NAV Navbar
shell

Introduction

The Ebury API helps you fund and manage your international business by making trading and payments easy to integrate into your applications; you choose to how and where to deploy your application, and we provide the means to integrate foreign exchange functionality in them directly. The API is modular, with the following core areas of functionality:

In terms of style, the API is a "pragmatic" REST + JSON API with a design approach aimed at simplicity and ease of use. A few notes:

Getting Started

The Ebury API has been designed for ease of use, but there are a number of things that need to happen or you need to know before you can start developing against it.

Onboarding

In order to use the API your company needs to be one of the following:

Credentials

With an active Ebury Online account you need a few details to call the API:

Environments

The following is a list of environments available when developing against or using our API:

Environment Endpoints
URL Purpose
https://sandbox.ebury.io Sandbox API endpoint
https://auth-sandbox.ebury.io Sandbox authentication endpoint
https://api.ebury.io Production API endpoint
https://auth.ebury.io Production authentication endpoint

API Description

Whilst each subject area is documented below they are also supported by an individual Swagger specification document. Please use the links below to download:

Rate limiting

Rate limiting of the Ebury API is primarily on a per-client basis — or more accurately described, per user API key. If you receive a response with a status code of 429 Too Many Requests, it means that you have been rate limited for sending too many requests, and should wait before sending further requests.

Error Handling

The Ebury API tries to honour HTTP return codes relevant to error that's being conveyed. However, 4xx HTTP return codes are also used as a "blanket" with more information to be found (in general) in the response body e.g., a 409 will indicate an issue with the data sent that can be rectified: you should consult this message to help you take corrective action.

HTTP Response Codes
Response code Meaning
200 OK Request completed successfully. See individual endpoints for details of response content.
201 Created Request completed successfully, and a resource was created. See individual endpoints for details of response content.
202 Accepted Request completed successfully, but not completely processed. See individual endpoints for details of response content.
400 Bad Request The request could not be processed due to some error e.g., formatting, parameter or schema validation. See error message for details of response content.
401 Unauthorized Access denied due to authentication failure
403 Forbidden Could not complete action due to data constraints. See error message for details of response content.
404 Not Found The requested resource could not be found. See individual endpoints for details of how to identify resources.
409 Conflict Request could not be completed. See error message for details of response content.
429 Too Many Requests You have exceeded the rate limit for API key. See rate limiting for details.
502 Bad Gateway Internal error. See error message for details of response content.
503 Service Unavailable Internal error. See error message for details of response content.
504 Gateway Timeout Internal timeout. See error message for details of response content.

Error Message

{
    "code": "string",
    "message": "string",
    "details": "string"
}

Error messages are presented as JSON objects.

Error Message Fields
Field Description
code A short code for the error
message The error message
details Error details

Authentication

The Ebury authentication scheme is based on OpenID Connect 1.0, which builds on OAuth 2.0 to make it easier to verify the identity of end users. We've chosen OpenID Connect as we believe it offers our consumers a good mix of security and flexibility and implemented that Authorization Code flow for OpenID Connect: The steps required to complete this flow are detailed in the following sections.

The diagram below shows an overview of the process when Second Factor Authentication (2FA) is disabled:

OpenID flow overview

When 2FA in enabled the process is slightly different as can be seen on the following diagram:

OpenID flow overview

Acquire an access token

Acquiring an access token is a three-step process:

  1. Redirect the user to Ebury to authorise your app
  2. The user authenticates with Ebury
  3. If 2FA is enabled, the user puts the verification code on the 2FA screen
  4. Ebury redirects the user back to your app with an authorization code
  5. Exchange the authorization code for an access token

Redirect the user to Ebury

"https://auth.ebury.io/authenticate?
    scope=openid&
    response_type=code&
    client_id=$client_id&
    state=$state&
    redirect_uri=$redirect_uri"

To start the authentication process a request needs to be made in a browser to our authorization server to identify the application attempting to access the user's profile. This may be implemented in a mobile or web application but the access tokens can be used for server-based applications as well.

Query Parameters
Parameter Description
client_id
Required
Your API key
scope
Required
Must be openid; no other values are supported
response_type
Required
Must be code
state
Required
A random, per request value used to maintain state between request and callbacks and protect against cross-site request forgery attacks
redirect_uri
Required
The redirect URL that is registered for your application, this must match the value we hold

User Authentication

If all parameters are successfully validated the Authorization Server will present an Ebury login screen. The user will be required to enter their Ebury Online email address and password, as shown below.

Login Screen

Ebury redirects back to your app

HTTP/1.1 302 Found
Location: https://your.redirect.url/?code=$authorization_code&state=$state_token

Once the credentials have been successfully entered, one of two things can happen:

Second Factor Authentication

If the user has 2FA enabled, it will be redirected to the 2FA screen and will be issued a 2FA code (SMS/TOTP are supported for now). The user will be required to enter this code, as shown below:

2FA Screen

If the verification code was entered correctly then the authentication process is completed (Authentication completed)

Authentication completed

After the authentication process is completed, the user will be redirected to the redirect_uri registered for the application. The following querystring parameters will be included:

Response Parameters
Parameter Description
code A code that allows your application to call the Token Endpoint to complete the OpenID flow
state Value passed from your application in the original authorization request

Exchange the authorization code

curl -X POST \
-H "Content-Type: application/x-www-form-urlencoded" \
-H "Authorization: Basic bGV0c3ByZXRlbnQ6aXNhdGFuZW5kCg==" \
https://auth.ebury.io/token \
--data 'grant_type=authorization_code&code=$code&redirect_uri=$redirect_uri'

Response

{
  "token_type": "Bearer",
  "access_token": "XKtOK3hNzKpLkaom3J2MEPyKm7f7jZ",
  "refresh_token": "2E9KVBXgVzQSPTvoHjJB1Eu2eBjzup",
  "expires_in": 3600,
  "id_token": "eyJhbGciOiAiSFMyNTYifQ==.ewogICJhdWQiOiAiWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFgiLAogICJzdWIiOiAiWFhYWFhYWFhYWFgiLAogICJpc3MiOiAiaHR0cHM6Ly9hdXRoLmVidXJ5LmlvIiwKICAiaWF0IjogIjE0NjQyNjY2MzkiLAogICJjbGllbnRzIjogWwogICAgIlhYWFhYWFhYWFhYIgogIF0sCiAgImV4cCI6ICIxNDY0MzUzMDM5Igp9Cg==.bkieHxES1spJnVmDmhganElaP6LZfikKXZ8uphVQwUo"
}

The final step is for your application to exchange the authorisation code for an access token that will provide access to the API. This must happen within 10 minutes of receiving your authorisation code. The following parameters are passed to the token endpoint

Query Parameters
Parameter Description
grant_type
Required
Must be set to authorization_code
code
Required
Value returned by authorization endpoint
redirect_uri
Required
The redirect URL that is registered for your application, this must match the value we hold

If the all parameters are correct a response will be returned containing the following:

Response Fields
Field Description
token_type The Authorization header scheme to use when making requests, will be Bearer
access_token An OAuth access token that can be used to call the API
refresh_token An OAuth refresh token that can be used to get a new access token when when the last expires
expires_in Expiry period in seconds from time token returned, currently returns 3600 (1 hour)
id_token A signed, base 64 encoded JSON Web Token that provides verification of the identity that authorized the request. The token includes the client identifier, which is a required parameter on the majority of API calls.

Decoded JSON Web Token (without signature)

{
  "alg": "HS256"
}
{
  "aud": "XXXXXXXXXXXXXXXXXXXXXXXXXX",
  "sub": "XXXXXXXXXXX",
  "iss": "https://auth.ebury.io",
  "iat": "1464266639",
  "clients": [{
      "client_id": "XXXXXXXXXXX",
      "client_name": "Example client name"
  }],
  "exp": "1464353039"
}

Sample code for extracting data from the JSON Web Token

var jsonData = JSON.parse(responseBody);

token = jsonData["access_token"];
postman.setEnvironmentVariable("token", token);

idtoken = parseJwt(jsonData["id_token"]);
postman.setEnvironmentVariable("contact_id", idtoken["sub"]);

clients = idtoken["clients"];
postman.setEnvironmentVariable("client_id", clients[0].client_id);

/*function to decode JSON web token*/
function parseJwt(token) {
  var base64Url = token.split(".")[1];
  var base64 = base64Url.replace("-", "+").replace("_", "/");
  return JSON.parse(atob(base64));
}

By decoding this token we can get the values for X-Contact-ID and client_id needed for future requests.

The X-Contact-ID, used is header of all requests, is retrieved from the sub element.

An array of client_id and client_name lists the potential clients that the contact can act on behalf of. The majority of customers will only have one client identifier, but some may have multiple client accounts and thus multiple identifiers that the contact can act on

The client_id is required in query params of requests post authentication in order to identify the client to which the request is on behalf of. Your application may have to allow a contact to select the correct client_id to use.

Refreshing access

curl -X POST \
-H "Content-Type: application/x-www-form-urlencoded" \
-H "Authorization: Basic $access_token" \
https://auth.ebury.io/token \
--data 'grant_type=refresh_token&refresh_token=$refresh_token&scope=openid'

Your access token will expire according to the value set in the Exchange the authorisation code response, but you can get a new access token by using your refresh token. Our OpenID Provider conforms to the refresh token mechanism described here.

Request Fields
Field Description
grant_type
Required
Should be refresh_token
refresh_token
Required
One of the last 10 refresh tokens, issued within the last month
scope
Required
Should be openid

If successful, the response will contain the same data as the original access token response.

Authenticating requests

GET /example-endpoint HTTP/1.1
x-api-key: your-api-key
Authorization: Bearer your-access-token
X-Contact-ID: your-contact-id

All requests must be authenticated with both your API key and an access token. We also require all request bodies are sent with the correct Content-Type of applciation/json.

Almost all requests also require an Ebury user identifier, set in the X-Contact-Id header.

Request Headers
Header Description
Authorization
Required
Your access token, prefixed with the Bearer scheme
Content-Type
Required
application/json
x-api-key
Required
Your API key
X-Contact-Id
Required
Identifier for an Ebury user

Example Workflow

If you follow the Authentication guidelines you'll have implemented the means to access the API. The following sections describe how to secure a trade, add a beneficiary and make a payment. For more detail on each of these activities please see the relevant sections.

