content-Type: application/json" \
-d '{
"request_id": "129999",
"source_account_id": "2e6de1bf-97ad-478d-aad1-9d7a3cdf1234",
"target_account_id": "ae2e1241-81dd-498d-868e-075484785678",
"amount": 10,
"currency": "GBP",
"reference": "John'\''s transfer"
}'Authorization
httpbearerEach Business API request must contain an authorization header in the following format to make a call: Bearer <your_access_token>.
The access token will be obtained the first time you set up your application and has an expiration of 40 minutes.
During setup, a refresh_token will also be obtained which allows to obtain a new access_token.
Never share your client-assertion JWT (JSON web token), access_token and refresh_token with anyone, as these can be used to access your banking data and initiate transactions.
Access tokens can be issued with four security scopes and require a JWT (JSON Web Token) signature to be obtained:
-
READ: Permissions forGEToperations. -
WRITE: Permissions to update counterparties, webhooks, and issue payment drafts. -
PAY: Permissions to initiate or cancel transactions and currency exchanges. -
READ_SENSITIVE_CARD_DATA: Permissions to retrieve sensitive card details.If you enable the
READ_SENSITIVE_CARD_DATAscope for your access token, you must set up IP whitelisting. Failing to do so will prevent you from accessing any Business API endpoint.IP whitelisting means that you must specify an IP or a set of IPs which will be the only IPs from which requests to the API will be accepted. To do so:
- Go to the Revolut Business web app settings → APIs → Business API.
- Select the corresponding API certificate.
- In Production IP whitelist, provide the IP(s) which should be whitelisted. Make sure that the IPs you provide are not local (i.e. private) IP addresses.
- Save the new settings.
To configure your JWT and obtain the refresh and first access tokens, complete the following steps:
Request body samples
{
"request_id": "129999",
"source_account_id": "2e6de1bf-97ad-478d-aad1-9d7a3cdf1234",
"target_account_id": "ae2e1241-81dd-498d-868e-075484785678",
"amount": 10,
"currency": "GBP",
"reference": "John's transfer"
}Response body samples
{
"id": "630f95f7-a3f9-abf2-b4e4-3f65281234dc",
"state": "completed",
"created_at": "2020-11-23T08:39:35.811005Z",
"completed_at": "2020-11-23T08:39:35.811005Z"
}Get transfer reasons
In order to initiate a transfer in certain currencies and countries, you must provide a transfer reason. With this endpoint you can retrieve all transfer reasons available to your business account per country and currency.
After you retrieve the results, use the appropriate reason code in the transfer_reason_code field when making a transfer to a counterparty or creating a payout link.
Response
List of transfer reasons
curl -X GET "https://b2b.revolut.com/api/1.0/transfer-reasons" \
-H "Authorization: Bearer <yourSecretApiKey>"Authorization
httpbearerEach Business API request must contain an authorization header in the following format to make a call: Bearer <your_access_token>.
The access token will be obtained the first time you set up your application and has an expiration of 40 minutes.
During setup, a refresh_token will also be obtained which allows to obtain a new access_token.
Never share your client-assertion JWT (JSON web token), access_token and refresh_token with anyone, as these can be used to access your banking data and initiate transactions.
Access tokens can be issued with four security scopes and require a JWT (JSON Web Token) signature to be obtained:
-
READ: Permissions forGEToperations. -
WRITE: Permissions to update counterparties, webhooks, and issue payment drafts. -
PAY: Permissions to initiate or cancel transactions and currency exchanges. -
READ_SENSITIVE_CARD_DATA: Permissions to retrieve sensitive card details.If you enable the
READ_SENSITIVE_CARD_DATAscope for your access token, you must set up IP whitelisting. Failing to do so will prevent you from accessing any Business API endpoint.IP whitelisting means that you must specify an IP or a set of IPs which will be the only IPs from which requests to the API will be accepted. To do so:
- Go to the Revolut Business web app settings → APIs → Business API.
- Select the corresponding API certificate.
- In Production IP whitelist, provide the IP(s) which should be whitelisted. Make sure that the IPs you provide are not local (i.e. private) IP addresses.
