Getting started

POST /v1/iban/validate

Sandbox key, first request, idempotency, and the response-header contract.

Create an account at /login?next=/dashboard, copy the sandbox API key from the dashboard, and call the IBAN validator as a smoke test.

The base URL is https://api.iso-compliant.com. Every mutating route requires two headers: Authorization: Bearer iso_live_… (or iso_test_… for the sandbox tier) and Idempotency-Key: <opaque string>.

Every response carries a X-Iso-Compliant-Sha256 header — a sha256 of the JSON response body, used as the audit-attestation handle for the evidence-export route. Save it alongside your business record if you need a tamper-evident audit trail later.

The SDK shape on the sandbox is identical to production; sandbox keys never charge, never call third-party services with money attached, and never write to the production Stripe meter.

Example

curl

curl -sS https://api.iso-compliant.com/v1/iban/validate \
  -H 'Authorization: Bearer iso_test_…' \
  -H 'Idempotency-Key: 8f1ea2…' \
  -H 'Content-Type: application/json' \
  -d '{ "iban": "CH9300762011623852957" }'

Idempotency

Mandatory header `Idempotency-Key` (UUID or other opaque ≤64 char string). A second request with the same key and the same body returns the cached response and the header `X-Iso-Compliant-Idempotent-Replay: true`. A second request with the same key but a different body returns 409.

Rate limit

Sandbox: 60 requests / minute, 1000 / day. Production: 600 requests / minute soft cap, lifted per tenant on request.

← All docs