Weavr Multi Product API (3.21.0)

Download OpenAPI specification:Download

Weavr Multi API provides a simple and flexible way to issue cards and accounts to your customers.

By integrating Weavr Multi API in your application you can embed banking capabilities within your app and provide a seamless experience for your customers.

Authentication

Each request to the Multi API must include an api_key that represents your account. You can obtain an API Key by registering for a Multi account here.

Almost all endpoints require a secondary authentication token auth_token that represents the user for whom the request is being executed.

api_key

The API Key representing your Multi account. You can find your API Key in your Multi Portal in the API Credentials page.

Security Scheme Type	API Key
Header parameter name:	api-key

auth_token

The authentication token representing the user. This will be included in the login response object.

Security Scheme Type	HTTP
HTTP Authorization Scheme	bearer
Bearer format	"JWT"

Access

Manage authentication for your users.

Login with password

Authenticate a user with the email and password that they provided when registering.

Given that the user credentials are correct, this returns a token that can then be used to authorise other secured operations. In case the password is expired, a temporary token is returned, which can be used solely for updating the password.

The token returned is valid for 15 minutes from last activity.

Authorizations:

api_key

Request Body schema: application/json

email required	string <email> (Email) E-mail Address of the user
required	object (SensitivePassword) The user's password or passcode used to log in a user. Passwords must be: between 8 and 30 characters include a lowercase character include an uppercase character include a digit and a special character different from any of the 5 last such passwords used. For non-PCI compliant integrations, the password submitted must be tokenised.

Responses

Request samples

Content type

application/json

{"email": "user@example.com",
"password": {"value": "pa$$word"
}
}

Response samples

200
400
409
default

Content type

application/json

{"token": "string",
"identity": {"type": "CONSUMER",
"id": "string"
},
"credentials": {"type": "ROOT",
"id": "string"
}
}

Issue a one-time password that can be used to step-up a token

Initiates the step-up token process by sending an SMS with an one-time-password to a device belonging to the logged-in user that was previously enrolled through /authentication_factors/otp/{channel} endpoint.

This process is required for endpoints that require a step-up token to complete the call.

Note that on the Sandbox Environment, text messages are not sent and the one-time-password is always "123456".

Authorizations:

auth_tokenapi_key

path Parameters

channel

required

string (SCAOtpChannel)

The unique identifier for the channel.

Value: "SMS"

Responses

Request samples

curl -i -X POST \
  https://sandbox.weavr.io/multi/stepup/challenges/otp/:channel \
  -H 'Authorization: Bearer <YOUR_JWT_HERE>' \
  -H 'api-key: YOUR_API_KEY_HERE'

Response samples

400
405
409
default

Content type

application/json

{"message": "string",
"syntaxErrors": {"invalidFields": [{"params": ["string"
],
"fieldName": "string",
"error": "REQUIRED"
}
]
}
}

Verify a step-up token using a one-time password

Completes the verification process for a step up token.

Note that on the Sandbox Environment, text messages are not sent and the verificationCode is always "123456".

Authorizations:

auth_tokenapi_key

path Parameters

channel

required

string (SCAOtpChannel)

The unique identifier for the channel.

Value: "SMS"

Request Body schema: application/json

verificationCode

required

string (Nonce) <= 50 characters ^[a-zA-Z0-9_.*@-]*$|^[a-zA-Z0-9.!#$%&*+\\/=?^...

A randomly generated one-time use code.

Responses

Request samples

Content type

application/json

{"verificationCode": "string"
}

Response samples

400
409
default

Content type

application/json

{"message": "string",
"syntaxErrors": {"invalidFields": [{"params": ["string"
],
"fieldName": "string",
"error": "REQUIRED"
}
]
}
}

Issue a push notification that can be used to step-up a token

Initiates the step-up token process by submitting a push notification to a device belonging to the logged-in user that was previously enrolled through the /authentication_factors/push/{channel} endpoint.

You should only start this process if the token step-up isn't already in flight.

Authorizations:

auth_tokenapi_key

path Parameters

channel

required

string (SCAPushChannel)

"AUTHY": The push notification is sent on the user's device using Twilio Authy
"EMBEDDED": The push notification is sent to the user's device using OkayThis

Enum: "AUTHY" "EMBEDDED"

Responses

Request samples

curl -i -X POST \
  https://sandbox.weavr.io/multi/stepup/challenges/push/:channel \
  -H 'Authorization: Bearer <YOUR_JWT_HERE>' \
  -H 'api-key: YOUR_API_KEY_HERE'

Response samples

200
400
405
409
default

Content type

application/json

{"id": "string"
}

Logout

Logs out the user and terminates the session identified by the auth_token in the Authorization Header.

Authorizations:

auth_tokenapi_key

Responses

Request samples

curl -i -X POST \
  https://sandbox.weavr.io/multi/logout \
  -H 'Authorization: Bearer <YOUR_JWT_HERE>' \
  -H 'api-key: YOUR_API_KEY_HERE'

Response samples

400
default

Content type

application/json

{"message": "string",
"syntaxErrors": {"invalidFields": [{"params": ["string"
],
"fieldName": "string",
"error": "REQUIRED"
}
]
}
}

Passwords

Manage your users' passwords.

Create a password

Create a new password for the user identified by the user_id path parameter.

Authorizations:

api_key

path Parameters

user_id

required

string (UserId) ^[0-9]+$

The user id for which this password is created.

Request Body schema: application/json

required

object (SensitivePassword)

The user's password or passcode used to log in a user. Passwords must be:

between 8 and 30 characters
include a lowercase character
include an uppercase character
include a digit and a special character
different from any of the 5 last such passwords used.

For non-PCI compliant integrations, the password submitted must be tokenised.

