User details for mandates

Learn what user details you need to submit when you create a mandate.

When you create a mandate, you need to provide user details as part of anti-money-laundering measures. The only exception to this is if you have a PISP license.

User details to collect

When you create a mandate, you provide user details in the user object. The available fields in the user object are: id, name, email, phone, date_of_birthandaddress.

For a mandate, you must provide a minimum of:

  • The name of the payer, their given and family name.
  • One of:
    • The payer's email address.
    • The payer's phone number.

Additional user details

If a transaction is flagged for a sanction or AML issue, TrueLayer makes a Request for Information (RFI) to collect the additional information needed for us to investigate.

To comply with sanction screening obligations, and to minimise the number of RFIs raised, you should also include user details for the additional date_of_birth and address fields in your mandate creation API requests.

How to collect details

The example request below shows a mandate creation request with the mandatory user detail objects name and email completed. It also includes values for the non-mandatory id and phone objects.

This example also includes values for the address and date_of_birth objects to decrease the possibility of a RFI.

curl --request POST \
     --url \
     --header "Content-Type: application/json" \
     --header "Idempotency-Key: $(uuidgen)" \
     --header "Tl-Signature: TestRequest..Signature' \
     --header "Authorization: Bearer $AUTH_TOKEN" \
     --data '{
  "mandate": {
    "type": "sweeping",
    "provider_selection": {
       "filter": {
          "countries": ["GB"],
          "release_channel": "private_beta"
       "type": "user_selected"
    "beneficiary": {
       "type": "external_account",
       "account_holder_name": "My Bank Account",
       "account_identifier": {
          "type": "sort_code_account_number",
          "sort_code": "111111",
          "account_number": "10001000"
  "currency": "GBP",
  "user": {
    "id": "f9b48c9d-176b-46dd-b2da-fe1a2b77350c",
    "address": {
      "address_line_1": "1 Hardwick Street",
      "city": "London",
      "state": "London",
      "zip": "EC1R 4RB",
      "country_code": "GB"
    "name": "Remi Terr",
    "email": "[email protected]",
    "date_of_birth": "1990-01-31"
    "phone": "+44777777777"
  "constraints": {
    "valid_from": "2022-05-10T00:00:00.000Z",
    "valid_to": "2022-05-11T00:00:00.000Z",
    "maximum_individual_amount": 100,
    "periodic_limits": {
      "week": {
        "maximum_amount": 1000,
        "period_alignment": "calendar"

Format of user details

When you include user details as part of your mandate creation request, ensure that the information you include in the objects matches the following formats:

  • email: The email address must comply with RFC 2822. This means email must be a valid email address composed of US ASCII characters excluding blank spaces, [, ], or \, and must end in a domain.
  • phone: This should be in the format recommended by ITU. The country code of the number must be included, prefixed by +.
  • address: Each of the objects within the address object follow these rules:
    • address_line1: Description of the street address and house number, between 1 and 50 characters.
    • address_line2: Further details like building name or apartment number, between 1 and 50 characters.
    • city: Name of the city or locality, between 1 and 50 characters.
    • state: Name of the county, province or state, between 1 and 50 characters.
    • zip: ZIP or postal code, between 1 and 20 characters.
    • country_code: The two-letter country code.
      Uses the ISO 3166-1 alpha-2 format.