Direct Debit Guide: Facilities Management API Technical Implementation Manual
Contents
What is Direct Debit (DD) API?
- Create Mandate
- Create Variable Mandate
- Edit Mandate Details
- Add Immediate Payment Schedule
- Add Payment Schedule to an existing mandate
- Add Payment Schedule to an existing variable mandate
- Add Annual Renewal Schedule
- Retrieve Mandate Information
- Retrieve Schedule Components
- Retrieve Payment Schedule
- Remove Schedule Components
- Show Previous Collection History
- Close Mandate
- Retrieve Failed Payments
- Modulus Check
- Sort Code Lookup
What is Direct Debit (DD) API?
The allpay Direct Debit Application Programming Interface (API) is a set of methods to allow allpay’s clients to Create, Edit and Retrieve Direct Debit related information programmatically.
Important information about DD API
FM Functionality is still in active development and may be subject to change.
Request Structure
In order for an API call to be successful, the request URL will need the following generic structure:
https://<APIHost>/AllpayApi/Customers/<SchemeCode>/<base64 encoded Client Reference>/<base64 encoded Surname>
Any other information required in the request URL is dependent on the type of API call being made, see API Request summary.
The API request header must contain:
Authorization: Bearer <API authorization token> Content-Type: application/json
See Authentication for further details
Base64 Encoding
As it is possible for allpay Client References and Surnames to include characters that are not allowed in URLs, the Client Reference and Surname need to be provided in Base64 encoded format in order for the API call to be successful.
API Call Types (REST)
HTTP Verb |
DD API Call Type |
---|---|
POST | Create Mandate Add Payment Schedule to an Existing Mandate |
PUT | Edit Mandate Details Add Immediate Payment Schedule |
GET | Retrieve Mandate Information Retrieve Schedule Components Retrieve Payment Schedule Show Previous Collection History Modulus Check |
DELETE | Immediate Closure Future Closure Edit/Remove Future Closure |
Authentication
DD enabled schemes set up for DD APIs will require an API authentication token. The API token is a GUID and will be provided by allpay and can be per Scheme Code or per Organisation. This authentication token is needed in the API request header in the format:
Authorization: Bearer <API authorization token>
Any API calls using an invalid or non-existent API token will not be successful and will result in HTTP 401: Unauthorized error message.
Validation
Valid Requests
Valid requests will result in a HTTP 200 OK response message.
This response message will include the Scheme Code, Client Reference and Surname.
Example:
The result of any valid API calls do not go through the approval process in the allpay Portal, regardless of the client's individual DD Settings. The only exception to this is if an amount exceed the 'Payment approval amount' (default = £5000)
Invalid Requests
Invalid requests will result in a variety of HTTP responses.
Request Error Type |
HTTP Response Code |
---|---|
Invalid data | HTTP/1.1 422 Unprocessable Entity |
Any of the following missing from request URL: Scheme Code, Client Reference, Surname | HTTP/1.1 404 Not Found |
Request URL format error: i.e. contains invalid fields | HTTP/1.1 400 Bad Request |
Authorisation token invalid, or missing from API request | HTTP/1.1 4041 Unauthorized |
A server error has occurred within the API | HTTP/1.1 500 Internal Server Error |
For HTTP 422 responses (Unprocessable Entity) the body of the JSON response will contain “Error=true” and one or more validation messages detailing the issue e.g.:
API Request summary
FM Script Call
To conform with Bacs regulations this API request must be used and read to the customer for each new mandate created.
The API call which fetches the script will be read out to customers takes a POST request with a JSON body.
Assuming the request is valid, it will return a JSON array of strings. The scheme code is to be provided in the URL as follows for the test environment:
https://ddtest.allpay.net/AllpayAPI/Mandates/{SCHEMECODE}/GetScript
A valid Facilities Management client code that is enabled for DD API usage must be supplied at minimum. If a request is made with no DD schedule information, you will receive the generic version of the script, and you will have to fill in the dates/amounts etc yourself.
If you supply both the initial and subsequent schedule information as well as the bank account account number and sort code, the API will automatically fall back to hard coded generic version of the script.
There is no input validation for dates, frequency or bank details, the API will print them exactly as given in the request
Script Examples
Request with a non-API Enabled Client Code.