Responses

Request samples

Content type

application/json

{"password": {"value": "pa$$word"
}
}

Response samples

200
400
404
409
default

Content type

application/json

{"passwordInfo": {"identityId": {"type": "CONSUMER",
"id": "string"
},
"expiryDate": 0
},
"token": "string"
}

Update a password

Update the password for the logged-in user.

Authorizations:

auth_tokenapi_key

Request Body schema: application/json

required	object (SensitivePassword) The user's password or passcode used to log in a user. Passwords must be: between 8 and 30 characters include a lowercase character include an uppercase character include a digit and a special character different from any of the 5 last such passwords used. For non-PCI compliant integrations, the password submitted must be tokenised.
required	object (SensitivePassword) The user's password or passcode used to log in a user. Passwords must be: between 8 and 30 characters include a lowercase character include an uppercase character include a digit and a special character different from any of the 5 last such passwords used. For non-PCI compliant integrations, the password submitted must be tokenised.

Responses

Request samples

Content type

application/json

{"oldPassword": {"value": "pa$$word"
},
"newPassword": {"value": "pa$$word"
}
}

Response samples

200
400
409
default

Content type

application/json

{"token": "string",
"passwordInfo": {"identityId": {"type": "CONSUMER",
"id": "string"
},
"expiryDate": 0
}
}

Validate a password

Check that a password adheres to all complexity checks.

Authorizations:

api_key

Request Body schema: application/json

required

object (SensitivePassword)

The user's password or passcode used to log in a user. Passwords must be:

between 8 and 30 characters
include a lowercase character
include an uppercase character
include a digit and a special character
different from any of the 5 last such passwords used.

For non-PCI compliant integrations, the password submitted must be tokenised.

Responses

Request samples

Content type

application/json

{"password": {"value": "pa$$word"
}
}

Response samples

400
404
409
default

Content type

application/json

{"message": "string",
"syntaxErrors": {"invalidFields": [{"params": ["string"
],
"fieldName": "string",
"error": "REQUIRED"
}
]
}
}

Initiate lost password process

Initiate the lost password process.

If the email address provided is associated with an active user, an email will be sent, containing a URL that redirects the user to change their password. The URL contains request parameters for all of the parameters required to change the password for the user via the /passwords/lost_password/resume POST endpoint.

Authorizations:

api_key

Request Body schema: application/json

email

required

string <email> (Email)

E-mail Address of the user

Responses

Request samples

Content type

application/json

{"email": "user@example.com"
}

Response samples

400
404
409
default

Content type

application/json

{"message": "string",
"syntaxErrors": {"invalidFields": [{"params": ["string"
],
"fieldName": "string",
"error": "REQUIRED"
}
]
}
}

Resume lost password process

This is the second and final step in updating the password of a user who forgot their password.

Authorizations:

api_key

Request Body schema: application/json

nonce required	string (Nonce) <= 50 characters ^[a-zA-Z0-9_.@-]$\|^[a-zA-Z0-9.!#$%&*+\\/=?^... A randomly generated one-time use code.
email required	string <email> (Email) E-mail Address of the user
required	object (SensitivePassword) The user's password or passcode used to log in a user. Passwords must be: between 8 and 30 characters include a lowercase character include an uppercase character include a digit and a special character different from any of the 5 last such passwords used. For non-PCI compliant integrations, the password submitted must be tokenised.

Responses

Request samples

Content type

application/json

{"nonce": "string",
"email": "user@example.com",
"newPassword": {"value": "pa$$word"
}
}

Response samples

200
400
404
409
default

Content type

application/json

{"token": "string"
}

Additional Factors

Manage additional strong customer authentication factors for your users.

Get user authentication factors

Retrieves the list of authentication factors that can be used to verify the logged-in user.

Authorizations:

auth_tokenapi_key

Responses

Request samples

curl -i -X GET \
  https://sandbox.weavr.io/multi/authentication_factors \
  -H 'Authorization: Bearer <YOUR_JWT_HERE>' \
  -H 'api-key: YOUR_API_KEY_HERE'

Response samples

200
400
404
default

Content type

application/json

{"factors": [{"type": "OTP",
"status": "PENDING_VERIFICATION",
"channel": "SMS"
}
]
}

Enrol a user device for authentication using one-time passwords

This is the first step in enrolling the logged-in user's mobile device, where a one-time password is sent to the device.

Note that on the Sandbox Environment, text messages are not sent and the one-time-password is always "123456".

Authorizations:

api_keyauth_token

path Parameters

channel

required

string (SCAOtpChannel)

The unique identifier for the channel.

Value: "SMS"

Responses

Request samples

curl -i -X POST \
  https://sandbox.weavr.io/multi/authentication_factors/otp/:channel \
  -H 'Authorization: Bearer <YOUR_JWT_HERE>' \
  -H 'api-key: YOUR_API_KEY_HERE'

Response samples

400
404
409
default

Content type

application/json

{"message": "string",
"syntaxErrors": {"invalidFields": [{"params": ["string"
],
"fieldName": "string",
"error": "REQUIRED"
}
]
}
}

Verify enrolment of a user device for authentication using one-time passwords

The second step in enrolling the logged-in user (root or authorised user) to use one-time-passwords to enable verification of transactions.

Note that on the Sandbox Environment, text messages are not sent and the verificationCode is always set to "123456".

Authorizations:

api_keyauth_token

path Parameters

channel

required

string (SCAOtpChannel)

The unique identifier for the channel.

Value: "SMS"

Request Body schema: application/json

verificationCode

required

string (Nonce) <= 50 characters ^[a-zA-Z0-9_.*@-]*$|^[a-zA-Z0-9.!#$%&*+\\/=?^...

