API Overview

What the VoP API Does

Our API prevents payment fraud by verifying recipient details before money is transferred. Simple as that.

Business Value:

✅ Prevent fraudulent payments - Stop fraud before it happens
✅ Regulatory compliance - Meet European banking requirements
✅ Customer protection - Build trust with secure payments
✅ Cost savings - Reduce chargebacks and disputes

How It Works

Your system sends payment details to our API
We verify the recipient name matches their account
You get instant response - proceed or block the payment
Payment completed safely - fraud prevented

API Basics

Endpoint: https://your-vop-service.com/vop/verify

EPC-Compliant Request:

{
  "party": {
    "name": "John Smith"
  },
  "partyAccount": {
    "iban": "DE89370400440532013000"
  },
  "partyAgent": {
    "financialInstitutionId": {
      "bicfi": "DEUTDEFF"
    }
  },
  "requestingAgent": {
    "financialInstitutionId": {
      "bicfi": "BANKDEFF"
    }
  }
}

EPC-Compliant Response:

{
  "partyNameMatch": "MTCH",
  "matchedName": "John Smith"
}

EPC Response Codes

MTCH - Exact match found (proceed with payment)
NMTC - No match found (block payment - potential fraud)
CMTC - Close match found (additional verification recommended)
NOAP - Not applicable (verification not possible for this account type)

Service Guarantees

⚡ 2-second response time - Fast verification
🔒 99.9% uptime - Always available
🌍 SEPA coverage - All European countries
📋 GDPR compliant - Data protection guaranteed

Technical Details

Authentication

Client certificates required (mTLS)
TLS 1.3+ encryption for all communications
API key authentication for additional security

Rate Limits

1000 requests/minute per client
Burst capacity for peak loads
Fair usage policies applied
Country-specific validation for all SEPA members
Real-time validation against national bank directories

Account Name Validation

Support for all SEPA character sets
Maximum length as per EPC specifications
Standardized name matching algorithms
Special character handling for international names

Authentication

The API uses mutual TLS (mTLS) authentication as specified in the VoP Scheme:

Obtain your certificate from an approved Certificate Authority
Configure mTLS in your client:

mutual-tls-auth:
  client-cert: your_client_certificate.pem
  client-key: your_private_key.pem

Response Format

All responses follow the standardized VoP Scheme format:

Success Response (Actual Go Implementation)

{
  "partyNameMatch": "MTCH",
  "matchedName": "John Smith"
}

Response Headers:

X-Response-Timestamp: 2024-12-11T19:24:21Z
X-Processing-Time-Ms: 65

Error Response (Actual Go Implementation)

{
  "type": "https://tools.ietf.org/html/rfc7231#section-6.5.1",
  "title": "Bad Request",
  "status": 400,
  "detail": "IBAN format is incorrect",
  "instance": "req-123e4567-e89b-12d3"
}

Error Headers:

X-Response-Timestamp: 2024-12-11T19:24:21Z
X-Error-Code: FORMAT_ERROR

Rate Limits and Quotas

Maximum requests per second: As specified in your Participant Agreement
Batch size limits: 100 requests per batch
Monthly volume limits: Based on your service level

Error Codes (Go Implementation)

All error codes follow the EPC VoP Scheme specification:

Code	Description	HTTP Status
`FORMAT_ERROR`	Invalid request format or missing required fields	400
`TIMESTAMP_INVALID`	Request timestamp is invalid or expired	400
`CLIENT_INVALID`	Client authentication failed	401
`CLIENT_INCONSISTENT`	Client certificate inconsistent with request	401
`INTERNAL_ERROR`	Internal server error during processing	500