Response:
["The provided scheme code is not enabled for use with the DD API"]
Request for a non-FM API Enabled Client Code:
["The provided scheme code is not FM enabled"]
Request with an empty body for an FM API Enabled Client Code:
{ }
Response
[ "To avoid delay and to save you having to fill in any paperwork, I can set up your Direct Debit right now. Would that be helpful?", "The initial payment of [Amount] will come out of your account on the [Date]. Further payments will be made of [Amount] on [Date] and every [frequency] thereafter.", "ALLPAY LIMITED will appear on your bank statement against the Direct Debit.", "That completes the set-up of your Direct Debit instruction with us. You will receive written confirmation of this within 3 working days. ", "In future, if the payment dates, amount or frequency of your Direct Debit changes, we will give you 10 working days notice in advance of your account being debited.", "In the event of any error, you are entitled to an immediate refund from your Bank or Building Society. You have the right to cancel at any time and this guarantee is offered by all the banks and building societies that take part in the Direct Debit scheme.A copy of this guarantee will be sent along with your confirmation. ", "Finally, let me just confirm your account details back to you, account number [insert] sort code [insert]. Is that correct?" ]
Request for an FM API Enabled Client Code with DD Information supplied
{ "Schedules": [ { "ScheduleDate": "20-07-2023", "Amount": "4006", "Frequency": "1", "TotalPayments": 1 }, { "ScheduleDate": "27-07-2023", "Amount": "5583", "Frequency": "Month", "TotalPayments": 0 } ], "BankAccount": { "BankDetails": { "SortCode": "40-22-25", "AccountNumber": "13852733" } } }
Response
[ "To avoid delay and to save you having to fill in any paperwork, I can set up your Direct Debit right now. Would that be helpful?", "The initial payment of £40.06 will come out of your account on the 20-07-2023. Further payments will be made of £55.83 on 27-07-2023 and every Month thereafter.", "ALLPAY LIMITED will appear on your bank statement against the Direct Debit.", "That completes the set-up of your Direct Debit instruction with us. You will receive written confirmation of this within 3 working days.", "In future, if the payment dates, amount or frequency of your Direct Debit changes, we will give you 10 working days notice in advance of your account being debited.", "In the event of any error, you are entitled to an immediate refund from your Bank or Building Society. You have the right to cancel at any time and this guarantee is offered by all the banks and building societies that take part in the Direct Debit scheme. A copy of this guarantee will be sent along with your confirmation.", "Finally, let me just confirm your account details back to you, account number 13852733 sort code 40-22-25. Is that correct?" ]
Create Mandate
Create mandate is a single API call that is used to create a DD with or without a payment schedule. Details of each of the different calls can be found below:
Create Mandate with payment Schedule
The create mandate call comprises of allpay account holder details, payment schedule and bank account holder details.
Bank account holder address details only need to be provided if they are different from allpay account holder address details.
All current allpay portal validation rules apply (i.e. mandatory fields, field lengths and invalid character ranges)
API URL format:
POST https://<APIHost>/AllpayApi/Customers/<SchemeCode>/Mandates/Create
Create Mandate without Payment Schedule
The create mandate can also be used to create a DD without a payment schedule. It uses the same call as create mandate but within the body you do not need to specify any payment details. The call will comprise of just the allpay account holder details and bank account holder details. The option to create a DD without a payment schedule is only available to schemes which have pre-schedule accounts enabled. If pre-schedule accounts are not enabled on the scheme the call will be rejected.
Bank account holder address details only need to be provided if they are different from allpay account holder address details.
All current allpay portal validation rules apply (i.e. mandatory fields, field lengths and invalid character ranges)
API URL format:
POST https://<APIHost>/AllpayApi/Customers/<SchemeCode>/Mandates/Create
Create Variable Mandate
Create variable mandate is a single API call that is used to create a DD with or without a payment schedule. Details of each of the different calls can be found below.
Create Variable Mandate with Payment Schedule
The create variable mandate call comprises of allpay account holder details, payment schedule and bank account holder details.
This call is only available on schemes set up for variable Direct Debits.
For a variable mandate with a payment, the schedule consists of a payment date and payment amount only.
Bank account holder address details only need to be provided if they are different from allpay account holder address details.
All current allpay portal validation rules apply (i.e. mandatory fields, field lengths and invalid character ranges)
API URL format:
POST https://<APIHost>/AllpayApi/Customers/<SchemeCode>/VariableMandates/Create
Create Variable Mandate without Payment Schedule
The create variable mandate can also be used to create a DD without a payment schedule. It uses the same call as create variable mandate but within the body you do not need to specify any payment details. The call will comprise of just the allpay account holder details and bank account holder details. The option to create a DD without a payment schedule is only available to schemes which have pre-schedule accounts enabled. If pre-schedule accounts are not enabled on the scheme the call will be rejected.
This call is only available on schemes set up for variable Direct Debits.
Bank account holder address details only need to be provided if they are different from allpay account holder address details.
All current allpay portal validation rules apply (i.e. mandatory fields, field lengths and invalid character ranges)
API URL format:
POST https://<APIHost>/AllpayApi/Customers/<SchemeCode>/VariableMandates/Create
Edit Mandate Details
Edit mandate uses the PUT HTTP verb and consists of 3 individual calls.
Edit allpay account holder details
This is an edit to allpay account holder details. As per current functionality, if the bank account holder address details are currently using the allpay account holder address details, these changes will be reflected.
All current allpay portal validation rules apply to data posted in request body.
API URL format:
PUT https://<APIHost>/AllpayApi/Customers/<SchemeCode>/<base64 ClientRef>/<base64 Surname>
Edit bank account holder details
This is an edit to bank account holder address details.
API URL format:
PUT https://<APIHost>/AllpayApi/Customers/<SchemeCode>/<base64 ClientRef>/<base64 Surname>/BankAccounts
Edit email address
This API call is used to add or update an email address on a Direct Debit.
API URL format
PUT https://<APIHost>/AllpayApi/Customers/<SchemeCode>/<base64 ClientRef>/<base64 Surname>/BankAccountEmail
Edit mobile number
This API call is used to add or update a mobile number on a Direct Debit.
API URL format:
PUT https://<APIHost>/AllpayApi/Customers/<SchemeCode>/<base64 ClientRef>/<base64 Surname>/BankAccountMobileNumber
Delete bank account holder details
This API call is to remove the bank account holder address details so that it is the same as the account details.
This will not remove any stored email address or mobile number.
API URL format:
Delete https://<APIHost>/AllpayApi/Customers/<SchemeCode>/<base64 ClientRef>/<base64 Surname>/BankAccounts
Delete email address
This API call is used to remove the email address from the Direct Debit.
API URL format:
Delete https://<APIHost>/AllpayApi/Customers/<SchemeCode>/<base64 ClientRef>/<base64 Surname>/BankAccountEmail
Delete mobile number
This API call is used to remove the mobile number from the Direct Debit.
