PayTo is a modern digital payment solution enabling real-time, account-to-account payments from a customer’s bank account. Developed under the New Payments Platform Australia initiative, PayTo replaces traditional direct debit with a faster, more secure option
PayTo (1.0.0)
This API follows RESTful principles and provides a simple way to integrate PayTo functionality into your systems. It uses semantic versioning to ensure backward compatibility and includes idempotency support through the x-idempotency-id header to prevent duplicate transactions. The API is designed to be developer-friendly while maintaining the security and reliability required for financial transactions.
Download OpenAPI description
Languages
Servers
https://developer.api.commbank.com.au/
Request
Creates an agreement which allows the creditor to pull funds from a debtor account.
The agreement must first be approved by the debtor party in order to pull funds from their acccount.
These direct debit payments can be on an automated schedule, ad-hoc or one-off. If a recurring schedule is provided, then debits will be automatically created as per the approved schedule.
Security
oauth2
Headers
Bodyapplication/jsonrequiredThe type of agreement Classified as
- oneoff: Use oneoff agreement to allow single payment only. Following rules apply
- paymentDetails\schedule is not applicable & should not be provided.
- paymentDetails\maxNumberOfPayment is not applicable & should not be provided.
- recurring: Use recurring agreement to allow periodic payments. Following rules apply
- paymentDetails\schedule is mandatory
- paymentDetails\maxNumberOfPayments is not applicable & should not be provided.
- adhoc: Use adhoc agreement to allow multiple non-periodic payments. Following rules apply
- maxNumberOfPayments is optional, if supplied then value should be greater than 1.
- paymentDetails\schedule is not applicable & should not be provided.
Enum"oneoff""adhoc""recurring"
Short description of the reason for agreement setup as narrative text. Specifies a character string with a maximum length of 35 ASCII printable characters.
Reason for the agreement setup as narrative text. Specifies a character string with a maximum length of 140 ASCII printable characters.
Start date of the validity of the agreement. The agreement is valid as of 00:00:00.000 Australia Sydney time on this date. A particular point in the progression of time in a calendar year expressed in the YYYY-MM-DD format. Can either be today or a future date.
End date of the validity of the agreement. If specified, the agreement is valid until 23:59:59.999 Australia Sydney time on this date. A particular point in the progression of time in a calendar year expressed in the YYYY-MM-DD format. Can either be equal to or after the validFrom date
The account details from where the funds will be debited
Type of account identification.
Enum"bankAccount""alternateIdentification"
Full Legal Account Name recorded by the Account Server in their records. Specifies a character string with a maximum length of 140 ASCII printable characters.
Specifies the type of party involved in the transaction as either a person or organisation.
Enum"organisation""person"
Identification type of the party, for example in the case of a person; passportNumber, driversLicenseNumber etc or in the case of an organisation; australianBusinessNumber, australianCompanyNumber etc
Enum"passportNumber""customerIdentificationNumber""driversLicenseNumber""employeeIdentificationNumber""taxIdentificationNumber""bankPartyIdentification""certificateOfIncorporationNumber""australianBusinessNumber""australianCompanyNumber"
Unique and unambiguous identification of the party. Specifies a character string with a maximum length of 35 ASCII printable characters.
The account details to where the funds will be credited
Type of account identification.
Enum"bankAccount""alternateIdentification"
The BSB (Bank-State-Branch) code
Full Legal Account Name recorded by the Account Server in their records. Specifies a character string with a maximum length of 140 ASCII printable characters.
Specifies the type of party involved in the transaction as either a person or organisation.
Enum"organisation""person"
Identification type of the party, for example in the case of a person; passportNumber, driversLicenseNumber etc or in the case of an organisation; australianBusinessNumber, australianCompanyNumber etc
Enum"passportNumber""customerIdentificationNumber""driversLicenseNumber""employeeIdentificationNumber""taxIdentificationNumber""bankPartyIdentification""certificateOfIncorporationNumber""australianBusinessNumber""australianCompanyNumber"
Unique and unambiguous identification of the party. Specifies a character string with a maximum length of 35 ASCII printable characters.
The party initiating the agreement
Identifes the agreement payment arrangement
- fixed: Agreement with fixed payment amount, following rules apply
- amount must be specified.
- maxAmount should not be specified.