A randomly generated one-time use code.

Responses

Request samples

Content type

application/json

{"verificationCode": "string"
}

Response samples

400
404
409
default

Content type

application/json

{"message": "string",
"syntaxErrors": {"invalidFields": [{"params": ["string"
],
"fieldName": "string",
"error": "REQUIRED"
}
]
}
}

Enrol a user device for authentication using push notifications

This is the first step in enrolling the logged-in user's mobile device, where a push notification is sent to the device.

Authorizations:

api_keyauth_token

path Parameters

channel

required

string (SCAPushChannel)

The unique identifier for the channel.

Enum: "AUTHY" "EMBEDDED"

Responses

Request samples

curl -i -X POST \
  https://sandbox.weavr.io/multi/authentication_factors/push/:channel \
  -H 'Authorization: Bearer <YOUR_JWT_HERE>' \
  -H 'api-key: YOUR_API_KEY_HERE'

Response samples

200
400
404
409
default

Content type

application/json

{"linkingCode": "string"
}

Corporates

Corporates are identities representing companies. Once on-boarded, Corporates can create and manage their own instruments via your application.

Create a corporate

Create a corporate identity for a business customer. The information provided must be accurate and will be passed on for KYB verification with our partner.

Authorizations:

api_key

Request Body schema: application/json

profileId required	string (ProfileId) ^[0-9]+$ The profile Id which a specific identity, instrument or transaction type is linked to. Profiles contain configuration and determine behavioral aspects of the newly created transaction, for example, fees that may apply. You can have one or more profiles linked to your application, and these can be used to drive different behaviors according to your product's needs. Profile Ids can be found in the Multi Portal, in the API Credentials page.
tag	string (Tag) <= 50 characters ^[a-zA-Z0-9_-]+$ The tag field is a custom field that can be used to search and filter.
required	object The root user needs to be a director or a legal representative of the corporate that is being onboarded - this user cannot be deactivated. Root users need to verify their email address and mobile number, as well as complete KYC as part of the Corporate's due diligence process.
required	object The details associated with the company being on-boarded. The details provided need to match exactly with the details provided during KYB.
industry required	string (Industry) The industry of the identity. Enum: "ACCOUNTING" "AUDIT" "FINANCE" "PUBLIC_SECTOR_ADMINISTRATION" "ART_ENTERTAINMENT" "AUTO_AVIATION" "BANKING_LENDING" "BUSINESS_CONSULTANCY_LEGAL" "CONSTRUCTION_REPAIR" "EDUCATION_PROFESSIONAL_SERVICES" "INFORMATIONAL_TECHNOLOGIES" "TOBACCO_ALCOHOL" "GAMING_GAMBLING" "MEDICAL_SERVICES" "MANUFACTURING" "PR_MARKETING" "PRECIOUS_GOODS_JEWELRY" "NON_GOVERNMENTAL_ORGANIZATION" "INSURANCE_SECURITY" "RETAIL_WHOLESALE" "TRAVEL_TOURISM" "FREELANCER"
sourceOfFunds required	string (CorporateSourceOfFunds) The corporate's source of funds. Enum: "LABOUR_CONTRACT" "CIVIL_CONTRACT" "RENT" "FUNDS_FROM_OTHER_AUXILIARY_SOURCES" "SALE_OF_MOVABLE_ASSETS" "SALE_OF_REAL_ESTATE" "ORDINARY_BUSINESS_ACTIVITY" "DIVIDENDS" "LOAN_FROM_FINANCIAL_INSTITUTIONS_CREDIT_UNIONS" "LOAN_FROM_THIRD_PARTIES" "SALE_OF_COMPANY_SHARES_BUSINESS" "OTHER"
sourceOfFundsOther	string Description of source of funds in case `OTHER` was chosen.
acceptedTerms required	boolean Must be set to true to indicate that the corporate root user has accepted the terms and conditions.
ipAddress required	string [ 5 .. 45 ] characters The IP address of the corporate user doing the registration.
baseCurrency required	string (Currency) 3 characters ^[A-Z]*$ The currency expressed in ISO-4217 code. Example: GBP, EUR, USD.
feeGroup	string Fee groups allow the possibility to charge different fees to users under the same profile. If fee groups are not required, ignore this field.

Responses

Request samples

Content type

application/json

{"profileId": "string",
"tag": "string",
"rootUser": {"name": "string",
"surname": "string",
"email": "user@example.com",
"mobile": {"countryCode": "string",
"number": "string"
},
"companyPosition": "DIRECTOR",
"dateOfBirth": {"year": 0,
"month": 0,
"day": 0
}
},
"company": {"type": "SOLE_TRADER",
"businessAddress": {"addressLine1": "string",
"addressLine2": "string",
"city": "string",
"postCode": "string",
"state": "string",
"country": "st"
},
"name": "string",
"registrationNumber": "string",
"registrationCountry": "st"
},
"industry": "ACCOUNTING",
"sourceOfFunds": "LABOUR_CONTRACT",
"sourceOfFundsOther": "string",
"acceptedTerms": true,
"ipAddress": "string",
"baseCurrency": "str",
"feeGroup": "string"
}

