The API Report CardAPI Index
GoCardless

GoCardless API

gocardless.com

GoCardless runs a modern REST API for bank-debit payments with date-pinned versioning, idempotency keys, and signed webhooks. Direct merchant access is self-serve with a full sandbox; platforms acting for merchants need partner programme approval for OAuth. First-party SDKs span the major languages.

Last verified: July 2026Financial Services
API GRADE
A
VERIFIED JUL 2026

SCORECARD

ExistenceGOODModern REST payments API plus a separate Bank Account Data API, both documented at developer.gocardless.com.
AccessGOODSelf-serve for merchants with a full sandbox; partner platforms need programme approval for OAuth.
CoverageGOODMandates, payments, subscriptions, payouts, refunds, billing requests, and hosted flows across BACS, SEPA, and ACH.
AuthGOODBearer access tokens with scoped restricted tokens, plus OAuth 2.0 for platforms acting on behalf of merchants.
Docs & DXGOODSDKs for Ruby, PHP, Java, Python, .NET, and Node, a Postman collection, and a sandbox that simulates scheme returns.
StabilityGOODDate-stamped versions pinned per request via header, and idempotency keys are required on all creates.
MORE FROM THE REPORT CARD
Supergood: GoCardless shipped a real API. Most vendors don't; we ship near-native APIs for the rest.

Frequently asked questions

GoCardless scores A on the API Report Card. GoCardless runs a modern REST API for bank-debit payments with date-pinned versioning, idempotency keys, and signed webhooks. Direct merchant access is self-serve with a full sandbox; platforms acting for merchants need partner programme approval for OAuth. First-party SDKs span the major languages.

Tried to integrate with GoCardless?
SOURCES
The bank-debit lifecycle is genuinely complex, payments transition through `pending_submission` → `submitted` → `confirmed` → `paid_out`, then can be reversed via scheme-specific return codes days later; reconciliation logic must handle the full state machine developer.gocardless.com
Webhook event types are many and scheme-specific (BACS ARUDD/ADDACS/AUDDIS, SEPA R-messages, ACH R-codes surfaced as `cause` strings); handlers must encode rail-specific knowledge developer.gocardless.com
Mandate states (`pending_customer_approval`, `pending_submission`, `submitted`, `active`, `failed`, `cancelled`, `expired`) and the reasons-for-cancellation taxonomy are scheme-dependent, partners report needing to maintain per-scheme branching logic developer.gocardless.com
Settlement timing is multi-day and varies by scheme (BACS: D+3, SEPA Core: D+2, ACH: D+3 to D+4, BECS: D+3), building accurate cash-flow forecasts requires per-scheme calendar logic the API surfaces only indirectly via `charge_date` hub.gocardless.com
Sandbox is good but does not perfectly simulate every scheme-return scenario (e.g., obscure BACS return reason codes), production-only edge cases bite at scale developer.gocardless.com
Partner OAuth flow requires going through the GoCardless partner programme and approval, not fully self-serve like Stripe Connect developer.gocardless.com
Bank Account Data API (ex-Nordigen) is a separate product with its own auth, base URL and rate limits, partners need two integrations to cover collection + open-banking data developer.gocardless.com
Instant Bank Pay and Verified Mandates require open-banking provider coverage that varies by country and bank, failure modes (consent expired, bank unavailable) are user-facing gocardless.com
No bulk endpoints, backfilling historical mandates or migrating from a competitor requires iterating one resource at a time within rate limits developer.gocardless.com
Idempotency-key window is 24 hours, retries beyond that can double-charge if not deduplicated in application logic developer.gocardless.com
API version pinning per request is required, silently upgrading by sending no version header is not supported, which trips up new integrators developer.gocardless.com
Trustpilot rating sits around 2.5/5 with the dominant complaint being account suspensions and weeks-long fund holds during AML/compliance reviews trustpilot.com
Frequent reports of accounts being deactivated 'without clear explanation,' with merchants unable to reach a human reviewer during the hold trustpilot.com
Customer support is widely described as email-only, slow and scripted, especially during compliance escalations g2.com
Settlement is multi-day by design (BACS is a 3-business-day cycle, ACH 3–4 days, SEPA Core 2 days), merchants new to bank debit complain about cash-flow lag vs. cards wise.com
Payment-to-invoice matching is not always automatic in accounting integrations; finance teams still manually reconcile some payments g2.com
Only supports bank debit / open banking, cannot accept cards, wallets or BNPL, forcing merchants to run a second processor for card flows wise.com
Limited geographic coverage outside UK/EU/AU/US/CA/NZ/SE/DK, no LATAM, Africa, most of Asia gocardless.com
Customization of hosted billing pages is limited vs. fully-custom Stripe Elements/Adyen Drop-in flows getcone.io
Failed-payment / mandate-cancelled rates are higher than card decline rates by nature of the rails; without Success+ merchants see meaningful revenue leakage gocardless.com
Per-transaction fee creep on the Pro plan (0.90% + $0.05 capped at $7) is uncompetitive once US volume scales, enterprises must move to Custom pricing gocardless.com
Pricing structure changes (2023 plan restructure into Standard/Advanced/Pro) caught some long-tenured merchants off-guard with material fee increases support.gocardless.com