Introduction

The Deposit method returns a URL where the end-user can make a payment from their bank account.

A typical deposit flow is:

  1. The merchant makes a Deposit API call and displays the URL to the end-user (you can find more information about how to display the Trustly URL here).
  2. The end-user selects their bank and completes the payment.
  3. Trustly sends a credit notification to the merchant's system when the payment is confirmed.

Request parameters

Parameter nameDescriptionRequiredTypeExample
UsernameThe username.YesTextjoe
PasswordThe password.YesTextsecret
NotificationURLThe URL to which notifications for this payment should be sent to. This URL should be hard to guess and not contain a ? ("question mark").YesTexthttps://www.joe.com/Trustly/
Notify/a2b63j23dj23883jhfhfh
EndUserIDID, username, hash or anything uniquely identifying the end-user requesting the deposit.

Preferably the same ID/username as used in the merchant's own backoffice in order to simplify for the merchant's support department.
YesText123123
MessageIDYour unique ID for the deposit.YesText12345678
AttributesAttributes for this method.YesObject{ "Locale": "sv_SE" }

The parameter Attributes is an object of attributes. New attributes may be added in future versions of the API but existing attributes will never be removed.

Attributes

Attribute nameDescriptionRequiredTypeExample
CurrencyThe currency of the end-user's account in the merchant's system.YesChar(3)EUR
FirstnameThe end-user's first name.YesTextSteve
LastnameThe end-user's last name.YesTextSmith
CountryThe ISO 3166-1-alpha-2 code of the end-user's country. This will be used for pre-selecting the country for the end-user in the iframe.

Note: This will only have an effect for new end-users. If an end-user has done a previous order (with the same EndUserID), the country that was last used will be pre-selected.
YesChar(2)SE
LocaleThe end-users localization preference in the format [language[_territory]]. Language is the ISO 639-1 code and territory the ISO 3166-1-alpha-2 code.

This will be used to pre-select the language in the trustly iframe.
YesTexten_US
ShopperStatementThe text to show on the end-user's bank statement after Trustly's own 10 digit reference (which always will be displayed first). The reference must let the end user identify the merchant based on this value. So the ShopperStatement should contain either your brand name, website name, or company name.

If possible, try to keep this text as short as possible to maximise the chance that the full reference will fit into the reference field on the customer's bank since some banks allow only a limited number of characters. If the full ShopperStatement does not fit into the reference it will be truncated from the end.
YesTextMyBrand.com
EmailThe email address of the end user.

* This attribute is only required for Trustly Direct Debit, when sending any of the following attributes: RequestDirectDebitMandate, QuickDeposit, ChargeAccountID.
Yes*Text[email protected]
AmountThe amount to deposit. See format in Currencies. Do not use this attribute in combination with SuggestedMinAmount or SuggestedMaxAmount. Only digits. Use dot (.) as decimal separator.NoText103.50
SuggestedMinAmountThe minimum amount the end-user is allowed to deposit in the currency specified by Currency. Only digits. Use dot (.) as decimal separator.NoText5.00
SuggestedMaxAmountThe maximum amount the end-user is allowed to deposit in the currency specified by Currency. Only digits. Use dot (.) as decimal separator.NoText500.00
IPThe IP-address of the end-user.NoText83.140.44.184
SuccessURLThe URL to which the end-user should be redirected after a successful deposit. Do not put any logic on that page since it's not guaranteed that the end-user will in fact visit it.NoTexthttps://trustly.com/thank_you.html
FailURLThe URL to which the end-user should be redirected after a failed deposit. Do not put any logic on that page since it's not guaranteed that the end-user will in fact visit it.NoTexthttps://trustly.com/payment_error.html
TemplateURLThe TemplateURL should be used if you want to design your own payment page but have it hosted on Trustly's side. The URL of your template page should be provided in this attribute in every Deposit API call. Our system will then fetch the content of your template page, insert the Trustly iframe into it and host the entire page on Trustly’s side. In the response to the Deposit request, you will receive a URL to the hosted template page which you should redirect the user to (the hosted page cannot be iframed).