Response samples

200
400
409
default

Content type

application/json

{"id": {"type": "CONSUMER",
"id": "string"
},
"profileId": "string",
"tag": "string",
"rootUser": {"id": {"type": "CONSUMER",
"id": "string"
},
"name": "string",
"surname": "string",
"email": "user@example.com",
"mobile": {"countryCode": "string",
"number": "string"
},
"companyPosition": "DIRECTOR",
"active": true,
"emailVerified": true,
"mobileNumberVerified": true,
"dateOfBirth": {"year": 0,
"month": 0,
"day": 0
}
},
"company": {"name": "string",
"type": "SOLE_TRADER",
"registrationNumber": "string",
"registeredAddress": {"addressLine1": "string",
"addressLine2": "string",
"city": "string",
"postCode": "string",
"state": "string",
"country": "st"
},
"businessAddress": {"addressLine1": "string",
"addressLine2": "string",
"city": "string",
"postCode": "string",
"state": "string",
"country": "st"
},
"countryOfRegistration": "st",
"incorporatedOn": {"year": 0,
"month": 0,
"day": 0
}
},
"industry": "ACCOUNTING",
"sourceOfFunds": "LABOUR_CONTRACT",
"sourceOfFundsOther": "string",
"acceptedTerms": true,
"ipAddress": "string",
"baseCurrency": "str",
"feeGroup": "string",
"creationTimestamp": 0
}

Get a corporate

Retrieve the details of the logged-in corporate.

Authorizations:

auth_tokenapi_key

Responses

Request samples

curl -i -X GET \
  https://sandbox.weavr.io/multi/corporates \
  -H 'Authorization: Bearer <YOUR_JWT_HERE>' \
  -H 'api-key: YOUR_API_KEY_HERE'

Response samples

200
400
default

Content type

application/json

{"id": {"type": "CONSUMER",
"id": "string"
},
"profileId": "string",
"tag": "string",
"rootUser": {"id": {"type": "CONSUMER",
"id": "string"
},
"name": "string",
"surname": "string",
"email": "user@example.com",
"mobile": {"countryCode": "string",
"number": "string"
},
"companyPosition": "DIRECTOR",
"active": true,
"emailVerified": true,
"mobileNumberVerified": true,
"dateOfBirth": {"year": 0,
"month": 0,
"day": 0
}
},
"company": {"name": "string",
"type": "SOLE_TRADER",
"registrationNumber": "string",
"registeredAddress": {"addressLine1": "string",
"addressLine2": "string",
"city": "string",
"postCode": "string",
"state": "string",
"country": "st"
},
"businessAddress": {"addressLine1": "string",
"addressLine2": "string",
"city": "string",
"postCode": "string",
"state": "string",
"country": "st"
},
"countryOfRegistration": "st",
"incorporatedOn": {"year": 0,
"month": 0,
"day": 0
}
},
"industry": "ACCOUNTING",
"sourceOfFunds": "LABOUR_CONTRACT",
"sourceOfFundsOther": "string",
"acceptedTerms": true,
"ipAddress": "string",
"baseCurrency": "str",
"feeGroup": "string",
"creationTimestamp": 0
}

Update a corporate

Update the details of the logged-in corporate identity.

The following Corporate details are verified during due diligence (KYB) and cannot be updated via the API once the Corporate has been verified:

Root User Name
Root User Surname
Root User Email
Root User Mobile Country Code
Root User Mobile Number

If these details need to be changed after due diligence is completed, please contact Customer Support to restart the Due Diligence process.

Authorizations:

auth_tokenapi_key

Request Body schema: application/json

tag	string (Tag) <= 50 characters ^[a-zA-Z0-9_-]+$ The tag field is a custom field that can be used to search and filter.
industry	string (Industry) The industry of the identity. Enum: "ACCOUNTING" "AUDIT" "FINANCE" "PUBLIC_SECTOR_ADMINISTRATION" "ART_ENTERTAINMENT" "AUTO_AVIATION" "BANKING_LENDING" "BUSINESS_CONSULTANCY_LEGAL" "CONSTRUCTION_REPAIR" "EDUCATION_PROFESSIONAL_SERVICES" "INFORMATIONAL_TECHNOLOGIES" "TOBACCO_ALCOHOL" "GAMING_GAMBLING" "MEDICAL_SERVICES" "MANUFACTURING" "PR_MARKETING" "PRECIOUS_GOODS_JEWELRY" "NON_GOVERNMENTAL_ORGANIZATION" "INSURANCE_SECURITY" "RETAIL_WHOLESALE" "TRAVEL_TOURISM" "FREELANCER"
sourceOfFunds	string (CorporateSourceOfFunds) The corporate's source of funds. Enum: "LABOUR_CONTRACT" "CIVIL_CONTRACT" "RENT" "FUNDS_FROM_OTHER_AUXILIARY_SOURCES" "SALE_OF_MOVABLE_ASSETS" "SALE_OF_REAL_ESTATE" "ORDINARY_BUSINESS_ACTIVITY" "DIVIDENDS" "LOAN_FROM_FINANCIAL_INSTITUTIONS_CREDIT_UNIONS" "LOAN_FROM_THIRD_PARTIES" "SALE_OF_COMPANY_SHARES_BUSINESS" "OTHER"
sourceOfFundsOther	string Description of source of funds in case `OTHER` was chosen.
	object (Address)
feeGroup	string The fee group which the Corporate will be bound to. Do not specify this if you are not using fee groups.
baseCurrency	string (Currency) 3 characters ^[A-Z]*$ The currency expressed in ISO-4217 code. Example: GBP, EUR, USD.
name	string <= 20 characters ^[^0-9~!@#$%^()_+={}\\\|:;,<>/?]$ The first name of the Corporate root user.
surname	string <= 20 characters ^[^0-9~!@#$%^()_+={}\\\|:;,<>/?]$ The last name of the Corporate root user.
email	string <email> (Email) E-mail Address of the user
	object (Mobile)
	object (Date)