Get a Quote

curl -X POST \
"https://api.ebury.io/quotes?quote_type=quote&client_id=$client_id" \
-H "x-api-key: $api_key" \
-H "Authorization: Bearer $access_token" \
-H "X-Contact-ID: $contact_id" \
-H "Content-Type: application/json" \
-d '{
        "trade_type": "spot",
        "buy_currency": "EUR",
        "amount": 1500.0,
        "operation": "buy",
        "sell_currency": "GBP",
        "value_date": "2016-09-20"
}'

Response

HTTP/1.1 201 Created
Content-Type: application/json

{
  "book_trade": "/trades?client_id=TAICLI00003&quote_id=9ff9aee7a6d5f5e1b797165ffe580d74",
  "buy_amount": 1500.0,
  "buy_currency": "EUR",
  "inverse_rate": 0.910995,
  "inverse_rate_symbol": "GBPEUR",
  "quote_id": "9ff9aee7a6d5f5e1b797165ffe580d74",
  "quoted_rate": 1.097701,
  "quoted_rate_symbol": "EURGBP",
  "sell_amount": 1366.49,
  "sell_currency": "GBP",
  "value_date": "2016-10-27"
}

To execute a trade, you need call the Quotes endpoint and get a quote. As already discussed in Getting Started to get a quote you need the following:

The response contains a quote_id and a URL that you can use to book the trade. For more details on the Quotes API please refer to the Getting Quotes section.

Client Identifier

The client identifier is an entity Ebury uses to different between different accounts in our data model. The majority of customers will only have one client identifier, but some may have multiple accounts and thus multiple identifiers.

Book a Trade

curl -X POST \
"https://api.ebury.io/trades?quote_id=$quote_id&client_id=$client_id" \
-H "x-api-key: $api_key" \
-H "Authorization: Bearer $access_token" \
-H "X-Contact-ID: $contact_id" \
-H "Content-Type: application/json" \
-d '{
        "reason": "Travel costs",
        "trade_type": "spot"
}'

Response

HTTP/1.1 201 Created
Content-Type: application/json

{
  "bank_account": {
    "account_number": "99999999",
    "iban": "GB99TEST999999999999",
    "swift_code": "TESTGB99",
    "bank_identifier": "999999",
    "bank_identifier_type": "GBP Sort Code",
    "bank_name": "Name of the Bank",
    "bank_address_line_1": "123 Sesame Street",
    "bank_address_line_2": "Apartment 01-02",
    "bank_city": "London",
    "bank_post_code": "SW1W9QB"
  },
  "trade_id": "EBPOTR432737",
  "maturiy_date": "2016-10-29T15:30:00.52Z"
}

With the quote identifier you can now book a trade to fund payment, calling the trades endpoint. Due to anti-money laundering a reason for making the trade needs to be specified; the API allows this to be a freeform value at the time of writing but future versions may introduce validation of the reason submitted.

The response contains a trade_id you can now book payments for known beneficiaries. For more details on the Trades API please refer to the Making Trades section.

Add a Beneficiary

curl -X POST \
"https://api.ebury.io/beneficiaries?client_id=$client_id" \
-H "x-api-key: $api_key" \
-H "Authorization: Bearer $access_token" \
-H "X-Contact-ID: $contact_id" \
-H "Content-Type: application/json" \
-d '{
  "name": "John Doe",
  "email_notification": true,
  "address_line_1": "123 Sesame Street",
  "post_code": "456",
  "country_code": "GB",
  "bank_country_code": "GB",
  "bank_currency_code": "GBP",
  "account_number": "99999998",
  "swift_code": "TESTGBGB999",
  "iban": "TESTGBGB9999999999",
}'

Response

HTTP/1.1 201 Created
Content-Type: application/json

{
  "active": "True",
  "address_line_1": null,
  "aml_status": "Not Checked",
  "bank_accounts": [
    {
      "account_id": 9999,
      "account_number": "99999998",
      "bank_address_line_1": null,
      "bank_country_code": "GB",
      "bank_currency_code": "GBP",
      "bank_identifier": null,
      "bank_name": null,
      "correspondent_account": null,
      "correspondent_swift_code": null,
      "iban": "TESTGBGB9999999999",
      "swift_code": "TESTGBGB999"
    }
  ],
  "beneficiary_id": "EBPBEN999999",
  "country_code": "GB",
  "created": "2016-10-25",
  "email_addresses": [],
  "email_notification": true,
  "name": "John Doe",
  "post_code": null
}

With the trade booked you can create a beneficiary who will be the recipient of part or all of the trade (of course you only need to create a beneficiary once, they are stored and can be reused later).

A beneficiary ID and account ID are returned that you can use to make a payment. For more details on the Beneficiaries API please refer to the Managing Beneficiaries section.

Make a Payment

curl -X POST \
"https://api.ebury.io/payments?client_id=$client_id" \
-H "x-api-key: $api_key" \
-H "Authorization: Bearer $access_token" \
-H "X-Contact-ID: $contact_id" \
-H "Content-Type: application/json" \
-d '{
    "trade_id": "EBPOTR999999",
    "async": false,
    "payments":[
        {
            "beneficiary_id": "EBPBEN999999",
            "account_id": "99999",
            "amount": 10.50,
            "payment_date": "2016-10-30",
            "reference": "2016-10-29",
            "email_beneficiary": true
        }
    ]
}'

Response

HTTP/1.1 201 Created
Content-Type: application/json

[
  {
    "payment_id": "PI999999",
    "payment_instruction": "/documents?type=pi&id=PI999999&client_id=TAICLI00003",
    "payment_receipt": "Not available",
    "status": "Validating beneficiary information"
  }
]

Everything is now in place to book on or more payments, using the trade_id and beneficiary and account IDs returned from the create beneficiary step.

A payment_id will be returned together with links to download the payment instruction and receipt documents when available; if you are set-up to to pay immediately the payment will be made when:

If the payment requires authorisation an additional PATCH method will be required; refer to the notes in the Making Payments section for details.

Getting Quotes

Get an estimate or firm quote:

Get an estimate or firm quote

POST /quotes?client_id=$client_id&quote_type=$quote_type HTTP/1.1
x-api-key: string
Authorization: string
X-Contact-ID: string
Content-Type: application/json

{
    "trade_type": "string",
    "sell_currency": "string",
    "buy_currency": "string",
    "amount": "number",
    "operation": "string",
    "value_date": "string"
}

Obtain either an estimate or firm quote; estimates are for reference only, while a firm quote can be used to book a trade.

Query Parameters
Parameter Description
quote_type
Required
The type of quote you are requesting. Acceptable values:
  • estimate (for reference only)
  • quote (to book a trade against)
client_id
Required
The client identifier you are requesting this quote for
Request Body
Field Description
trade_type
Required
The type of trade you require a quote for. Acceptable values:
  • spot
  • forward
sell_currency
Required
Sell currency
buy_currency
Required
Buy currency
amount
Required
Amount in double format
operation
Required
The operation you want to perform. Acceptable values:
  • buy
  • sell
value_date The date you want the quote. If the value date is not provided or is invalid then the quote will be returned for next available value date.

Estimate Quote Response

HTTP/1.1 200 OK
Content-Type: application/json

{
    "estimated_rate": "number",
    "estimated_rate_symbol": "string",
    "inverse_rate": "number",
    "inverse_rate_symbol": "string",
    "fee_amount": "number",
    "fee_currency": "string",
    "value_date": "string",
    "warning": "string"
}

Quote requests with a quote_type of estimate will return a 200 OK response with the following response body.

Fields
Field Description
estimated_rate
Always
The estimated rate
estimated_rate_symbol
Always
The symbol of estimated rate
inverse_rate
Always
Inverse rate
inverse_rate_symbol
Always
The symbol of inverse rate
fee_amount
Always
Fee amount
fee_currency
Always
Fee currency
value_date
Always
Date on which quote is requested
warning A warning is only returned if the requested value date was not valid and the next available date has been returned.

Firm Quote Response

HTTP/1.1 201 Created
Content-Type: application/json

{
    "quote_id": "string",
    "sell_currency": "string",
    "sell_amount": "number",
    "buy_currency": "string",
    "buy_amount": "number",
    "quoted_rate": "number",
    "quoted_rate_symbol": "string",
    "inverse_rate": "number",
    "inverse_rate_symbol": "string",
    "value_date": "string",
    "book_trade": "string",
    "warning": "string"
}

Quote requests with a quote_type of quote will return a 201 Created response with the following response body.

Fields
Field Description
quote_id
Always
Quote identifier. Used to create book a trade at the Trades endpoint
sell_currency
Always
Sell currency
sell_amount
Always
Sell amount
buy_currency
Always
Buy currency
buy_amount
Always
Buy amount
quoted_rate
Always
The rate quoted
quoted_rate_symbol
Always
The symbol of rate quoted
inverse_rate
Always
The inverse rate
inverse_rate_symbol
Always
The symbol of inverse rate
value_date
Always
Date on which trade active
book_trade Call this endpoint to book the trade (refer to Trades documentation for required payload)
warning A warning is only returned if the requested value date was not valid and the next available date has been returned.

Making Trades

Create a Trade

POST /trades?client_id=$client_id&quote_id=$quote_id HTTP/1.1
x-api-key: string
Authorization: string
X-Contact-ID: string
Content-Type: application/json

{
    "reference": "string",
    "reason": "string"
}

Initiate a new trade.

Query Parameters
Parameter Description
quote_id
Required
The identifier of the quote, obtained from making a firm quote
client_id
Required
The ID of the client

Request Body

Fields
Name Description
reason
Required
Reason for trade.
See ReasonForTradeValues for acceptable values.
reference Reference for the trade.

Response

HTTP/1.1 201 Created
Content-Type: application/json

{
    "trade_id": "string",
    "bank_account": {
        "account_number": "string",
        "iban": "string",
        "swift_code": "string",
        "bank_identifier": "string",
        "bank_identifier_type": "string",
        "bank_name": "string",
        "bank_address_line_1": "string",
        "bank_address_line_2": "string",
        "bank_city": "string",
        "bank_post_code": "string"
    },
    "maturity_date": "string",
    "initial_margin_amount": "number",
    "initial_margin_due_date": "string"
}

A successfully created trade will return a 201 Created response with the following response body.

