Accounts
Endpoints to manage your accounts, their settings, bank movements, and on-demand scrapes.
Accounts
Use these endpoints to manage the bank accounts you have enrolled in Reconbanker, change their settings, inspect their movements, and trigger scrapes on demand. All endpoints require Authorization: Bearer <jwt>.
List accounts
Use this endpoint to list every account you have enrolled.
GET /accountsResponse 200 OK:
[
{
"id": "uuid",
"bank": "itau",
"name": "Operating account",
"status": "active",
"scrapeBlockedAt": null,
"scrapeBlockedReason": null
}
]scrapeBlockedAt and scrapeBlockedReason are non-null when Reconbanker has stopped scraping the account because of a fatal failure (bad credentials, the bank reporting a lockout). Clear the block by fixing the cause and calling Restart scraping. See Sessions → Skip-on-fatal protection.
Operation mode is not part of the account response — it is read from GET /me and applies to every account you own.
Create an account
Use this endpoint to enroll a new bank account.
POST /accounts
Content-Type: application/jsonRequest body:
{
"bankId": "uuid",
"name": "Operating account"
}bankId- required.name- required.
Responses:
201 Created- returns the new account.400 Bad Request-{ "error": "bankId and name are required" }
Get one account
Use this endpoint to fetch a single account by id.
GET /accounts/:accountIdResponse 200 OK:
{
"id": "uuid",
"bank": "itau",
"name": "Operating account",
"status": "active"
}404 Not Found when the account does not exist.
Delete an account
Use this endpoint to remove an account. You must repeat the account's current name in the request body. This is a safety check so you do not delete the wrong one by mistake.
DELETE /accounts/:accountId
Content-Type: application/jsonRequest body:
{ "confirmation_name": "Operating account" }Responses:
204 No Content- deleted.400 Bad Request-{ "error": "confirmation_name is required" }
Get account settings
Use this endpoint to read every setting on an account.
GET /accounts/:accountId/configResponse 200 OK:
{
"id": "uuid",
"account_id": "uuid",
"pending_orders_endpoint": "https://customer.example/pending",
"webhook_url": "https://customer.example/webhook",
"retry_limit": 3,
"polling_method": "GET",
"polling_body": null,
"auth_type": "bearer",
"auth_token": "<token>",
"webhook_auth_type": "bearer",
"webhook_auth_token": "<token>",
"notification_endpoint_url": "https://your-service.example/reconbanker/notify",
"notification_auth_type": "bearer",
"notification_auth_token": "<token>",
"notification_events": ["assistance_required"],
"notify_on_expired": false,
"webhook_extra_fields": null,
"silent_ingestion": false,
"session_type": "one-shot",
"login_mode": "simple",
"bank_username": "user@bank"
}Returns null when no settings have been saved yet. The notification_* fields configure the operational notification webhook, which is separate from the result webhook_url.
Update account settings
Use this endpoint to save or update every setting on an account in one call. The request body replaces the current settings.
PUT /accounts/:accountId/config
Content-Type: application/jsonRequest body:
{
"pending_orders_endpoint": "https://customer.example/pending",
"webhook_url": "https://customer.example/webhook",
"webhook_auth_type": "bearer",
"webhook_auth_token": "<token>",
"notification_endpoint_url": "https://your-service.example/reconbanker/notify",
"notification_auth_type": "bearer",
"notification_auth_token": "<token>",
"notification_events": ["assistance_required"],
"retry_limit": 3,
"polling_method": "GET",
"polling_body": null,
"auth_type": "bearer",
"auth_token": "<token>",
"bank_username": "user@bank",
"bank_password": "<password>",
"notify_on_expired": false,
"webhook_extra_fields": { "tenant": "acme" },
"session_type": "one-shot",
"login_mode": "simple",
"silent_ingestion": false
}Field notes:
pending_orders_endpoint- required when your user's operation mode is"reconcile". Ignored in passthrough.webhook_url- always required.webhook_auth_type/webhook_auth_token- credentials Reconbanker uses to call your webhook.notification_endpoint_url- endpoint for the operational notification webhook (OTP requests, login and scrape failures). Separate fromwebhook_url. Leave empty to disable.notification_auth_type/notification_auth_token- credentials for the notification endpoint.bearerorapi_key.notification_events- which notifications to send: any ofassistance_required,login_failed,scrape_failed.retry_limit- how many times Reconbanker re-attempts a match before giving up. Default3.polling_method-"GET"(default) or"POST".polling_body- sent as the JSON body whenpolling_methodis"POST". Ignored otherwise.auth_type/auth_token- credentials Reconbanker uses to call your pending orders endpoint. Also act as fallback for the webhook auth.bank_username/bank_password- your online banking credentials. Stored encrypted. Leave both off to keep existing credentials unchanged.notify_on_expired- whentrue, fires a webhook withstatus: "expired"for stale requests.webhook_extra_fields- JSON object merged into every webhook payload. These keys are reserved and cannot be overridden:external_id,status,amount,currency,name,id,received_at.session_type-"one-shot"(default, periodic open→scrape→close) or"persistent"(long-lived monitor). See Sessions.login_mode-"simple"(default, unattended) or"assisted"(Reconbanker pauses for a human to complete 2FA).silent_ingestion- passthrough only. Whentrue, Reconbanker marks transactions as notified but does not actually call the webhook (useful for backfills).
