Build IBAN QA Workflows.
Generate IBANs, validate IBAN lists, create synthetic profiles, export datasets, and build edge-case files. API-key endpoints are metered by your plan; web dataset tools can also use 24h Pass credits for one-day work.
Authentication
Send your account API key in every REST request. Log in to show your real key in these examples.
X-API-Key: your_api_key_here
API Onboarding Path
Use Pro for self-serve API work. Use Business when a team needs higher monthly volume, saved QA datasets, exact bank/BIC targeting, or annual invoice procurement.
Current Tiers
These are the real product limits currently enforced by the app.
| Plan | Price | API calls | Profiles | SWIFT/BIC reveals | Exports |
|---|---|---|---|---|---|
| Free | Free | 50 | 5 | 0 | 0 |
| 24h Pass | $4.99 one-time | 500 / 24h | 50 / 24h | 100 / 24h | 25 / 24h |
| Starter | $9/month | 2,000 / month | 200 / month | 200 / month | 50 / month |
| Pro | $29/month | 10,000 / month | 1,000 / month | 2,000 / month | 500 / month |
| Business | $99/month | 100,000 / month | 10,000 / month | 10,000 / month | 2,000 / month |
| Enterprise | $190/month | 250,000 / month | 25,000 / month | 25,000 / month | 5,000 / month |
API Playground
Run a small live request from this page. It uses your real API key when you are logged in and consumes the same API credits as a normal request.
Generate IBAN
Generates valid IBANs for supported countries. quantity consumes the same number of API credits, and paid SWIFT/BIC plus bank metadata consumes the same number of reveal credits. Free API keys receive locked premium fields. Pro and Business API keys can also request targeted generation against bank records when a country supports bank-code generation.
curl -X POST https://ibangen.com/api/v1/generate \
-H "Content-Type: application/json" \
-H "X-API-Key: your_api_key_here" \
-d '{"country":"Germany","quantity":3}'
import requests
response = requests.post(
"https://ibangen.com/api/v1/generate",
headers={
"Content-Type": "application/json",
"X-API-Key": "your_api_key_here",
},
json={"country": "Germany", "quantity": 3},
)
print(response.json())
const response = await fetch("https://ibangen.com/api/v1/generate", {
method: "POST",
headers: {
"Content-Type": "application/json",
"X-API-Key": "your_api_key_here"
},
body: JSON.stringify({ country: "Germany", quantity: 3 })
});
console.log(await response.json());
$headers = @{
"Content-Type" = "application/json"
"X-API-Key" = "your_api_key_here"
}
$body = @{ country = "Germany"; quantity = 3 } | ConvertTo-Json
Invoke-RestMethod -Uri "https://ibangen.com/api/v1/generate" -Method Post -Body $body -Headers $headers
true,
CURLOPT_POST => true,
CURLOPT_HTTPHEADER => [
"Content-Type: application/json",
"X-API-Key: your_api_key_here"
],
CURLOPT_POSTFIELDS => json_encode(["country" => "Germany", "quantity" => 3])
]);
echo curl_exec($ch);
?>
[
{
"iban": "DE89370400440532013000",
"valid": true,
"swift_code": "COBADEFFXXX",
"bank_name": "Commerzbank",
"bank_city": "Frankfurt am Main",
"premium_fields_locked": false
}
]
Targeted generation
Use the optional targeting object when you need generated IBANs tied to supported bank records. Free users can browse targeting options in the UI, but API generation with targeting.city, targeting.bank, or targeting.bic requires paid access.
| Field | Plan | Behavior |
|---|---|---|
targeting.city |
Paid access | Generates against a supported bank record from the selected city. It can be combined with bank or BIC targeting. |
targeting.bank |
Pro+ | Generates against a matching bank record, using the selected bank code when that country exposes one. |
targeting.bic |
Business+ | Generates against an exact BIC/branch record when the country generator can honor it. |
Compatibility aliases are accepted for integrations that already send top-level fields: custom_city, custom_bank, custom_bic, bank_name, bic, and swift_code.
curl -X POST https://ibangen.com/api/v1/generate \
-H "Content-Type: application/json" \
-H "X-API-Key: your_api_key_here" \
-d '{
"country": "Luxembourg",
"quantity": 2,
"targeting": {
"city": "LUXEMBOURG",
"bank": "BANQUE DE LUXEMBOURG S.A."
