What are Contis APIs?

    Contis provides a complete PCI DSS Level 1 compliant banking and payment platform for companies that need some or all the elements of a banking solution to bring their own products to market. You can access our platform and services using our Contis APIs.

    What are the different API environments in Contis?

    Sandbox and Production

    What is Sandbox?

    Sandbox is a development environment in which you can thoroughly test your code before taking your integration live.

    What are disadvantages of Sandbox?

    Occasional patching and new code testing causes frequent downtime in the Sandbox. As Sandbox is an elementary testing environment it does not support urgent hot fixes.

    Do I need VPN for Sandbox?

    No. Unlike the Production environment you do not need a VPN connection to access the Sandbox.

    What is the Production environment?

    In Production environment you run your live system. You can make code changes using Urgent Hot Fixes. Disaster Recovery is also available in this environment.

    The card used is genuine and live transactions happen. This Production environment requires a different VPN setup.

    How do I securely interact with Contis APIs?

    Security keys enable you to encrypt and decrypt information sent to you via an API request. You must also connect to Contis using a secure VPN.

    Are security keys same for all the Contis Environments?

    No. Each Contis environment has its own set of security keys.

    How are the security keys shared with you?

    During the initial setup, the keys are shared via SFTP.

    How do I set up a VPN connection with Contis?

    Follow this guide to set up a secure VPN connection with Contis.

    What is VPN-DR form?

    A VPN-Disaster Recovery (VPN-DR) form records all the configuration details of your VPN setup. Your data is replicated in another secure location with an IP address, different from the Live or Production. In the event of a disaster, Contis connects your IP to that of the DR site and maintains continuity of the service. Disaster recovery only exists in the Production environment.

    What is the purpose of SFTP?

    Secure File Transfer Protocol (SFTP) is safe method of connecting to a dedicated shared drive for file sharing with Contis. Each API environment has a different SFTP, i.e. one for Sandbox and another for Production.

    How do you set up a SFTP?

    Follow this guide to set up a secure FTPguide to set up a secure FTP connection to Contis.

    What is Scheme setup from an API perspective?

    A Scheme is an arrangement or build of the API product as per the agreement between you and Contis. A scheme consists of card designs, terms and conditions, and other settings.

    What are the security keys?

    The keys that control information flow between your application and Contis. They encrypt and decrypt the information exchanged between your URL and Contis. There are two major categories of security keys – for the physical and virtual cards.

    What is the API set up process?

    Briefly, the API set up process is:

    1. Scheme set up
    2. SFTP set up
    3. VPN set up
    4. IP whitelisting
    5. API account configuration
    6. Testing

    What is an API request?

    An API request is the method for calling a function held on an API server. The request will contain all the parameters you wish to pass into the function.

    What is an API response?

    An API response is data sent back by a server in response to a call or request you made.

    What are different types of responses?

    Error and success.

    What is success response?

    A response from Contis that confirms that your request was successfully handled. In other words, you API call was successful.

    What is Error response?

    A response from Contis that indicates that something went wrong. An error may be caused by unauthorized access, using wrong parameters in a call and more. The error response helps you to understand what went wrong during the call.

    What is IP white listing?

    Your official URL is added in the Contis database. This is process is known as IP white listing. This enables a secure VPN connection to be made between your URL and Contis. If you call from a different IP address that is not white listed, your call is rejected.

    Can I access all the APIs?

    Access to the APIs is rights-controlled, that means you can only access those APIs that you have registered for during your account set up.

    What is a Standing order?

    A Standing Order (SO) is an instruction to transfer a fixed amount on a daily, weekly, monthly to a beneficiary account. The instruction can be set to make a fixed number of payments at specified time intervals.

    What is an error code?

    The numbered code related to the reason of failure of a specific API call method.

    What are Contis API best practices?

    Contis recommends the following best practices to reduce system overload and optimise performance:

    • When you log in to Contis, the platform returns an authentication token. The token persists for 2 hours after the last API request or response. You can save time by calling the sign in method once and reuse the token for subsequent requests.
    • Use standard formats for date, time, Boolean and in any ISO fields exchanged during AP calls – formats can be found in the API reference.
    • Store parameters such as ‘CardProgramDesignRef’, ‘ControlAccount’, ‘MasterAgreementCode’, ClientCode, etc, globally in your web service client.
    • Store log-in parameters such as ‘APIusername’, ‘APIpassword’, ‘HashPANKey’, ‘3DESPINKey’, ‘SecretKey’, ‘FTPUsername’, and ‘FTPPassword’ as global parameters in your system to enable quick change whenever needed.
    • Understand response codes to avoid repeated call failures and to provide useful error messages to your users.
    • Understand all the look-up values before making an API request.

    What are Envelopes?

