We spoke with both compliance and an engineer working on the api. For full disclosure, here is the info we retained from our compliance officer:
“The account number field should be alphameric, which means it can contain any of the following valid characters: 0-9, A-Z, a-z, space, EBCDIC values greater than hexadecimal “3F,” and ASCII values greater than hexadecimal “1F.”
(I can send you a link on those last two, not entirely sure off the top of my head what they are haha)
Here you go: http://ascii-table.com/ebcdic-table.php
ASCII Table - All ASCII codes and symbols with control characters explained, for easy reference - includes conversion tables, codepages and UNICODE, ANSI, EBCDIC and HTML codes
I think the most common one we may see would be a dash (”-"), some credit unions will have this for subaccounts. For example, my checking could be 12345-1 and my savings could be 12345-2."
We do need to update the API validation to be a little more lenient to accommodate the requirements outlined. I have created a ticket for this