}
}'
{
"country": "Luxembourg",
"quantity": 1,
"targeting": {
"bic": "BLUXLULL"
}
}
[
{
"iban": "LU340088078217992601",
"valid": true,
"swift_code": "BLUXLULL",
"bank_name": "BANQUE DE LUXEMBOURG S.A.",
"bank_city": "LUXEMBOURG",
"premium_fields_locked": false,
"custom_target": {
"scope": "bank",
"bank_name": "BANQUE DE LUXEMBOURG S.A.",
"city": "LUXEMBOURG",
"swift_code": "BLUXLULL",
"match_level": "bank_code",
"generated_bank_code": "008"
}
}
]
{
"error": "advanced_targeting_required",
"required_plan": "Pro",
"pricing_url": "/pricing?checkout=pro&intent=custom_bank",
"message": "Pro is required for this targeted API generation option."
}
Validate IBAN
Validates IBAN structure/checksum. Each IBAN in the list consumes one API credit. City is visible to every API key; SWIFT/BIC and bank name are premium fields, so paid API keys spend one reveal credit per IBAN and free API keys receive locked placeholders for those fields.
curl -X POST https://ibangen.com/api/v1/validate \
-H "Content-Type: application/json" \
-H "X-API-Key: your_api_key_here" \
-d '{"ibans":["GB82WEST12345698765432","DE89370400440532013000"]}'
import requests
response = requests.post(
"https://ibangen.com/api/v1/validate",
headers={"X-API-Key": "your_api_key_here"},
json={"ibans": ["GB82WEST12345698765432", "DE89370400440532013000"]},
)
print(response.json())
const response = await fetch("https://ibangen.com/api/v1/validate", {
method: "POST",
headers: {
"Content-Type": "application/json",
"X-API-Key": "your_api_key_here"
},
body: JSON.stringify({
ibans: ["GB82WEST12345698765432", "DE89370400440532013000"]
})
});
console.log(await response.json());
$headers = @{
"Content-Type" = "application/json"
"X-API-Key" = "your_api_key_here"
}
$body = @{ ibans = @("GB82WEST12345698765432", "DE89370400440532013000") } | ConvertTo-Json
Invoke-RestMethod -Uri "https://ibangen.com/api/v1/validate" -Method Post -Body $body -Headers $headers
["GB82WEST12345698765432", "DE89370400440532013000"]];
$ch = curl_init("https://ibangen.com/api/v1/validate");
curl_setopt_array($ch, [
CURLOPT_RETURNTRANSFER => true,
CURLOPT_POST => true,
CURLOPT_HTTPHEADER => ["Content-Type: application/json", "X-API-Key: your_api_key_here"],
CURLOPT_POSTFIELDS => json_encode($payload)
]);
echo curl_exec($ch);
?>
Response examples
Paid account or 24h Pass: validation returns premium bank metadata when available.
[
{
"iban": "FI1623114147337697",
"valid": true,
"swift_code": "NDEAFIHH",
"bank_name": "NORDEA BANK AB (PUBL), FINNISH BRANCH",
"bank_city": "HELSINKI",
"premium_fields_locked": false
}
]
Free API key: validation still returns valid/invalid status, but premium bank fields are locked.
[
{
"iban": "FI1623114147337697",
"valid": true,
"swift_code": "Hidden",
"bank_name": "Hidden",
"bank_city": "HELSINKI",
"premium_fields_locked": true,
"locked_fields": ["swift_code", "bank_name"],
"premium_unlock_url": "/pricing?checkout=day_pass&intent=swift"
}
]
Bank Statement Validator
Upload one bank statement file and receive a structured risk review. The analyzer extracts visible fields, checks detected IBANs with IBANgen validation, reviews dates/amounts/statement terminology, and returns a parseable JSON report for KYC workflows. Add expected_bank or expected_bank_slug when a statement should match a specific bank page.