There are some security restrictions to the TemplateURL:

All images must have absolute URLs. Every link must use HTTPS. * Tags like: script, iframe, frame, frameset, object, applet, etc will not be allowed as they present a security risk.

In addition, the template page must contain in some part of the code the following tag that we will use to insert Trustly’s iFrame:

<!-- TRUSTLY-PAYMENT-PAGE-GOES-HERE -->

The trustly payment window on the hosted page will default to 600px width. To dynamically adjust it to a mobile screen, please add the following to your CSS: "iframe {width: 100% !important;}"
NoTexthttps://example.org/checkout_trustly.html
URLTargetThe html target/framename of the SuccessURL. Only _top, _self and _parent are suported.NoText_top
MobilePhoneThe mobile phone number of the end-user in international format.NoText+46709876543
NationalIdentificationNumberThe end-user's social security number / personal number / birth number / etc. Useful for some banks for identifying transactions and KYC/AML.

If a Swedish personid ("personnummer") is provided, it will be pre-filled when the user logs in to their bank.
NoText790131-1234
UnchangeableNationalIdentificationNumberThis attribute disables the possibility to change/type in national identification number when logging in to a Swedish bank. If this attribute is sent, the attribute NationalIdentificationNumber needs to be correctly included in the request. Note: This is only available for Swedish banks.NoNumeric1
ShippingAddressCountryThe ISO 3166-1-alpha-2 code of the shipping address country.NoChar(2)SE
ShippingAddressPostalCodeThe postalcode of the shipping address.NoTextSE-11253
ShippingAddressCityThe city of the shipping address.NoTextStockholm
ShippingAddressLine1Shipping address streetNoTextMain street 1
ShippingAddressLine2Additional shipping address information.NoTextApartment 123, 2 stairs up
ShippingAddressThe entire shipping address. This attribute should only be used if you are unable to provide the shipping address information in the 5 separate attributes above (ShippingAddressCountry, ShippingAddressCity, ShippingAddressPostalCode, ShippingAddressLine1, ShippingAddressLine2)NoTextMain street 1, SE-11253, Stockholm, Sweden.
RequestDirectDebitMandateIn addition to the deposit, request a direct debit mandate from the account used for the deposit. 1 enables, 0 disables. The default is disabled. If this attribute is set, additional account notifications might be sent. You can read more about Trustly Direct Debit here, under section 2.1NoNumeric1
ChargeAccountIDThe AccountID received from an account notification which shall be charged in a Trustly Direct Debit deposit. This attribute should only be sent in combination with "QuickDeposit" : 1NoText9594811343
QuickDepositSet to 1 for Trustly Direct Debit deposits. QuickDeposit should be set set to 1 when the end user attempts a quick deposit, even if ChargeAccountID is not set. You can read more about QuickDeposits here, under section 1.1 and 1.2.NoNumeric1
URLSchemeIf you are using Trustly from within your native iOS app, this attribute should be sent so that we can redirect the users back to your app in case an external app is used for authentication (for example Mobile Bank ID in Sweden).

The URLScheme can also be registered in Trustly's backend. Please reach out to your Trustly contact if you want us to configure a fixed URLScheme.
NoTextyourCustomURLScheme://
ExternalReferenceThe ExternalReference is a reference set by the merchant for any purpose and does not need to be unique for every API call. The ExternalReference will be included in version 1.2 of the settlement report, ViewAutomaticSettlementDetailsCSV.NoText23423525234
PSPMerchantHuman-readable identifier of the consumer-facing merchant (e.g. legal name or trade name)Yes*TextMerchant Ltd.
PSPMerchantURLURL of the consumer-facing website where the order is initiatedYes*Textwww.merchant.com
MerchantCategoryCodeVISA category codes describing the merchant's nature of business.Yes*Text5499
RecipientInformationInformation about the Payee (ultimate creditor). The burden of identifying who the Payee for any given transaction is lies with the Trustly customer.

