IBANforge

Validate IBAN

Validate a single IBAN with full checksum verification, country-specific BBAN structure parsing, automatic BIC/institution lookup, SEPA compliance data, issuer classification (bank vs. EMI/neobank), and risk indicators for compliance agents.

Endpoint

POST https://api.ibanforge.com/v1/iban/validate

Cost: $0.005 USDC per request

Request

Headers

HeaderValueRequired
Content-Typeapplication/jsonYes
AuthorizationBearer ifk_... (free API key)One of the two
X-PAYMENTx402 payment tokenOne of the two

Body

{
  "iban": "CH10 0023 0000 0000 1234 5"
}
FieldTypeDescription
ibanstringThe IBAN to validate. Spaces and hyphens are stripped automatically. Case-insensitive.

Response

Success (200)

{
  "iban": "CH1000230000000012345",
  "valid": true,
  "country": {
    "code": "CH",
    "name": "Switzerland"
  },
  "check_digits": "10",
  "bban": {
    "bank_code": "00230",
    "account_number": "000000012345"
  },
  "bic": {
    "code": "UBSWCHZH",
    "bank_name": "UBS Switzerland AG",
    "city": "Zürich"
  },
  "sepa": {
    "member": true,
    "schemes": ["SCT", "SDD"],
    "vop_required": false
  },
  "issuer": {
    "type": "bank",
    "name": "UBS Switzerland AG"
  },
  "risk_indicators": {
    "issuer_type": "bank",
    "country_risk": "standard",
    "test_bic": false,
    "sepa_reachable": true,
    "vop_coverage": false
  },
  "clearing": {
    "iid": "00230",
    "name": "UBS Switzerland AG",
    "type": "bank",
    "town": "Zürich",
    "sic": true,
    "instant_payments_chf": true,
    "eurosic": true,
    "qr_iid": null
  },
  "formatted": "CH10 0023 0000 0000 1234 5",
  "cost_usdc": 0.005,
  "processing_ms": 1.23
}

Response fields

Top-level fields:

FieldTypePresentDescription
ibanstringAlwaysCleaned IBAN (uppercase, no spaces)
validbooleanAlwaysWhether the IBAN passed all validation checks
countryobjectValid IBANsCountry code and name
check_digitsstringValid IBANsThe two-digit check number
bbanobjectValid IBANsParsed BBAN components
bicobject | nullValid IBANsBIC/SWIFT code and institution data (null if no match found)
sepaobjectValid IBANsSEPA membership, schemes, and VoP requirement
issuerobjectValid IBANs with BICInstitution classification
risk_indicatorsobjectValid IBANsComposite risk signal for compliance
clearingobject | nullValid CH/LI IBANsSwiss clearing data from the SIX BankMaster (BC-Nummer, rail participation, QR-IID); null when the IID is not listed
formattedstringValid IBANsIBAN with spaces every 4 characters
errorstringInvalid IBANsError code
error_detailstringInvalid IBANsHuman-readable error description
cost_usdcnumberAlwaysCost of this request in USDC
processing_msnumberAlwaysProcessing time in milliseconds

country object:

FieldTypeDescription
codestringISO 3166-1 alpha-2 country code
namestringFull country name in English

bban object:

FieldTypeDescription
bank_codestringBank/institution identifier extracted from BBAN
branch_codestring?Branch code (present for countries like FR, GB, ES, IT)
account_numberstringAccount number extracted from BBAN

bic object (present when a matching BIC is found):

FieldTypeDescription
codestringBIC/SWIFT code (8 characters)
bank_namestring | nullFinancial institution name
citystring | nullCity of the institution

sepa object:

FieldTypeDescription
memberbooleanWhether this country is in the SEPA zone
schemesstring[]Available SEPA schemes: SCT (Credit Transfer), SDD (Direct Debit), SCT_INST (Instant)
vop_requiredbooleanWhether Verification of Payee is mandatory (EU regulation, since Oct 2025 for eurozone)

issuer object (present when BIC is resolved):

FieldTypeDescription
typestringbank (traditional), digital_bank (neobank), emi (Electronic Money Institution), or payment_institution
namestringInstitution name

vIBAN detection: If issuer.type is emi, digital_bank, or payment_institution, the IBAN is more likely to be a virtual IBAN (vIBAN). This is useful for AML/CFT compliance under the EU AMLR regulation (July 2027).

risk_indicators object:

FieldTypeDescription
issuer_typestringSame as issuer.typebank, digital_bank, emi, or payment_institution
country_riskstringstandard, elevated (FATF grey list), or high (FATF black list / EU high-risk)
test_bicbooleanWhether the BIC is a test/sandbox code
sepa_reachablebooleanWhether the account is in the SEPA zone
vop_coveragebooleanWhether VoP is mandatory for this country

Invalid IBAN (200)

When the IBAN is invalid, the response still returns 200 but with valid: false:

{
  "iban": "CH5604835012345678000",
  "valid": false,
  "error": "checksum_failed",
  "error_detail": "Modulo 97 check returned 42, expected 1.",
  "cost_usdc": 0.005
}

Error codes

CodeDescription
invalid_formatIBAN contains invalid characters or is too short
unsupported_countryCountry code is not recognized
wrong_lengthIBAN length does not match expected length for this country
checksum_failedMOD-97 checksum verification failed

Code examples

cURL

curl -X POST https://api.ibanforge.com/v1/iban/validate \
  -H "Content-Type: application/json" \
  -d '{"iban": "DE89 3704 0044 0532 0130 00"}'

Python

import requests
 
response = requests.post(
    "https://api.ibanforge.com/v1/iban/validate",
    json={"iban": "DE89370400440532013000"},
)
 
data = response.json()
if data["valid"]:
    print(f"Bank: {data['bic']['bank_name']}")
    print(f"Country: {data['country']['name']}")
    print(f"SEPA: {data['sepa']['member']}")
    print(f"Issuer type: {data['issuer']['type']}")
    print(f"Risk: {data['risk_indicators']['country_risk']}")
else:
    print(f"Invalid: {data['error_detail']}")

TypeScript

const response = await fetch(
  "https://api.ibanforge.com/v1/iban/validate",
  {
    method: "POST",
    headers: { "Content-Type": "application/json" },
    body: JSON.stringify({ iban: "DE89370400440532013000" }),
  }
);
 
const data = await response.json();
 
if (data.valid) {
  console.log(`Bank: ${data.bic.bank_name}`);
  console.log(`SEPA: ${data.sepa.member}, VoP: ${data.sepa.vop_required}`);
  console.log(`Issuer: ${data.issuer.type} — ${data.issuer.name}`);
  console.log(`Country risk: ${data.risk_indicators.country_risk}`);
} else {
  console.log(`Invalid: ${data.error_detail}`);
}