- variable: Agreement with variable payment amount, following rules apply
- maxAmount is recommended. However, amount and max amount are optional. If both amount and max amount are present, amount should be less than max amount
- usageBased: Agreement with payment amount based on usage, following rules apply
- maxAmount is recommended. However, amount and max amount are optional. If both amount and max amount are present, amount should be less than max amount
- balloon: Agreement with fixed payment amount and large final payment amount, following rules apply
- amount must be specified.
- maxAmount should not be specified.
Enum"fixed""usageBased""variable""balloon"
Fixed amount to be debited from the debtor's account
Maximum amount that may be paid from the debtor's account, per instruction
paymentDetails.firstCollectionAmountnumber(decimal)(amount)<= 10 characters<= 9999999.99^\d+\.\d{2}$
Amount different from the Payment amount, as it includes the costs associated with the first debited amount
Specifies the high level purpose of the agreement based on a set of pre-defined categories.
Enum"mortgage""utility""loan""dependantSupport""gambling""retail""salary""personal""government""pension"
Maximum number of payment instructions to be created and processed during the specified period. This value must be a positive integer.
https://developer.api.commbank.com.au/agreements
- curl
- JavaScript
- Node.js
- Python
- Java
- C#
- PHP
- Go
- Ruby
- R
- Payload
curl -i -X POST \
https://developer.api.commbank.com.au/agreements \
-H 'Authorization: Bearer <YOUR_TOKEN_HERE>' \
-H 'Content-Type: application/json' \
-H 'x-idempotency-id: 497f6eca-6276-4993-bfeb-53cbbbba6f08' \
-H 'x-request-id: 497f6eca-6276-4993-bfeb-53cbbbba6f08' \
-d '{
"type": "oneoff",
"reference": "Short reference for oneOff retail purchase",
"description": "Friendly description of the oneOff agreement",
"validFrom": "2024-03-07",
"validTo": "2029-03-07",
"initiatingParty": {
"id": "3a817cbb-f91b-40b3-86a9-566078ba185a"
},
"source": {
"account": {
"type": "bankAccount",
"bsb": 802950,
"accountNumber": 333333333,
"accountName": "ss"
},
"party": {
"type": "organisation",
"id": "orga-src",
"ultimatePartyName": "PAAS test client",
"idType": "australianCompanyNumber"
}
},
"destination": {
"account": {
"type": "bankAccount",
"bsb": 802950,
"accountNumber": 333333331,
"accountName": "kk"
},
"party": {
"type": "person",
"id": "orga-dest",
"ultimatePartyName": "kk",
"idType": "australianCompanyNumber"
}
},
"paymentDetails": {
"type": "usageBased",
"purpose": "retail",
"amount": 9.99
}
}'Response
application/json
{ "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08", "status": "accepted", "links": {} }
https://developer.api.commbank.com.au/agreements/{id}
- curl
- JavaScript
- Node.js
- Python
- Java
- C#
- PHP
- Go
- Ruby
- R
- Payload
curl -i -X GET \
'https://developer.api.commbank.com.au/agreements/{id}' \
-H 'Authorization: Bearer <YOUR_TOKEN_HERE>' \
-H 'x-request-id: 497f6eca-6276-4993-bfeb-53cbbbba6f08'OK
Bodyapplication/json
Unique id for the agreement
The type of agreement Classified as
- oneoff: Use oneoff agreement to allow single payment only. Following rules apply
- paymentDetails\schedule is not applicable & should not be provided.
- paymentDetails\maxNumberOfPayment is not applicable & should not be provided.
- recurring: Use recurring agreement to allow periodic payments. Following rules apply
- paymentDetails\schedule is mandatory
- paymentDetails\maxNumberOfPayments is not applicable & should not be provided.
- adhoc: Use adhoc agreement to allow multiple non-periodic payments. Following rules apply
- maxNumberOfPayments is optional, if supplied then value should be greater than 1.
- paymentDetails\schedule is not applicable & should not be provided.
Enum"oneoff""adhoc""recurring"
Short description of the reason for agreement setup as narrative text. Specifies a character string with a maximum length of 35 ASCII printable characters.
Reason for the agreement setup as narrative text. Specifies a character string with a maximum length of 140 ASCII printable characters.
