One REST API to run accounts, payments, cards and identity. Get sandbox access in minutes, prototype against realistic test data, and ship to production with official SDKs, scoped keys and predictable webhooks.
Authenticate with the client-credentials grant to obtain a bearer token, then create your first account. Every request is authenticated, idempotent and returns predictable JSON.
# 1 Β· Exchange client credentials for an access token curl https://api.italianfinancial.com/oauth/token \ -H "Content-Type: application/x-www-form-urlencoded" \ -d "grant_type=client_credentials" \ -d "client_id=$CLIENT_ID" \ -d "client_secret=$CLIENT_SECRET" \ -d "scope=accounts:write payments:write" β 200 OK { "access_token": "eyJhbGciOiJSUzI1NiIsβ¦", "token_type": "Bearer", "expires_in": 3600, "scope": "accounts:write payments:write" }
# 2 Β· Create a EUR current account curl https://api.italianfinancial.com/v1/accounts \ -H "Authorization: Bearer $TOKEN" \ -H "Idempotency-Key: acc-req-8f21" \ -d '{ "type": "current", "currency": "EUR", "holder": { "name": "Giulia Russo", "kyc_level": 2 } }' β 201 Created { "id":"acc_9f2b", "iban":"IT60X0542811101000000123456", "status":"active" }
Machine-to-machine authentication built on open standards, with defence-in-depth options for regulated workloads.
The client-credentials grant issues short-lived bearer tokens for server-to-server access. Rotate secrets without redeploying.
Grant least-privilege access with granular scopes such as accounts:read or payments:write per key.
Pin mutual TLS on production endpoints so both client and server present certificates for regulated, high-value flows.
Send an Idempotency-Key on any write. Retries return the original result β never a duplicate payment or card.
A consistent, resource-oriented REST surface. Every resource speaks JSON, supports pagination and emits webhooks.
| Method | Endpoint | Description |
|---|---|---|
| GET | /v1/accounts | List accounts with cursor pagination and filters. |
| POST | /v1/accounts | Open a new current, wallet or safeguarding account. |
| GET | /v1/accounts/{id} | Retrieve a single account, balance and IBAN. |
| Method | Endpoint | Description |
|---|---|---|
| POST | /v1/payments | Initiate a SEPA, SEPA Instant or SWIFT credit transfer. |
| GET | /v1/payments/{id} | Fetch a payment with its status and settlement timing. |
| Method | Endpoint | Description |
|---|---|---|
| POST | /v1/cards | Issue a virtual or physical Visa / Mastercard card. |
| POST | /v1/cards/{id}/freeze | Freeze a card instantly to block further authorisations. |
| Method | Endpoint | Description |
|---|---|---|
| POST | /v1/identity/sessions | Create a biometric KYC / KYB verification session. |
| GET | /v1/identity/sessions/{id} | Retrieve a session result, checks and screening hits. |
| Method | Endpoint | Description |
|---|---|---|
| POST | /v1/webhooks | Register an endpoint to receive signed event notifications. |
Subscribe once and receive real-time notifications whenever money moves or a verification completes β no polling required.
# POST from Italian Financial β your endpoint # Header: X-IF-Signature: t=1720440000,v1=9d8cβ¦ { "id": "evt_3Kx9", "type": "payment.settled", "created": "2026-07-08T09:20:00Z", "data": { "id": "pay_7Ka2", "account_id": "acc_9f2b", "amount": 3500.00, "currency": "EUR", "scheme": "sepa_instant", "status": "settled", "settled_in_ms": 1870 } }
A fully isolated environment that mirrors production behaviour, so your team can build and test end-to-end before go-live.
Pre-seeded accounts, IBANs, cards and identities to build against from your first request.
Trigger settlements, declines, chargebacks and KYC outcomes on demand to cover every path.
Re-send any webhook to your endpoint to debug delivery, signatures and retries locally.
Nothing settles on real rails and no funds ever move β experiment freely and safely.
Typed, versioned and generated from our OpenAPI spec β so they stay in lock-step with the API.
Fully typed TypeScript client with promises, pagination helpers and webhook signature verification.
Sync and async clients with type hints, retries and first-class dataclass models.
JVM client with builder-style requests, connection pooling and Spring-friendly configuration.
Lightweight, context-aware client with zero heavy dependencies and idiomatic error handling.
Multi-region EU hosting, health checks and transparent operational reporting keep your integration running.
Keep sandbox and production strictly separated β credentials and data never cross the boundary.
https://api.italianfinancial.com/v1
Live money movement. Requires production keys and, optionally, mTLS.
https://sandbox.italianfinancial.com/v1
Isolated test environment with simulators and replayable events.
Tell us what you are building and we will provision sandbox keys and a technical walkthrough for your engineers.