Fields
Name Description
trade_id
Required
Trade identifier
bank_account
Required
An existing bank account
maturity_date
Required
Date on or before which funds must be received by Ebury. Date and time are in UTC.
initial_margin_amount Only for forwards. Trade's deposit amount
initial_margin_due_date Only for forwards. Date on or before which deposit must be received by Ebury. Date and time are in UTC.

Get all trades

GET /trades?client_id=$client_id HTTP/1.1
x-api-key: string
Authorization: string
X-Contact-ID: string

Get all the trades for a given client ID

Query Parameters
Parameter Description
client_id
Required
The ID of the client
trade_type Filter the response to include only trades with a matching type, which are specified by an array[string]
Acceptable values:
  • spot
  • forward
  • window_forward
  • drawdown
  • ndf
page The desired page number for pagination. By default is 1.
page_size The number of items per page for pagination. By default is 50.

Response

HTTP/1.1 200 OK
Content-Type: application/json

[
    {
        "trade_id": "string",
        "trade_type": "string",
        "status": "string",
        "buy_currency": "string",
        "buy_amount": "number",
        "sell_currency": "string",
        "sell_amount": "number",
        "rate": "number",
        "rate_symbol": "string",
        "order_date": "string",
        "maturity_date": "string",
        "beneficiaries": [
            "string"
        ],
        "fee_currency": "string",
        "fee_amount": "number",
        "synthetic": "boolean",
        "trade_receipt": "string",
        "reference": "string"
    }
]

A successful request will return a 200 OK response with the response body containing a list of trade objects presented with the BookedTrade model.

Get a trade

GET /trades/$trade_id?client_id=$client_id HTTP/1.1
x-api-key: string
Authorization: string
X-Contact-ID: string

Get a trade with a specific trade_id, the response type depends on the value of the response_model field.

Query Parameters
Parameter Description
trade_id
Required
Trade identifier
client_id
Required
The ID of the client
response_model The type of the data model returned.
Acceptable values:
  • BookedTrade
  • ExtendedBookedTrade (default)

Response

HTTP/1.1 200 OK
Content-Type: application/json

{
    "trade_id": "string",
    "trade_type": "string",
    "status": "string",
    "buy_currency": "string",
    "buy_amount": "number",
    "sell_currency": "string",
    "sell_amount": "number",
    "rate": "number",
    "rate_symbol": "string",
    "order_date": "string",
    "maturity_date": "string",
    "beneficiaries": [
        "string"
    ],
    "fee_currency": "string",
    "fee_amount": "number",
    "trade_receipt": "string",
    "reference": "string",
    "payments": [
        {
            "payment_id": "string",
            "amount": "number",
            "beneficiary_name": "string",
            "payment_instruction": "string",
            "payment_receipt": "string",
            "status": "string",
            "url": "string"
        }
    ]
}

A successful request will return a 200 OK response with the requested trade object in response body. The presentation of the object will vary according to the response_model query parameter, which defaults to ExtendedBookedTrade.

The example is of an ExtendedBookedTrade.

Response Models
Value Model
BookedTrade BookedTrade
ExtendedBookedTrade ExtendedBookedTrade

Trade Models

These models are returned by the get all trades and get a trade endpoints.

BookedTrade

{
    "trade_id": "string",
    "trade_type": "string",
    "status": "string",
    "buy_currency": "string",
    "buy_amount": "number",
    "sell_currency": "string",
    "sell_amount": "number",
    "rate": "number",
    "rate_symbol": "string",
    "order_date": "string",
    "maturity_date": "string",
    "beneficiaries": [
        "string"
    ],
    "fee_currency": "string",
    "fee_amount": "number",
    "synthetic": "boolean",
    "trade_receipt": "string",
    "reference": "string"
}

This model is a representation of a booked trade.

Fields
Name Description
trade_id
Always
Trade identifier
trade_type
Always
Trade type
status
Always
Status of the trade
buy_currency
Always
Buy currency code
buy_amount
Always
Buy amount
sell_currency
Always
Sell currency code
sell_amount
Always
Sell amount
rate
Always
Booked rate
rate_symbol
Always
The symbol of booked rate
order_date
Always
Order date
maturity_date
Always
Maturity date
beneficiaries
Always
List of beneficiary names
fee_currency
Always
Fee currency
fee_amount
Always
Fee amount
synthetic
Always
Identifies as a synthetic future contracts
trade_receipt The URL to get the trade receipt
reference Additional trade reference e.g., invoice number

ExtendedBookedTrade

{
    "trade_id": "string",
    "trade_type": "string",
    "status": "string",
    "buy_currency": "string",
    "buy_amount": "number",
    "sell_currency": "string",
    "sell_amount": "number",
    "rate": "number",
    "rate_symbol": "string",
    "order_date": "string",
    "maturity_date": "string",
    "beneficiaries": [
        "string"
    ],
    "fee_currency": "string",
    "fee_amount": "number",
    "synthetic": "boolean",
    "trade_receipt": "string",
    "reference": "string"
    "payments": [
        {
            "payment_id": "string",
            "amount": "number",
            "beneficiary_name": "string",
            "payment_instruction": "string",
            "payment_receipt": "string",
            "status": "string",
            "url": "string"
        }
    ]
}

This model is an extended representation of a booked trade, and includes payment information.

Fields
Name Description
trade_id
Always
Trade identifier
trade_type
Always
Trade type
status
Always
Status of the trade
buy_currency
Always
Buy currency code
buy_amount
Always
Buy amount
sell_currency
Always
Sell currency code
sell_amount
Always
Sell amount
rate
Always
Booked rate
rate_symbol
Always
The symbol of booked rate
order_date
Always
Order date
maturity_date
Always
Maturity date
beneficiaries
Always
List of beneficiary names
fee_currency
Always
Fee currency
fee_amount
Always
Fee amount
synthetic
Always
Identifies as synthetic future contracts
trade_receipt The URL to get the trade receipt
reference Additional trade reference e.g., invoice number
payments List of payments made on trade

TradeStatus

This is an enumeration of the status of a trade, and can be found in both the BookedTrade and ExtendedBookedTrade models.

Values
Value Description
Created Trade has been created
Funds In Partially The trade has been partially funded
Funds in Full The trade has been fully funded
Funds Out Partially Allocated The proceeds of the trade have been only partially allocated to payments out
Funds Out Full Allocated The proceeds of the trade have been fully allocated to payments out
Closed The proceeds of the trade have been fully paid out and the trade is closed
Cancelled The trade has been cancelled

ReasonForTradeValues

This is list of acceptable values for the reason field when creating a trade.

Values
Value Description
charitable_aid Charitable Aid
payment_for_goods Payment for identifiable goods
capital_investment Direct capital investment in an enterprise
payment_for_services Payment for identifiable services
repatriation_of_goods Repatriation of sale of identifiable goods
repatriation_of_services Repatriation of sale of identifiable services
property_purchase Property purchase
mortage_repayment Mortage repayment
property_rental_or_maintenance Property rental/maintenance
salary_payroll Salary/Payroll
travel_costs Travel costs
living_costs Living costs
repayment_of_loan Repayment of a loan
balance_hedging Balance sheet hedging
repatriation_from_investment Repatriation of revenues from investments
portfolio_netting Portfolio netting
not_related_to_goods_or_services Other not related to identifiable goods or services (only Spot type)
other Other

Getting Metadata

The Metadata API provides two sources of information that help consumers our APIs:

Get beneficiary metadata

GET /metadata/beneficiary HTTP/1.1
x-api-key: string
Authorization: string

Describes the fields required to provision a valid beneficiary for a given country/currency combination:

Response

HTTP/1.1 200 OK
Content-Type: application/json

[
    {
        "country": "string",
        "currencies": [
            {
                "currency": "string",
                "mandatory": [
                    [
                        "string"
                    ]
                ],
                "optional_data": [
                    "string"
                ]
            }
        ],
        "reason_required": "boolean"
    }
]

A successful request will return a 200 OK response with a response body consisting of a list of the following objects.

Fields
Name Description
country Two-letter country identifier
currencies List of currency objects; will contain at least one default object
currencies.currency Currency symbol
currencies.mandatory List of mandatory field combinations; combinations are presented as lists
currencies.optional List of optional fields
reason_required boolean flag

Get currency metadata

GET /metadata/currency HTTP/1.1
x-api-key: string
Authorization: string

Describe a currency

Query Parameters
Parameter Description
data_only Exclude reason_required flag from response; Defaults to false

Response

HTTP/1.1 200 OK
Content-Type: application/json

[
    {
        "currency": "string",
        "buy": {
            "cutoff_days": "integer",
            "cutoff_time": "string"
        },
        "reason_required": "boolean",
        "sell": {
            "cutoff_days": "integer",
            "cutoff_time": "string"
        },
        "invalid_value_dates": {
            "YYYY-MM-DD": "string"
        }
    }
]

A successful request will return a 200 OK response with a response body consisting of a list of the following objects.