API URL format:
Delete https://<APIHost>/AllpayApi/Customers/<SchemeCode>/<base64 ClientRef>/<base64 Surname>/BankAccountMobileNumber
Add Immediate Payment schedule
This API allows a user to add a new payment schedule to an existing mandate. Any currently collecting schedule will complete immediately. The API behaves slightly different to the allpay Portal as a user can now setup an ongoing payment without having to supply an initial payment. Also, it will replace any future schedules where the new schedule date clashes.
Payment schedules will need to be provided in date order, if the first schedule date is later than the second schedule date, HTTP/1.1 422 Unprocessable Entity will be returned.
All current allpay portal validation rules apply to data posted in request body.
API URL format (see Example API Request Details for body):
PUT https://<APIHost>/AllpayApi/Customers/<SchemeCode>/<base64 ClientRef>/<base64 Surname>/Mandates
Add Payment Schedule to an existing mandate
This API allows a user to add a new payment schedule to an existing mandate. Any existing currently collecting schedule will be interrupted by the new future schedule, but will not complete. The API behaves slightly different to the allpay Portal as a user can now setup an ongoing payment without having to supply an initial payment. Also, it will replace any future schedules where the new schedule date clashes. The following API call is used to add a payment schedule to an existing schedule. Note, for an add payment schedule we use the POST command whereas for the immediate payment schedule we use the PUT command.
Payment schedules will need to be provided in date order, if the first schedule date is later than the second schedule date, HTTP/1.1 422 Unprocessable Entity will be returned.
All current allpay portal validation rules apply to data posted in request body.
API URL format:
POST https://<APIHost>/AllpayApi/Customers/<SchemeCode>/<base64 ClientRef>/<base64 Surname>/Mandates
Add Payment Schedule to an existing variable mandate
This API call allows a user to add a new payment schedule to an existing variable mandate. Only available on schemes set up for variable Direct Debits. Payment schedules will need to be provided in date order, if the first schedule date is later than the second schedule date, HTTP/1.1 422 Unprocessable Entity will be returned.
All current allpay portal validation rules apply to data posted in request body.
API URL format:
POST https://<APIHost>/AllpayApi/Customers/<SchemeCode>/<base64 ClientRef>/<base64 Surname>/VariableMandates
Add Annual Renewal Schedule
Adding an annual renewal schedule to a Direct Debit is done using the two add schedule calls listed above.
The ‘Add immediate payment’ (PUT) or ‘Add payment schedule’ (POST) calls can be used to add a renewal schedule (as they use the same request body). When adding the renewal schedule the “SuppressNotification” flag needs to be ‘1’ in the Request Body to ensure it will not result in a Renewal Amendment letter being printed by allpay.
When a “SuppressNotification flag” is ‘0’ or not provided in a schedule amendment call, a ‘normal’ schedule will be added (as per Edit Mandate Details & Add Immediate Payment schedule) and an amendment letter will be flagged for printing as per existing functionality.
Retrieve Mandate Information
Retrieve account holder details
API URL format: allpay Account Holder Details using a combination of scheme code, client reference and account holder surname
GET https://<APIHost>/AllpayApi/Customers/<SchemeCode>/<base64 ClientRef>/<base64 Surname>
Response: Allpay account Holder Details:
JSON - Address - County= - LastName= - Line1= - Line2= - PostCode= - TitleInitials= - Town= - ClientReference= - LastName= - SchemeCode=
Retrieve account holder details using DD reference
Note this call can be used when the client does not know the surname of the account holder so cannot use the previous API call. However, this call could potentially return more than one account as just the scheme code and DD reference is not a unique identifier.
API URL format: allpay account holder details using a combination of scheme code and DD reference.
GET https://<APIHost>/AllpayApi/Customers/<SchemeCode>/<base64 DDReference>/Mandates
Response: Allpay Account Holder Details
JSON - Mandates - Address - Line1= - Bank details - AccountNumber= - SortCode= - DDReference= - LastName= - MandateState= - SchemeCode= - TotalRecords=
Retrieve account holder details using DD reference
Note this call can be used when the client does not know the surname of the account holder so cannot use the previous API call. However, this call could potentially return more than one account as just the scheme code and DD reference is not a unique identifier.
API URL format: allpay account holder details using a combination of scheme code and DD reference.
GET https://<APIHost>/AllpayApi/Customers/<SchemeCode>/<base64 DDReference>/Mandates
Response: Allpay Account Holder Details
JSON - Address - County= - LastName= - Line1= - Line2= - PostCode= - TitleInitials= - Town= - ClientReference= - LastName= - SchemeCode=
Retrieve bank account holder details
API URL format: Bank account holder details
GET https://<APIHost>/AllpayApi/Customers/<SchemeCode>/<base64 ClientRef>/<base64 Surname>/BankAccounts
Response: Bank Account Holder
JSON - Address - County= - LastName= - Line1= - Line2 - PostCode= - TitleInitials= - Town= - BankDetails - AccountName= - AccountNumber= - SortCode= - MandateState=
Valid mandate states are: Open, Closed
Retrieve unverified email addresses
This API call will return all email addresses that have not been verified against a specified scheme code. To run the API call the user supplies the scheme code, page number and page size. If the scheme is not setup for email notifications an error message will be displayed.
API URL format:
GET https://<APIHost>/AllpayApi/Customers/GetUnverifiedEmailAddresses/?schemeCode=<SchemeCode>&pageNumber=<Page Number>&pageSize=<Page Size>
Response:
JSON - EmailAddress - {} - ClientReference= - Email= - LastName= - SchemeCode= - {} - ClientReference= - Email= - LastName= - SchemeCode= - TotalRecords=2
Retrieve correspondence history
This API call will return all customer correspondence (letter, email, SMS) based on the enabled notification types for a given live account. The user will need to pass in the client code, client reference, surname and a notification type to receive notifications that were sent to the account holder / bank account holder. If the account is closed an error message will be displayed.
