Frequently Asked Questions

PelicanPay is an innovative payment and financial crime compliance platform for Fintechs and Third Party Providers (TPPs), providing easy onboarding and a streamlined global payments process. PelicanPay provides PSD2 Payment Initiation and Account Information services, accessible to all organisations who are seeking for genuine Pan-European and interoperable payment gateway solution.

PelicanPay provides Account Information Services (AIS) and Payment Initiation Services (PIS).

Currently, PelicanPay offers following plans: Beta, Bronze, Silver and Gold.

Please visit API product for more details about plan.

No. Registering on PelicanPay is free. However, to test some APIs you may be required to subscribe to the plan.

An app (or application) is the way a user can manage his APIs credentials. It is identified by a unique Client Id and Client Secret generated by the system.

When you add an application you are provided with a client ID and client secret for the application. You must supply the client ID when you call an API that requires you to identify your application by using a client ID, or a client ID and client secret.

To register an application click on Apps in the main menu and then click on the 'Register an application' link. Once you have provided an application name, description, etc you will be shown your application client ID and client secret.

Make a note of your client secret because it is only displayed once. You must supply the client secret when you call an API that requires you to identify your application by using a Client ID and Client secret.

There is no limit on the number of applications you create.

Go to the Apps tab, click on the app whose image needs to be updated; click on Edit Application and update the image.

Yes. You can update app name/description as many times as needed.

To raise a ticket, you need to login to API portal. Go to the Support tab and click on Support ticket.

No. You’ll always need to approve any payment made from your account. PelicanPay ensures that no payment will be initiated without proper consent of user.

The data used in Sandbox environment is dummy, but will follow the same structure as the data in production environment.

APIs are secured with API Key using ClientId and ClientSecret, OAuth2 – client credentials & authorization code grant type and SSL/TLS


The token is the credential that is needed to use an API. It is the result of a valid call to the authorization process. You can find more on the authorization process here: Getting Started guide

Refer How to in order to make your first call to our APIs.

The data is being transferred using SSL/TSL security.

Your account information is only accessible to you.

After registering your app, you will receive a Client ID and a Client secret. The Client ID is considered public information, and is used to access AIS PIS APIs. The Client secret must be kept confidential.

Login to API portal and click on the APPs tab. On apps if you have already created an app then you can see the Client ID of that app in that app page.

Note: Client Secret is visible only after you create the app.

If two or more sets of Client credentials are added to an application, OAuth tokens are not shared between them; each client credential set uses a different OAuth token.

To create OAuth token you have to call ‘/authorize’ and ‘/token’ API. For more details refer Getting Started guide

There will be only one Client ID and Client Secret for an app. But Client Secret can be reset infinite times.

You might have subscribed the plan which requires approval. So, you will get an e-mail once your subscription to the plan is approved and then you can use/access the APIs.

Your application client secret is stored encrypted so we cannot retrieve the unencrypted version to tell you the value if you forget it.

You can reset it, which will update the stored value and return the new value to you.

To do that click 'Apps' in the main menu, click on the application in question and then you can click the 'Reset' link in the 'Client Secret' section.

Your new secret will be displayed at the top of the page.

The numbers of requests, for different APIs, that your application has made are shown on your application page.

Click 'Apps' in the main menu and then click on your application. Under 'Subscribed Plans' you will see all plans your application is subscribed to. 

For each API contained in that plan you can see the usage compared to the rate limit of the plan.

The request field must be generated by using JWT. The JWT will have the following JSON structure:


  "alg": "HS256"


  "request_id": "THE REQUEST ID",
  "iss": "CLIENT ID "

The Currently supported algorithms is: HS256 The request_id value will be different while creating access AIS APIs and authorizing payment.
AIS: While accessing AIS API's the request_id will be AccountRequestId. The AccountRequestId can be generated by calling Account Requests API of AIS.
Authorizing Payment: While authorizing a payment the request_id will be a PaymentId.

You might have subscribed to the plan which does not offer those APIs. Please verify your subscription plan.

To access the OAuth2 secured APIs, you must have valid access token generated by calling ‘/authorize’ and ‘/token’ API. Follow the link for more details on creation of access token.

First, check your browser settings to make sure the "allow cookies" option is enabled.

If the problem persists you can reset your password here.

Still having problems? Please contact us by clicking here.

Yes, the pagination functionality is provided in the  GET /accounts/transactions API of PelicanPay PSD2 AIS API. The transaction details could be viewed by calling GET /accounts/transactions API of PelicanPay PSD2 AIS API. As complete transaction detail may not be fetched in response, so the functionality of pagination is provided. You will receive the link for "Self", "First", "Prev", "Next" and "Last" pages in the response of GET /accounts/transactions API to navigate to the desire pages.

The lifetime of the token received in the response of the POST /token endpoint of PelicanPay PSD2 Security API depends on the ASPSP. If the ASPSP does not supports refresh token then the expiration time is returned in the response of the /token of PelicanPay PSD2 Security API whereas if ASPSP supports refresh token then it is internally handled by Pelican PSD2 framework and expiration time is not returned in the response of the /token API.

TPP can initiate domestic payments.The payment product types supported by pelican are SEPA, Instant SEPA and by default the domestic payment product type of respective countries.
For e.x. For UK the payment product type supported by pelican is FPS.

We have a Beta plan available that allows you to make 100 Security API, 40 PIS API, 60 PIS API calls per hour in our sandbox environment. The Beta plan is free – there are no costs involved.

OAuth 2.0 is an open standard for access delegation, commonly used as a way for Internet users to grant websites or applications access to their information, most commonly using access codes and tokens on other websites but without giving them the passwords.

Open Banking refers to the use of APIs that enable third-party developers to build applications and services around financial institutions. Traditional closed banking is breaking up to give way to open access, transparent service, and most importantly of all, collaboration.