curl -X POST https://ibangen.com/api/v1/statement-validator/analyze \
-H "X-API-Key: your_api_key_here" \
-F "statement_file=@/path/to/statement.pdf" \
-F "expected_bank=Banco Guayaquil"
import requests
with open("statement.pdf", "rb") as f:
response = requests.post(
"https://ibangen.com/api/v1/statement-validator/analyze",
headers={"X-API-Key": "your_api_key_here"},
files={"statement_file": ("statement.pdf", f, "application/pdf")},
data={"expected_bank": "Banco Guayaquil"},
timeout=30,
)
print(response.status_code)
print(response.json())
const form = new FormData();
form.append("statement_file", fileInput.files[0]);
form.append("expected_bank", "Banco Guayaquil");
const response = await fetch("https://ibangen.com/api/v1/statement-validator/analyze", {
method: "POST",
headers: { "X-API-Key": "your_api_key_here" },
body: form
});
console.log(await response.json());
If the response status is pending_analysis, poll the review endpoint until it returns completed. The alias /api/v1/statements/analyze is also available for shorter integrations.
{
"success": true,
"status": "pending_analysis",
"review_id": "d4f7c94e7d0e4e4b9b3d9c3f1e3a9c1b",
"review_step": "queued",
"review_message": "Document analysis is queued.",
"quota": {"limit": 10, "left": 9, "unlimited": false}
}
curl https://ibangen.com/api/v1/statement-validator/review/d4f7c94e7d0e4e4b9b3d9c3f1e3a9c1b \
-H "X-API-Key: your_api_key_here"
{
"success": true,
"status": "completed",
"score": 82,
"risk_level": "medium",
"is_bank_statement": true,
"summary": "The document resembles a bank statement with verifiable IBAN evidence and some review items.",
"extracted_fields": {
"account_holder": "Example Customer",
"iban": "DE89370400440532013000",
"statement_period": "May 2026"
},
"iban_checks": [{
"iban": "DE89370400440532013000",
"valid": true,
"country_code": "DE",
"bank_name": "Hidden",
"swift_code": "Hidden"
}],
"positive_signals": [],
"risk_signals": [],
"inconsistencies": [],
"recommendations": []
}
AI Profile
Generates a synthetic QA profile around an IBAN and bank context. Personal identity data is synthetic; bank names/websites use real public references when the model is confident.
curl -X POST https://ibangen.com/api/v1/profile \
-H "Content-Type: application/json" \
-H "X-API-Key: your_api_key_here" \
-d '{
"country":"Austria",
"iban":"AT335400061166597241",
"swift_code":"OBLAAT2LXXX",
"bank_name":"Oberbank AG",
"bank_city":"Linz",
"age_min":25,
"age_max":55
}'
import requests
payload = {
"country": "Austria",
"iban": "AT335400061166597241",
"swift_code": "OBLAAT2LXXX",
"bank_name": "Oberbank AG",
"bank_city": "Linz",
"age_min": 25,
"age_max": 55,
}
response = requests.post(
"https://ibangen.com/api/v1/profile",
headers={"X-API-Key": "your_api_key_here"},
json=payload,
)
print(response.json())
const payload = {
country: "Austria",
iban: "AT335400061166597241",
swift_code: "OBLAAT2LXXX",
bank_name: "Oberbank AG",
bank_city: "Linz",
age_min: 25,
age_max: 55
};
const response = await fetch("https://ibangen.com/api/v1/profile", {
method: "POST",
headers: {
"Content-Type": "application/json",
"X-API-Key": "your_api_key_here"
},
body: JSON.stringify(payload)
});
console.log(await response.json());
$headers = @{
"Content-Type" = "application/json"
"X-API-Key" = "your_api_key_here"
}
$body = @{
country = "Austria"
iban = "AT335400061166597241"
swift_code = "OBLAAT2LXXX"
bank_name = "Oberbank AG"
bank_city = "Linz"
age_min = 25
age_max = 55
} | ConvertTo-Json
Invoke-RestMethod -Uri "https://ibangen.com/api/v1/profile" -Method Post -Body $body -Headers $headers
"Austria",
"iban" => "AT335400061166597241",
"swift_code" => "OBLAAT2LXXX",
"bank_name" => "Oberbank AG",