Operation mode is not an account setting. Read it from GET /me and change it with PUT /me/operation-mode; the value applies to every account you own.
Responses:
200 OK- returns the same shape as the read endpoint.400 Bad Request- one of the validation messages (webhook_url is required,pending_orders_endpoint is required when operation mode is reconcile, etc.).
List account movements
Use this endpoint to list bank transactions Reconbanker has read for an account.
GET /accounts/:accountId/movements?limit=100&offset=0Query parameters:
limit- defaults to100, maximum500.offset- defaults to0.
Response 200 OK:
[
{
"id": "uuid",
"external_id": "string",
"amount": "1500.00",
"currency": "UYU",
"sender_name": "ACME SA",
"received_at": "2026-05-13T10:15:00Z",
"notified_at": null,
"excluded_at": null
}
]Newest movements first.
Resend a movement webhook
Use this endpoint to replay a passthrough webhook for a specific bank transaction (for example, when your receiver was down).
POST /accounts/:accountId/movements/:movementId/notifyResponses:
202 Accepted-{ "queued": true }404 Not Found-{ "error": "Movement not found for this account" }
Trigger a bank scrape
Use this endpoint to make Reconbanker log in to your bank right now instead of waiting for the next scheduled run.
POST /accounts/:accountId/scrapeResponse 202 Accepted:
{ "jobId": "string" }Restart scraping
Use this endpoint to clear a fatal scrape block (set when scrapeBlockedAt is non-null on the list response) and immediately re-enqueue a scrape. Use it after you fix the underlying cause — for example, after updating bad credentials or once the bank has lifted a lockout. Works for both one-shot and persistent accounts.
POST /accounts/:accountId/restartResponse 202 Accepted:
{ "jobId": "string" }If the cause of the block is still present, Reconbanker may re-block the account immediately after this clear. Fix the root cause first.
Get pending OTP assistance
Use this endpoint to read the one-time code request an assisted login is currently waiting on. This is the dashboard's view of assisted login; the dashboard calls it to recover the prompt after a refresh.
GET /accounts/:accountId/otpResponse 200 OK:
{
"id": "req-1",
"type": "otp",
"descriptor": { "length": 6, "type": "numeric", "purpose": "login" },
"attempts": 2
}Returns null when nothing is pending. There is at most one pending request per account.
Submit an OTP code
Use this endpoint to deliver a one-time code to a waiting login as the dashboard user. This is the human path; a machine integration uses the API-key equivalent POST /v1/accounts/:accountId/otp (see External API).
POST /accounts/:accountId/otp
Content-Type: application/jsonRequest body:
{ "code": "123456" }code- required. 1 to 32 characters.
Response 202 Accepted:
{ "submitted": true }A 202 means the code was forwarded to the in-progress login, not that the bank has confirmed it. This endpoint is rate-limited.
See Conciliation for the matching endpoints, Banks for the bank catalog, and User for the user-level operation mode. For the assisted-login flow end to end, see Assisted login and OTP.