There are three different notification types the API can return:
- AdvanceNotice - All correspondence regarding any new changes to the Direct Debit
- Payment - Any payments processed from the Direct Debit
- All - Both AdvanceNotice and Payment correspondence
API URL Format:
GET https://<APIHost>/AllpayApi/Customers/<SchemeCode>/<base64 ClientRef>/<base64 Surname>/Notifications/CorrespondenceHistory/<NotificationType>
Response:
JSON -Notifications - {} - Date= 24/10/2016 - NotificationType=Email - Recipient= email.address@email.com - SchemeCode=CSDD - Status=Sent - Type=DD Amend - {} - Date=01/09/2016 - NotificationType=Letter - Recipient=SMITH - SchemeCode=CSDD - Status=Printed - Type=DD Setup and Confirmation - {} - Date=28/08/2016 - NotificationType=SMS - Recipient=07000000000 - SchemeCode=CSDD - Status=Sent - Type=DD Failed Payment
Retrieve account holder details for a scheme code
API URL format: allpay Account Holder Details for a scheme code
GET https://<APIHost>/AllpayApi/Customers/<SchemeCode>?from=2023-02-11&to=2023-02-12
from and to parameters are optional. If these parameters are not provided, by default it will return Mandates created since yesterday. The date range cannot be longer than 7 days
Response: Collection of Allpay Account Holder Details
JSON { [ { - Address - Line1= - LastName= - TitleInitials= - SchemeCode= - ClientReference= - LastName= - PRN= } ] }
Retrieve Schedule Components
This API call retrieves the Scheduled Components for the live DD related to the account.
API URL format:
GET https://<APIHost>/AllpayApi/Customers/<SchemeCode>/<base64 ClientRef>/<base64 Surname>/Mandates/Schedule
For an ongoing currently collecting schedule, the response is in the format:
JSON - Schedules -{} - Amount=222 - CollectionDay=7th - FirstPaymentDate=2016-02-08T00:00:00Z - Frequency=Monthly - NextPaymentDate=2016-06-07T00:00:00Z - PaymentsRequested=4 - PreviousPaymentDate=2016-05-07T00:00:00Z - RemainingPayments=Ongoing - TotalPayments=Ongoing - TotalRecords=1
For a fixed term currently collecting schedule, the response is in the format:
JSON - Schedules -{} - Amount=5000 - CollectionDay=29th - FinalScheduledPaymentDate=2016-10-31T00:00:00Z - FirstPaymentDate=2016-04-29T00:00:00Z - Frequency=Monthly - NextPaymentDate=2016-06-29T00:00:00Z - PaymentsRequested=2 - PreviousPaymentDate=2016-05-29T00:00:00Z - RemainingPayments=5 - TotalPayments=9 - TotalRecords=1
For a future schedule (initial and subsequent), the response is in the format:
JSON - Schedules -{} - Amount=6000 - CollectionDay=1st - FinalScheduledPaymentDate=2016-07-01T00:00:00Z - FirstPaymentDate=2016-07-01T00:00:00Z - Frequency=Once - RemainingPayments=1 - TotalPayments=1 -{} - Amount=12000 - CollectionDay=1st - FirstPaymentDate=2016-08-01T00:00:00Z - Frequency=Monthly - RemainingPayments=Ongoing - TotalPayments=Ongoing - TotalRecords=2
Possible frequencies returned are: Once, Weekly, Fortnightly, FourWeekly, Monthly, Quarterly, SixMonthly, Annually
Retrieve Payment Schedule
This API call retrieves up to the next 6 un-triggered payments due to be taken for the DD Mandate.
All current allpay portal validation rules apply to data posted in request body.
API URL format:
GET https://<APIHost>/AllpayApi/Customers/<SchemeCode>/<base64 ClientRef>/<base64 Surname>/Mandates/Payments
Response:
JSON - ClientReference=abc123 - LastName=davies - Payments -{} - Amount=1 - Frequency=Once - PaymentDate=2016-07-01T00:00:00Z - Type=Fixed -{} - Amount=100 - Frequency=Monthly - PaymentDate=2016-10-31T00:00:00Z - Type=Fixed -{} - Amount=101 - Frequency=Once - PaymentDate=2016-12-01T00:00:00Z - Type=Fixed - SchemeCode=ABCD - TotalRecords=3
When a future closure date - 3 working days inclusive is the same as the next payment due date - the payment is returned in the response. This will not actually be the case as Future Closures will be processed prior to triggering payments. However, the behaviour shown by the API is currently consistent with the allpay Portal.
Remove Schedule Components
This API call will delete a currently collecting or future payment schedule by specifying the first payment date and amount. If the API call cannot determine which schedule component to delete an error message will be returned to advise the user that they need to manually delete the component. API URL format:
DELETE https://<APIHost>/AllpayApi/Customers/<SchemeCode>/<base64 ClientRef>/<base64 Surname>/Mandates/Schedule/<FirstPaymentDate yyyy-mm-dd>/<Amount in pence>
Response:
JSON - ClientReference=TESTREF01 - LastName=SMITH - SchemeCode=WAHA
Show Previous Collection History
This API call retrieves up to the last 6 payments (including those triggered but not yet collected) for the allpay account number associated with the DD Mandate. As payments are retrieved based on allpay account number, the state and number of DD Mandates against this account does not impact the results returned.