** Required for some merchants and partners, see below.
Yes**Object{"Firstname": "Mark" ...}

🚧

* PSPMerchant, PSPMerchantURL and MerchantCategoryCode

PSPMerchant, PSPMerchantURL and MerchantCategoryCode are mandatory attributes for Trustly Partners that are using Express Merchant Onboarding and aggregate traffic under a master processing account. It is also mandatory for E-wallets used directly in a merchant's checkout, whereby the purpose of a Trustly transaction is to pay for goods/services by placing funds on the payer's e-money account ("funding stage") following an immediate transfer into the e-money account of the payee ( "payment" stage).

🚧

** RecipientInformation

RecipientInformation{} is mandatory to send for money transfer services (including remittance houses), e-wallets, prepaid cards, as well as for Trustly Partners that are using Express Merchant Onboarding and aggregate traffic under a master processing account (other cases may also apply).

Attribute nameDescriptionRequiredTypeExample
PartytypePartytype can be "PERSON" or "ORGANISATION" (if the recipient is an organisation/company).YesTextPERSON
FirstnameFirst name of the person, or the name of the organisation.YesTextMark
LastnameLast name of the person (NULL for organisation).YesTextSmith
CountryCodeThe ISO 3166-1-alpha-2 code of the country that the recipient resides in.YesChar(2)ES
CustomerIDPayment account number or an alternative consistent unique identifier (e.g. customer number).

Note: this is not a transaction ID or similar. This identifier must stay consistent across all transactions relating to this recipient (payee).
NoText123456789
AddressFull address of the recipient, excluding the country.NoTextMain street 1, 12345, Barcelona
DateOfBirthDate of birth (YYYY-MM-DD) of the beneficiary, or organisational number for the organisation.NoText1980-01-30

The result returned is a hash with the following elements:

Hash keyDescriptionTypeExample
orderidThe globally unique OrderID the deposit was assigned in our system.Text5843996816
urlThe URL that should be loaded so that the end-user can complete the deposit.Texthttps://://trustly.com/_/2f6b14fa-446a-4364-92f8-84b738d589ff

Code example

Request

APIResult = TrustlyAPI({
    "method": "Deposit",
    "params": {
        "Signature": "f4ThjuMqbsdG6u ... S16VbzD4h==",
        "UUID": "258a2184-2842-b485-25ca-293525152425",
        "Data": {
            "Username": "merchant_username",
            "Password": "merchant_password",
            "NotificationURL": "https://URL\_to\_your\_notification\_service",
            "EndUserID": "12345",
            "MessageID": "your\_unique\_deposit_id",
            "Attributes": {
                "Country": "SE",
                "Locale": "sv_SE",
                "Currency": "SEK",
                "Amount": "103.00",
                "IP": "123.123.123.123",
                "MobilePhone": "+46709876543",
                "Firstname": "John",
                "Lastname": "Doe",
                "Email": "[email protected]",
                "NationalIdentificationNumber": "790131-1234",
                "SuccessURL":"https://yourpage.com/success",
                "FailURL":"https://yourpage.com/fail"
            }
        }
    },
    "version": "1.1"
});