"bank_city" => "Linz",
"age_min" => 25,
"age_max" => 55
];
$ch = curl_init("https://ibangen.com/api/v1/profile");
curl_setopt_array($ch, [
CURLOPT_RETURNTRANSFER => true,
CURLOPT_POST => true,
CURLOPT_HTTPHEADER => ["Content-Type: application/json", "X-API-Key: your_api_key_here"],
CURLOPT_POSTFIELDS => json_encode($payload)
]);
echo curl_exec($ch);
?>
{
"success": true,
"profile": {
"iban": "AT335400061166597241",
"provider": "openrouter",
"model": "inclusionai/ling-2.6-1t:free",
"model_tier": "free",
"quality_score": 94,
"quality_tier": "excellent",
"quality_label": "Excellent synthetic QA profile",
"profile": {
"full_name": "Synthetic persona name",
"country": "Austria",
"city": "Linz",
"bank_account": {
"bank_name": "Oberbank AG",
"bank_website": "https://www.oberbank.at",
"swift_bic": "OBLAAT2LXXX"
}
}
},
"generations_left": 199
}
Quality Score
85-100
Excellent or good. Complete profile, realistic address structure, bank context, no weak placeholders.
70-84
Usable but should be reviewed. Some non-critical fields may need regeneration.
Below 70
Needs review. Paid UI should retry or avoid presenting low-quality profiles as final data.
The score is based on completeness, country consistency, bank metadata quality, weak-marker detection,
and whether generated fields avoid placeholders such as N/A, 00000, and test domains.
Dataset Tools
Use these API-key endpoints when you want the same QA dataset features from automation. The `/tools` page is the browser UI; these routes are for scripts and CI jobs.
Bulk Dataset Builder
Paid only. 24h Pass: 40 rows. Starter: 500 rows. Pro/Enterprise: 10,000 rows. Supports JSON/CSV and optional AI profiles.
Test Case Generator
Generates valid and invalid IBAN edge cases: checksum, wrong length, malformed, and country mismatch scenarios. Free users get preview-sized batches.
curl -X POST https://ibangen.com/api/v1/bulk-dataset \
-H "Content-Type: application/json" \
-H "X-API-Key: your_api_key_here" \
-d '{"country":"Germany","quantity":100,"output":"json","include_profiles":false}'
curl -X POST https://ibangen.com/api/v1/test-cases \
-H "Content-Type: application/json" \
-H "X-API-Key: your_api_key_here" \
-d '{"country":"Germany","quantity":25,"output":"json"}'
import requests
headers = {
"Content-Type": "application/json",
"X-API-Key": "your_api_key_here",
}
dataset = requests.post(
"https://ibangen.com/api/v1/bulk-dataset",
headers=headers,
json={"country": "Germany", "quantity": 100, "output": "json"},
)
cases = requests.post(
"https://ibangen.com/api/v1/test-cases",
headers=headers,
json={"country": "Germany", "quantity": 25, "output": "json"},
)
print(dataset.json())
print(cases.json())
const headers = {
"Content-Type": "application/json",
"X-API-Key": "your_api_key_here"
};
const dataset = await fetch("https://ibangen.com/api/v1/bulk-dataset", {
method: "POST",
headers,
body: JSON.stringify({ country: "Germany", quantity: 100, output: "json" })
});
const cases = await fetch("https://ibangen.com/api/v1/test-cases", {
method: "POST",
headers,
body: JSON.stringify({ country: "Germany", quantity: 25, output: "json" })
});
console.log(await dataset.json());
console.log(await cases.json());
Errors
| Status | Meaning | Typical response |
|---|---|---|
| 401 | Missing or invalid API key. | {"error":"Invalid API key"} |
| 400 | Invalid country, quantity, or request body. | {"error":"Invalid country"} |
| 429 | API call credits exhausted. | {"error":"API call limit reached"} |
| 403 | Profile generation credits exhausted. | {"error":"generation_limit_reached"} |
| 402 | Paid or 24h Pass access required for a dataset tool. | {"error":"bulk_dataset_requires_paid_access"} |