Internal API description of Revolut personal. Mostly just for card management.
g 37e81f59b0 Add card creation | 9 months ago | |
---|---|---|
README.md | 9 months ago |
https://app.revolut.com/api/revolut-secure/retail
{
"authority": "app.revolut.com",
"accept": "application/json",
"content-type": "application/jso",
"origin": "chrome-extension://hdlehfdjcalidklijenibmpcdgjfmafn",
"sec-fetch-dest": "empty",
"sec-fetch-mode": "cors",
"sec-fetch-site": "cross-site",
"user-agent": "<chrome user agent>",
"x-browser-application": "BROWSER_EXTENSION",
"x-client-version": "100.0",
"x-device-id": "<random uid>",
"x-device-model": "<same as user agent>"
}
Login with phone number and passcode and get a token.
{
"phone":"<+XX phone>",
"password":"<passcode>",
"channel":"APP"
}
{
"tokenId":"<token uid>"
}
Once a token is obtained through the login request, the signin request has to be confirmed on the app. This request is used for polling for that authorization and then getting actual credentials.
{
"phone":"<+XX phone>",
"password":"<passcode>",
"tokenId":"<token uid>"
}
{
"message": "One should obtain consent from the user before continuing",
"code": 9035
}
{
"tokenExpiryDate": <expiry timestamp>,
"refreshCode": "<refresh code>",
"ownerId": "<owner id>,
"accessToken": "<access token>",
"user": {
"id": "<user id> (should be same as <owner id>)",
"state": "ACTIVE"
}
}
The token has to be periodically refreshed.
{
"userId":"<user id>"
"refreshCode":"<refresh code>"
}
{
"tokenExpiryDate": <expiry date>,
"refreshCode": "<refresh code>",
"ownerId": "<owner id>",
"accessToken": "<access token>"
}
Get user profile picture.
{
"Authorization": <owner id>:<access token>
}
Profile picture raw bytes.
Get user details, including email, phone, full address, username, id, code.
{
"Authorization": <owner id>:<access token>
}
{
"user": {
"id": "<user id>",
"individualId": "<user id>",
"createdDate": <creation date>,
"address": {
"city": "<city>",
"country": "<country code>",
"postcode": "<post code>",
"region": "<region>",
"streetLine1": "<address line 1>",
"streetLine2": "<address line 2>"
},
"birthDate": [
<year>,
<month>,
<day>
],
"firstName": "<first name>",
"lastName": "<last name>",
"phone": "<+XX phone>",
"email": "<email>",
"emailVerified": true,
"state": "ACTIVE",
"referralCode": "<code>",
"code": "<code>",
"kyc": "PASSED",
"underReview": false,
"locale": "en-GB",
"riskAssessed": false,
"username": "<username>",
"identityDetails": {
"accountPurpose": "DAILY_SPENDING",
"taxResidencies": [],
"identificationNumbers": [
{
"country": "<country code>",
"name": "genericTin",
"value": "<?>"
}
]
},
"hasProfilePicture": true,
"appMode": "FULL"
},
"wallet": {
"baseCurrency": "EUR"
}
}
Get an array of all the available cards in the account, without secret details. In a personal account, cards can be either virtual or physical. Virtual cards can also be tagged as single use (disposable). It is also known whether a card is for professional use (PRO
) or for personal use (RETAIL
).
{
"Authorization": <owner id>:<access token>
}
[
{
"id": "<card id>",
"walletId": "<wallet id>",
"label": "<label>",
"state": "ACTIVE",
"virtual": true,
"disposable": false,
"credit": false,
"instalment": false,
"customised": false,
"brand": "MASTERCARD",
"design": "<design enum>",
"designGroup": "VIRTUAL",
"colour": "#<hex color>",
"lastUsedDate": <last used>,
"lastFour": "<last four digits>",
"expiryDate": <expiry date>,
"replaced": false,
"createdDate": <created date>,
"productType": "PRO",
"settings": {
"locationSecurityEnabled": false,
"magstripeDisabled": true,
"atmWithdrawalsDisabled": true,
"ecommerceDisabled": false,
"contactlessDisabled": false,
"initial": false,
"pockets": [
{
"id": "<pocket id>",
"pocketType": "MERCHANT"
},
{
"id": "<pocket id>",
"pocketType": "MERCHANT"
}
]
},
"delivery": {
"status": "NONE"
},
"usage": <?>,
"preexpired": false,
"applePayEligible": true,
"googlePayEligible": true,
"cardClickActivationEligible": false,
"panActivationEligible": false
},
{
"id": "<card id>",
"walletId": "<wallet id>",
"label": "<label>",
"state": "ACTIVE",
"virtual": true,
"disposable": false,
"credit": false,
"instalment": false,
"customised": false,
"brand": "VISA",
"design": "<design enum>",
"designGroup": "VIRTUAL",
"colour": "#<hex color>",
"lastUsedDate": <last used>,
"lastFour": <last four digits>",
"expiryDate": "<expiry date>",
"replaced": false,
"createdDate": <created date>,
"productType": "RETAIL",
"settings": {
"locationSecurityEnabled": false,
"magstripeDisabled": true,
"atmWithdrawalsDisabled": true,
"ecommerceDisabled": false,
"contactlessDisabled": false,
"initial": false,
"pockets": []
},
"delivery": {
"status": "NONE"
},
"usage": <?>,
"preexpired": false,
"applePayEligible": true,
"googlePayEligible": true,
"cardClickActivationEligible": false,
"panActivationEligible": false
}
]
Get card secret details: pan, cvv, expiration date. The pan and the cvv are encrypted using AES ECB with the first 32 ascii chars of the token as key.
{
"Authorization": <owner id>:<access token>
}
{
"pan":"<base64 of AES encrypted pan>",
"cvv":"<base64 of AES encrypted cvv>",
"expiry":{"month":<month>,"year":<year>}
}
Create a new virtual card. Design is an enum and must match the card type (there are virtual designs and disposable designs).
{
"Authorization": <owner id>:<access token>
}
{
design: "<color>_VIRTUAL",
label: "<label>",
disposable: false
}
Card object, same as /my-card/all
.
Support for card termination, issue, freeze, unfreeze, labeling, and creation is quite simple too.