The PaymentDate received in the response JSON is the Payment Due Date of the payment as shown in the allpay Portal.
API URL format:
GET https://<APIHost>/AllpayApi/Customers/<SchemeCode>/<base64 ClientRef>/<base64 Surname>/Mandates/PaymentHistory
Response:
JSON - ClientReference=SO4497 - LastName=jones-harris - Payments -{} - Amount=1625 - PaymentDate=2015-11-16T00:00:00Z -{} - Amount=100 - PaymentDate=2015-11-17T00:00:00Z -{} - Amount=101 - PaymentDate=2015-11-18T00:00:00Z - SchemeCode=ABCD - TotalRecords=3
Close Mandate
Using ‘DELETE’ HTTP verb with any closure date provided in the format ‘YYYY-MM-DD’ will result in a closure of the mandate being created on the system. If the date provided is ‘today’s date’, this will result in an immediate closure. Where the date provided is in the future, this will result in a future closure being set up with the closure of the mandate being processed on the specified date.
API URL format:
DELETE https://<APIHost>/AllpayApi/Customers/<SchemeCode>/<base64 ClientRef>/<base64 Surname>/Mandates/<YYYY-MM-DD>
To edit a future closure date, send another future closure request using a new future closure date to override the current one.
To remove a future closure date, send a closure request without a closure date, i.e.:
DELETE https://<APIHost>/AllpayApi/Customers/<SchemeCode>/<base64 ClientRef>/<base64 Surname>/Mandates/
Retrieve Failed Payments
This API call will return all failed payments for a scheme code at a given period of time.
The payments will be ordered by collection date (descending), reason code (ascending) and then by the amount in descending order. Only 6 records are displayed at one time along with the total number of records found. To display the records you will need to specify a page number so page 1 will show you the first 6, page 2 the next 6 and so on.
API URL format:
GET https://<APIHost>/AllpayApi/Customers/<SchemeCode>/Mandates/FailedPayments/<From date yyyy-mm-dd>/<To date yyyy-mm-dd>/<Page number>
Response
JSON - FailedPayments -{} - Amount=202971 - ClientReference=Y037477 - CollectionDate=20/05/2016 00:00:00 - IsRepresented=True - LastName=JONES - Line1=FLAT 2 - ProcessedDate=26/05/2016 00:00:00 - ReasonCode=BACS 0 : Refer to payer - SchemeCode=ESLP -{} - Amount=75000 - ClientReference=Y035800 - CollectionDate=20/05/2016 00:00:00 - IsRepresented=False - LastName=MAXIM CONSULTANCY U - Line1=22 BOROUGH WAY - ProcessedDate=26/05/2016 00:00:00 - ReasonCode=BACS 0 : Refer to payer - SchemeCode=ESLP - TotalRecords=2
Modulus Check
This API call does not require authentication or indeed a message header. The modulus check call takes a sort-code and account number as input parameters and returns bank details (if the sort-code is valid), whether the sort-code is Direct Debit or Direct Credit enabled and if the combination of sort-code and account number are valid.
API URL format:
GET https://<APIHost>/AllpayApi/BankAccounts/?sortcode=<SortCode>&accountnumber=<AccountNumber>
Responses come in two forms:
- Where the sort code and account number combination are invalid “Valid” will be displayed as “False”. (Note: “DirectDebitCapable” and “DirectCreditCapable” may be “True” for a sort code, but “Valid” will still be “false” due an invalid account number combination.
- Where the sort code and account number combination are valid “Valid” will be displayed as “True”. In this instance, the bank address details for the account will also be returned.
JSON - AccountNumber=XXXXXXXX - Address - Fax= - Line1=Chelmsford Legg St OSC - Line2=1 Legg Street - Phone=0121 7411380 - PostCode=CM1 1JS - Town=Chelmsford - Branch=1 QUEEN ST CARDIFF - BankName=LLOYDS TSB BANK PLC - DirectDebitCapable=True - DirectCreditCapable=True - SortCode=309691 - Valid=True
When a sort-code is provided with hyphens, it will be returned with them stripped out. Any non-standard account numbers (i.e. in excess of 8 digits) will be normalised according to the sort-code they belong to.
Modulus Check Scenarios
Sort code and account number is a valid combination.
When a valid sort code is combined with a valid account number the response will show this by setting the valid attribute to True. The bank details are also displayed as the sort code is valid.
JSON AccountNumber = xxxxxxx - Address - Fax= - Line1=40 Wakefield Road - Line2= - Phone=03456 100100 - PostCode=LS98 1FD - Town=Leeds - BankName= HSBC BANK PL - Branch= FIRSTDIRECT LEEDS - DirectDebitCapable=True - DirectCreditCapable=True - SortCode=404784 - Valid=True
Sort code and account number is an invalid combination (Sort code is valid).
When a valid sort code is combined with an invalid account number the response will show this by setting the valid attribute to False. However, the bank details are still displayed as the sort code is valid.
JSON AccountNumber = xxxxxxx - Address - Fax= - Line1=40 Wakefield Road - Line2= - Phone=03456 100100 - PostCode=LS98 1FD - Town=Leeds - BankName= HSBC BANK PL - Branch= FIRSTDIRECT LEEDS - DirectDebitCapable=True - DirectCreditCapable=True - SortCode=404784 - Valid=False
Sort code is invalid.
When the sort code is invalid and is combined with an account number the response will show this by setting the valid attribute to False. No bank details are displayed and will show DirectDebitCapable and DirectCreditCapable as False.