Start date of the validity of the agreement. The agreement is valid as of 00:00:00.000 Australia Sydney time on this date. A particular point in the progression of time in a calendar year expressed in the YYYY-MM-DD format. Can either be today or a future date.
End date of the validity of the agreement. If specified, the agreement is valid until 23:59:59.999 Australia Sydney time on this date. A particular point in the progression of time in a calendar year expressed in the YYYY-MM-DD format. Can either be equal to or after the validFrom date
The account details from where the funds will be debited
Type of account identification.
Enum"bankAccount""alternateIdentification"
Full Legal Account Name recorded by the Account Server in their records. Specifies a character string with a maximum length of 140 ASCII printable characters.
Specifies the type of party involved in the transaction as either a person or organisation.
Enum"organisation""person"
Identification type of the party, for example in the case of a person; passportNumber, driversLicenseNumber etc or in the case of an organisation; australianBusinessNumber, australianCompanyNumber etc
Enum"passportNumber""customerIdentificationNumber""driversLicenseNumber""employeeIdentificationNumber""taxIdentificationNumber""bankPartyIdentification""certificateOfIncorporationNumber""australianBusinessNumber""australianCompanyNumber"
Unique and unambiguous identification of the party. Specifies a character string with a maximum length of 35 ASCII printable characters.
The account details to where the funds will be credited
Type of account identification.
Enum"bankAccount""alternateIdentification"
The BSB (Bank-State-Branch) code
Full Legal Account Name recorded by the Account Server in their records. Specifies a character string with a maximum length of 140 ASCII printable characters.
Specifies the type of party involved in the transaction as either a person or organisation.
Enum"organisation""person"
Identification type of the party, for example in the case of a person; passportNumber, driversLicenseNumber etc or in the case of an organisation; australianBusinessNumber, australianCompanyNumber etc
Enum"passportNumber""customerIdentificationNumber""driversLicenseNumber""employeeIdentificationNumber""taxIdentificationNumber""bankPartyIdentification""certificateOfIncorporationNumber""australianBusinessNumber""australianCompanyNumber"
Unique and unambiguous identification of the party. Specifies a character string with a maximum length of 35 ASCII printable characters.
The party initiating the agreement
Identifes the agreement payment arrangement
- fixed: Agreement with fixed payment amount, following rules apply
- amount must be specified.
- maxAmount should not be specified.
- variable: Agreement with variable payment amount, following rules apply
- maxAmount is recommended. However, amount and max amount are optional. If both amount and max amount are present, amount should be less than max amount
- usageBased: Agreement with payment amount based on usage, following rules apply
- maxAmount is recommended. However, amount and max amount are optional. If both amount and max amount are present, amount should be less than max amount
- balloon: Agreement with fixed payment amount and large final payment amount, following rules apply
- amount must be specified.
- maxAmount should not be specified.
Enum"fixed""usageBased""variable""balloon"
Fixed amount to be debited from the debtor's account
Maximum amount that may be paid from the debtor's account, per instruction
paymentDetails.firstCollectionAmountnumber(decimal)(amount)<= 10 characters<= 9999999.99^\d+\.\d{2}$
Amount different from the Payment amount, as it includes the costs associated with the first debited amount
Specifies the high level purpose of the agreement based on a set of pre-defined categories.
Enum"mortgage""utility""loan""dependantSupport""gambling""retail""salary""personal""government""pension"
Maximum number of payment instructions to be created and processed during the specified period. This value must be a positive integer.