Fields
Name Description
buy Information of this currency if it is used as "buy" currency
buy.cutoff_days Cutoff days of the currency
buy.cutoff_time Cutoff time for the currency in GMT/UTC
currency Currency symbol
invalid_value_dates Invalid trading dates and their reasons
invalid_value_dates.YYYY-MM-DD Invalid trading date; the value of this key is the reason the date is invalid
reason_required Show if reason required for this currency is mandatory
sell Information of this currency if it is used as "sell" currency
sell.cutoff_days Cutoff days of the currency
sell.cutoff_time Cutoff time for the currency in GMT/UTC

Managing Beneficiaries

Create a new beneficiary

POST /beneficiaries?client_id=$client_id HTTP/1.1
x-api-key: string
Authorization: string
X-Contact-ID: string
Content-Type: application/json

{
  "name": "string",
  "email_addresses": [
    "string"
  ],
  "email_notification": "boolean",
  "address_line_1": "string",
  "post_code": "string",
  "country_code": "string",
  "account_number": "string",
  "bank_address_line_1": "string",
  "bank_country_code": "string",
  "bank_currency_code": "string",
  "bank_identifier": "string",
  "bank_name": "string",
  "correspondent_account": "string",
  "correspondent_swift_code": "string",
  "iban": "string",
  "inn": "string",
  "kbk": "string",
  "kio": "string",
  "kpp": "string",
  "purpose_of_payment": "string",
  "reason_for_trade": "string",
  "reference_information": "string",
  "beneficiary_reference": "string",
  "russian_central_bank_account": "string",
  "swift_code": "string",
  "vo": "string"
}

Create a new client beneficiary. Beneficiary will require verification before payments can be made

Query Parameters
Parameter Description
client_id
Required
The ID of the client

Request Body

Fields
Name Description
name
Required
The name of the beneficiary
email_addresses List of email addresses
email_notification
Required
Whether the beneficiary should receive email notification of payments
address_line_1 The first address line of the beneficiary
post_code The post code of the beneficiary
country_code
Required
The ISO 3166-1 alpha-2 code of the beneficiary's country
account_number The account number of the bank account
bank_address_line_1 The first address line of the bank
bank_country_code
Required
The ISO 3166-1 alpha-2 code of the bank's country
bank_currency_code
Required
The ISO 4217 code of the bank account's currency
bank_identifier The identifier of the bank
bank_name Name of the bank account holder
correspondent_account The account for the correspondant account of the bank
correspondent_swift_code The SWIFT code for the correspondant account of the bank
iban The IBAN of the bank account
inn Unique Taxpayer Personal Identification Number for legal entities registered in Russia.
kbk The KBK of the bank account
kio Tax ID for foreign legal entities in Russia.
kpp The KPP of the bank account
purpose_of_payment The purpose of payment. Required for CNY currency.
See PurposeOfPayment for acceptable values.
reason_for_trade The reason for trade of the bank account
reference_information Reference for the bank account.
beneficiary_reference Reference for the beneficiary.
russian_central_bank_account 20-digit code for Russian banks.
swift_code The SWIFT code of the bank account
vo Code of currency transaction established by the Central Bank of Russia to describe the purpose of the payment.

Response

HTTP/1.1 201 Created
Content-Type: application/json

{
  "name": "string",
  "email_addresses": [
    "string"
  ],
  "email_notification": "boolean",
  "address_line_1": "string",
  "post_code": "string",
  "country_code": "string",
  "bank_accounts": [
    {
      "account_number": "string",
      "bank_address_line_1": "string",
      "bank_country_code": "string",
      "bank_currency_code": "string",
      "bank_identifier": "string",
      "bank_identifier_type": "string",
      "bank_name": "string",
      "correspondent_account": "string",
      "correspondent_swift_code": "string",
      "iban": "string",
      "inn": "string",
      "kbk": "string",
      "kio": "string",
      "kpp": "string",
      "reason_for_trade": "string",
      "reference_information": "string",
      "russian_central_bank_account": "string",
      "swift_code": "string",
      "vo": "string",
      "account_id": "integer"
    }
  ],
  "beneficiary_id": "string",
  "created": "string",
  "aml_status": "string",
  "active": "string",
  "beneficiary_reference": "string",
}

A successful request will return a 201 Created response with the response body containing a Beneficiary object.

Get beneficiaries

GET /beneficiaries?client_id=$client_id HTTP/1.1
x-api-key: string
Authorization: string
X-Contact-ID: string

Get all beneficiaries for a given client

Query Parameters
Parameter Description
client_id
Required
The ID of the client
page The desired page number for pagination. By default is 1.
page_size The number of items per page for pagination. By default is 50.

Response

HTTP/1.1 200 OK
Content-Type: application/json

[
  {
    "name": "string",
    "email_addresses": [
      "string"
    ],
    "email_notification": "boolean",
    "address_line_1": "string",
    "post_code": "string",
    "country_code": "string",
    "bank_accounts": [
      {
        "account_number": "string",
        "bank_address_line_1": "string",
        "bank_country_code": "string",
        "bank_currency_code": "string",
        "bank_identifier": "string",
        "bank_identifier_type": "string",
        "bank_name": "string",
        "correspondent_account": "string",
        "correspondent_swift_code": "string",
        "iban": "string",
        "inn": "string",
        "kbk": "string",
        "kio": "string",
        "kpp": "string",
        "purpose_of_payment": "string",
        "reason_for_trade": "string",
        "reference_information": "string",
        "russian_central_bank_account": "string",
        "swift_code": "string",
        "vo": "string",
        "account_id": "integer"
      }
    ],
    "beneficiary_id": "string",
    "created": "string",
    "aml_status": "string",
    "active": "string",
    "beneficiary_reference": "string",
  }
]

A successful request will return a 200 OK response with the response body containing a list of Beneficiary objects.

Get a single beneficiary

GET /beneficiaries/$beneficiary_id?client_id=$client_id HTTP/1.1
x-api-key: string
Authorization: string
X-Contact-ID: string

Get a single beneficiary by beneficiary ID

Query Parameters
Parameter Description
beneficiary_id
Required
The ID of the beneficiary
client_id
Required
The ID of the client

Response

HTTP/1.1 200 OK
Content-Type: application/json

{
  "name": "string",
  "email_addresses": [
    "string"
  ],
  "email_notification": "boolean",
  "address_line_1": "string",
  "post_code": "string",
  "country_code": "string",
  "bank_accounts": [
    {
      "account_number": "string",
      "bank_address_line_1": "string",
      "bank_country_code": "string",
      "bank_currency_code": "string",
      "bank_identifier": "string",
      "bank_identifier_type": "string",
      "bank_name": "string",
      "correspondent_account": "string",
      "correspondent_swift_code": "string",
      "iban": "string",
      "inn": "string",
      "kbk": "string",
      "kio": "string",
      "kpp": "string",
      "purpose_of_payment": "string",
      "reason_for_trade": "string",
      "reference_information": "string",
      "russian_central_bank_account": "string",
      "swift_code": "string",
      "vo": "string",
      "account_id": "integer"
    }
  ],
  "beneficiary_id": "string",
  "created": "string",
  "aml_status": "string",
  "active": "string"
  "beneficiary_reference": "string",
}

A successful request will return a 200 OK response with the response body containing a Beneficiary object.

Update a beneficiary

PATCH /beneficiaries/$beneficiary_id?client_id=$client_id HTTP/1.1
x-api-key: string
Authorization: string
X-Contact-ID: string
Content-Type: application/json

{
  "name": "string",
  "email_addresses": [
    "string"
  ],
  "email_notification": "boolean",
  "address_line_1": "string",
  "post_code": "string",
  "country_code": "string",
  "bank_accounts": [
    {
      "account_number": "string",
      "bank_address_line_1": "string",
      "bank_country_code": "string",
      "bank_currency_code": "string",
      "bank_identifier": "string",
      "bank_identifier_type": "string",
      "bank_name": "string",
      "correspondent_account": "string",
      "correspondent_swift_code": "string",
      "iban": "string",
      "inn": "string",
      "kbk": "string",
      "kio": "string",
      "kpp": "string",
      "purpose_of_payment": "string",
      "reason_for_trade": "string",
      "reference_information": "string",
      "russian_central_bank_account": "string",
      "swift_code": "string",
      "vo": "string",
      "account_id": "integer"
    }
  ],
  "beneficiary_id": "string",
  "created": "string",
  "aml_status": "string",
  "active": "string",
  "beneficiary_reference": "string",
}

Update a single beneficiary by beneficiary ID, using a list of names and values.

Query Parameters
Parameter Description
beneficiary_id
Required
The ID of the beneficiary you want to update
client_id
Required
The ID of the client

Request Body

After a beneficiary has received a payment, the only fields available for modification are:

Fields
Name Description
name
Required
The name of the beneficiary
email_addresses List of email addresses
email_notification
Required
Whether the beneficiary should receive email notification of payments
address_line_1 The first address line of the beneficiary
post_code The post code of the beneficiary
country_code
Required
The ISO 3166-1 alpha-2 code of the beneficiary's country
account_number The account number of the bank account
bank_address_line_1 The first address line of the bank
bank_country_code
Required
The ISO 3166-1 alpha-2 code of the bank's country
bank_currency_code
Required
The ISO 4217 code of the bank account's currency
bank_identifier The identifier of the bank
bank_name Name of the bank account holder
correspondent_account The account for the correspondant account of the bank
correspondent_swift_code The SWIFT code for the correspondant account of the bank
iban The IBAN of the bank account
inn Unique Taxpayer Personal Identification Number for legal entities registered in Russia.
kbk The KBK of the bank account
kio Tax ID for foreign legal entities in Russia.
kpp The KPP of the bank account
purpose_of_payment The purpose of payment. Required for CNY currency.
See PurposeOfPayment for acceptable values.
reason_for_trade The reason for trade of the bank account
reference_information Reference for the bank account.
beneficiary_reference Reference for the beneficiary.
russian_central_bank_account 20-digit code for Russian banks.
swift_code The SWIFT code of the bank account
vo Code of currency transaction established by the Central Bank of Russia to describe the purpose of the payment.

Response

HTTP/1.1 204 No Content

A successful request will return a 204 No Content response with an empty response body.

Delete a beneficiary

DELETE /beneficiaries/$beneficiary_id HTTP/1.1
x-api-key: string
Authorization: string
X-Contact-ID: string

Delete a single beneficiary by beneficiary ID

Query Parameters
Parameter Description
beneficiary_id
Required
The ID of the beneficiary you want to delete
client_id
Required
The ID of the client

Response

HTTP/1.1 204 No Content

A successful request will return a 204 No Content response with an empty response body.

Beneficiary Models

BankAccount

{
  "account_number": "string",
  "bank_address_line_1": "string",
  "bank_country_code": "string",
  "bank_currency_code": "string",
  "bank_identifier": "string",
  "bank_identifier_type": "string",
  "bank_name": "string",
  "correspondent_account": "string",
  "correspondent_swift_code": "string",
  "iban": "string",
  "inn": "string",
  "kbk": "string",
  "kio": "string",
  "kpp": "string",
  "purpose_of_payment": "string",
  "reason_for_trade": "string",
  "reference_information": "string",
  "russian_central_bank_account": "string",
  "swift_code": "string",
  "vo": "string",
  "account_id": "string"
}

Bank account data. Refer to the Metadata API for valid field combinations.