- Save the new settings.
To configure your JWT and obtain the refresh and first access tokens, complete the following steps:
Response body samples
[
{
"country": "IN",
"currency": "INR",
"code": "advertising",
"description": "Advertising"
},
{
"country": "IN",
"currency": "INR",
"code": "advisor_fees",
"description": "Advisor fees"
},
{
"country": "IN",
"currency": "INR",
"code": "construction",
"description": "Construction"
},
{
"country": "IN",
"currency": "INR",
"code": "delivery",
"description": "Delivery"
}
]Webhooks (v1) (deprecated)
This is the v1 of the Webhooks API. This version is deprecated. For the latest version of the API, see Webhooks (v2).
A webhook (also called a web callback) allows your system to receive updates about your account to an HTTPS endpoint that you provide.
When a supported event occurs, a notification is posted via HTTP POST method to the specified endpoint.
If the receiver returns an HTTP error response, Revolut will retry the webhook event two more times.
The following events are supported:
TransactionCreatedTransactionStateChanged
You cannot choose which event type to subscribe to. When you create a webhook, you automatically subscribe to all supported events.
Retrieve a webhookdeprecated
Get your webhook URL.
Response
The existing webhook
curl -X GET "https://b2b.revolut.com/api/1.0/webhook" \
-H "Authorization: Bearer <yourSecretApiKey>"Authorization
httpbearerEach Business API request must contain an authorization header in the following format to make a call: Bearer <your_access_token>.
The access token will be obtained the first time you set up your application and has an expiration of 40 minutes.
During setup, a refresh_token will also be obtained which allows to obtain a new access_token.
Never share your client-assertion JWT (JSON web token), access_token and refresh_token with anyone, as these can be used to access your banking data and initiate transactions.
Access tokens can be issued with four security scopes and require a JWT (JSON Web Token) signature to be obtained:
-
READ: Permissions forGEToperations. -
WRITE: Permissions to update counterparties, webhooks, and issue payment drafts. -
PAY: Permissions to initiate or cancel transactions and currency exchanges. -
READ_SENSITIVE_CARD_DATA: Permissions to retrieve sensitive card details.If you enable the
READ_SENSITIVE_CARD_DATAscope for your access token, you must set up IP whitelisting. Failing to do so will prevent you from accessing any Business API endpoint.IP whitelisting means that you must specify an IP or a set of IPs which will be the only IPs from which requests to the API will be accepted. To do so:
- Go to the Revolut Business web app settings → APIs → Business API.
- Select the corresponding API certificate.
- In Production IP whitelist, provide the IP(s) which should be whitelisted. Make sure that the IPs you provide are not local (i.e. private) IP addresses.
- Save the new settings.
To configure your JWT and obtain the refresh and first access tokens, complete the following steps:
Response body samples
{
"url": "https://www.revolut.com"
}Set a webhookdeprecated
Set up a webhook URL so that event notifications are pushed to the specified URL. Only HTTPS URLs are supported.
Request
Response
The webhook has been set up
curl -X POST "https://b2b.revolut.com/api/1.0/webhook" \
-H "Authorization: Bearer <yourSecretApiKey>" \
-H "Content-Type: application/json" \
-d '{
"url": "https://www.revolut.com"
}'Authorization
httpbearerEach Business API request must contain an authorization header in the following format to make a call: Bearer <your_access_token>.
The access token will be obtained the first time you set up your application and has an expiration of 40 minutes.
During setup, a refresh_token will also be obtained which allows to obtain a new access_token.
Never share your client-assertion JWT (JSON web token), access_token and refresh_token with anyone, as these can be used to access your banking data and initiate transactions.
Access tokens can be issued with four security scopes and require a JWT (JSON Web Token) signature to be obtained:
-
READ: Permissions forGEToperations. -
WRITE: Permissions to update counterparties, webhooks, and issue payment drafts. -
PAY: Permissions to initiate or cancel transactions and currency exchanges. -
READ_SENSITIVE_CARD_DATA: Permissions to retrieve sensitive card details.If you enable the
READ_SENSITIVE_CARD_DATAscope for your access token, you must set up IP whitelisting. Failing to do so will prevent you from accessing any Business API endpoint.IP whitelisting means that you must specify an IP or a set of IPs which will be the only IPs from which requests to the API will be accepted. To do so:
- Go to the Revolut Business web app settings → APIs → Business API.