Enum"accepted""failed""created""activated""cancelled""suspended"
Response
application/json
{ "type": "recurring", "reference": "Short reference of the agreement", "description": "Friendly description of the agreement", "validFrom": "2024-05-23", "source": { "account": { … }, "party": { … } }, "destination": { "account": { … }, "party": { … } }, "paymentDetails": { "type": "usageBased", "purpose": "retail", "amount": "9.99,", "schedule": { … } }, "id": "7af61033189711ef9b881ebfd4149e2d", "validTo": "2029-05-23", "status": "activated" }
Headers
Bodyapplication/jsonrequiredhttps://developer.api.commbank.com.au/agreements/{id}
- curl
- JavaScript
- Node.js
- Python
- Java
- C#
- PHP
- Go
- Ruby
- R
- Payload
curl -i -X PATCH \
'https://developer.api.commbank.com.au/agreements/{id}' \
-H 'Authorization: Bearer <YOUR_TOKEN_HERE>' \
-H 'Content-Type: application/json' \
-H 'x-idempotency-id: 497f6eca-6276-4993-bfeb-53cbbbba6f08' \
-H 'x-request-id: 497f6eca-6276-4993-bfeb-53cbbbba6f08' \
-d '{
"initiatingParty": {
"id": "3a817cbb-f91b-40b3-86a9-566078ba185a"
},
"uniLateral": {
"reference": "Short reference for oneOff retail purchase",
"description": "Friendly description of the oneOff agreement",
"destination": {
"account": {
"type": "bankAccount",
"bsb": 802950,
"accountNumber": 333333333,
"accountName": "ss"
},
"party": {
"type": "organisation",
"id": "orga-src",
"ultimatePartyName": "PAAS test client",
"idType": "australianCompanyNumber"
}
}
}
}'Response
application/json
{ "actionId": "4a2794ff-94cb-4bac-8d36-d5fb36c563a0" }
Bodyapplication/jsonrequired
The account where funds will be debited
Type of account identification.
Enum"bankAccount""alternateIdentification"
Full Legal Account Name recorded by the Account Server in their records. Specifies a character string with a maximum length of 140 ASCII printable characters.
The account where funds will be credited
Type of account identification.
Enum"bankAccount""alternateIdentification"
The BSB (Bank-State-Branch) code
Full Legal Account Name recorded by the Account Server in their records. Specifies a character string with a maximum length of 140 ASCII printable characters.
https://developer.api.commbank.com.au/agreements/validate
- curl
- JavaScript
- Node.js
- Python
- Java
- C#
- PHP
- Go
- Ruby
- R
- Payload
curl -i -X POST \
https://developer.api.commbank.com.au/agreements/validate \
-H 'Authorization: Bearer <YOUR_TOKEN_HERE>' \
-H 'Content-Type: application/json' \
-H 'x-request-id: ca9d8fcd-91f5-42b9-ae44-78fbc553f094' \
-d '{
"source": {
"account": {
"type": "bankAccount",
"bsb": "string",
"accountNumber": "string",
"accountName": "string",
"alternateIdentification": {
"type": "EMAIL",
"value": "string"
}
}
},
"destination": {
"account": {
"type": "bankAccount",
"bsb": "string",
"accountNumber": "string",
"accountName": "string",
"alternateIdentification": {
"type": "EMAIL",
"value": "string"
}
}
},
"initiatingParty": {
"id": "497f6eca-6276-4993-bfeb-53cbbbba6f08"
}
}'Response
application/json
{ "valid": true }
Request
There are three types of agreement states changes that could be requested; 'cancel', 'suspend' and 'release'.
The status can only be changed when the agreement is currently active or suspended.
To release an Agreement is to activate a suspended agreement. Releasing a suspended agreement can only be performed by the party that suspended the agreement.
To suspend an Agreement is equivalent to pausing payments for the agreement.
A cancelled agreement cannot be further updated.
Security
oauth2
Headers
Bodyapplication/jsonrequiredThe party initiating the agreement
Enumeration of possible status changes.
- cancel - cancel an active or suspended agreement
- suspend - suspend an active agreement
- release - release a suspended agreement
Enum"cancel""suspend""release"
https://developer.api.commbank.com.au/agreements/{id}/status
- curl
- JavaScript
- Node.js
- Python
- Java
- C#
- PHP
- Go
- Ruby
- R
- Payload
curl -i -X PATCH \
'https://developer.api.commbank.com.au/agreements/{id}/status' \
-H 'Authorization: Bearer <YOUR_TOKEN_HERE>' \
-H 'Content-Type: application/json' \
-H 'x-idempotency-id: 497f6eca-6276-4993-bfeb-53cbbbba6f08' \
-H 'x-request-id: 497f6eca-6276-4993-bfeb-53cbbbba6f08' \
-d '{
"status": "suspend",
"initiatingParty": {
"id": "3a817cbb-f91b-40b3-86a9-566078ba185a"
},
"reason": {
"code": "AC02",
"description": "suspension agreement"
}
}'Response
application/json
{ "referenceNumber": "f51553ca-a1ad-4253-825b-9ba809f83a5f" }