Fields
Name Description
account_number The account number of the bank account
bank_address_line_1 The first address line of the bank
bank_country_code
Required
The ISO 3166-1 alpha-2 code of the bank's country
bank_currency_code
Required
The ISO 4217 code of the bank account's currency
bank_identifier The identifier of the bank
bank_identifier_type The identifier type of the bank
bank_name Name of the bank account holder
correspondent_account The account for the correspondant account of the bank
correspondent_swift_code The SWIFT code for the correspondant account of the bank
iban The IBAN of the bank account
inn The INN of the bank account
kbk The KBK of the bank account
kio The KIO of the bank account
kpp The KPP of the bank account
purpose_of_payment The purpose of payment; required by the Central Bank for all payments sent in the Chinese Renminbi (CNY) currency
reason_for_trade The reason for trade of the bank account
reference_information The reference information of the bank account
russian_central_bank_account The Russian central account number of the bank account
swift_code The SWIFT code of the bank account
vo The VO of the bank account
account_id
Required
The identifier of the bank account

BeneficiaryCoreData

{
  "name": "string",
  "email_addresses": [
    "string"
  ],
  "email_notification": "boolean",
  "address_line_1": "string",
  "post_code": "string",
  "country_code": "string"
}

This model is a representation of a beneficiary's core data.

Fields
Name Description
name
Required
The name of the beneficiary
email_addresses The list of beneficiary's email addresses
email_notification
Required
Whether the beneficiary should receive email notification of payments
address_line_1 The first address line of the beneficiary
post_code The post code of the beneficiary
country_code
Required
The ISO 3166-1 alpha-2 code of the beneficiary's country

Beneficiary

{
  "name": "string",
  "email_addresses": [
    "string"
  ],
  "email_notification": "boolean",
  "address_line_1": "string",
  "post_code": "string",
  "country_code": "string",
  "bank_accounts": [
    {
      "account_number": "string",
      "bank_address_line_1": "string",
      "bank_country_code": "string",
      "bank_currency_code": "string",
      "bank_identifier": "string",
      "bank_identifier_type": "string",
      "bank_name": "string",
      "correspondent_account": "string",
      "correspondent_swift_code": "string",
      "iban": "string",
      "inn": "string",
      "kbk": "string",
      "kio": "string",
      "kpp": "string",
      "purpose_of_payment": "string",
      "reason_for_trade": "string",
      "reference_information": "string",
      "russian_central_bank_account": "string",
      "swift_code": "string",
      "vo": "string",
      "account_id": "integer"
    }
  ],
  "beneficiary_id": "string",
  "created": "string",
  "aml_status": "string",
  "active": "string",
  "beneficiary_reference": "string",
}

This model is a representation of a beneficiary.

Fields
Name Description
name
Always
The list of beneficiary's email addresses
email_addresses The list of beneficiary's email addresses
email_notification
Always
Whether the beneficiary should receive email notification of payments
address_line_1 The first address line of the beneficiary
post_code The post code of the beneficiary
country_code
Always
The ISO 3166-1 alpha-2 code of the beneficiary's country
bank_accounts
Always
The list of beneficiary's bank accounts
beneficiary_id
Always
The beneficiary ID
created
Always
Creation date of the beneficiary
aml_status
Always
AML status of the beneficiary
active
Always
True if beneficiary is active, False otherwise
beneficiary_reference Reference for the beneficiary

AMLStatus

AML status of the Beneficiary

Values
Value Description
OK Beneficiary checks completed, ready to be paid
Pending Review Reviewing beneficiary information
Pending information Awaiting beneficiary information
Blocked Client account blocked

PurposeOfPayment

Valid purpose of payment values. Required for CNY currency

Values
Value Description
/CGODDR/ Trade Settlement for Goods
/CGODDR/PART/ Trade Settlement for Goods - Partial
/CGODDR/RETN/ Trade Settlement for Goods - Cancellation
/CSTRDR/ Trade Settlement for Services
/CSTRDR/PART/ Trade Settlement for Services - Partial return
/CSTRDR/RETN/ Trade Settlement for Services - Cancellation
/COCADR/ Payment to Current Account
/COCADR/RTN/ Payment to Current Account - Cancellation
/CCTFDR/ Payment to Capital Account
/CCTFDR/PART/ Payment to Capital Account - Partial return
/CCTFDR/RTN/ Payment to Capital Account - Cancellation
/CCDNDR/ Charity Donation
/CCDNDR/RTN/ Charity Donation - Cancellation

Making Payments

The Payments API allows you make payments to a known beneficiary with an existing trade. Your Ebury account can be set up to make payments in one of two ways:

The choice of immediate payment or when authorised needs to be made when your Ebury account is created; you should consider carefully which set-up best fits your needs.

Create one or more new payments

POST /payments?client_id=$client_id HTTP/1.1
x-api-key: string
Authorization: string
X-Contact-ID: string
Content-Type: application/json

{
    "trade_id": "string",
    "async": "boolean",
    "payments": [
        {
            "beneficiary_id": "string",
            "account_id": "string",
            "amount": "number",
            "email_beneficiary": "boolean",
            "payment_date": "string",
            "reference": "string"
        }
    ]
}

Create one or more payments with an existing trade_id, beneficiary ID and account ID. Payment processing can be made asynchronous by setting the async flag in the request body.

Query Parameters
Parameter Description
client_id
Required
The ID of the client

Request Body

Fields
Name Description
trade_id
Required
Unique identifier of the trade the payment will be allocated to
async boolean flag to create the payment(s) asynchronously; defaults to false
payments A list of payments to create
payments.beneficiary_id
Required
The ID of the beneficiary
payments.account_id
Required
The ID of the beneficiary's bank account
payments.amount
Required
The payment amount
payments.payment_date
Required
The date on which payment is required
payments.reference
Required
Payment reference
payments.email_beneficiary Whether the beneficiary should receive and email on payment

Response

The response to a successful request will vary depending on the value of the async value of the request.

HTTP/1.1 204 No Content

If async is set to true, a 204 No Content response will be returned, as the request is being processed asynchronously.

HTTP/1.1 201 Created
Content-Type: application/json

[
    {
        "payment_id": "string",
        "fee_amount": "number",
        "fee_currency": "string",
        "payment_instruction": "string",
        "payment_receipt": "string",
        "status": "string",
        "reference": "string",
    }
]

If async is set to false, a 201 Created response will be returned with the with the following response body.

Fields
Name Description
payment_id The payment identifier
fee_amount Fee amount
fee_currency Fee currency
payment_instruction URI to download payment instruction
payment_receipt URI to download payment receipt
status The current status of the payment
reference The payment reference

Search or retrieve payments

GET /payments?client_id=$client_id HTTP/1.1
x-api-key: string
Authorization: string
X-Contact-ID: string

Search or retrieve all payments for a given client ID

Query Parameters
Parameter Description
client_id
Required
The ID of the client
page The desired page number for pagination. By default is 1.
page_size The number of items per page for pagination. By default is 50.
reference Filter payments by reference.
trade_id Filter payments by trade_id.

Response

HTTP/1.1 200 OK
Content-Type: application/json

[
    {
        "payment_id": "string",
        "contact_id": "string",
        "trade_id": "string",
        "account_number": "string",
        "amount": "number",
        "bank_identifier": "string",
        "beneficiary_name": "string",
        "created_date": "string",
        "fee_amount": "number",
        "fee_currency": "string",
        "iban": "string",
        "payment_currency": "string",
        "payment_date": "string",
        "payment_instruction": "string",
        "payment_receipt": "string",
        "status": "string",
        "swift_code": "string",
        "authorised_by": "string",
        "authorised_date": "string",
        "rejected_by": "string",
        "rejected_date": "string",
        "cancelled_by": "string",
        "cancelled_date": "string",
        "authorisation_workflow": "string",
        "invoice_required": "boolean",
        "reference": "string"
    }
]

A successful request will return a 200 OK response with the response body containing list of Payment objects.

Retrieve a payment

GET /payments/$payment_id?client_id=$client_id HTTP/1.1
x-api-key: string
Authorization: string
X-Contact-ID: string

Retrieve a payment with a given payment ID

Query Parameters
Parameter Description
payment_id
Required
Unique idenifier for payment
client_id
Required
The ID of the client

Response

HTTP/1.1 200 OK
Content-Type: application/json

{
    "payment_id": "string",
    "contact_id": "string",
    "trade_id": "string",
    "account_number": "string",
    "amount": "number",
    "bank_identifier": "string",
    "beneficiary_name": "string",
    "created_date": "string",
    "fee_amount": "number",
    "fee_currency": "string",
    "iban": "string",
    "payment_currency": "string",
    "payment_date": "string",
    "payment_instruction": "string",
    "payment_receipt": "string",
    "status": "string",
    "swift_code": "string",
    "authorised_by": "string",
    "authorised_date": "string",
    "rejected_by": "string",
    "rejected_date": "string",
    "cancelled_by": "string",
    "cancelled_date": "string",
    "authorisation_workflow": "string",
    "invoice_required": "boolean",
    "reference": "string"
}

A successful request will return a 200 OK response with the response body containing a Payment object.

Authorise or reject a payment

PATCH /payments/$payment_id?client_id=$client_id&action=$action HTTP/1.1
x-api-key: string
Authorization: string
X-Contact-ID: string
Content-Type: application/json
HTTP/1.1 204 No Content

Authorise or reject a payment with a given payment ID (the requirement to authorise or reject payments depends on your account configuration)

Query Parameters
Parameter Description
payment_id
Required
Unique idenifier for payment
client_id
Required
The ID of the client
action
Required
The action to take (authorise or reject)

Response

HTTP/1.1 204 No Content

A successful request will return a 204 No Content response with an empty response body.

Delete a payment

DELETE /payments/$payment_id?client_id=$client_id HTTP/1.1
x-api-key: string
Authorization: string
X-Contact-ID: string

Delete a payment with a given payment ID

Query Parameters
Parameter Description
payment_id
Required
Unique idenifier for payment
client_id
Required
The ID of the client

Response

HTTP/1.1 204 No Content

A successful request will return a 204 No Content response with an empty response body.

Payment Models

Payment

{
    "payment_id": "string",
    "contact_id": "string",
    "trade_id": "string",
    "account_number": "string",
    "amount": "number",
    "bank_identifier": "string",
    "beneficiary_name": "string",
    "created_date": "string",
    "fee_amount": "number",
    "fee_currency": "string",
    "iban": "string",
    "payment_currency": "string",
    "payment_date": "string",
    "payment_instruction": "string",
    "payment_receipt": "string",
    "status": "string",
    "swift_code": "string",
    "authorised_by": "string",
    "authorised_date": "string",
    "rejected_by": "string",
    "rejected_date": "string",
    "cancelled_by": "string",
    "cancelled_date": "string",
    "authorisation_workflow": "string",
    "invoice_required": "boolean",
    "reference": "string"
}

This model is a representation of a payment.

