ApiToll

← Catalog

BIN Lookup.

Card-issuer metadata for any 6-to-8-digit BIN prefix. Scheme, type, issuing bank, country, geo. 343,063 records indexed. $0.002 per call. No signup, no key.

Endpoint
GET /v1/bin/:bin
Price
0.002 USDC per successful call
Network
base-sepolia (mainnet flip imminent)
Source
iannuttall/binlist-data — CC-BY-4.0
Records
343,063
PCI scope
Out, by design — we reject any input longer than 8 digits
Auth
None. x402 payment is the auth.

Try the sandbox →   Same response shape, test USDC on Base Sepolia. Get a test wallet drip.

What you get

JSON. Same shape on every call.

{
  "status":      "success",
  "bin":         "431940",
  "matched_bin": "431940",
  "data": {
    "scheme":   "VISA",
    "type":     "debit",
    "category": null,
    "issuer": {
      "name":         "Bank of Ireland",
      "country":      "IE",
      "country_name": "Ireland",
      "url":          "www.bankofireland.com",
      "phone":        "+353 1 661 5933"
    },
    "location": { "latitude": 53.4129, "longitude": -8.24389 }
  },
  "meta": {
    "source":           "iannuttall/binlist-data",
    "source_license":   "CC-BY-4.0",
    "database_records": 343063,
    "last_updated":     "2026-04-14T18:58:04Z"
  }
}

Why pay

Public sources exist. Hosting them is the work.

  1. binlist.net free tier caps at 10k req/month and wants signup.

    We have neither cap nor signup. The wallet is the auth.

  2. PCI scope kept off the floor.

    We accept 6-8 digits only. Anything longer rejects with HTTP 400 before it touches our handler. Your code never holds full PANs.

  3. Sub-millisecond response.

    Self-hosted SQLite, indexed by BIN prefix. No upstream API at request time.

Use cases

What agents do with this.

  1. Payment routing.

    Route US-issued cards to your US acquirer, EEA-issued to your EU PSP. Save 30-80bps per transaction on interchange.

  2. Fraud triage.

    Flag issuer-country versus shipping-country mismatch. Detect test BINs. Surface impossible issuer combos at checkout.

  3. Surcharge and policy rules.

    Identify debit versus credit, corporate versus consumer, prepaid flags. Drive your acceptance rules without asking the customer.

  4. Analytics without PCI.

    Roll up revenue by issuer country or card type without touching the PAN.

Honest framing

What it is not.

Good for: routing decisions where "usually right" is acceptable, fraud signals as one input among many, analytics rough categorization.

Not good for:

  • Regulatory compliance decisions requiring bank-of-record accuracy (use Mastercard MATCH or Visa VPA)
  • Hard card-acceptance rejections where a misclassification harms a real customer
  • Visa Fast Funds eligibility (separate dataset, future tier)

Try it

Right now.

One line to see the 402 challenge (no wallet needed):

curl -i https://apitoll.io/v1/bin/431940

When you're ready to actually pay, send a signed X-PAYMENT header (most agent SDKs do this for you). See the agent primer for full setup. Or hit the sandbox first.

Discovery

Pricing rationale

$0.002 per call — low enough that 1,000 lookups is $2 and an agent doesn't hesitate. High enough to fund the infrastructure and refresh against upstream data. Human-facing services start at $20/month plans or throttle the free tier to a few calls per hour. We do neither.