Responses

Request samples

Content type

application/json

{"tag": "string",
"industry": "ACCOUNTING",
"sourceOfFunds": "LABOUR_CONTRACT",
"sourceOfFundsOther": "string",
"companyBusinessAddress": {"addressLine1": "string",
"addressLine2": "string",
"city": "string",
"postCode": "string",
"state": "string",
"country": "st"
},
"feeGroup": "string",
"baseCurrency": "str",
"name": "string",
"surname": "string",
"email": "user@example.com",
"mobile": {"countryCode": "string",
"number": "string"
},
"dateOfBirth": {"year": 0,
"month": 0,
"day": 0
}
}

Response samples

200
400
404
409
default

Content type

application/json

{"id": {"type": "CONSUMER",
"id": "string"
},
"profileId": "string",
"tag": "string",
"rootUser": {"id": {"type": "CONSUMER",
"id": "string"
},
"name": "string",
"surname": "string",
"email": "user@example.com",
"mobile": {"countryCode": "string",
"number": "string"
},
"companyPosition": "DIRECTOR",
"active": true,
"emailVerified": true,
"mobileNumberVerified": true,
"dateOfBirth": {"year": 0,
"month": 0,
"day": 0
}
},
"company": {"name": "string",
"type": "SOLE_TRADER",
"registrationNumber": "string",
"registeredAddress": {"addressLine1": "string",
"addressLine2": "string",
"city": "string",
"postCode": "string",
"state": "string",
"country": "st"
},
"businessAddress": {"addressLine1": "string",
"addressLine2": "string",
"city": "string",
"postCode": "string",
"state": "string",
"country": "st"
},
"countryOfRegistration": "st",
"incorporatedOn": {"year": 0,
"month": 0,
"day": 0
}
},
"industry": "ACCOUNTING",
"sourceOfFunds": "LABOUR_CONTRACT",
"sourceOfFundsOther": "string",
"acceptedTerms": true,
"ipAddress": "string",
"baseCurrency": "str",
"feeGroup": "string",
"creationTimestamp": 0
}

Send an email verification code to the root user

The first step in verifying a root user's email. The root user whose email address is to be verified is sent an email containing a randomly generated code.

This code must then be provided in the corporateRootUserEmailVerify operation to verify the root user's email address.

Note that on the Sandbox Environment, the verificationCode is always set to "123456".

Authorizations:

api_key

Request Body schema: application/json

email

required

string <email> (Email)

E-mail Address of the user

Responses

Request samples

Content type

application/json

{"email": "user@example.com"
}

Response samples

400
404
409
default

Content type

application/json

{"message": "string",
"syntaxErrors": {"invalidFields": [{"params": ["string"
],
"fieldName": "string",
"error": "REQUIRED"
}
]
}
}

Verify email of the root user

The second step in verifying the root user's email. The randomly generated code sent to the root user via email, using the corporateRootUserEmailVerificationCodeSend operation, is submitted here to verify the root user's email.

This is needed as part of the verification process for basic due diligence.

Note that on the Sandbox Environment, the verificationCode is always set to "123456".

Authorizations:

api_key

Request Body schema: application/json

email required	string <email> (Email) E-mail Address of the user
verificationCode required	string (VerificationCode) 6 characters ^[0-9]+$ A randomly generated one-time use code used to verify the user's email address or mobile number.

Responses

Request samples

Content type

application/json

{"email": "user@example.com",
"verificationCode": "string"
}

Response samples

400
409
default

Content type

application/json

{"message": "string",
"syntaxErrors": {"invalidFields": [{"params": ["string"
],
"fieldName": "string",
"error": "REQUIRED"
}
]
}
}

Send root user mobile verification code Deprecated

For new development, we encourage you to use the /authentication_factors/otp/{channel} API endpoint.

The first step in verifying a root user's mobile number. The root user whose mobile number is to be verified is sent a text message containing a randomly generated code.

This code must then be provided in the corporateRootUserMobileVerify operation to verify the root user's mobile number.

Note that on the Sandbox Environment, text messages are not sent and the verification code is always set to "123456".

Authorizations:

auth_tokenapi_key

Responses

Request samples

curl -i -X POST \
  https://sandbox.weavr.io/multi/corporates/verification/mobile/send \
  -H 'Authorization: Bearer <YOUR_JWT_HERE>' \
  -H 'api-key: YOUR_API_KEY_HERE'

Response samples

200
400
404
409
default

Content type

application/json

{"timeLeftForRetry": 0,
"retriesLeft": 0
}

Verify root user mobile Deprecated

For new development, we encourage you to use the /authentication_factors/otp/{channel} API endpoint.

The second step in verifying the root user's mobile number. The randomly generated code sent to the root user via text message, using the corporateRootUserVerificationCodeSend operation, is to be submitted here to verify the root user's mobile number.

This is needed as part of the verification process for basic due diligence.

Note that on the Sandbox Environment, text messages are not sent and the verification code is always set to "123456".

Authorizations:

auth_tokenapi_key

Request Body schema: application/json

verificationCode

required

string (VerificationCode) 6 characters ^[0-9]+$

A randomly generated one-time use code used to verify the user's email address or mobile number.

Responses

Request samples

Content type

application/json

{"verificationCode": "string"
}

Response samples

400
409
default

Content type

application/json

{"message": "string",
"syntaxErrors": {"invalidFields": [{"params": ["string"
],
"fieldName": "string",
"error": "REQUIRED"
}
]
}
}

Start KYB for a corporate

Corporates need to complete due diligence (KYB) before they can create instruments and perform transactions.

This operation initiates the due diligence process for the logged-in corporate.

Due Diligence is handled by a KYB provider - you will need to embed the KYB UI Component in your application so that the Corporate will be able to perform the KYB process.

To initialise the KYB UI Component, you need a reference that is given you in the response of this operation.