- Select the corresponding API certificate.
- In Production IP whitelist, provide the IP(s) which should be whitelisted. Make sure that the IPs you provide are not local (i.e. private) IP addresses.
- Save the new settings.
To configure your JWT and obtain the refresh and first access tokens, complete the following steps:
Request body samples
{
"url": "https://www.revolut.com"
}Response body samples
Delete a webhookdeprecated
Delete a webhook so that events are not sent to the specified URL any more.
Response
The webhook has been deleted
curl -X DELETE "https://b2b.revolut.com/api/1.0/webhook" \
-H "Authorization: Bearer <yourSecretApiKey>"Authorization
httpbearerEach Business API request must contain an authorization header in the following format to make a call: Bearer <your_access_token>.
The access token will be obtained the first time you set up your application and has an expiration of 40 minutes.
During setup, a refresh_token will also be obtained which allows to obtain a new access_token.
Never share your client-assertion JWT (JSON web token), access_token and refresh_token with anyone, as these can be used to access your banking data and initiate transactions.
Access tokens can be issued with four security scopes and require a JWT (JSON Web Token) signature to be obtained:
-
READ: Permissions forGEToperations. -
WRITE: Permissions to update counterparties, webhooks, and issue payment drafts. -
PAY: Permissions to initiate or cancel transactions and currency exchanges. -
READ_SENSITIVE_CARD_DATA: Permissions to retrieve sensitive card details.If you enable the
READ_SENSITIVE_CARD_DATAscope for your access token, you must set up IP whitelisting. Failing to do so will prevent you from accessing any Business API endpoint.IP whitelisting means that you must specify an IP or a set of IPs which will be the only IPs from which requests to the API will be accepted. To do so:
- Go to the Revolut Business web app settings → APIs → Business API.
- Select the corresponding API certificate.
- In Production IP whitelist, provide the IP(s) which should be whitelisted. Make sure that the IPs you provide are not local (i.e. private) IP addresses.
- Save the new settings.
To configure your JWT and obtain the refresh and first access tokens, complete the following steps:
Response body samples
Webhooks (v2)
This is the latest version of the Webhooks API, v2. For the previous version of the API, see Webhooks (v1) (deprecated).
A webhook (also called a web callback) allows your system to receive updates about your account to an HTTPS endpoint that you provide.
When a supported event occurs, a notification is posted via HTTP POST method to the specified endpoint.
If the receiver returns an HTTP error response, Revolut will retry the webhook event three more times, each with a 10-minute interval.
The following events are supported:
TransactionCreatedTransactionStateChangedPayoutLinkCreatedPayoutLinkStateChanged
For more information, see the guides: About webhooks and Manage webhooks.
Create a new webhook
Create a new webhook to receive event notifications to the specified URL. Provide a list of event types that you want to subscribe to and a URL for the webhook. Only HTTPS URLs are supported.
For more information, see the guides: About webhooks and Manage webhooks.
Request
Response
The successfully created webhook
curl -X POST "https://b2b.revolut.com/api/1.0/webhooks" \
-H "Authorization: Bearer <yourSecretApiKey>" \
-H "Content-Type: application/json" \
-d '{
"url": "https://www.example.com",
"events": [
"TransactionCreated",
"PayoutLinkCreated"
]
}'Authorization
httpbearerEach Business API request must contain an authorization header in the following format to make a call: Bearer <your_access_token>.
The access token will be obtained the first time you set up your application and has an expiration of 40 minutes.
During setup, a refresh_token will also be obtained which allows to obtain a new access_token.
Never share your client-assertion JWT (JSON web token), access_token and refresh_token with anyone, as these can be used to access your banking data and initiate transactions.