JSON AccountNumber = xxxxxxx - DirectDebitCapable=False - DirectCreditCapable=False - SortCode=938999 - Valid=False
- Sort code does not exist
When the sort code does not exist in our database and is combined with an account number the response will show this by setting the valid attribute to True. This may look confusing, but at the time the API call is run we cannot be sure if the combination is valid so it is shown as a valid combination. Note, because the sort code does not exist in our database no bank details are displayed and will show DirectDebitCapable and DirectCreditCapable as False.
JSON AccountNumber = xxxxxxx - DirectDebitCapable=False - DirectCreditCapable=False - SortCode=444444 - Valid=True
Sort Code Lookup
This API call is similar to the modulus check, except no account number needs to be provided.
API URL format:
GET https://<APIHost>/AllpayApi/BankAccounts/?sortcode=000000
This sort code API is used to return the bank name, branch name, address and whether the sort code is Direct Credit and Direct Debit enabled. If the sort code supplied is invalid the valid field returned will be set to false.
A valid response:
JSON - Address - Fax= - Line1=130-132 Cumbernauld Rd - Line2=MUIRHEAD - Phone=0141 779 2175 - PostCode=G69 9DY - Town=Glasgow - BankName=AIRDRIE SAVINGS BANK - Branch=GLASGOW ,MUIRHEAD - DirectDebitCapable=True - DirectCreditCapable=True - SortCode=803606 - Valid=True
An invalid response:
JSON - DirectDebitCapable=False - DirectCreditCapable=False - SortCode=454545 - Valid=False
API Validation Rules
Name | Description |
---|---|
SchemeCode string (required) | The scheme code to set up the DD against. Can only contain alphanumeric characters and must be 4 characters in length. |
ClientReference string (required) | The reference for the customer. Can only contains alphanumeric characters and can be up to 16 characters in length. |
Schedules
ScheduleDate date (required) | The first intended collection date for the schedule component. (Collection dates may vary depending on working days and frequency). Must adhere to format (YYYY-MM-DD) |
Amount number (required) | Schedule amount in pence. Can be a maximum of £20,000,000.00 or 2000000000 pence. |
Frequency string (required) | The intended frequency for the schedule. Can be one of the following (as long as the frequency is enabled via the allpay Direct Debit portal) See below 1 - One off W - Weekly F - Fortnightly 4 - Four-weekly M - Monthly Q - Quarterly 6 - Six-monthly A - Annually See below this table for more information |
TotalPayments number (required) | Total number of payments for the schedule between 0 and 999 If 0 is provided, the schedule will be presumed to be ongoing. If Frequency = 1, TotalPayments must also be 1. |
One off payments: Payment will be collected once. If the schedule date provided is a non-working day, the next available working day will be inserted.
Weekly, Fortnightly, and Four-weekly: Schedule date must fall on a weekday.
Monthly, Quarterly, Six-monthly, and Annually: Continued billing date will be the day element of the initial date. For example. 2016-10-03 will mean a continued billing date of the 3rd of the month.
Address
Email String (optional) | The Email address of the customer. Can contain alphanumeric characters and can be up to 255 characters in length. DATA NOT CURRENTLY STORED. |
TitleInitals string (optional) | The title and initials of the customer. Can contain alphanumeric characters and can be up to 20 characters in length. |
LastName string (required) | The last name of the customer. Can contain alphanumeric characters and can be up to 19 characters in length. |
Line1 string (required) | Address line 1 of the customer. Can contain alphanumeric characters and can be up to 40 characters in length. |
Line2 string (optional) | Address line 2 of the customer. Can contain alphanumeric characters and can be up to 40 characters in length. |
Town string (required) | Town of the customer. Can contain alphanumeric characters and can be up to 40 characters in length. |
County string (optional) | County of the customer. Can contain alphanumeric characters and can be up to 40 characters in length. |
PostCode string (required) | Postal code of the customer. Can contain alphanumeric characters and can be up to 10 characters in length. |
AccountName string (required) | Account name of the billing account. Can contain alphanumeric characters and can be up to 18 characters in length. |
SortCode string (required) | Sort code of the billing account. Can contain numeric characters only (no separators) and can be up to 6 characters in length. |
AccountNumber string (required) | Account number of the billing account. Can contain numeric characters only and must be 8 characters in length. |
- All mandatory data fields must contain data
- Empty string fields should be sent as " "
- No field should exceed its maximum length
- All API requests must adhere to their structure defined in API Request Details
JSON string entries of " or \ must be preceeded by the backslash escape (\) i.e.