Authorizations:

auth_tokenapi_key

Responses

Request samples

curl -i -X POST \
  https://sandbox.weavr.io/multi/corporates/kyb \
  -H 'Authorization: Bearer <YOUR_JWT_HERE>' \
  -H 'api-key: YOUR_API_KEY_HERE'

Response samples

200
400
409
default

Content type

application/json

{"reference": "string"
}

Get KYB for a corporate

Returns the KYB status for the logged-in corporate.

Authorizations:

auth_tokenapi_key

Responses

Request samples

curl -i -X GET \
  https://sandbox.weavr.io/multi/corporates/kyb \
  -H 'Authorization: Bearer <YOUR_JWT_HERE>' \
  -H 'api-key: YOUR_API_KEY_HERE'

Response samples

200
400
default

Content type

application/json

{"kybStatus": "NOT_STARTED",
"ongoingKybStatus": "NOT_STARTED"
}

Charge fee to a corporate

Charge a fee to the corporate identified by the auth token, based on a pre-defined custom fee. Custom fees can be configured in the Multi Portal.

The fees collected will be deposited into your Revenue Account. The balance and transaction history of your revenue account can be viewed in the Multi Portal.

Authorizations:

auth_tokenapi_key

header Parameters

idempotency-ref

string

A unique call reference generated by the caller that, taking into consideration the payload as well as the operation itself, helps avoid duplicate operations. Idempotency reference uniqueness is maintained for at least 24 hours.

Request Body schema: application/json

feeType required	string The fee type as defined in the Multi Portal.
required	object (InstrumentId)

Responses

Request samples

Content type

application/json

{"feeType": "string",
"source": {"type": "managed_cards",
"id": "string"
}
}

Response samples

200
400
404
409
default

Content type

application/json

{"transactionId": {"type": "INSTRUMENT_CREATE",
"id": "string"
},
"profileId": "string",
"feeType": "string",
"source": {"type": "managed_cards",
"id": "string"
},
"availableBalanceAdjustment": {"currency": "str",
"amount": 0
},
"state": "INITIALISED",
"creationTimestamp": 0
}

Consumers

Consumers are identities representing individuals. Once on-boarded, Consumers can create and manage their own instruments via your application.

Create a consumer

Create a Consumer Identity to represent an Individual.

The information provided must be accurate as it will be passed on for KYC verification with our partner.

Incorrect information may incur a re-processing fee.

Authorizations:

api_key

Request Body schema: application/json

profileId required	string (ProfileId) ^[0-9]+$ The profile Id which a specific identity, instrument or transaction type is linked to. Profiles contain configuration and determine behavioral aspects of the newly created transaction, for example, fees that may apply. You can have one or more profiles linked to your application, and these can be used to drive different behaviors according to your product's needs. Profile Ids can be found in the Multi Portal, in the API Credentials page.
tag	string (Tag) <= 50 characters ^[a-zA-Z0-9_-]+$ The tag field is a custom field that can be used to search and filter.
required	object The root user represents the identity. Root users need to verify their email address and mobile number, as well as complete KYC, as part of the Consumer's due diligence process.
ipAddress required	string [ 5 .. 45 ] characters The IP address of the user doing the registration.
acceptedTerms required	boolean Must be set to true to indicate that the consumer has accepted the terms and conditions.
baseCurrency	string (Currency) 3 characters ^[A-Z]*$ The currency expressed in ISO-4217 code. Example: GBP, EUR, USD.
feeGroup	string The fee group which the consumer is bound to. Fee groups provide the possibility of different fees to users under the same profile. If fee groups are not required, ignore this field.
sourceOfFunds	string (ConsumerSourceOfFunds) The consumer's source of funds. Enum: "PERSONAL_SAVINGS" "FAMILY_SAVINGS" "LABOUR_CONTRACT" "CIVIL_CONTRACT" "RENT" "FUNDS_FROM_OTHER_AUXILIARY_SOURCES" "SALE_OF_MOVABLE_ASSETS" "SALE_OF_REAL_ESTATE" "ORDINARY_BUSINESS_ACTIVITY" "DIVIDENDS" "LOAN_FROM_FINANCIAL_INSTITUTIONS_CREDIT_UNIONS" "LOAN_FROM_THIRD_PARTIES" "INHERITANCE" "SALE_OF_COMPANY_SHARES_BUSINESS" "OTHER"
sourceOfFundsOther	string Description of source of funds in case `OTHER` was chosen.

Responses

Request samples

Content type

application/json

{"profileId": "string",
"tag": "string",
"rootUser": {"name": "string",
"surname": "string",
"email": "user@example.com",
"mobile": {"countryCode": "string",
"number": "string"
},
"dateOfBirth": {"year": 0,
"month": 0,
"day": 0
},
"occupation": "ACCOUNTING",
"address": {"addressLine1": "string",
"addressLine2": "string",
"city": "string",
"postCode": "string",
"state": "string",
"country": "st"
},
"placeOfBirth": "string",
"nationality": "st"
},
"ipAddress": "string",
"acceptedTerms": true,
"baseCurrency": "str",
"feeGroup": "string",
"sourceOfFunds": "PERSONAL_SAVINGS",
"sourceOfFundsOther": "string"
}

Response samples

200
400
409
default

Content type

application/json

{"id": {"type": "CONSUMER",
"id": "string"
},
"profileId": "string",
"tag": "string",
"rootUser": {"id": {"type": "CONSUMER",
"id": "string"
},
"name": "string",
"surname": "string",
"email": "user@example.com",
"mobile": {"countryCode": "string",
"number": "string"
},
"occupation": "ACCOUNTING",
"active": true,
"emailVerified": true,
"mobileNumberVerified": true,
"dateOfBirth": {"year": 0,
"month": 0,
"day": 0
},
"address": {"addressLine1": "string",
"addressLine2": "string",
"city": "string",
"postCode": "string",
"state": "string",
"country": "st"
},
"nationality": "st",
"placeOfBirth": "string"
},
"creationTimestamp": 0,
"ipAddress": "string",
"acceptedTerms": true,
"baseCurrency": "str",
"feeGroup": "string",
"sourceOfFunds": "PERSONAL_SAVINGS",
"sourceOfFundsOther": "string"
}

Get a consumer

Retrieve the details of the logged-in Consumer.