Access tokens can be issued with four security scopes and require a JWT (JSON Web Token) signature to be obtained:
-
READ: Permissions forGEToperations. -
WRITE: Permissions to update counterparties, webhooks, and issue payment drafts. -
PAY: Permissions to initiate or cancel transactions and currency exchanges. -
READ_SENSITIVE_CARD_DATA: Permissions to retrieve sensitive card details.If you enable the
READ_SENSITIVE_CARD_DATAscope for your access token, you must set up IP whitelisting. Failing to do so will prevent you from accessing any Business API endpoint.IP whitelisting means that you must specify an IP or a set of IPs which will be the only IPs from which requests to the API will be accepted. To do so:
- Go to the Revolut Business web app settings → APIs → Business API.
- Select the corresponding API certificate.
- In Production IP whitelist, provide the IP(s) which should be whitelisted. Make sure that the IPs you provide are not local (i.e. private) IP addresses.
- Save the new settings.
To configure your JWT and obtain the refresh and first access tokens, complete the following steps:
Request body samples
{
"url": "https://www.example.com",
"events": [
"TransactionCreated",
"PayoutLinkCreated"
]
}Response body samples
{
"id": "c6db947e-e9ce-41c2-b445-02e6eb741d21",
"url": "https://www.example.com",
"events": [
"TransactionCreated",
"PayoutLinkCreated"
],
"signing_secret": "wsk_4jETWMz1g1b37gCONjNp84t2KSSIT7dK"
}Retrieve a list of webhooks
Get the list of all your existing webhooks and their details.
For more information, see the guides: About webhooks and Manage webhooks.
Response
The list of all your existing webhooks
curl -X GET "https://b2b.revolut.com/api/1.0/webhooks" \
-H "Authorization: Bearer <yourSecretApiKey>"Authorization
httpbearerEach Business API request must contain an authorization header in the following format to make a call: Bearer <your_access_token>.
The access token will be obtained the first time you set up your application and has an expiration of 40 minutes.
During setup, a refresh_token will also be obtained which allows to obtain a new access_token.
Never share your client-assertion JWT (JSON web token), access_token and refresh_token with anyone, as these can be used to access your banking data and initiate transactions.
Access tokens can be issued with four security scopes and require a JWT (JSON Web Token) signature to be obtained:
-
READ: Permissions forGEToperations. -
WRITE: Permissions to update counterparties, webhooks, and issue payment drafts. -
PAY: Permissions to initiate or cancel transactions and currency exchanges. -
READ_SENSITIVE_CARD_DATA: Permissions to retrieve sensitive card details.If you enable the
READ_SENSITIVE_CARD_DATAscope for your access token, you must set up IP whitelisting. Failing to do so will prevent you from accessing any Business API endpoint.IP whitelisting means that you must specify an IP or a set of IPs which will be the only IPs from which requests to the API will be accepted. To do so:
- Go to the Revolut Business web app settings → APIs → Business API.
- Select the corresponding API certificate.
- In Production IP whitelist, provide the IP(s) which should be whitelisted. Make sure that the IPs you provide are not local (i.e. private) IP addresses.
- Save the new settings.
To configure your JWT and obtain the refresh and first access tokens, complete the following steps:
Response body samples
[
{
"id": "c6db947e-e9ce-41c2-b445-02e6eb741d21",
"url": "https://www.example.com",
"events": [
"TransactionCreated",
"PayoutLinkCreated"
]
},
{
"id": "9f9919a2-932d-498f-a088-3a01b9080c4a",
"url": "https://www.revolut.com",
"events": [
"TransactionCreated",
"TransactionStateChanged",
"PayoutLinkCreated",
"PayoutLinkStateChanged"
]
}
]Retrieve a webhook
Get the information about a specific webhook by ID.
For more information, see the guides: About webhooks and Manage webhooks.
Request
Response
The information about the webhook
curl -X GET "https://b2b.revolut.com/api/1.0/webhooks/123e4567-e89b-12d3-a456-426614174000" \
-H "Authorization: Bearer <yourSecretApiKey>"Authorization
httpbearerEach Business API request must contain an authorization header in the following format to make a call: Bearer <your_access_token>.
The access token will be obtained the first time you set up your application and has an expiration of 40 minutes.
During setup, a refresh_token will also be obtained which allows to obtain a new access_token.
