Skip to main content
GET
/
checkout
/
sessions
/
bank-details
Get Bank Details
curl --request GET \
  --url https://api.maash.io/checkout/sessions/bank-details \
  --header 'Authorization: <authorization>' \
  --header 'x-maash-user-type: <x-maash-user-type>'
{
  "data": {
    "encoded_bank_details": "<string>"
  }
}
Returns the encoded company bank account details for the current checkout session, for a specific currency. Use this endpoint when the customer selects Bank as their payment method in the checkout UI. Recommended: GET /checkout/sessions/bank-details — no path parameters. The session ID is derived from the session token in the Authorization header (or token query param). Send the session token that was included in the checkout URL. Valid currency values are the active bank account currencies for the organization (see GET /checkout/sessions/bank-currencies). If currency is omitted and the org has exactly one such currency, that currency is used; if there are several, currency is required (400 with available list in the error message). The response contains a Base64-encoded JSON payload with the bank account information. The frontend is expected to decode this payload and display the fields to the user.

Authentication

x-maash-user-type
string
required
Must be set to checkout.
Authorization
string
required
Session token: Bearer &lt;session_token&gt;. The session token is returned in the checkout URL when the session is created (e.g. ?token=...). The backend derives the session ID from this token; do not send session_id in the path.
Alternatively, the session token may be sent as the query parameter token.

Query parameters

currency
string
ISO currency for which to return bank account details. Must be one of the values from GET /checkout/sessions/bank-currencies for this session. Omit only when the organization has a single bank currency.

Response

data
object
encoded_bank_details
string
Base64-encoded JSON string containing the company bank account details. The decoded JSON has the following shape:

Request example

Session ID is not in the path; it is derived from the session token.
cURL
# With session token in Authorization header (recommended)
curl "https://api.maash.io/checkout/sessions/bank-details" \
  -H "x-maash-user-type: checkout" \
  -H "Authorization: Bearer YOUR_SESSION_TOKEN"

# With currency and token
curl "https://api.maash.io/checkout/sessions/bank-details?currency=EUR" \
  -H "x-maash-user-type: checkout" \
  -H "Authorization: Bearer YOUR_SESSION_TOKEN"
Node.js
const sessionToken = "YOUR_SESSION_TOKEN"; // from checkout URL ?token=...
const currency = "EUR"; // optional: USD | EUR | AED | GBP

const url = new URL("https://api.maash.io/checkout/sessions/bank-details");
if (currency) url.searchParams.set("currency", currency);

const response = await fetch(url, {
  headers: {
    "x-maash-user-type": "checkout",
    Authorization: `Bearer ${sessionToken}`,
  },
});

const { data } = await response.json();
const encoded = data.encoded_bank_details;
const decodedJson = JSON.parse(
  Buffer.from(encoded, "base64").toString("utf-8")
);

console.log(decodedJson.account_name, decodedJson.currency, decodedJson.iban);

Response examples

200
{
  "data": {
    "encoded_bank_details": "eyJhY2NvdW50X25hbWUiOiJNYWFzaCBQYXltZW50cyBMdGQiLCJiYW5rX25hbWUiOiJHbG9iYWwgUGF5bWVudHMgQmFuayIsImliYW4iOiJHQjAwQkFOSzAwMDAwMDAwMDAwMDAwMDAiLCJzd2lmdF9iaWMiOiJHQkJBTktYWCIsImFjY291bnRfbnVtYmVyIjoiMDAwMDAwMDAiLCJzb3J0X2NvZGUiOiIwMC0wMC0wMCIsInJlZmVyZW5jZSI6InR4bl8xMjM0NTY3ODkiLCJjdXJyZW5jeSI6IlVTRCIsImFtb3VudF91c2QiOjEwMH0="
  }
}
404
{
  "error": "Session not found"
}
401
{
  "error": "Missing session token"
}
401
{
  "error": "Invalid or expired session token"
}