    Envelope enables your customers to set aside funds on payday for their recurring weekly or monthly expenses. The Envelope safeguards the funds needed for essential expenses, preventing accidental overspend and automatically pays pre-arranged amounts for important expenses like rent, utilities, and grocery bills.

    Your customers have peace of mind that funds in their account sitting outside the Envelope are disposable.

    Can I access my Envelopes through API?

    Yes. Within the Envelope Controller you can use API methods that enable you to execute different Envelope-related functions:

    • Reserve funds in an Envelope within an account or release back the fund into account from envelope.
    • Execute Direct Debit payments through an expense envelope.
    • Get or update information about an envelope.
    • Fetch a list of envelopes within an account.
    • Disconnect or delete an envelope from your account.

    How do you exchange file with Contis?

    Contis provides access to a secure FTP location where you can upload and download files. For more information see the Secure FTP set up guide here.

    What is SHA?

    Secure Hash Algorithm used for cryptography during hashing. Examples include SHA-1 and SHA-2. Contis uses the more secure SHA-2 industry standard encryption algorithm.

    What is HOCA?

    Head Office Collection Amount (HOCA) is not a trading account but is used to receive and add large volumes of funds or payment. HOCA requires a settlement account.

    The funds are aggregated with other funds as a single fund and transferred by a single Standing order.

    What is CHAPS?

    Clearing House Automated Payment System (CHAPS), is used to make money transfers from one bank to other on the same day.

    What is BACS?

    Banker's Automated Clearing Services (BACS) is used to make a direct payment from one bank account to the other for high value transactions.

    What is Agency Banking?

    Third party retail banking agent, authorised by the bank to provide selected banking products and service on the behalf of bank.

    What is HOSC?

    HOSC stands for Home Office Sanction Check. The Home Office Sanction database stores the names of persons blacklisted by the Home Office Treasury for their involvement in financial crimes, frauds and nefarious activities. Contis downloads the updated file from Home office site on a regular basis.

    Your client's name is screened against the database. If the name matches, it is kept in the suspected list and marked as "pending". Once a name is verified, it is either given a new status - "Match" or "No Match”. If the status of the application is " Match", the application is rejected.

    How does Contis execute the KYC process?

    Contis crosschecks a consumer's or consumer’s identity against an identity database. Based on the verification, a score is given and if it falls within the pass range, then the account is created.




    The status of the new application for which KYC is underway or not yet complete


    The status of the new account application, whose KYC score is within the defined acceptable range


    The status of new application, whose KYC score or value cannot be configured as it is only read only


    The status of new application that fails to reach a score value within the defined range of Pass and Restricted


    The status of the new application that fails to get all above mentioned status. This KYC status is manually generated by the staff member and has the authority to assign "Alert" status to the new user.

    When a new consumer is added, a KYC check is made automatically. KYC is followed by a Home Office Sanction Check (HOSC), which is a criminal background check. These checks can take up to 20 minutes, so the API will not immediately return a response.

    What is Token?

    The authentication key generated after successful login to the Contis API system. The token is used when to authenticate the user every time a call is made to the Contis server.

    What is a Device Token?

    A device token is a unique identifier for an individual mobile device. This allows transactions to be restricted to trusted devices only.

    What is a hash? What is hashing?

    Hashing is a method of encrypting confidential data, for example card numbers, sent across networks. Contis uses the SHA-2 industry standard encryption algorithm.


    I want to add more directors to my limited company. Which method should I use?

    Use the API - Director – AddDirector - to add more directors. The primary directors are added when company is created by the method LimitedCompany - Registration or BasicCompany - Registration or AdvanceCompany - Registration; depending on the type of company you have created.

    How do I set up a company?

    Use any of the methods - LimitedCompany - Registration or BasicCompany - Registration or AdvanceCompany - Registration - depending on the type of company you want to register. This will activate our Know Your Customer (KYC) and Know Your Business (KYB) processes to verify the company and its directors. Once company is verfied, use the Business - ActivateCompany") method, to activate the company.

    How can I transfer money between two consumers in Contis?

    Use P2P API methods SendMoney and AcceptPayment. SendMoney API enables you to send money to a payee. AcceptPayment API enables you to accept a payment from the payer.

    How can I do Peer-to-Peer money transfers?

    Use any of the following methods in the Transfer Controller – RequestPaymentbyAccount, RequestPaymentbyEmail, or RequestPaymentbyMobile – to send a payment request to a payer. The payer can accept the request and pay you the requested amount via PayRequestedMoney.

    How can I automate recurring utility payments?

    Use the method PayDirectDebitbyEnvelope to automate a payment for weekly or monthly, recurring, essential bills through an expense envelope.

    How can I manage department(s) in a company?

    Use the Department - AddDepartment method. If you want to change the head of the department then use method ChangeHOD. The SetLimits method allows you to set up POS, ATM and ecommerce spend limits for a department.

    What information I can get about a department?

