DOCUMENTATION API REFERENCE
Home
Getting started with the API
API Workflow Diagrams
Overview
Authenticating
Checking your balances
Transferring funds between balances
Making simple payments to beneficiaries
Checking foreign exchange rates
Converting funds from one currency to another
Paying a beneficiary using funds in a different currency
Inbound Funds / Collections
Sub-Account Activity (on_behalf_of)
Confirmation of Payee Outbound (UK)
SCA for API Payments
Rate Limiting
Push Notifications / Webhooks
Deprecation Policy
Maintenance Windows
Preserving Beneficiary Details
Integration FAQ
GitHub
SDK
Request a demo
Glossary
GETTING STARTED
Home
Getting started with the API
API Workflow Diagrams
INTEGRATION GUIDES
Overview
Authenticating
Checking your balances
Transferring funds between balances
Making simple payments to beneficiaries
Checking foreign exchange rates
Converting funds from one currency to another
Paying a beneficiary using funds in a different currency
Inbound Funds / Collections
Sub-Account Activity (on_behalf_of)
Confirmation of Payee Outbound (UK)
SCA for API Payments
PLATFORM SPECIFICS
Rate Limiting
Push Notifications / Webhooks
Deprecation Policy
Maintenance Windows
Preserving Beneficiary Details
Integration FAQ
USEFUL LINKS
GitHub
SDK
Request a demo
Glossary
COLLECT
Funding
Find Funding AccountsGET
Get Funding TransactionGET
Sender
Get Sender DetailsGET
Demo
Emulate inbound fundsPOST
Transaction Approval
Accept or Reject Inbound TransactionPUT
CONVERT
Conversions
Create ConversionPOST
Get ConversionGET
Find ConversionsGET
Quote Conversion CancellationGET
Cancel a ConversionPOST
Quote Conversion Date ChangeGET
Conversion Date ChangePOST
Retrieve Profit / LossGET
Split PreviewGET
Conversion SplitPOST
Conversion Split HistoryGET
Rates
Get Basic RatesGET
Get Detailed RatesGET
MANAGE
Authenticate
LoginPOST
LogoutPOST
Accounts
Create AccountPOST
Get AccountGET
Update AccountPOST
Get Authenticating AccountGET
Find AccountsPOST
Get Payment Charges SettingsGET
Manage Account Payment Charges SettingsPOST
Accept Terms of UsePOST
Balances
Get BalanceGET
Find BalancesGET
Top Up Margin BalancePOST
Contacts
Get Authenticating ContactGET
Find ContactsPOST
Get ContactGET
Update ContactPOST
Create ContactPOST
Generate HMAC Key for ContactPOST
Reference
Find Bank DetailsPOST
Get Beneficiary RequirementsGET
Get Conversion DatesGET
Get Available CurrenciesGET
Get Payer RequirementsGET
Get Payment DatesGET
Get Payment Fee RulesGET
Get Payment Purpose CodesGET
Get Settlement AccountsGET
Reporting
Generate Conversion ReportPOST
Generate Payment ReportPOST
Find Report RequestsGET
Retrieves a Report Request with the given IDGET
Transactions
Find TransactionsGET
Get TransactionGET
Withdrawal Accounts
Find Withdrawal AccountGET
Pull Funds From Withdrawal AccountPOST
PAY
Beneficiaries
Find BeneficiariesPOST
Get BeneficiaryGET
Update BeneficiaryPOST
Create BeneficiaryPOST
Delete BeneficiaryPOST
Validate BeneficiaryPOST
Verify Beneficiary AccountPOST
Payments
Create PaymentPOST
Find PaymentsGET
Get PaymentGET
Update PaymentPOST
Get Payment ConfirmationGET
Get Payment SubmissionGET
Get Payment Submission InformationGET
Authorise PaymentPOST
Delete PaymentPOST
Get Payment Tracking InformationGET
Assign Payment FeePOST
Get Payment Delivery DateGET
Get Payment FeesGET
Get Quote Payment FeeGET
Unassign Payment FeePOST
Validate PaymentPOST
Payers
Get PayerGET
Transfers
Create TransferPOST
Get TransferGET
Find TransfersGET
Cancel TransferPOST
Help CenterRegister for API key

Strong Customer Authentication for API Payments

This guide is currently only relevant to sponsored model clients servicing EU customers and treasury clients contracted with Currencycloud BV.

To make payments using our API, in-scope clients are required to apply Strong Customer Authentication (SCA). This guide outlines the changes needed to your payment workflow to accommodate the additional authentication.

Workflow diagram

collections

Step 1: Ensure that we have the correct phone numbers

When you initiate the payment process, we will send a one-time password (OTP) via SMS. You will need to provide this OTP in a subsequent request header.

Who receives the OTP depends on the circumstances:

  • If you are making your own payments, the OTP will be sent to the authenticated user's registered mobile number.

  • If you are making payments on behalf of your customers, the OTP will be sent to your customer’s registered mobile number.

  • If you are making payments on behalf of your customers and Currencycloud is responsible for onboarding your customers, you may include the optional x-sca-to-authenticated-user header (set to true). This will send the OTP to your registered mobile number instead of your customer’s.