Never share your client-assertion JWT (JSON web token), access_token and refresh_token with anyone, as these can be used to access your banking data and initiate transactions.
Access tokens can be issued with four security scopes and require a JWT (JSON Web Token) signature to be obtained:
-
READ: Permissions forGEToperations. -
WRITE: Permissions to update counterparties, webhooks, and issue payment drafts. -
PAY: Permissions to initiate or cancel transactions and currency exchanges. -
READ_SENSITIVE_CARD_DATA: Permissions to retrieve sensitive card details.If you enable the
READ_SENSITIVE_CARD_DATAscope for your access token, you must set up IP whitelisting. Failing to do so will prevent you from accessing any Business API endpoint.IP whitelisting means that you must specify an IP or a set of IPs which will be the only IPs from which requests to the API will be accepted. To do so:
- Go to the Revolut Business web app settings → APIs → Business API.
- Select the corresponding API certificate.
- In Production IP whitelist, provide the IP(s) which should be whitelisted. Make sure that the IPs you provide are not local (i.e. private) IP addresses.
- Save the new settings.
To configure your JWT and obtain the refresh and first access tokens, complete the following steps:
Response body samples
{
"id": "c6db947e-e9ce-41c2-b445-02e6eb741d21",
"url": "https://www.example.com",
"events": [
"TransactionCreated",
"PayoutLinkCreated"
],
"signing_secret": "wsk_4jETWMz1g1b37gCONjNp84t2KSSIT7dK"
}Update a webhook
Update an existing webhook. Change the URL to which event notifications are sent or the list of event types to be notified about.
You must specify at least one of these two. The fields that you don't specify are not updated.
For more information, see the guides: About webhooks and Manage webhooks.
Request
Response
The successfully updated webhook
curl -X PATCH "https://b2b.revolut.com/api/1.0/webhooks/123e4567-e89b-12d3-a456-426614174000" \
-H "Authorization: Bearer <yourSecretApiKey>" \
-H "Content-Type: application/json" \
-d '{
"url": "https://www.example.com/"
}'Authorization
httpbearerEach Business API request must contain an authorization header in the following format to make a call: Bearer <your_access_token>.
The access token will be obtained the first time you set up your application and has an expiration of 40 minutes.
During setup, a refresh_token will also be obtained which allows to obtain a new access_token.
Never share your client-assertion JWT (JSON web token), access_token and refresh_token with anyone, as these can be used to access your banking data and initiate transactions.
Access tokens can be issued with four security scopes and require a JWT (JSON Web Token) signature to be obtained:
-
READ: Permissions forGEToperations. -
WRITE: Permissions to update counterparties, webhooks, and issue payment drafts. -
PAY: Permissions to initiate or cancel transactions and currency exchanges. -
READ_SENSITIVE_CARD_DATA: Permissions to retrieve sensitive card details.If you enable the
READ_SENSITIVE_CARD_DATAscope for your access token, you must set up IP whitelisting. Failing to do so will prevent you from accessing any Business API endpoint.IP whitelisting means that you must specify an IP or a set of IPs which will be the only IPs from which requests to the API will be accepted. To do so:
- Go to the Revolut Business web app settings → APIs → Business API.
- Select the corresponding API certificate.
- In Production IP whitelist, provide the IP(s) which should be whitelisted. Make sure that the IPs you provide are not local (i.e. private) IP addresses.
- Save the new settings.
To configure your JWT and obtain the refresh and first access tokens, complete the following steps:
Request body samples
{
"url": "https://www.example.com/"
}Response body samples
{
"id": "c6db947e-e9ce-41c2-b445-02e6eb741d21",
"url": "https://www.example.com",
"events": [
"TransactionCreated",
"PayoutLinkCreated"
]
}Delete a webhook
Delete a specific webhook.
A successful response does not get any content in return.
For more information, see the guides: About webhooks and Manage webhooks.
Request
Response
The webhook has been deleted
curl -X DELETE "https://b2b.revolut.com/api/1.0/webhooks/123e4567-e89b-12d3-a456-426614174000" \
-H "Authorization: Bearer <yourSecretApiKey>"Authorization
httpbearerEach Business API request must contain an authorization header in the following format to make a call: Bearer <your_access_token>.