"ClientReference": "\"abc\\123\"" would be stored as "abc\123"
- Identical PUT or POST calls should not be submitted concurrently; an attempt to do this could result in data duplication
Example API Request Details
Create Mandate: POST
Create mandate with payment schedule:
{ "Customer": { "MobileNumber": "07700900000", "Email": "test@test.com", "TitleInitials": "MR A", "Address": { "Line1": "123 Anystreet", "Line2": "Test", "Town": "AnyTown", "County": "test", "PostCode": "AB12 3CD" }, "SchemeCode": "TEST", "ClientReference": "121002D", "LastName": "Smith" }, "Schedules": [{ "ScheduleDate": "2016-05-29", "Amount": 16000, "Frequency": "M", "TotalPayments": 0 }], "BankAccount": { "BankDetails": { "AccountName": "Mr Account", "SortCode": "666666", "AccountNumber": "66666666" }, "Address": { "TitleInitials": "Mr", "LastName": "Account", "County": "A County", "Line1": "test line 1", "Line2": "test line 2", "Town": "My Town", "PostCode": "My Postcode" } } }
Create mandate without payment schedule:
{ "Customer": { "MobileNumber": "07700900000", "Email": "test@test.com", "TitleInitials": "MR A", "Address": { "Line1": "123 Anystreet", "Line2": "Test", "Town": "AnyTown", "County": "test", "PostCode": "AB12 3CD" }, "SchemeCode": "TEST", "ClientReference": "121002D", "LastName": "Smith" }, "BankAccount": { "BankDetails": { "AccountName": "Mr Account", "SortCode": "666666", "AccountNumber": "66666666" }, "Address": { "TitleInitials": "Mr", "LastName": "Account", "County": "A County", "Line1": "test line 1", "Line2": "test line 2", "Town": "My Town", "PostCode": "My Postcode" } } }
Create variable mandate with payment schedule:
{ "Customer": { "MobileNumber": "07700900000", "Email": "test@test.com", "TitleInitials": "MR A", "Address": { "Line1": "123 Anystreet", "Line2": "Test", "Town": "AnyTown", "County": "test", "PostCode": "AB12 3CD" }, "SchemeCode": "TEST", "ClientReference": "121002D", "LastName": "Smith" }, "Schedules": [{ "ScheduleDate": "2016-05-29", "Amount": 16000 }], "BankAccount": { "BankDetails": { "AccountName": "Mr Account", "SortCode": "666666", "AccountNumber": "66666666" }, "Address": { "TitleInitials": "Mr", "LastName": "Account", "County": "A County", "Line1": "test line 1", "Line2": "test line 2", "Town": "My Town", "PostCode": "My Postcode" } } }
Create variable mandate without payment schedule:
{ "Customer": { "MobileNumber": "07700900000", "Email": "test@test.com", "TitleInitials": "MR A", "Address": { "Line1": "123 Anystreet", "Line2": "Test", "Town": "AnyTown", "County": "test", "PostCode": "AB12 3CD" }, "SchemeCode": "TEST", "ClientReference": "121002D", "LastName": "Smith" }, "BankAccount": { "BankDetails": { "AccountName": "Mr Account", "SortCode": "666666", "AccountNumber": "66666666" }, "Address": { "TitleInitials": "Mr", "LastName": "Account", "County": "A County", "Line1": "test line 1", "Line2": "test line 2", "Town": "My Town", "PostCode": "My Postcode" } } }
Edit Mandate Details
Edit Allpay Account Holder Details: PUT
{ "Address": { "TitleInitials": "MR N", "LastName": "TEST", "Line1": "123 Any street", "Line2": "Line 2", "Town": "Any Town", "County": "", "PostCode": "AB12 3CD" } }
If only one of the above fields needs to be amended, all fields still need to be populated in the call. If any non-mandatory fields are provided with blank values in the call, these fields will be replaced with the blank values provided.
Example to change account holder name only:
{ "Address": { "TitleInitials": "MR N", "LastName": "CHANGE", "Line1": "123 Any street", "Line2": "Line 2", "Town": "Any Town", "County": "", "PostCode": "AB12 3CD" } }
Edit Bank Account Holder Details: PUT
{ "Address": { "TitleInitials": "MR N", "LastName": "TEST", "Line1": "123 Any street", "Line2": "Line 2", "Town": "Any Town", "County": "", "PostCode": "AB12 3CD" } }
The same riles for updating the allpay account holder details applies here.
Edit Email Address: PUT
{ "Email": "email.address@allpay.net" }
The edit command can be used to add or amend an existing email address
Edit Mobile Number: PUT
{ "MobileNumber": "07700900000" }
The edit command can be used to add or amend an existing mobile number.
Immediate Payment Schedule: PUT
{ "Schedules": [ { "ScheduleDate": "<YYYY-MM-DD>", "Amount": <Numeric Value>, "Frequency": "<1, W, F, 4, M, Q, 6, A>", "TotalPayments": <Numeric Value> }, { "ScheduleDate": "<YYYY-MM-DD>", "Amount": <Numeric Value>, "Frequency": "<1, W, F, 4, M, Q, 6, A>", "TotalPayments": <Numeric Value> } ]}
Immediate Renewal Payment Schedule (Suppress Notification)
{ "Schedules": [ { "ScheduleDate": "<YYYY-MM-DD>", "Amount": <Numeric Value>, "Frequency": "<1, W, F, 4, M, Q, 6, A>", "TotalPayments": <Numeric Value> }, { "ScheduleDate": "<YYYY-MM-DD>", "Amount": <Numeric Value>, "Frequency": "<1, W, F, 4, M, Q, 6, A>", "TotalPayments": <Numeric Value> } ], "SuppressNotification": 1}
Add Payment Schedule
Add Payment Schedule: POST
{ "Schedules": [ { "ScheduleDate": "<YYYY-MM-DD>", "Amount": <Numeric Value>, "Frequency": "<1, W, F, 4, M, Q, 6, A>", "TotalPayments": <Numeric Value> }, { "ScheduleDate": "<YYYY-MM-DD>", "Amount": <Numeric Value>, "Frequency": "<1, W, F, 4, M, Q, 6, A>", "TotalPayments": <Numeric Value> } ]}
Add Variable Payment Schedule: POST
{ "Schedules": [ { "ScheduleDate": "<YYYY-MM-DD>", "Amount": <Numeric Value> }, { "ScheduleDate": "<YYYY-MM-DD>", "Amount": <Numeric Value> } ]}
Add Renewal Payment Schedule: POST (Suppress Notification)
{ "Schedules": [ { "ScheduleDate": "<YYYY-MM-DD>", "Amount": <Numeric Value>, "Frequency": "<1, W, F, 4, M, Q, 6, A>", "TotalPayments": <Numeric Value> }, { "ScheduleDate": "<YYYY-MM-DD>", "Amount": <Numeric Value>, "Frequency": "<1, W, F, 4, M, Q, 6, A>", "TotalPayments": <Numeric Value> } ], "SuppressNotification": 1}
API Error Codes
Error Scenarios |