It is essential that the registered mobile phone numbers for OTP recipients are accurate and up to date. To update contact details, please contact support through the Currencycloud Direct platform. We encourage you to raise a single ticket to update the contact details for your customers.

Step 2: Validate the Payment

Before initiating a payment, call the Validate Payment endpoint, passing the payment details.

If Currencycloud is responsible for onboarding your customers, you may include the optional x-sca-to-authenticated-user header. Setting this to true will send the OTP to the authenticated user instead of your customer.

Note: If you set the x-sca-to-authenticated-user header to true but your account is not configured for Currencycloud-led onboarding, the API request will be rejected with an error.

If the payment passes the validation and you are in-scope for SCA then a OTP will be sent via SMS and is valid for 10 minutes. The response object will contain the following headers:

Header NameDescription
x-sca-idUUID for the SCA request.  This will need to be sent when the payment is created.
x-sca-typeThe type of 2FA that was used - SMS or NONE.
x-sca-requiredIndicates whether SCA is required for the payment -true or false.

Calling the Validate Payment endpoint subsequent times will send a new OTP SMS.

Example Response:

Content-Type: application/json
x-sca-id: 123e4567-e89b-12d3-a456-426614174000
x-sca-type: SMS
x-sca-required: true
{
    "validation_result": "success"
}

Error Codes (sca_check_failed)

HTTP 400

Error CodeError MessageDescription
invalid_beneficiaryBeneficiary could not be found for given id.Beneficiary not found.
invalid_extra_x_sca_idValidate request should not include x-sca-id in header.x-sca-id header provided in request during validate process.
missing_accountAccount could not be found for given id.Account data could not be found.
amount_type_is_wrongAmount should be of numeric type.Amount in request body is not a numeric.
x-sca-to-authenticated-userCannot use x-sca-to-authenticated-user for this account.Your account cannot use the x-sca-to-authenticated-user.

HTTP 401

Error CodeError MessageDescription
internal_server_errorAuthentication failed with the supplied credentialsCouldn’t authenticate with the provided x-auth-token header.

HTTP 422

Error CodeError MessageDescription
internal_server_errorContact has invalid mobile phone numberContact has invalid mobile phone number
internal_server_errorContact doesn’t have mobile phone numberContact doesn’t have mobile phone number

HTTP 429

Error CodeError MessageDescription
internal_server_errorToo many requests for 2FA approval status.Too many SMS notification sent for same payment data.

HTTP 500

Error CodeError MessageDescription
internal_server_errorError getting beneficiary.Error while fetching the beneficiary.
internal_server_errorError validating SCA signature.Unable to generate a signature for the payment request body.
internal_server_errorError getting account.Error while trying to fetch account data.
internal_server_errorError sending 2FA token request.Unable to send SMS.

Step 3: Submit the Payment

When you are ready to make the payment, call our Create Payment endpoint, passing the payment details and the following additional header parameters:

Header NameDescription
x-sca-idThe UUID returned by the Validate Payment request (step 2 above).
x-sca-tokenThe OTP received following the Validate Payment request.

If the OTP is successfully validated, then the payment will be processed.

Error Codes (sca_check_failed)

HTTP 400

Error CodeError MessageDescription
invalid_beneficiaryBeneficiary could not be found for given id.Beneficiary not found.
missing_x_sca_tokenSCA required but no token included in request.x-sca-token header expected but none provided.
invalid_request_bodyInvalid request body for given x-sca-id.Request body doesn’t match the one provided for validate request.
invalid_x_sca_idInvalid x_sca_id.Provided x-sca-id cannot be found in the database.
x-account-identifierAccount could not be found for given id.Account data couldn’t be found.
missing_beneficiaryBeneficiary was not defined in the request.Missing beneficiary id in request body.
missing_amountAmount was not defined.Missing amount in request body.
missing_currencyCurrency was not defined.Missing currency in request body.
mmount_type_is_wrongAmount should be of numeric type.Amount in request body is not of numeric type.

HTTP 401

Error CodeError MessageDescription
sca_requiredPayment denied. Strong Customer Authentication required.x-sca-id header not provided when SCA is needed.
x-sca-tokenInvalid x-sca-token.This occurs in these circumstances:
• the SMS token was not valid
• the 2FA validation was attempted incorrectly more than 5 times
• the SCA attempt was already used to create a payment.
internal_server_errorx-sca-token has expired.Occurs when the 2FA attempt has expired – 10 minutes for SMS and 5 minutes for push notification.
internal_server_errorAuthentication failed.Couldn't authenticate with provided x-auth-token header.

HTTP 429

Error CodeError MessageDescription
internal_server_errorToo many requests for 2FA approval status.Too many attempts to validate SMS token.

HTTP 500

Error CodeError MessageDescription
internal_server_errorError getting beneficiary.Error while fetching the beneficiary.
internal_server_errorInvalid 2FA Type.Error while saving data during the validate process.
internal_server_errorError validating SCA signature.Problem generating signature for payment request body.
internal_server_errorError getting contact.Problem fetching contact data with provided x-auth-token.
internal_server_errorError getting account.Error while fetching account data.
internal_server_errorAn error occurred retrieving 2FA approval status.Couldn’t validate SMS token.
Workflow diagramStep 1: Ensure that we have the correct phone numbersStep 2: Validate the PaymentStep 3: Submit the Payment