The access token will be obtained the first time you set up your application and has an expiration of 40 minutes.
During setup, a refresh_token will also be obtained which allows to obtain a new access_token.
Never share your client-assertion JWT (JSON web token), access_token and refresh_token with anyone, as these can be used to access your banking data and initiate transactions.
Access tokens can be issued with four security scopes and require a JWT (JSON Web Token) signature to be obtained:
-
READ: Permissions forGEToperations. -
WRITE: Permissions to update counterparties, webhooks, and issue payment drafts. -
PAY: Permissions to initiate or cancel transactions and currency exchanges. -
READ_SENSITIVE_CARD_DATA: Permissions to retrieve sensitive card details.If you enable the
READ_SENSITIVE_CARD_DATAscope for your access token, you must set up IP whitelisting. Failing to do so will prevent you from accessing any Business API endpoint.IP whitelisting means that you must specify an IP or a set of IPs which will be the only IPs from which requests to the API will be accepted. To do so:
- Go to the Revolut Business web app settings → APIs → Business API.
- Select the corresponding API certificate.
- In Production IP whitelist, provide the IP(s) which should be whitelisted. Make sure that the IPs you provide are not local (i.e. private) IP addresses.
- Save the new settings.
To configure your JWT and obtain the refresh and first access tokens, complete the following steps:
Response body samples
Rotate a webhook signing secret
Rotate a signing secret for a specific webhook.
For more information, see the guides: About webhooks and Manage webhooks.
Request
Response
The details of the webhook for which you rotated the signing secret
curl -X POST "https://b2b.revolut.com/api/1.0/webhooks/123e4567-e89b-12d3-a456-426614174000/rotate-signing-secret" \
-H "Authorization: Bearer <yourSecretApiKey>" \
-H "Content-Type: application/json" \
-d '{
"expiration_period": "P0D"
}'Authorization
httpbearerEach Business API request must contain an authorization header in the following format to make a call: Bearer <your_access_token>.
The access token will be obtained the first time you set up your application and has an expiration of 40 minutes.
During setup, a refresh_token will also be obtained which allows to obtain a new access_token.
Never share your client-assertion JWT (JSON web token), access_token and refresh_token with anyone, as these can be used to access your banking data and initiate transactions.
Access tokens can be issued with four security scopes and require a JWT (JSON Web Token) signature to be obtained:
-
READ: Permissions forGEToperations. -
WRITE: Permissions to update counterparties, webhooks, and issue payment drafts. -
PAY: Permissions to initiate or cancel transactions and currency exchanges. -
READ_SENSITIVE_CARD_DATA: Permissions to retrieve sensitive card details.If you enable the
READ_SENSITIVE_CARD_DATAscope for your access token, you must set up IP whitelisting. Failing to do so will prevent you from accessing any Business API endpoint.IP whitelisting means that you must specify an IP or a set of IPs which will be the only IPs from which requests to the API will be accepted. To do so:
- Go to the Revolut Business web app settings → APIs → Business API.
- Select the corresponding API certificate.
- In Production IP whitelist, provide the IP(s) which should be whitelisted. Make sure that the IPs you provide are not local (i.e. private) IP addresses.
- Save the new settings.
To configure your JWT and obtain the refresh and first access tokens, complete the following steps:
Request body samples
{
"expiration_period": "P0D"
}Response body samples
{
"id": "c6db947e-e9ce-41c2-b445-02e6eb741d21",
"url": "https://www.example.com",
"events": [
"TransactionCreated",
"PayoutLinkCreated"
],
"signing_secret": "wsk_4jETWMz1g1b37gCONjNp84t2KSSIT7dK"
}Retrieve a list of failed webhook events
Get the list of all your failed webhook events, or use the query parameters to filter the results.
The events are sorted by the created_at date in reverse chronological order.
The returned failed events are paginated.
The maximum number of events returned per page is specified by the limit parameter.
To get to the next page, make a new request and use the created_at date of the last event returned in the previous response.