    Use the method Department - GetSpecificDepartment to get name, location and description of the specified department. The GetLimits method fetches a department’s spending limits for POS, ATM and ecommerce portal. You can also get list of pending or uncleared payments of the department via method ListPendingCardAuthorizations.

    How can I update information about a department?

    How can I update a director’s information?

    You can update personal information like name, date of birth and gender of the director by using Director - UpdateDirectorDetails method. Use the method UpdateDirectorContactDetails to update director’s contact information including email, mobile number and address.

    How can I communicate with API support service through API?

    Use the Communication – Enquiry method to generate a specific request or enquiry. The comments in the enquiry are posted to Contis API support service. If you want a call back from service provider, then you must pass the boolean ‘RequestCallBackRequired’ as ‘true’ when you make the API call.

    How can I manage my Standing Order (SO)?

    Manage using the following methods:

    How can I add employee in my company?

    Use Business - AddConsumers. You must call this method each time you want to add an individual employee, i.e. you cannot add all the employees in a single call. Each employee is assigned to their department based on details provided in the request.


    How do I access my API user account?

    After you sign up to to use Contis’ services Contis Project (or Account) Manager provides you access. Account credentials (username and password) are sent to you via secure FTP.

    What is Scheme Charge Holding Account?

    The Holding account in the Scheme used for transfer of money to and from different sub accounts.

    Which methods should I call to create a new account?

    Use the Security API – Login, to log in to your API account. Then call Consumer API – Add Consumers to setup one or more consumer. During the account setup process, you need to pass an eight-digit agreement code which is specific to the card design you want. For more information see our Quick Start Guide.

    How can I add one or more secondary accounts to my newly created or an existing primary account?

    Once you have created a primary account, use the method Consumer API – AddAdditionalConsumer. This method enables you to add one or more secondary account to your existing primary account. Both consumers - primary and secondary – have the same account number and agreement.

    Can I add a secondary consumer with different account number to primary consumer?

    Yes. Use the method Consumer API – AddAdditionalConsumerWithAccount.

    How can I load my funds in my account?

    Use the method LoadConsumerAccount. This method enables you transfer money into a specified account. As a client of Contis if you have created multiple consumers with separate account numbers then call this method separately to load funds into each individual account.

    Are new accounts created instantly?

    No. Once you call the API method AddConsumers, our automated KYC and HOSC checks are carried out in the background. The process takes up to 20 minutes to verify the information provided by the consumer. After verification, the account is created.

    Which family of APIs I must use to manage money transfer between an account in Contis and another bank?

    Transfer APIs.

    How can I transfer money from a consumer account in Contis to an external bank account?

    Use Transfer – AddRecipient method to link up a consumer account in Contis with a UK or international bank account. Once linked up, use the method BankTransfer to debit money from consumer account in Contis and credit to an external bank account.

    I want to transfer funds from an account to multiple beneficiary accounts on the go. Which method should I use?

    How can I manage an envelope in the account?

    Use the Envelope API method ReserveFund to transfer specified amount from the account to the envelope and reserve it for payment of recurring bills. You can only use the funds in the envelope for the purpose for which it is reserved. However, you can release the unused fund from envelope into the account for normal use. To release the fund, use the Envelope API method ReleaseFund.

    How can I manage Direct Debit instructions for an account?

    To manage Direct Debit instructions for your account, use:

    1. DirectDebit - GetSpecificInstruction method to fetch details of a specific Direct Debit instruction.
    2. ListInstructions method to get list of Direct Debit instruction for an account.
    3. CancelInstruction method to cancel a specific Direct Debit instruction.
    4. GetInstructionForEnvelope method to fetch Direct Debit instruction for an envelope in an account.

    I want to change an agreement package. Which method should I call?

    API method Account - ChangeTerms enables you to change the terms of your agreement package.

    I want to know all the limits applied to an account. Which methods should I use?

    There are many limits applicable to an account, therefore you must use more than one method to know all the limits.


    How do you test payment cards in the Sandbox?

    Genuine payment card information cannot be used in the Sandbox. Instead, Contis provides test card numbers, a valid expiration date in the future, and any random CVC number, to create a successful payment.

    What are the security keys used with a virtual card?

    The keys used are:

    • PAN_TDES_KEY for encryption of PAN
    • PAN_TDES_IV for decryption of PAN
    • CVV2_TDES_KEY for encryption of CVV2 during Retrieve CVV2 function call
    • CVV2_TDES_IV for decryption of CVV2 Virtual Card

    What are the security keys used with a physical card?

    Three security keys are used. They are:

    • Hash Pan Key for PAN hashing
    • 3DES PIN IV Key for decryption of the PIN
    • 3DES PIN Secret Key used for decryption of the PIN

    What is Hash Card Number?

    A hash card number is an encrypted (hashed) version of a 16-digit card number.

