BIN Checker API

BIN Checker API

Checks and verifies BIN (Bank Identification Number). Available for both credit card and debit cards.
Free Plan $0.00 Monthly Subscribe
600 Requests / Monthly
Free for Lifetime
No Credit Card Required
Starter Plan $4.99 Monthly Subscribe
15,000 Requests / Monthly
Standard Support
Fast and simple
Updated frequently
Pro Plan $9.99 Monthly Subscribe
60,000 Requests / Monthly
Standard Support
Fast and simple
Updated frequently
Custom Plan Volume Monthly Contact Us
Any requests volume you need
Fast and simple
Updated frequently
What is BIN/IIN?

What is BIN?

Bank Identification Number (“BIN”) or Issuer Identification Number (“IIN”) is the first six digits (no spaces) of a bank-issued card. It is commonly used in credit cards, debit cards, stored-value cards and some gift cards. BIN is used to validate card issuer information through the BIN database which helps to prevent online fraud.

BIN holds information of: brand of the card ( Visa, Master Card, …), name of the issuing institution/ bank, country of issuance, type of the card (Debit / Credit), category of the card

What is Bin Checker API?

Our BIN Checker API uses the first 6 digits of an issuer card to retrieve the information. It contains one of the most accurate lists of BINs and their relevant data from the issuer banks all over the world.

  • If BIN number doesn’t exist in our BIN Lookup, an HTTP 404 response is returned.
  • If some of the relevant information is not currently available in our database, you will see them as empty fields in the response. You can inform us about such cases, and we'll do our best to overcome the situation.

We have spent a large amount of time compiling BIN numbers from as many sources as possible. This process includes filtering and refining the level of information and checking their accuracy. We update our BIN database regularly to provide you the most accurate information. But please keep in mind that it is not possible to maintain a 100% perfect list of BIN/IIN numbers as they grow rapidly. If you have any comments or requests, please notify us.

See it in Action!

Is Bin Checker API Secure?

BIN Checker API uses only the first 6-digits of a card, and it doesn’t store/display any personal information. APILayer is a legal entity in European Union and regulated by its laws. We never store any sensitive information on our servers and fully respect your privacy.

What is BIN Checker used for?

BIN Checker is mainly used in commercial businesses for fraud prevention by providing an extra security layer to protect both customers and merchants.

  • Online stores use BIN Checker to validate transactions against fraud and identity theft. With a simple example, if your device location where you make the transaction does not match with the country of issuance information that returns from BIN lookup, the transaction might be blocked due to fraud and additional validation can be asked.
  • Online merchant’s system can recognize the type of the card easily and ensure if they accept that card brand (Visa, Mastercard …) before attempting to further authorization.

How to start

First, start by (free tier available), get your API key and you are ready. Next, you can test using the following cURL command. See documentation for more information and code samples for various programming languages.

curl --request GET \
--url '' \
--header 'apikey: YOUR API KEY HERE'

BIN Checker API Reference

This API is organized around REST. Our API has predictable resource-oriented URLs, accepts form-encoded request bodies, returns JSON-encoded responses, and uses standard HTTP response codes, authentication, and verbs.

Just Getting Started?

Check out our development quickstart guide.


BIN Checker API uses API keys to authenticate requests. You can view and manage your API keys in the Accounts page.

Your API keys carry many privileges, so be sure to keep them secure! Do not share your secret API keys in publicly accessible areas such as GitHub, client-side code, and so forth.

All requests made to the API must hold a custom HTTP header named "apikey". Implementation differs with each programming language. Below are some samples.

All API requests must be made over HTTPS. Calls made over plain HTTP will fail. API requests without authentication will also fail.


Search Bin Code


bin_code (required)

Location: Path, Data Type: integer

** A word enclosed with curly brackets "{ }" in the code means that it is a parameter and it should be replaced with your own values when executing. (also overwriting the curly brackets).

Below is a sample response from the endpoint

If you wish to play around interactively with real values and run code, see...

Rate Limiting

Each subscription has its own rate limit. When you become a member, you start by choosing a rate limit that suits your usage needs. Do not worry; You can upgrade or downgrade your plan at any time. For this reason, instead of starting with a larger plan that you do not need, we can offer you to upgrade your plan after you start with "free" or "gold plan" options and start using the API.

When you reach a rate limit (both daily and monthly), the service will stop responding and returning the HTTP 429 response status code (Too many requests) for each request with the following JSON string body text.

"message":"You have exceeded your daily\/monthly API rate limit. Please review and upgrade your subscription plan at https:\/\/\/subscriptions to continue."

A reminder email will be sent to you when your API usage reaches both 80% and 90%, so that you can take immediate actions such as upgrading your plan in order to prevent your application using the API from being interrupted.

You can also programmatically check your rate limit yourself. As a result of each request made to the APILayer, the following 4 fields provide you with all the necessary information within the HTTP Headers.

x-ratelimit-limit-month: Request limit per month
x-ratelimit-remaining-month: Request limit remaining this month
x-ratelimit-limit-day: Request limit per day
x-ratelimit-remaining-day: Request limit remaining today

You can contact our support unit if you need any assistance with your application regarding to handle the returned result by looking at the header information.

Error Codes

APILayer uses standard HTTP response codes to indicate the success or failure of an API request. In general: Codes in the 2xx range indicate success. Codes in the 4xx range indicate a clientside error, which means that failed given the information provided (e.g., a missing parameter, unauthorized access etc.). Codes in the 5xx range indicate an error with APILayer's servers (normally this should'nt happen at all).

If the response code is not 200, it means the operation failed somehow and you may need to take an action accordingly. You can check the response (which will be in JSON format) for a field called 'message' that briefly explains the error reported.

Status Code Explanation
400 - Bad Request The request was unacceptable, often due to missing a required parameter.
401 - Unauthorized No valid API key provided.
404 - Not Found The requested resource doesn't exist.
429 - Too many requests API request limit exceeded. See section Rate Limiting for more info.
5xx - Server Error We have failed to process your request. (You can contact us anytime)

You can always contact for support and ask for more assistance. We'll be glad to assist you with building your product.