Fields
Name Description
payment_id
Always
Unique identifier for the payment
contact_id
Always
Unique identifier of the contact who booked the payment
trade_id
Always
Unique identifier of the trade the payment is allocated to
account_number Account number of the beneficiary
amount Payment amount
bank_identifier The identifier of the beneficiary's bank
beneficiary_name Name of the beneficiary
created_date Payment instruction created date
fee_amount Fee amount
fee_currency Fee currency
iban The IBAN of the beneficiary's bank account
payment_currency Currency the payment was made in
payment_date Target payment date
payment_instruction URI to download payment instruction
payment_receipt URI to download payment receipt
status The current status of the payment
swift_code The SWIFT code of the beneficiary's bank account
authorised_by The user who authorised the payment
authorised_date The date when payment was authorised
rejected_by The user who rejected the payment
rejected_date The date when payment was rejected
cancelled_by The user who cancelled the payment
cancelled_date The date when payment was cancelled
authorisation_workflow The authorisation workflow of the payment
Acceptable values:
  • simple
  • 4-eyes
invoice_required Whether or not the payment requires an invoice
reference The payment reference

Status

Status of the payments

Values
Value Description
Need more beneficiary information Beneficiary information is not complete, more details are required.
Validating beneficiary information Beneficiary information is complete, but not validated yet.
Waiting for payment date Payment is ready to be executed, waiting for payment execution date.
Payment complete Payment has been executed.
Executing Payment Payment is in the process of being executed.
Payment pending of authorization Payment has been verified but not authorised.
Payment rejected Payment has been rejected.
Payment cancelled Payment has been cancelled.

Managing Contacts

The Contacts API allows you to amend aspects of the user profiles active on your account.

Get Contacts

GET /contacts?client_id=$client_id HTTP/1.1
x-api-key: string
Authorization: string
X-Contact-ID: string

Get all contacts for a given client.

Query Parameters
Parameter Description
client_id
Required
The ID of the client

Response

HTTP/1.1 200 OK
Content-Type: application/json

[
    {
        "name": "string",
        "email_address": "string",
        "work_contact_number": "string",
        "home_contact_number": "string",
        "mobile_contact_number": "string",
        "address_line_1": "string",
        "address_line_2": "string",
        "city": "string",
        "country_code": "string",
        "country_name": "string",
        "post_code": "string",
        "password_reset_required": "boolean",
        "language": "string",
        "locale": "string",
        "time_zone": "string",
        "has_online_access": "boolean",
        "can_authorise_payments": "boolean",
        "can_make_same_currency_payments": "boolean",
        "can_manage_beneficiaries": "boolean",
        "can_manage_beneficiaries_groups": "boolean",
        "can_manage_contacts": "boolean",
        "can_manage_fix_forwards": "boolean",
        "can_manage_multipayments": "boolean",
        "can_manage_payments": "boolean",
        "can_manage_permissions": "boolean",
        "can_trade": "boolean",
        "contact_id": "string"
    }
]

A successful request will return a 200 OK response with the response body containing a list of Contact objects.

Get a single contact

GET /contacts/$contact_id?client_id=$client_id HTTP/1.1
x-api-key: string
Authorization: string
X-Contact-ID: string

Get a single contact by contact ID.

Query Parameters
Parameter Description
contact_id
Required
The ID of the contact
client_id
Required
The ID of the client

Response

HTTP/1.1 200 OK
Content-Type: application/json

{
    "name": "string",
    "email_address": "string",
    "work_contact_number": "string",
    "home_contact_number": "string",
    "mobile_contact_number": "string",
    "address_line_1": "string",
    "address_line_2": "string",
    "city": "string",
    "country_code": "string",
    "country_name": "string",
    "post_code": "string",
    "password_reset_required": "boolean",
    "language": "string",
    "locale": "string",
    "time_zone": "string",
    "has_online_access": "boolean",
    "can_authorise_payments": "boolean",
    "can_make_same_currency_payments": "boolean",
    "can_manage_beneficiaries": "boolean",
    "can_manage_beneficiaries_groups": "boolean",
    "can_manage_contacts": "boolean",
    "can_manage_fix_forwards": "boolean",
    "can_manage_multipayments": "boolean",
    "can_manage_payments": "boolean",
    "can_manage_permissions": "boolean",
    "can_trade": "boolean",
    "contact_id": "string"
}

A successful request will return a 200 OK response with the response body containing a Contact object.

Update a contact

PATCH /contacts/$contact_id?client_id=$client_id HTTP/1.1
x-api-key: string
Authorization: string
X-Contact-ID: string
Content-Type: application/json

{
    "language": "string",
    "locale": "string",
    "time_zone": "string",
    "has_online_access": "boolean",
    "can_authorise_payments": "boolean",
    "can_make_same_currency_payments": "boolean",
    "can_manage_beneficiaries": "boolean",
    "can_manage_beneficiaries_groups": "boolean",
    "can_manage_contacts": "boolean",
    "can_manage_fix_forwards": "boolean",
    "can_manage_multipayments": "boolean",
    "can_manage_payments": "boolean",
    "can_manage_permissions": "boolean",
    "can_trade": "boolean",
}

Update a single contact identified by contact_id.

The fields language, locale, and time_zone may be omitted.

All other fields will use their default value if omitted.

Query Parameters
Parameter Description
contact_id
Required
The ID of the contact
client_id
Required
The ID of the client

Request Body

Fields
Name Description
language Language expressed as ISO 639-1 two-character code
locale Locale expressed as ISO 639-1 two-character code
time_zone The time zone of the contact
has_online_access Contact has access to Ebury Online
can_authorise_payments Contact can authorise payments
can_make_same_currency_payments Contact can create trades and assign same currency payments
can_manage_beneficiaries Contact can manage beneficiaries
can_manage_beneficiaries_groups Contact can manage beneficiaries groups
can_manage_contacts Contact can manage contacts
can_manage_fix_forwards Contact can manage fixed forwards
can_manage_multipayments Contact can manage multipayments
can_manage_payments Contact can manage payments
can_manage_permissions Contact can manage permissions
can_trade Contact can execute trades

Response

HTTP/1.1 204 No Content

A successful request will return a 204 No Content response with an empty response body.

Contact Models

Contact

{
    "name": "string",
    "email_address": "string",
    "work_contact_number": "string",
    "home_contact_number": "string",
    "mobile_contact_number": "string",
    "address_line_1": "string",
    "address_line_2": "string",
    "city": "string",
    "country_code": "string",
    "country_name": "string",
    "post_code": "string",
    "password_reset_required": "boolean",
    "language": "string",
    "locale": "string",
    "time_zone": "string",
    "has_online_access": "boolean",
    "can_authorise_payments": "boolean",
    "can_make_same_currency_payments": "boolean",
    "can_manage_beneficiaries": "boolean",
    "can_manage_beneficiaries_groups": "boolean",
    "can_manage_contacts": "boolean",
    "can_manage_fix_forwards": "boolean",
    "can_manage_multipayments": "boolean",
    "can_manage_payments": "boolean",
    "can_manage_permissions": "boolean",
    "can_trade": "boolean",
    "contact_id": "string"
}

This model is a representation of a contact.

Fields
Name Description
name Full name of the contact
email_address
Always
Email address/username of the contact
work_contact_number The work contact number of the contact
home_contact_number The home contact number of the contact
mobile_contact_number The mobile contact number of the contact
address_line_1 The first address line of the contact
address_line_2 The second address line of the contact
city The city name of the contact
country_code Country as ISO 3166 two-character code
country_name Full name of the country
post_code The post code of the contact
password_reset_required true if contact needs to reset their password, false otherwise
language Language expressed as ISO 639-1 two-character code
locale Locale expressed as ISO 639-1 two-character code
time_zone The time zone of the contact
has_online_access Contact has access to Ebury Online
can_authorise_payments Contact can authorise payments
can_make_same_currency_payments Contact can create trades and assign same currency payments
can_manage_beneficiaries Contact can manage beneficiaries
can_manage_beneficiaries_groups Contact can manage beneficiaries groups
can_manage_contacts Contact can manage contacts
can_manage_fix_forwards Contact can manage fixed forwards
can_manage_multipayments Contact can manage multipayments
can_manage_payments Contact can manage payments
can_manage_permissions Contact can manage permissions
can_trade Contact can execute trades
contact_id Unique identifier for the Contact

ContactUpdate

{
    "language": "string",
    "locale": "string",
    "time_zone": "string",
    "has_online_access": "boolean",
    "can_authorise_payments": "boolean",
    "can_make_same_currency_payments": "boolean",
    "can_manage_beneficiaries": "boolean",
    "can_manage_beneficiaries_groups": "boolean",
    "can_manage_contacts": "boolean",
    "can_manage_fix_forwards": "boolean",
    "can_manage_multipayments": "boolean",
    "can_manage_payments": "boolean",
    "can_manage_permissions": "boolean",
    "can_trade": "boolean",
}

This model is a representation of the updateable data of a contact.

Fields
Name Description
language Language expressed as ISO 639-1 two-character code
locale Locale expressed as ISO 639-1 two-character code
time_zone The time zone of the contact
has_online_access Contact has access to Ebury Online
can_authorise_payments Contact can authorise payments
can_make_same_currency_payments Contact can create trades and assign same currency payments
can_manage_beneficiaries Contact can manage beneficiaries
can_manage_beneficiaries_groups Contact can manage beneficiaries groups
can_manage_contacts Contact can manage contacts
can_manage_fix_forwards Contact can manage fixed forwards
can_manage_multipayments Contact can manage multipayments
can_manage_payments Contact can manage payments
can_manage_permissions Contact can manage permissions
can_trade Contact can execute trades

Viewing Documents

Get a document

GET /documents?type=$type&id=$id HTTP/1.1
x-api-key: string
Authorization: string
X-Contact-ID: string

Get a document for a given client

Query Parameters
Parameter Description
type
Required
The document type
Acceptable values:
  • pi (payment instruction)
  • pr (payment receipt)
  • tr (trade receipt)
id
Required
The ID of the entity that generated this document e.g. payment, trade, etc.