    Can I create a virtual payment card?

    Yes. Use the method Card API – AddVirtualCard. A random virtual card number is generated and linked to the debit card. The request returns an encrypted virtual card number. This number can later be passed on to your consumer.

    How can I view the CVV of the virtual card?

    Use the Card API method – GetVirtualCardCVV to get 3-digit CVV number.

    How can I activate my card?

    Use the GetActivationCode method to get the three-digit activation code. Pass this code as a parameter in the ActivateCard method. The card is activated.

    How can I view PIN of the card?

    You must call the Card API – ViewPin to get four-digit PIN in encrypted format.

    Can I configure card functions?

    Yes. Use the method ConfigureCardFunction to disable or enable the card for:

    • POS purchase.
    • Cashback on a purchase.
    • Payment at fuel station.
    • Contactless or an international transaction.

    How can I get details of a specific card?

    Use GetSpecficCard method to get the name of the consumer, hashed card number, account number, status of card and information whether card belongs to primary or secondary consumer. You can also view date of issue, activation and expiry of the card.

    How should I handle lost or stolen cards?

    Use the method Card - SetCardAsBlock. The card is blocked immediately to prevent its misuse. Next, use method SetCardAsLost. Only active and inactive cards can be set as lost.

    What should I do to get a replacement for my lost card?

    If the lost card is not found, then use the method Card - SetCardAsLostWithReplacement. The card is marked as lost permanently and blocked. A new card is issued in the place of the lost card.

    How can I unblock a blocked card?

    If the lost card, which you had blocked earlier, has been found then you can now unblock the card by using the method Card - SetCardAsNormal.


    How can I link up mobile device with my account?

    Use the API – Mobile/AddLoginDevice.

    I have multiple accounts. How can I link them to my mobile device?

    Use the API – Mobile/AddQuickBalanceAccount. In the request, provide the account numbers you want to link up with your mobile device.

    How can I log in to account through mobile?

    Use either of the two methods – MobileLogin or LoginMPIN. You must provide username and password in the MobileLogin method to log into your account. In the LoginMPIN method, you must use Mobile PIN to log into your account.

    How can I setup or register MPIN for my account?

    Use either of the methods – RegisterMPINByLoginDetails or RegisterMPINByCard. In the method RegisterMPINByLoginDetails, you must provide username and password to setup the mobile PIN. In the method RegisterMPINByCard, you must provide card and consumer details to set up the mobile PIN.

    I have new mobile and want to link it up with my account number in place of the existing mobile. What should I do?

    First, use the API – Mobile/DeleteLoginDevice - to disconnect your account from the current mobile device. Then call the API – Mobile/AddLoginDevice - to add the new mobile to your account.

    I have multiple cards. How do I know which of them are registered for MPIN?

    Use the API – Mobile/ListCardForMPIN. You will get list of cards that have MPIN.

    I want to know the terms of fee of my account. Which method should I use?

    Use the API – Mobile/GetSpecificTerms.

    How can I know the features of my account?

    Use the API – Mobile/ListConsumerFeatures . You get features of the account, along with account number and the sort code.

    How can I change or remove MPIN?

    Use the API – Mobile/ChangeMPIN - to change the MPIN. Use the API – Mobile/DeregisterMPIN - to delete the MPIN.

    How can I convert an amount in local currency to specific foreign currency?

    Use the API – Mobile/GetQuickConvertedAmount. You get the converted amount in the desired currency at an exchange rate that exists on the date and time of execution of the API.

    Junior Consumer

    Can I open an account of child?

    Yes. You can register an account of a child, aged 13 to 18 years, as a junior consumer, managed by the guardian. Use the API - Consumer/AddJunior - to register a junior consumer and open the account.

    Sole Trader

    How can I register my sole proprietorship business?

    Use the API – SoleTrader/Registration to register your business in the business portal. Once registered, your personal details and address in verified through automated KYC process. On successful verification your business account is created.

    Cardless (AccountOnly)

    Can I create a Consumer account without a payment card? If yes, how?

    Yes. Use the API – Cardless/AddConsumers to create primary and secondary accounts without a payment card. If you want to add secondary consumers, then use the API - Cardless/AddAdditionalConsumer.


    Can I Use Single Sign ON (SSO) service through Contis API? If yes, how?

    Yes. Use the API – SSO/Register to register consumer’s unique identifier (provided by Contis), username and password with the SSO service. In response you get ContisUniqueReferenceID as one of the response parameters.

    Input the ContisUniqueReferenceID with username and password of the consumer as request parameters in the API – SSO/Authenticate. You get a security key and token as response. Use them to authenticate your API access through SSO.


    How can I add a new envelope in my account?

    Yes. Use the API – AddEnvelopeDetails.

    How can I manage an envelope in the account?

    To manage an envelope in your account, use the following methods:

    Was this page helpful to you?