Platform OverviewIntegration HubConfiguration and Customisation
API Reference

Capabilities

Capabilities define specific functions of each financial provider, such as the need for a custom OTP process for transactions or the ability to support virtual cards.

When integrating a new financial provider, you will find specific behaviours that are particular for a given integration. Our front end is reactive to these particularities but must be defined at a financial provider level. Below you can find a list of the existing capabilities and the definition of what is enable/disable by setting up the value (boolean) as true or false.

This MUST be used accordingly to the capabilities of the financial provider. As an example, if the provider does not allow to edit a beneficiary and the capability is set to true, the editing of a beneficiary won't work.

  • hasOwnOTP: Used to define whether we need to use a custom otp process for specific actions managed by the banking provider.
  • canResendOTP: Defines whether the otp can be resent. This only applies if previous capability is true.
  • canRetrievePan: Defines whether the Card provider has any endpoint to obtain the PAN of a card.
  • allowSixMonthsStatements: Defines whether the user can get account statements older than 6 months. Read more about an account statement (Account transaction list statement)
  • allowVirtualCards: Defines whether the bank has virtual cards enabled.
  • allowEditBeneficiaries: Defines whether it is possible to edit the beneficiaries.
  • hasSecurityQuestions: Used during the credentials creation, currently it is only used in Modulr now, since they require these procedure for card creation. (The questions and responses are sent as part of the card creation payload).
  • hasPhysicalCardVerificationNumber: Defines whether the activation of a physical cards needs a verification number. It is a number of 9 digits in the back of the card.
  • hasBusinessCode: Defines whether the client has business codes set up. Business codes are a set of IDs defined by the European Union that categorise the type of activity a merchant does. In Toqio we use the top level business codes defined in this page.
  • hasToCreateEndUserKYC: Defines whether the client has to create a merchant into the financial provider or not. This is only available nowadays for Railsr integrations.
  • canCancelAccounts: Defines whether the provider allow canceling cancel accounts.
  • canRemoveAccounts: Defines whether the provider allow removing accounts.
  • hasMeaWalletConfig: Defines if the provider is integrated with Mea Wallet and the necessary configuration data from for push-provisioning has been setup in the customer configuration.
  • hasAccountPurposes: Defines if the provider requires the user to define, when the merchant is created, the account purposes of its use.
  • hasExpectedVolume: Defines if the provider requires the user to define, when the merchant is created, the expected volume of its use.
  • needAccountSignature: Defines if the provider needs Account signature during the account creation process.
  • allowTodayStatement: Defines if the default restriction that users can only download statements up to two days prior to the today's date must be removed. If the capability is set as true, users can download a bank statement with "today" as the end of the range date. Read more about an account statement (Account transaction list statement)
  • hasAccountOwnershipCertificate: Defines if the provider is providing the Account Ownership Certificate. If the capability is set as true and the provider has configured the endpoint, downloading an Account Ownership Certificate will be available for the user as a feature. The Merchant user can access this feature by clicking the "Account Ownership Certificate" button on the account details page. Please note that the pdf needs to be generated in the provider integration connector and passed to Toqio as a complete document.

Below you can find an example of what this looks like once defined for a given financial provider. The front end will react accordingly by showing or hiding components and forms based on the setup.

{
    "hasOwnOTP": true,
    "canResendOTP": true,
    "canRetrievePan": true,
    "allowSixMonthsStatements": false,
    "allowVirtualCards": true,
    "allowEditBeneficiaries": false,
    "hasSecurityQuestions": true,
    "hasPhysicalCardVerificationNumber": false,
    "hasMeaWalletConfig": false,
    "hasBusinessCode": false,
    "hasToCreateEndUserKYC": false,
    "canCancelAccounts": true,
    "canRemoveAccounts": true,
    "hasAccountPurposes": false,
    "hasExpectedVolume": false,
    "needAccountSignature": false
}

See here about the documentation of the endpoint you must implement https://docs.toq.io/reference/getcapabilities