For more information, see the guides: About webhooks and Manage webhooks.
Request
Response
The list of all your existing failed webhook events
curl -X GET "https://b2b.revolut.com/api/1.0/webhooks/123e4567-e89b-12d3-a456-426614174000/failed-events?limit=100&created_before=the%20date-time%20at%20which%20the%20request%20is%20made" \
-H "Authorization: Bearer <yourSecretApiKey>"Authorization
httpbearerEach Business API request must contain an authorization header in the following format to make a call: Bearer <your_access_token>.
The access token will be obtained the first time you set up your application and has an expiration of 40 minutes.
During setup, a refresh_token will also be obtained which allows to obtain a new access_token.
Never share your client-assertion JWT (JSON web token), access_token and refresh_token with anyone, as these can be used to access your banking data and initiate transactions.
Access tokens can be issued with four security scopes and require a JWT (JSON Web Token) signature to be obtained:
-
READ: Permissions forGEToperations. -
WRITE: Permissions to update counterparties, webhooks, and issue payment drafts. -
PAY: Permissions to initiate or cancel transactions and currency exchanges. -
READ_SENSITIVE_CARD_DATA: Permissions to retrieve sensitive card details.If you enable the
READ_SENSITIVE_CARD_DATAscope for your access token, you must set up IP whitelisting. Failing to do so will prevent you from accessing any Business API endpoint.IP whitelisting means that you must specify an IP or a set of IPs which will be the only IPs from which requests to the API will be accepted. To do so:
- Go to the Revolut Business web app settings → APIs → Business API.
- Select the corresponding API certificate.
- In Production IP whitelist, provide the IP(s) which should be whitelisted. Make sure that the IPs you provide are not local (i.e. private) IP addresses.
- Save the new settings.
To configure your JWT and obtain the refresh and first access tokens, complete the following steps:
Response body samples
[
{
"id": "d6d04ec2-2a48-4825-8fba-3603cdacdba7",
"created_at": "2023-01-26T16:22:21.297570Z",
"updated_at": "2023-01-26T16:22:21.534872Z",
"webhook_id": "c8083529-fb91-4de0-a66d-9fc3ccc1da10",
"webhook_url": "https://www.example.com",
"payload": {
"data": {
"id": "63d2a8bd-8b67-a2de-b1d2-b58ee21d7073",
"legs": [
{
"fee": 0.2,
"amount": -10,
"leg_id": "63d2a8bd-8b67-a2de-0000-b58ee21d7073",
"currency": "GBP",
"account_id": "05018b0d-e67c-4fec-bea6-415e9da9432c",
"description": "To Acme Corp",
"counterparty": {
"id": "7e18625a-3e6c-4d4f-8429-216c25309a5f",
"account_id": "ff29e658-f07f-4d81-bc0f-7ad0ff141357",
"account_type": "external"
}
}
],
"type": "transfer",
"state": "pending",
"reference": "To John Doe",
"created_at": "2023-01-26T16:22:21.232551Z",
"request_id": "6a8b2ad9-d8b9-4348-9207-1c5737ccf11b",
"updated_at": "2023-01-26T16:22:21.232551Z"
},
"event": "TransactionCreated",
"timestamp": "2023-01-26T16:22:21.230599Z"
},
"last_sent_date": "2023-01-26T16:52:21.534798Z"
},
{
"id": "d6d04ec2-2a48-4825-8fba-3603cdacdba7",
"created_at": "2023-07-22T11:52:21.297570Z",
"updated_at": "2023-07-22T11:52:21.534872Z",
"webhook_id": "c8083529-fb91-4de0-a66d-9fc3ccc1da10",
"webhook_url": "https://www.example.com",
"payload": {
"data": {
"id": "0e1a8d4b-1d1e-457d-9f10-3e7007a82ea8",
"request_id": "2e2837f5-828d-473f-85e8-5614afd3f8e8",
"old_state": "active",
"new_state": "processed"
},
"event": "PayoutLinkStateChanged",
"timestamp": "2023-07-22T12:31:18.534798Z"
},
"last_sent_date": "2023-07-22T12:52:21.534798Z"
}
]