--- title: "Bank account verification with open banking" description: "Quickly verify unregistered third-party individuals using the Adyen open banking gateway." url: "https://docs.adyen.com/business-accounts/verify-account-holder" source_url: "https://docs.adyen.com/business-accounts/verify-account-holder.md" canonical: "https://docs.adyen.com/business-accounts/verify-account-holder" last_modified: "2026-05-25T12:55:00+02:00" language: "en" --- # Bank account verification with open banking Quickly verify unregistered third-party individuals using the Adyen open banking gateway. [View source](/business-accounts/verify-account-holder.md) Adyen's verification through bank report service uses Adyen's open banking gateway to retrieve bank account verification reports from third-party banks. For example, you consider hiring an unregistered third-party individual on a contract-basis for services, such as food-delivery or as a courier. You want to make sure the person is who they say they are *before* you enter into an agreement with them for their services. You can verify them through Account Information Service Providers (AISPs) such as Plaid or Tink. The third-party individual can authorize their bank to share a bank account verification report with you, which provides bank account ownership verification and Know Your Customer (KYC) verification quickly and securely. ## Requirements Before you begin, take into account the following requirements and preparations. | Requirement | Description | | -------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | **Integration type** | This feature is supported with an [Adyen for Platforms](/platforms), [Marketplaces](/marketplaces), or a [Classic integration](/point-of-sale/classic-library-deprecation). | | **API credentials** | You must have an [API key](/development-resources/api-credentials/#generate-api-key) (recommended) or [basic authentication username and password](/development-resources/api-credentials/#basic-authentication) to access this API. Ensure that you have asked your Adyen contact to assign the following role to your API credential:- **Role for OpenBanking account verification use case: EXTERNAL** | | **Setup steps** | Before you begin, you have the option to customize the open banking widget. If you choose to, provide Adyen the necessary information to customize and display your company name and logo within the widget when the flow transitions to the Adyen's open banking gateway:Information Required? Shown to third-party individual Company name Yes No Logo No, but recommended Yes Application name Yes Yes Legal entity name Yes No Website Yes No Address Yes No | ## How it works When you want to verify a third-party individual's bank account ownership through a redirect, use the following flow. 1. Make a request to the [/routes](https://docs.adyen.com/api-explorer/open-banking/latest/post/accountVerification/routes) generation endpoint to get a list of available account verification routes. Each route represents a possible connection path between the third-party individual and their bank. When the third-party individual successfully connects through one of these routes, you will receive a report [code](https://docs.adyen.com/api-explorer/open-banking/latest/get/accountVerification/reports/\(code\)#path-code). Use the [code](https://docs.adyen.com/api-explorer/open-banking/latest/get/accountVerification/reports/\(code\)#path-code) to: * Request a bank account verification report. * Verify the third-party individual's identity using the information in the bank account verification report. The [/routes](https://docs.adyen.com/api-explorer/open-banking/latest/post/accountVerification/routes) generation endpoint dynamically compiles and returns a list of the most suitable AISPs available for account verification. The list is based on the location of the bank where the third-party individual (the external account holder) is registered. Note, the [redirectUrl](https://docs.adyen.com/api-explorer/open-banking/latest/post/accountVerification/routes#request-redirectUrl) you provide is used to receive the report [code](https://docs.adyen.com/api-explorer/open-banking/latest/get/accountVerification/reports/\(code\)#path-code), but it does not influence route selection. A report [code](https://docs.adyen.com/api-explorer/open-banking/latest/get/accountVerification/reports/\(code\)#path-code) is not guaranteed for every route. The third-party individual must successfully complete the bank connection flow for a [code](https://docs.adyen.com/api-explorer/open-banking/latest/get/accountVerification/reports/\(code\)#path-code) to be generated. 