Response

HTTP/1.1 200 OK
Content-Type: text/plain

string

A successful request will return a 200 OK response with the response body containing a Base 64 encoded string containining the requested document.

Executing Multipayments

Create a multi payment instruction

POST /multipayments?client_id=$client_id&accept_immediately=true HTTP/1.1
x-api-key: string
Authorization: string
X-Contact-ID: string
Content-Type: application/json

[
    {
        "account_number": "string",
        "bank_address": "string",
        "bank_code": "string",
        "bank_country": "string",
        "bank_name": "string",
        "beneficiary_address": "string",
        "beneficiary_name": "string",
        "beneficiary_country": "string",
        "beneficiary_reference": "string",
        "direction": "string",
        "iban": "string",
        "inn": "string",
        "kio": "string",
        "payment_currency": "string",
        "payment_amount": "number",
        "payment_reference": "string",
        "purpose_of_payment": "Purpose of Payment",
        "reason_for_trade": "string",
        "russian_central_bank_account": "string",
        "swift_code": "string",
        "trade_type": "string",
        "value_date": "string",
        "vo": "string"
    }
]

Create a new multi payment instruction. Requires either a sell currency or existing trade ID to create the instruction

Query Parameters
Parameter Description
client_id
Required
The ID of the client
trade_id Trade ID to book payments against. Omit if trade should be executed to fund payments
sell_currency If trade_id omitted, a sell currency must be supplied
accept_partial Accept a partially successful instruction. If true, send successful instructions for payment. If false, reject the entire instruction. By default this parameter is set to false.
accept_immediately
Required
Mandatory, set to true. Accept the quote immediately, do not require confirmation.

Request Body

The body of the request must contain a list of the objects containing the following fields:

Fields
Name Description
account_number
Required
Account number
bank_address
Required
The bank address of the beneficiary
bank_code
Required
The bank code of the beneficiary (UK sort code, US ABA/FedWire, etc.)
bank_country
Required
The bank country of the beneficiary in ISO 3166-1 format (two character alpha code)
bank_name
Required
Name of the bank account holder
beneficiary_address
Required
The beneficiary address
beneficiary_name
Required
The beneficiary name
beneficiary_country
Required
The beneficiary country in ISO 3166-1 format (two character alpha code)
beneficiary_reference Permanent reference to add to a beneficiary for all future payments.
direction
Required
Acceptable values:
  • buy
  • sell
iban
Required
inn Unique Taxpayer Personal Identification Number for legal entities registered in Russia.
kio Tax ID for foreign legal entities in Russia.
payment_currency
Required
Buy currency code
payment_amount
Required
number
payment_reference
Required
Payment reference
purpose_of_payment The purpose of payment. Required for CNY currency. See PurposeOfPayment for acceptable values
reason_for_trade
Required
Reason for trade
russian_central_bank_account 20-digit code for Russian banks.
swift_code
Required
trade_type Type of trade.
Acceptable values:
  • spot
value_date
Required
Date of the payment
vo Code of currency transaction established by the Central Bank of Russia to describe the purpose of the payment.

Response

HTTP/1.1 201 Created
Content-Type: application/json

{
    "multipayment_id": "integer",
    "account_details": {
        "account_number": "string",
        "bank_identifier": "string",
        "bank_identifier_type": "string",
        "iban": "string",
        "swift_code": "string"
    },
    "invalid_payments": [
        {
            "account_number": "string",
            "bank_address": "string",
            "bank_code": "string",
            "bank_country": "string",
            "bank_name": "string",
            "beneficiary_address": "string",
            "beneficiary_name": "string",
            "beneficiary_country": "string",
            "beneficiary_reference": "string",
            "direction": "string",
            "iban": "string",
            "inn": "string",
            "kio": "string",
            "payment_currency": "string",
            "payment_amount": "number",
            "payment_reference": "string",
            "purpose_of_payment": "Purpose of Payment",
            "reason_for_trade": "string",
            "russian_central_bank_account": "string",
            "swift_code": "string",
            "trade_type": "string",
            "value_date": "string",
            "vo": "string"
        }
    ],
    "trade_details": [
        {
            "buy_amount": "number",
            "buy_currency": "string",
            "client_rate": "number",
            "client_rate_symbol": "string",
            "inverse_rate": "number",
            "inverse_rate_symbol": "string",
            "sell_amount": "number",
            "sell_currency": "string",
            "value_date": "string"
        }
    ]
}

The response will vary depending on whether accept_partial was set to true and all the requested payments were created successfully.

If all the payments were created, you will receive a 201 Created response.

If some of the payments were created, you will receive a 202 Accepted response.

Both response bodies share a similar model.

Fields
Name Description
multipayment_id
Always
The multipayment ID
account_details
Always
The account to which payments should be sent to fund a trade
account_details.account_number
Always
The account number
account_details.bank_identifier
Always
The bank identifier
account_details.bank_identifier_type
Always
The bank identifier type (UK sort code, US ABA/FedWire, etc.)
account_details.iban The account IBAN
account_details.swift_code The account SWIFT code
invalid_payments A list of payments that were not created, using the same model as the request
trade_details
Always
The trade details
trade_details.buy_currency
Always
Buy currency code
trade_details.buy_amount
Always
Buy amount
trade_details.client_rate
Always
Trade rate
trade_details.client_rate_symbol
Always
The symbol of the rate
trade_details.sell_currency
Always
Sell currency code
trade_details.sell_amount
Always
Sell amount
trade_details.inverse_rate
Always
The inverse rate
trade_details.inverse_rate_symbol
Always
The symbol of the inverse rate
trade_details.value_date
Always
Value date

Accept a multi payment

PATCH /multipayments/$multipayment_id?client_id=$client_id HTTP/1.1
x-api-key: string
Authorization: string
X-Contact-ID: string
Content-Type: application/json

Accept a multi payment generated trade and book in payments

Query Parameters
Parameter Description
multipayment_id
Required
The multi payment ID
client_id
Required
The ID of the client

Response

HTTP/1.1 200 OK
Content-Type: application/json

{
    "account_number": "string",
    "bank_identifier": "string",
    "bank_identifier_type": "string",
    "iban": "string",
    "swift_code": "string"
}

A successful request will return a 200 OK response with the following response body.

Fields
Name Description
account_number
Always
The account number
bank_identifier
Always
The bank identifier
bank_identifier_type
Always
The bank identifier type (UK sort code, US ABA/FedWire, etc.)
iban The account IBAN
swift_code The account SWIFT code

Reject a multi payment

DELETE /multipayments/$multipayment_id?client_id=$client_id HTTP/1.1
x-api-key: string
Authorization: string
X-Contact-ID: string

Rejects a multi payment trade and cancels the payments

Query Parameters
Parameter Description
multipayment_id
Required
The multi payment ID
client_id
Required
The ID of the client

Response

HTTP/1.1 204 No Content

A successful request will return a 204 No Content response with an empty response body.

Terms of Use

This API License Agreement (the “Agreement”), effective as of the date of acceptance of this Agreement (the “Effective Date”), is between Ebury Partners UK Limited. (“Ebury”) and you, or the individual, company or other entity that you represent (“Licensee”).

The Licensee represents and warrant that: (i) they have the necessary power and authority to enter into this Agreement, and that the performance of your obligations will not constitute a breach or otherwise violate any other Agreement or the rights of any third party arising therefrom; (ii) you will maintain, throughout the Term, all required rights and licenses related to the Licensee Applications and the Licensee Applications shall not infringe or otherwise violate any third party rights, including but not limited to third party intellectual property rights; and (iii) your uses of the Licensed Materials do and shall comply with all applicable domestic, foreign, federal, state and local laws, rules, and regulations.

Ebury reserves the right to update and change, from time to time, the Ebury API Policies (including these Terms of Use, the Guidelines, and all documents incorporated by reference). The most recent version of these Terms of Use are available at the Developer Portal. Ebury may change these Terms of Use by posting a new version without notice to you. Use of the Ebury API after such change constitutes acceptance of such changes.

Definitions:

API Key means the confidential information supplied by Ebury to an Licensee that uniquely identifies the Licensee’s software application and allows it to access the Ebury API.

Application(s) means the Licensee’s software.

Application Credentials means the confidential information supplied by Ebury that allows the Licensee’s software application(s) to access the API. Collectively this information comprises an API key, OAuth Client ID and OAuth Client Secret.

API Documents means the documentation, data and information provided by Ebury regarding the use oft he API through the Developer Portal.

Client means a customer of the Licensee who uses the Licensee’s software application to access the Ebury services offered by the Ebury API.

Confidential Information means all confidential information, in whatever form (including written or oral), disclosed by one party to the other, including but not limited to, financial, marketing and personnel information, techniques, processes, trade secrets, know-how, designs, methodologies, schematics, ideas, analyses, statistics, performance information, user documentation, internal documentation, details of planned or current products or services, customer or supplier details, financial records, payment details, transaction data, Licensee Information, computer records or software, specifications, APIs, models, prototypes, compositions, samples, Application Credentials, User Credentials, or other information that is or may be either applicable to or related in any way to the business or affairs of such party or which is marked confidential or secret.

Developer Portal means a secure website provided by Ebury that gives Licensees personal the means to generate and access the Application Credentials that give them access to the API.

Ebury means Ebury Partners UK Limited, a private limited company registered in England and Wales with registered number 7088713 whose registered office is at 42-44 Grosvenor Gardens, London, SW1W 0EB.

Ebury API means the API developed by Ebury and offered to Licensees for the purpose of accessing Ebury services.

Ebury Policies means the Terms of Use, the Guidelines, Privacy Policy and Cookie Policy.

Effective Date means the date of acceptance of this agreement.

OAuth Client ID means the confidential information supplied by Ebury that, together with other Application Credentials allows the Licensee’s software application to authenticate Clients in order to use the Ebury API.

Oauth Client Secret means the confidential information supplied by Ebury that, together with other Application Credentials allows the Licensee’s software application to authenticate Clients in order to use the Ebury API.

User Credentials means means the confidential information supplied by Ebury that is used by the Licensee’s Clients to access the profile and transactional data of their user account on Ebury’s backend systems via the API. This information comprises a username and password.