print( '&lt;iframe src="' + APIResult.result.data.url + '"&gt;&lt;/iframe&gt;' );
APIResult = TrustlyAPI({
    "method": "Deposit",
    "params": {
        "Signature": "f4ThjuMqbsdG6u ... S16VbzD4h==",
        "UUID": "258a2184-2842-b485-25ca-293525152425",
        "Data": {
            "Username": "merchant_username",
            "Password": "merchant_password",
            "NotificationURL": "https://URL\_to\_your\_notification\_service",
            "EndUserID": "12345",
            "MessageID": "your\_unique\_deposit_id",
            "Attributes": {
                "Country": "SE",
                "Locale": "sv_SE",
                "Currency": "SEK",
                "Amount": "103.00",
                "IP": "123.123.123.123",
                "MobilePhone": "+46709876543",
                "Firstname": "John",
                "Lastname": "Doe",
                "Email": "[email protected]",
                "NationalIdentificationNumber": "790131-1234",
                "SuccessURL":"https://yourpage.com/success",
                "FailURL":"https://yourpage.com/fail",
                "RecipientInformation": {
                  "Partytype": "PERSON"
                  "Firstname":"Mark",
                  "Lastname":"Smith",
                  "CountryCode":"ES",
                  "CustomerID":"123456789",
                  "Address":"Main street 1, 12345, Barcelona",
                  "DateOfBirth":"1980-01-30"
                }
            }
        }
    },
    "version": "1.1"
});

print( '&lt;iframe src="' + APIResult.result.data.url + '"&gt;&lt;/iframe&gt;' );
APIResult = TrustlyAPI({
    "method": "Deposit",
    "params": {
        "Signature": "f4ThjuMqbsdG6u ... S16VbzD4h==",
        "UUID": "258a2184-2842-b485-25ca-293525152425",
        "Data": {
            "Username": "merchant_username",
            "Password": "merchant_password",
            "NotificationURL": "https://URL\_to\_your\_notification\_service",
            "EndUserID": "12345",
            "MessageID": "your\_unique\_deposit_id",
            "Attributes": {
                "Country": "SE",
                "Locale": "sv_SE",
                "Currency": "SEK",
                "Amount": "103.00",
                "IP": "123.123.123.123",
                "MobilePhone": "+46709876543",
                "Firstname": "John",
                "Lastname": "Doe",
                "Email": "[email protected]",
                "NationalIdentificationNumber": "790131-1234",
                "SuccessURL":"https://yourpage.com/success",
                "FailURL":"https://yourpage.com/fail",
                "PSPMerchant": "merchant_name",
                "PSPMerchantURL": "https://merchantURL.com/",
                "MerchantCategoryCode": "1234",
                "RecipientInformation": {
                  "Address": "Merchant Road 101",
                  "CountryCode": "SE",
                  "CustomerID": "merch_001",
                  "DateOfBirth": "5563427391",
                  "Firstname": "Merchant Ltd",
                  "Lastname": null,
                  "Partytype": "ORGANISATION"
                }
            }
        }
    },
    "version": "1.1"
});

print( '&lt;iframe src="' + APIResult.result.data.url + '"&gt;&lt;/iframe&gt;' );

Response

{
    "result": {
        "signature": "4F8hjuMqbsH0Ku ... S16VbzRsw==",
        "uuid": "258a2184-2842-b485-25ca-293525152425",
        "method": "Deposit",
        "data": {
            "orderid": "2190971587",
            "url": "https://trustly.com/_/2f6b14fa-446a-4364-92f8-
                    84b738d589ff"
        }
    },
    "version": "1.1"
}

Failed deposits

If a credit notification has been sent, but Trustly never receives the funds, a debit notification will be sent to the merchant's NotificationURL. If you receive a debit after credit you should try to stop the order. If you are successfully able to stop the order before sending it to the end-user (or in case the user holds a balance on your side and you are able to lower the amount from their balance), you should respond with status "OK" to the debit notification. If you have already processed the order and are unable to recover the money you should respond with status "FAILED".

If you reply “OK” to the debit notification and the deposit still settles after that (which is not expected, but possible), Trustly's system will make an automatic refund to the end-user's bank account.

If you reply “FAILED” to the debit notification and the deposit settles after that, no automatic refund will be made.

You can trigger a debit notification in our test environment by running the D1 test case (see Acceptance testing.

API error codes

A list of the possible error codes can be found here.