2. Redirect the third-party individual to the AISP's bank selection and authentication/authorization flow. After the third-party individual completes the authentication flow and authorizes their bank to generate and share a report, the merchant receives a report [code](https://docs.adyen.com/api-explorer/open-banking/latest/get/accountVerification/reports/\(code\)#path-code) (or error details). This report [code](https://docs.adyen.com/api-explorer/open-banking/latest/get/accountVerification/reports/\(code\)#path-code) or error details will be provided in the [redirectUrl](https://docs.adyen.com/api-explorer/open-banking/latest/post/accountVerification/routes#request-redirectUrl) the merchant specified in the routes generation request. 3. Use the report [code](https://docs.adyen.com/api-explorer/open-banking/latest/get/accountVerification/reports/\(code\)#path-code) to make a request to the [/reports/{code}](https://docs.adyen.com/api-explorer/open-banking/latest/get/accountVerification/reports/\(code\)) endpoint. This request retrieves a bank account verification report containing information about the third-party individual and account number (ACH, BSB, EFT, IBAN) the third-party individual has agreed to share with the merchant. [![Sequence diagram for account verification using Adyen's Open Banking auth flow](/user/pages/reuse/pfs-open-banking/account-holder-report/account-verification-sequence.svg)](/user/pages/reuse/pfs-open-banking/account-holder-report/account-verification-sequence.svg) ## Generate a list of routes To get a list of available account verification routes. 1. Make a POST [/routes](https://docs.adyen.com/api-explorer/open-banking/latest/post/accountVerification/routes) request with the following parameters in the request body. The request header includes, your `ADYEN-API-KEY` and `application/json` specifying the format of the request body: | Parameter | Required | Description | | -------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | [country](https://docs.adyen.com/api-explorer/open-banking/latest/post/accountVerification/routes#request-country) | ![-white\_check\_mark-](/user/data/smileys/emoji/white_check_mark.png "-white_check_mark-") | The location where the third-party individual's bank account is registered. Adyen uses this information to determine the best provider for the given location, and to configure the open banking flow for that respective location. | | [locale](https://docs.adyen.com/api-explorer/open-banking/latest/post/accountVerification/routes#request-locale) | ![-white\_check\_mark-](/user/data/smileys/emoji/white_check_mark.png "-white_check_mark-") | The language to configure for the verification flow user interface. This information is used to configure the open banking flow with the same language for a consistent user experience. | | [state](https://docs.adyen.com/api-explorer/open-banking/latest/post/accountVerification/routes#request-state) | | This is an optional value to identify the request in callback handling. You can generate this value on a per-session basis to protect the callback against Cross-Site Request Forgery (CSRF) attacks. This value must be composed of characters that can be successfully URL-encoded. Note, this value will be stored in external systems, so make sure that you avoid exposing any sensitive information in a plain-text format. | | [redirectUrl](https://docs.adyen.com/api-explorer/open-banking/latest/post/accountVerification/routes#request-redirectUrl) | ![-white\_check\_mark-](/user/data/smileys/emoji/white_check_mark.png "-white_check_mark-") | The URL where Adyen should redirect the third-party individual when the open banking flow finishes. Adyen's open banking gateway returns a report [code](https://docs.adyen.com/api-explorer/open-banking/latest/get/accountVerification/reports/\(code\)#path-code) as a parameter in the URL response. You can use this [code](https://docs.adyen.com/api-explorer/open-banking/latest/get/accountVerification/reports/\(code\)#path-code) when making a request to the [/reports/{code}](https://docs.adyen.com/api-explorer/open-banking/latest/get/accountVerification/reports/\(code\)) endpoint to get the bank account verification report for the third-party individual. | **Request: Get a list of AISP routes** ```bash curl https://obgateway-test.adyen.com/obgateway/v1/accountVerification/routes \ -H 'x-api-key: ADYEN-API-KEY' \ -H 'content-type: application/json' \ -X POST \ -d '{ "country": "NL", "locale": "en-US", "state": "123A-456B-789C-10D", "redirectUrl": "https://merchanturl.example.org/redirect/url" }' ``` 2. The response contains the details about the [provider](https://docs.adyen.com/api-explorer/open-banking/latest/post/accountVerification/routes#responses-200-routes-provider) that the third-party individual will be redirected to during the flow, and the [link](https://docs.adyen.com/api-explorer/open-banking/latest/post/accountVerification/routes#responses-200-routes-link) to begin the open banking flow. | Parameter | Description | | --------------------------------------------------------------------------------------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | [provider](https://docs.adyen.com/api-explorer/open-banking/latest/post/accountVerification/routes#responses-200-routes-provider) | Metadata about the selected provider, including the name and company logo. You can use this information to inform the third-party individual about the provider they will be redirected to when they select the link. | | [link](https://docs.adyen.com/api-explorer/open-banking/latest/post/accountVerification/routes#responses-200-routes-link) | The redirection link. You can use this link to redirect the third-party individual to the open banking flow when it is selected. | **Response: List of available routes sorted by priority.** ```bash { "routes": [ { "provider": { "name": "Tink", "logoURL": "https://obgateway.adyen.com/obgateway/static/provider/images/tink-logo.svg" }, "link": "https://obgateway.adyen.com/obgateway/provider/outgoing/tink/redirect/13ec4802-c987-4f8c-8909-9a75ff567256" } ] } ``` ## Redirect and handle the result The Adyen open banking gateway handles the outgoing and incoming communications with the AISP. When the third-party individual opens the route link, the gateway redirects them to the external financial institution for account verification. After the verification flow at the external financial institution is complete, the gateway redirects the third-party individual from the financial institution back to the [redirectUrl](https://docs.adyen.com/api-explorer/open-banking/latest/post/accountVerification/routes#request-redirectUrl) provided in the [generate list of routes](#generate-a-list-of-routes) step. For successful callbacks, the gateway adds a report [code](https://docs.adyen.com/api-explorer/open-banking/latest/get/accountVerification/reports/\(code\)#path-code) to the query parameters. Use this [code](https://docs.adyen.com/api-explorer/open-banking/latest/get/accountVerification/reports/\(code\)#path-code) to download a bank account verification report from the [/reports/{code}](https://docs.adyen.com/api-explorer/open-banking/latest/get/accountVerification/reports/\(code\)) endpoint in the [view the bank account verification report](#view-the-bank-account-verification-report) step. In cases where there are errors, the third-party individual is redirected to the [redirectUrl](https://docs.adyen.com/api-explorer/open-banking/latest/post/accountVerification/routes#request-redirectUrl) with the error information in the query parameters. 1. View the response of the [redirectUrl](https://docs.adyen.com/api-explorer/open-banking/latest/post/accountVerification/routes#request-redirectUrl) and check if there was a successful redirection callback. A successful redirection callback may look like this: **Successful redirection callback** ```bash https://merchanturl.example.org/redirect/url?code=e30248de-fc54-45e8-8e80-b3dcfe717e8c&state=123A-456B-789C-10D&type=success&signature=eyJhbGciOiJFUzM4NCIsInR5cCI6IkpXVCIsImtpZCI6Im9iZ2F0ZXdheS5zaWduaW5nLjEifQ.eyJleHAiOjE3NTMyNjc0NzksInR5cGUiOiJzdWNjZXNzIiwic3RhdGUiOiJ1c2VySWQ6MTIzIiwidXJsIjoiaHR0cHM6Ly9kaXNwbGF5LXBhcmFtZXRlcnMuY29tIiwiY29kZSI6Ik9CQ080MkM4UTIyMzIyNzY1TVZHODZaQjdRNVA0RCJ9.p5CXtewNS43HazYmF4S6063bi4P__f8Noddbwfh3Ud5sNJktrSpV0ZramxUbNy6LjwakMF4gG6TMC0EmBtQGW9P7vQgThNRcAtvH-cynrCXE2hR3M7yuEwKwb3eg0ySM ``` 2. The response contains the details about the `type` indicating **success** or **error**, the [state](https://docs.adyen.com/api-explorer/open-banking/latest/post/accountVerification/routes#request-state) , a `signature`, and a [code](https://docs.adyen.com/api-explorer/open-banking/latest/get/accountVerification/reports/\(code\)#path-code). Use this [code](https://docs.adyen.com/api-explorer/open-banking/latest/get/accountVerification/reports/\(code\)#path-code)to download a bank account verification report from the [/reports/{code}](https://docs.adyen.com/api-explorer/open-banking/latest/get/accountVerification/reports/\(code\)) endpoint in the [view the bank account verification report](#view-the-bank-account-verification-report) step. | Parameter | Description | | ------------------------------------------------------------------------------------------------------------------ | ---------------------------------------------------------------------------------------------------------------------------- | | [code](https://docs.adyen.com/api-explorer/open-banking/latest/get/accountVerification/reports/\(code\)#path-code) | The report `code` that can be used to download the verification report in the gateway `/reports/{code}` endpoint. | | [state](https://docs.adyen.com/api-explorer/open-banking/latest/post/accountVerification/routes#request-state) | The state provided in the [generate a list of routes](#generate-a-list-of-routes) step. | | `type` | The event type, **success** in the case of a successful callback or **error**, if the callback fails. | | `signature` | A JSON Web Signature (JWS) that signs the contents of the redirect URL, ensuring the integrity and authenticity of the data. | If you encounter a redirection error callback, it may look like this: **Unsuccessful redirection callback** ```bash https://merchanturl.example.org/redirect/url?type=error&error_code=USER_CANCELED&error_message=The%20user%20canceled%20the%20authorization%20process&state=123A-456B-789C-10D&signature=eyJhbGciOiJFUzM4NCIsInR5cCI6IkpXVCIsImtpZCI6Im9iZ2F0ZXdheS5zaWduaW5nLjEifQ.eyJleHAiOjE3NTMyNjc0NzksInR5cGUiOiJzdWNjZXNzIiwic3RhdGUiOiJ1c2VySWQ6MTIzIiwidXJsIjoiaHR0cHM6Ly9kaXNwbGF5LXBhcmFtZXRlcnMuY29tIiwiY29kZSI6Ik9CQ080MkM4UTIyMzIyNzY1TVZHODZaQjdRNVA0RCJ9.p5CXtewNS43HazYmF4S6063bi4P__f8Noddbwfh3Ud5sNJktrSpV0ZramxUbNy6LjwakMF4gG6TMC0EmBtQGW9P7vQgThNRcAtvH-cynrCXE2hR3M7yuEwKwb3eg0ySM ``` The response contains the details about the `type` indicating **success** or **error**, the `error_code` and `error_message` associated with the failed redirection request callback, [state](https://docs.adyen.com/api-explorer/open-banking/latest/post/accountVerification/routes#request-state), and a `signature`. | Parameter | Description | | -------------------------------------------------------------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------- | | `error_code` | The error code associated with the failed redirection request callback. | | `error_message` | The error message associated with the failed redirection request callback. | | [state](https://docs.adyen.com/api-explorer/open-banking/latest/post/accountVerification/routes#request-state) | The state provided in the [generate a list of routes](#generate-a-list-of-routes) step. | | `type` | The event type, **success** in the case of a successful callback or **error**, if the callback fails. | | `signature` | A JSON Web Signature (JWS) that signs the contents of the redirect URL, ensuring the integrity and authenticity of the data. | ### Error codes and messages Here's a list of error codes and corresponding error messages you can receive from Adyen's open banking gateway. Depending on the context of the error code and message, you choose how to handle the error and present options to your third-party individual. | `error_code` | `error_message` | | ------------------------- | ------------------------------------------------------------------ | | `USER_CANCELED` | The third-party individual canceled the authorization process. | | `CONNECTION_ERROR` | An error occurred during the authentication process with the bank. | | `PROVIDER_INTERNAL_ERROR` | The provider has responded with an internal error. | | `PROVIDER_UNKNOWN_ERROR` | The provider has responded with an unknown error. | ## View the bank account verification report To download the bank account verification report for a third-party individual. 1. Make a GET [/reports/{code}](https://docs.adyen.com/api-explorer/open-banking/latest/get/accountVerification/reports/\(code\)) request, where [code](https://docs.adyen.com/api-explorer/open-banking/latest/get/accountVerification/reports/\(code\)#path-code) is a unique identifier for a specific bank account verification report. This is the [code](https://docs.adyen.com/api-explorer/open-banking/latest/get/accountVerification/reports/\(code\)#path-code) you received as a result of a [successful callback](#redirect-and-handle-the-result) to the open banking flow: | Parameter | Required | Description | | ------------------------------------------------------------------------------------------------------------------ | ------------------------------------------------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | [code](https://docs.adyen.com/api-explorer/open-banking/latest/get/accountVerification/reports/\(code\)#path-code) | ![-white\_check\_mark-](/user/data/smileys/emoji/white_check_mark.png "-white_check_mark-") | The [code](https://docs.adyen.com/api-explorer/open-banking/latest/get/accountVerification/reports/\(code\)#path-code) you