  1. The Ebury API is owned by Ebury and are licensed to you on a worldwide (except as limited below), non-exclusive, non-sublicenseable, revocable basis on the terms and conditions set forth herein, subject to the Ebury API Policies These Terms of Use define legal use of the Ebury API, all updates, revisions, substitutions, and any copies of the Ebury API made by or for you. All rights not expressly granted to you are reserved by Ebury.
  2. This Agreement shall commence on the Effective Date and will remain in effect until terminated pursuant to this clause. Subject to the restrictions set forth in these Terms of Use, the Licensee may use the Ebury API and any updates provided by Ebury (in its sole discretion). Either party may terminate this Agreement by written notice at any time, for any reason, or for no reason including, but not limited to, the Licensee’s violation of any provision of this Agreement. Any termination of this Agreement shall also terminate the licenses granted hereunder. Upon termination of this Agreement for any reason, the Licensee will stop using, and either return to Ebury, or destroy and remove from all computers, hard drives, networks, and other storage media, all copies of the Licensed Materials and any Confidential Information in your possession, and shall certify to Ebury that such actions have occurred
  3. The following provisions of the Terms of Use regarding data collection, storage, use, ownership disclaimer of any warranty, limitation of liability, hold harmless and indemnity and general terms survive any termination of the Agreement.
  4. Any communication or content submitted by you to Ebury is subject to these Terms of Use and the Terms of Service.
  5. The Licensee shall not use the Ebury API for any purpose that violates any law or regulation, any right of any person, including but not limited to intellectual property rights, rights of privacy, or rights of personality, or in any manner inconsistent with the Ebury API Policies.
  6. The Licensee shall not sell, lease, share, transfer, or sublicense the Ebury API or access or access codes thereto or derive income from the use or provision of the Ebury API whether for direct commercial or monetary gain or otherwise, unless the Ebury API Policies specifically permit otherwise or Ebury gives prior, express, written permission.
  7. In a prominent location in all Licensee Applications, the Licensee shall indicate that the application has been created using the Ebury API and API Documents.
  8. The Licensee shall not use the Ebury API in a manner that exceed Rate Limits, constitutes excessive or abusive usage, or otherwise fails to comply or is inconsistent with any part of the Ebury API Policies, to be determined by Ebury in their sole discretion.
  9. The Licensee shall not use the Ebury API in a product or service that competes with products or services offered by Ebury unless the Ebury API Policies specifically permit otherwise or Ebury gives prior, express, written permission during or as part of the contract negotiations.
  10. The Licensee must be reachable at all times for any security questions or concerns Ebury may have. If the contact details for the Licensee change Ebury must be notified immediately.
  11. The Licensee must ensure that all materials, including software and documents, that form part of the Licensee's Application must be checked with generally accepted Internet industry standard up-to-date antivirus and anti-worm software, and determined to be virus-free and worm-free. Any data provided to the Ebury API must not contain harmful scripts or code.
  12. The Licensee must ensure that the networks, operating system and software of its web server(s), routers, databases, and computer systems (collectively, “System” or “Systems”) must be properly configured to generally accepted Internet industry standards, as required to securely operate your Application.
  13. The Licensee must promptly report any security deficiencies in or intrusions to their Systems that you discover by writing via email to security@ebury.com. You will work with Ebury and anyone third party Ebury designate to immediately correct any security deficiency, and will disconnect immediately any intrusions or intruder. In the event of any such security deficiency or intrusion, you will make no public statements (i.e. press, blogs, bulletin boards, etc.) without prior written and express permission from Ebury in each instance.
  14. The Licensee will minimise access to and use of the User Credentials. Wherever possible, the Licensee should log (with time and date) use of the User Credentials to enable a complete audit trail of activities. When an individual terminates his or her employment with you, his or her passwords and access password facilities must be terminated immediately.
  15. Ebury will have the right, at its own expense, to review, or to have an independent third party that is not your competitor, to inspect and review your compliance with these security provisions. You will (at your own expense) correct any security flaws detected by such a review as soon as possible. You will then promptly certify to Ebury in writing that the security flaw has been corrected, along with a description of the corrective action(s) taken. Ebury will give you 48 hours notice before conducting such a review, and may conduct no more than four reviews annually. Any such review will be conducted during regular business hours in such a manner as not to interfere with normal business activities. If a review reveals a material breach of any of these security provisions, you will reimburse Ebury for the reasonable costs of the review.
  16. The Licensee may not retain or use, and must immediately remove from any Application and any data repository in their possession or under their control any Ebury user data obtained through the Ebury API not explicitly identified as being storable indefinitely in the API documents within 24 hours after the time at which you obtained the data.
  17. The Licensee may not disclose any Ebury user data or store any Ebury user data in any data repository which enables any third party access unless such disclosure or third party access is expressly permitted by Ebury.
  18. The Licensee may from time to time, gain access to Confidential Information. You may use Confidential Information only to the extent necessary to exercise your rights under this Agreement. You may not disclose Confidential Information to a third party without the prior express consent of Ebury, provided in writing or by email. You agree that you will protect Confidential Information from unauthorised use, access, or disclosure in the same manner that you would use to protect its own confidential and proprietary information of a similar nature and in any event with no less than a reasonable degree of care.
  19. The Ebury API may be protected by copyrights, trademarks, service marks, international treaties, and/or other proprietary rights and laws of England and Wales and other countries. Ebury rights apply to the Ebury API and all output and executables of the Ebury API, excluding any software components developed by you which do not themselves incorporate the Ebury API or any output or executables of the Ebury API. You agree to abide by all applicable proprietary rights laws and other laws, as well as any additional copyright notices or restrictions contained in the Ebury API Policies. Ebury owns all rights, title, and interest in and to the Ebury API. These Terms of Use grant you no right, title, or interest in any intellectual property owned or licensed by Ebury, including (but not limited to) the Ebury API and Ebury trademarks.
  20. Ebury may elect to provide you with support or modifications (“Support”) for the Ebury API in its sole discretion, and may terminate such support at any time without notice to you. Ebury may change, suspend, or discontinue any aspect of the Ebury API at any time, including the availability of the Ebury API. Ebury may also impose limits on certain features and services or restrict your access to parts or the Ebury API without notice or liability.
  21. Ebury reserves the right to charge fees for future use of or access to the Ebury API or the in Ebury's sole discretion. If Ebury decides to charge for use or access, Ebury will provide you prior notice of such charges.
  22. Ebury does not provide representation or warranty, express or implied as to the use of the Ebury API including, but not limited to any implied warranty of merchantability, accuracy, results of use, reliability, fitness for a particular purpose, availability, security, title and / or non-infringement. Ebury further disclaims any warranty that the use of the Ebury API will be uninterrupted, error-free, virus free or secure. Use of the Ebury API is at the discretion and risk of the Licensee and the Licensee is solely responsible for any damage that results from the use of the Ebury API including, but not limited to, any damage to the Licensee’s computer system or loss of data.
  23. Ebury shall not, under any circumstances, be liable for any indirect, incidental, consequential, special or exemplary damages arising out of or in connect with the use of the Ebury API, whether based on breach of contract, breach of warranty, tort (including negligence, product liability or otherwise), or any other pecuniary loss to the maximum extent permitted by applicable law.
  24. To the maximum extent permitted by applicable law, you hereby release and waive all claims against Ebury, and its subsidiaries, affiliates, officers, agents, licensors, co-branders or other partners, and employees from any and all liability for claims, damages (actual and/or consequential), costs and expenses (including litigation costs and attorneys' fees) of every kind and nature, arising from or in any way related to your use of Ebury API’s. You understand that any fact relating to any matter covered by this release may be found to be other than now believed to be true and you accept and assume the risk of such possible differences in fact. In addition, you expressly waive and relinquish any and all rights and benefits which you may have under any other state or federal statute or common law principle of similar effect, to the fullest extent permitted by law.
  25. To the maximum extent permitted by applicable law, you agree to hold harmless and indemnify Ebury and its subsidiaries, affiliates, officers, agents, licensors, co-branders or other partners, and employees from and against all claims, damages, losses, liabilities, actions, judgments, costs, and expenses brought by a third party arising out of or in connection with: (i) any act or omission by you in connection with your use of the Ebury API; (ii) your use of the Ebury API, including but not limited to other than as expressly allowed by this Agreement; (iii) the Licensee’s breach of this Agreement, including but not limited to your representations and warranties herein; or (iv) any Licensee Application.
  26. The Licensee is required to make any claim arising out of this Agreement within one (1) year of the claim arising.
  27. Notwithstanding any provision hereof, for all purposes of the Terms of Use, Ebury and the Licensee shall be and act independently and not as partner, joint venturer, agent, employee or employer of the other. You shall not have any authority to assume or create any obligation for or on behalf of Ebury, express or implied, and you shall not attempt to bind Ebury to any contract.
  28. If any provision of the Terms of Use is found by a court of competent jurisdiction to be invalid, the parties nevertheless agree that the court should endeavor to give effect to the parties' intentions as reflected in the provision and the other provisions of such documents remain in full force and effect.
  29. The Ebury API Policies and the relationship between the Licensee and Ebury shall be governed by the exclusively by the laws of England and Wales and the parties submit to the exclusive jurisdiction of the courts of England and Wales.
  30. Ebury's failure to exercise or enforce any right or provision of the Terms of Use shall not constitute a waiver of such right or provision.
  31. Ebury shall not be deemed to be in default of any provisions of this Agreement or be liable for any delay, failure in performance, or interruption of service resulting directly or indirectly from acts of God, civil or military authority, civil disturbance, war, terrorism, strikes, fires, other catastrophes, power off telecommunications failure or any other cause beyond its reasonable control.
  32. A person who is not a party to this Agreement shall not have any rights under, or in connection with, it by virtue of the Contracts (Rights of Third Parties) Act 1999 to enforce any term of this Agreement.
  33. The Licensee shall not assign this Agreement nor any rights or obligations in this Agreement without Ebury’s written consent, not to be unreasonably withheld. If Ebury provides its written consent to any assignment of this Agreement, this Agreement shall be binding upon the successors, heirs, and assigns of the Licensee.
  34. This Agreement may be executed in one or more counterparts. Signatures may be exchanged by fax, or scanned copies sent by email, with original signatures to follow. Each party to this Agreement agrees that it will be bound by its own faxed or scanned signature and that it accepts the faxed or scanned signatures of the other parties to this Agreement.
  35. The Terms of Use constitute part of Ebury API Policies which constitute the entire agreement between Ebury and the Licensee with respect to the subject matter hereof.