Error Mesages |
API Calls |
---|---|---|
Set scheme code to less than or greater than 4 characters in url | 400 Bad Request: Scheme code format invalid | All |
Set the authorization key for the wrong scheme code or Do not populate the authorization key | 401 Unauthorized : API key is invalid or scheme code is not enabled for API | All |
Set scheme code or client ref or surname to NULL in request URL | 404 Not Found : NULL client details in Request URL | All |
Set last name in an invalid format in url | 422 Unprocessable Entity: Last name format invalid | All |
Set client reference in an invalid format in url | 422 Unprocessable Entity: Client reference format invalid | All |
Fields not populated in body or Amount and Total payment fields contain an empty string |
400 Bad Request Bad Request - Please check the format of your body request | Create Mandate or Add Payment |
Set scheme code in request URL and/or request body to a non bureau scheme | 401 Unauthorized : Scheme must belong to a bureau client | Create Mandate |
Running an API call on a Variable Scheme that is intended for Standard Schemes | 401 Unauthorized: You are not allowed to make this call on a standard scheme | Create Mandate or Add Payment |
Running an API call on a Standard Scheme that is intended for Variable Schemes | 401 Unauthorized: You are not allowed to make this call on a variable scheme | Create Variable Mandate or Add Variable Payment |
Scheme Code missing in request body | 422 Unprocessable Entity: Both customer and URL schemes must match | Create Mandate |
Scheme code in Request URL does not match scheme code in Request Body | 422 Unprocessable Entity: Both customer and URL schemes must match | Create Mandate |
Client Ref missing in request body | 422 Unprocessable Entity: There was an error creating the account. Client reference is a required field | Create Mandate |
Client Surname missing in request body | 422 Unprocessable Entity: There was an error creating the account. Customer surname is a required field | Create Mandate |
Creating a new mandate that already exists | 422 Unprocessable Entity: This Direct Debit reference is already being used | Create Mandate |
Initial Payment Date is less than XX working days (exclusive) from system date | 422 Unprocessable Entity: Direct Debits must allow XX working days before collecting a payment | Create Mandate |
Frequency invalid or null | 422 Unprocessable Entity: One or more of the values in the request body may be in an incorrect format | Create Mandate |
Account stopped or Account doesn't exist |
422 Unprocessable Entity: Account not found | Create Mandate |
Account created without adding any bank details | 422 Unprocessable Entity: Bank details not found | Create Mandate |
Field lengths exceeded | 422 Unprocessable Entity: 'Field Name' must be less than or equal to 'field length' | Edit Mandate |
Field contains invalid symbols | 422 Unprocessable Entity: 'Field Name' contains characters which are not allowed (this may include non-visible characters such as tabs). | Edit Mandate |
Postcode contains non alpha numeric characters | 422 Unprocessable Entity: Post Code - only alphanumeric characters and spaces allowed | Edit Mandate |
Fields start with comma | 422 Unprocessable Entity: 'Field name' must not start with a comma / Post code - only alphanumeric characters and spaces allowed | Edit Mandate |
Mandatory fields missing | 422 Unprocessable Entity: 'Field name' is a required field. | Edit Mandate |
Create schedule giving less than XX working days notice | 422 Unprocessable Entity: Direct Debits must allow XX working days before collecting a payment | Add Payment |
Set the TotalPayments field to a value greater than 999 | 422 Unprocessable Entity: The total number of payments must be less than 999. Please contact your super-user to change this limit | Add Payment |
Set amount field over £20,000,000 | 422 Unprocessable Entity: BACS does not allow collection amounts to exceed £20,000,000.00.","For this Client code the amount cannot exceed £20,000,000.00 | Add Payment |
Add a payment to an account that doesn't have a live DD | 422 Unprocessable Entity: A Direct Debit Mandate was not found for this account | Add Payment |
Set frequency field to a frequency that is not setup on a scheme | 422 Unprocessable Entity: This frequency is not allowed for that client code | Add Payment |
Set TotalPayments = 1 for all frequencies other than 1 off payments | 422 Unprocessable Entity: Number of payments must be more than 0 | Add Payment |
Set TotalPayments > 1 for a 1 off payment | 422 Unprocessable Entity: When frequency is Once, number of payments must be one | Add Payment |
Add a payment where the subsequent payment falls before the initial payment | 422 Unprocessable Entity: Subsequent payments must be after the initial payment | Add Payment |
ScheduleDate field has invalid date format or ScheduleDate has Invalid date or ScheduleDate contains an empty String |
422 Unprocessable Entity: Unable to parse schedule date | Add Payment |
Frequency field in lowercase or Frequency field contains an empty string |
422 Unprocessable Entity: One or more of the values in the request body may be in an incorrect format | Add Payment |
Delete a Schedule Component where two schedules have the same first payment date and amount | 422 Unprocessable Entity: Multiple matching schedules found | Delete Schedule |
Incorrect date format - i.e. invalid symbol in date: '2016 *1-12' | 400 Bad Request: No error message - Date format invalid in request URL | Close Mandate |
Un-parsable date: i.e. '2016-13-14 | 422 Unprocessable Entity: Format validation error, is not a valid . | Close Mandate |
No live Mandate | 422 Unprocessable Entity: A Direct Debit Mandate was not found for this account | Close Mandate |