Authorizations:

auth_tokenapi_key

Responses

Request samples

curl -i -X GET \
  https://sandbox.weavr.io/multi/consumers \
  -H 'Authorization: Bearer <YOUR_JWT_HERE>' \
  -H 'api-key: YOUR_API_KEY_HERE'

Response samples

200
400
default

Content type

application/json

{"id": {"type": "CONSUMER",
"id": "string"
},
"profileId": "string",
"tag": "string",
"rootUser": {"id": {"type": "CONSUMER",
"id": "string"
},
"name": "string",
"surname": "string",
"email": "user@example.com",
"mobile": {"countryCode": "string",
"number": "string"
},
"occupation": "ACCOUNTING",
"active": true,
"emailVerified": true,
"mobileNumberVerified": true,
"dateOfBirth": {"year": 0,
"month": 0,
"day": 0
},
"address": {"addressLine1": "string",
"addressLine2": "string",
"city": "string",
"postCode": "string",
"state": "string",
"country": "st"
},
"nationality": "st",
"placeOfBirth": "string"
},
"creationTimestamp": 0,
"ipAddress": "string",
"acceptedTerms": true,
"baseCurrency": "str",
"feeGroup": "string",
"sourceOfFunds": "PERSONAL_SAVINGS",
"sourceOfFundsOther": "string"
}

Update a consumer

Update the details of the logged-in consumer identity.

If the Consumer root user has already completed KYC, the following details cannot be updated:

name
surname
email
mobile Country Code
mobile Number
date of Birth
address

Authorizations:

auth_tokenapi_key

Request Body schema: application/json

tag	string (Tag) <= 50 characters ^[a-zA-Z0-9_-]+$ The tag field is a custom field that can be used to search and filter.
name	string <= 20 characters ^[^0-9~!@#$%^()_+={}\\\|:;,<>/?]$ The first name of the Consumer root user.
surname	string <= 20 characters ^[^0-9~!@#$%^()_+={}\\\|:;,<>/?]$ The last name of the Consumer root user.
email	string <email> (Email) E-mail Address of the user
	object (Mobile)
	object (Date)
	object (AddressWithNoRequiredFields) The address, with none of the separate fields being set as required.
feeGroup	string The fee group which the consumer will be bound to. Do not specify this if you are not using fee groups.
baseCurrency	string (Currency) 3 characters ^[A-Z]*$ The currency expressed in ISO-4217 code. Example: GBP, EUR, USD.
occupation	string (Occupation) The industry of the identity. Enum: "ACCOUNTING" "AUDIT" "FINANCE" "PUBLIC_SECTOR_ADMINISTRATION" "ART_ENTERTAINMENT" "AUTO_AVIATION" "BANKING_LENDING" "BUSINESS_CONSULTANCY_LEGAL" "CONSTRUCTION_REPAIR" "EDUCATION_PROFESSIONAL_SERVICES" "INFORMATIONAL_TECHNOLOGIES" "TOBACCO_ALCOHOL" "GAMING_GAMBLING" "MEDICAL_SERVICES" "MANUFACTURING" "PR_MARKETING" "PRECIOUS_GOODS_JEWELRY" "NON_GOVERNMENTAL_ORGANIZATION" "INSURANCE_SECURITY" "RETAIL_WHOLESALE" "TRAVEL_TOURISM" "FREELANCER" "STUDENT" "UNEMPLOYED" "RETIRED" "OTHER"
sourceOfFunds	string (ConsumerSourceOfFunds) The consumer's source of funds. Enum: "PERSONAL_SAVINGS" "FAMILY_SAVINGS" "LABOUR_CONTRACT" "CIVIL_CONTRACT" "RENT" "FUNDS_FROM_OTHER_AUXILIARY_SOURCES" "SALE_OF_MOVABLE_ASSETS" "SALE_OF_REAL_ESTATE" "ORDINARY_BUSINESS_ACTIVITY" "DIVIDENDS" "LOAN_FROM_FINANCIAL_INSTITUTIONS_CREDIT_UNIONS" "LOAN_FROM_THIRD_PARTIES" "INHERITANCE" "SALE_OF_COMPANY_SHARES_BUSINESS" "OTHER"
sourceOfFundsOther	string Description of source of funds in case `OTHER` was chosen.
placeOfBirth	string The place of birth of the consumer root user.
nationality	string (Nationality) 2 characters ^[A-Z]+$ Nationality of the user - using ISO 3166 alpha-2.