receive after a successful open banking flow that is included as a query parameter in the [redirectUrl](https://docs.adyen.com/api-explorer/open-banking/latest/post/accountVerification/routes#request-redirectUrl) callback. | **Request: Retrieve the bank account verification report for a third-party individual** ```bash curl https://obgateway-test.adyen.com/obgateway/v1/accountVerification/reports/e30248de-fc54-45e8-8e80-b3dcfe717e8c \ -H 'x-api-key: ADYEN_API_KEY' \ -H 'content-type: application/json' \ -X GET \ -d '' ``` 2. Confirm that the `x-state` header matches the state provided in the [generate a list of routes](#generate-a-list-of-routes) request. **Response header** ```json "x-state: 123A-456B-789C-10D" ``` 3. The response returns the report resource, identified by its unique [id](https://docs.adyen.com/api-explorer/open-banking/latest/get/accountVerification/reports/\(code\)#responses-200-id). You also receive the `country` where the report was generated, and the `accounts` that were verified through the open banking authorization flow. | Parameter | Description | | ----------------------------------------------------------------------------------------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | [id](https://docs.adyen.com/api-explorer/open-banking/latest/get/accountVerification/reports/\(code\)#responses-200-id) | The unique identifier of the report. | | [country](https://docs.adyen.com/api-explorer/open-banking/latest/get/accountVerification/reports/\(code\)#responses-200-country) | The location where the report was generated. | | [accounts](https://docs.adyen.com/api-explorer/open-banking/latest/get/accountVerification/reports/\(code\)#responses-200-accounts) | The list of verified accounts for the third-party individual. The accounts array allows for use-cases where more than one account can be verified. When a single account selection is permitted, the list will return that account. | ### Tab: Response with IBAN account ```json { "id": "69ee9452ef824fe092f1417f37535755", "country": "ES", "accounts": [ { "accountId": "ed5080e4f485430290475d246534c8fd", "accountType": "CURRENT", "accountName": "Checking Account 1", "accountNumber": "ES1376230223254275408743", "currency": "EUR", "identifiers": { "iban": { "iban": "ES1376230223254275408743", "bban": "76230223254275408743" } }, "parties": [ { "identity": { "fullLegalName": "Alberta Bobbeth Charleson", "name": "Alberta Bobbeth Charleson" }, "role": "HOLDER" } ], "bankName": "Tink Demo Bank" } ] } ``` ### Tab: Response with ACH accounts ```json { "id": "nJwJE68h6vlSEnk", "country": "US", "accounts": [ { "accountId": "XvNzLGMpl3fBevllWEwks3jvBvPy88sbkypkP", "accountType": "CURRENT", "accountName": "Plaid Gold Standard 0% Interest Checking", "accountNumber": "1111222233330000", "currency": "USD", "identifiers": { "ach": { "accountNumber": "1111222233330000", "routingNumber": "011401533" } }, "parties": [ { "identity": { "fullLegalName": "Jane Doe", "name": "Jane Doe" }, "role": "HOLDER" } ], "bankName": "Wells Fargo" }, { "accountId": "XvNzLGMpl3fBevllWEwks3jvBvPy88sbkypkP", "accountType": "CURRENT", "accountName": "Plaid Gold Standard 0% Interest Checking", "accountNumber": "3333222211110000", "currency": "USD", "identifiers": { "ach": { "accountNumber": "3333222211110000", "routingNumber": "033587521" } }, "parties": [ { "identity": { "fullLegalName": "Jane Doe", "name": "Jane Doe" }, "role": "HOLDER" } ], "bankName": "Bank of America" } ] } ``` ### Tab: Response with ETF account ```json { "id": "69ee9452ef824fe092f1417f37535755", "country": "CA", "accounts": [ { "accountId": "th7681t6j876930300478t246534j8fi", "accountType": "CURRENT", "accountName": "Checking Account 1", "accountNumber": "111122220000", "currency": "CAD", "identifiers": { "eft": { "accountNumber": "111122220000", "branch": "01533", "institution": "114" } }, "parties": [ { "identity": { "fullLegalName": "Jessie Dean", "name": "Jessie Dean" }, "role": "HOLDER" } ], "bankName": "Plaid Demo Bank" } ] } ``` ### Tab: Response with BSB account ```json { "id": "lkumovjdFQFy6JhbSaWTa8sCH79fzJJnFMKpkSST09ism2lCMlsnSEsrjx6XNr4u_kxhSg==", "country": "AU", "accounts": [ { "accountId": "lkumovjdFQFy6JhbSaWTa8sCH79fzJJnFMKpkSST09ism2lCMlsnSEsrjx6XNr4u_kxhSg==", "accountType": "UNKNOWN", "accountName": "Savings Account", "accountNumber": "37458052", "currency": "AUD", "identifiers": { "bsb": { "accountNumber": "37458052", "bsbCode": "413574" } }, "parties": [ { "identity": { "fullLegalName": "Peter Sherman", "name": "Peter" }, "role": "HOLDER" } ], "bankName": "Banking Sandbox Data Holder" } ] } ``` ## See also * [Open banking](/business-accounts/)