Responses

Request samples

Content type

application/json

{"tag": "string",
"name": "string",
"surname": "string",
"email": "user@example.com",
"mobile": {"countryCode": "string",
"number": "string"
},
"dateOfBirth": {"year": 0,
"month": 0,
"day": 0
},
"address": {"addressLine1": "string",
"addressLine2": "string",
"city": "string",
"postCode": "string",
"state": "string",
"country": "st"
},
"feeGroup": "string",
"baseCurrency": "str",
"occupation": "ACCOUNTING",
"sourceOfFunds": "PERSONAL_SAVINGS",
"sourceOfFundsOther": "string",
"placeOfBirth": "string",
"nationality": "st"
}

Response samples

200
400
409
default

Content type

application/json

{"id": {"type": "CONSUMER",
"id": "string"
},
"profileId": "string",
"tag": "string",
"rootUser": {"id": {"type": "CONSUMER",
"id": "string"
},
"name": "string",
"surname": "string",
"email": "user@example.com",
"mobile": {"countryCode": "string",
"number": "string"
},
"occupation": "ACCOUNTING",
"active": true,
"emailVerified": true,
"mobileNumberVerified": true,
"dateOfBirth": {"year": 0,
"month": 0,
"day": 0
},
"address": {"addressLine1": "string",
"addressLine2": "string",
"city": "string",
"postCode": "string",
"state": "string",
"country": "st"
},
"nationality": "st",
"placeOfBirth": "string"
},
"creationTimestamp": 0,
"ipAddress": "string",
"acceptedTerms": true,
"baseCurrency": "str",
"feeGroup": "string",
"sourceOfFunds": "PERSONAL_SAVINGS",
"sourceOfFundsOther": "string"
}

Send an email verification code to the root user

The first step in verifying a root user's email. The root user whose email address is to be verified is sent an email containing a randomly generated code.

This code must then be provided in the consumerRootUserEmailVerify operation to verify the root user's email address.

Note that on the Sandbox Environment, the verificationCode is always set to "123456".

Authorizations:

api_key

Request Body schema: application/json

email

required

string <email> (Email)

E-mail Address of the user

Responses

Request samples

Content type

application/json

{"email": "user@example.com"
}

Response samples

400
409
default

Content type

application/json

{"message": "string",
"syntaxErrors": {"invalidFields": [{"params": ["string"
],
"fieldName": "string",
"error": "REQUIRED"
}
]
}
}

Verify email of the root user

The second step in verifying the root user's email. The randomly generated code sent to the root user via email, using the consumerRootUserEmailVerificationCodeSend operation, is submitted here to verify the root user's email.

This is needed as part of the verification process for basic due diligence.

Note that on the Sandbox Environment, emails are not sent and the verification code is always set to "123456".

Authorizations:

api_key

Request Body schema: application/json

email required	string <email> (Email) E-mail Address of the user
verificationCode required	string (VerificationCode) 6 characters ^[0-9]+$ A randomly generated one-time use code used to verify the user's email address or mobile number.

Responses

Request samples

Content type

application/json

{"email": "user@example.com",
"verificationCode": "string"
}

Response samples

400
409
default

Content type

application/json

{"message": "string",
"syntaxErrors": {"invalidFields": [{"params": ["string"
],
"fieldName": "string",
"error": "REQUIRED"
}
]
}
}

Send root user mobile verification code Deprecated

For new development, we encourage you to use the /authentication_factors/otp/{channel} API endpoint.

The first step in verifying a root user's mobile number. The root user whose mobile number is to be verified is sent a text message containing a randomly generated code.

This code must then be provided in the consumerRootUserMobileVerify operation to verify the root user's mobile number.

Note that on the Sandbox Environment, text messages are not sent and the verification code is always set to "123456".

Authorizations:

auth_tokenapi_key

Responses

Request samples

curl -i -X POST \
  https://sandbox.weavr.io/multi/consumers/verification/mobile/send \
  -H 'Authorization: Bearer <YOUR_JWT_HERE>' \
  -H 'api-key: YOUR_API_KEY_HERE'

Response samples

200
400
409
default

Content type

application/json

{"timeLeftForRetry": 0,
"retriesLeft": 0
}

Verify root user mobile Deprecated

For new development, we encourage you to use the /authentication_factors/otp/{channel}/verify API endpoint.

The second step in verifying the root user's mobile number. The randomly generated code sent to the root user via text message, using the consumerRootUserMobileVerificationCodeSend operation, is to be submitted here to verify the root user's mobile number.

This is needed as part of the verification process for basic due diligence.

Note that on the Sandbox Environment, text messages are not sent and the verification code is always set to "123456"

Authorizations:

auth_tokenapi_key

Request Body schema: application/json

verificationCode

required

string (VerificationCode) 6 characters ^[0-9]+$

A randomly generated one-time use code used to verify the user's email address or mobile number.

Responses

Request samples

Content type

application/json

{"verificationCode": "string"
}

Response samples

400
409
default

Content type

application/json

{"message": "string",
"syntaxErrors": {"invalidFields": [{"params": ["string"
],
"fieldName": "string",
"error": "REQUIRED"
}
]
}
}

Start KYC for a consumer

Consumers need to complete due diligence (KYC) before they can create instruments and fund transaction.

This operation initiates the due diligence process for the logged-in consumer.

The level of KYC that will be required from the user can be provided as an optional parameter - if this is not provided, KYC_LEVEL_2 will be assumed.

Due Diligence is handled by a KYC provider, you will need to embed the KYC UI Component in your application to show the KYC screens to your users.

To initialise the KYC UI Component, you need a reference that is given to you in the response of this operation.

Authorizations:

auth_tokenapi_key

Request Body schema: application/json

kycLevel

string (KycLevel)

The KYC level, which determines what KYC information will be requested from the consumer:

KYC_LEVEL_1: The most basic level of KYC required.
KYC_LEVEL_2: Full due diligence level 2

Enum: "KYC_LEVEL_1" "KYC_LEVEL_2"

Responses

Request samples

Content type

application/json

{"kycLevel": "KYC_LEVEL_1"
}

Response samples

200
400
409
default

Content type

application/json

{"reference": "string",
"kycLevel": "KYC_LEVEL_1"
}

Get KYC for a consumer

Returns the KYC status for the logged-in consumer.

Authorizations:

auth_tokenapi_key

Responses

Request samples

curl -i -X GET \
  https://sandbox.weavr.io/multi/consumers/kyc \
  -H 'Authorization: Bearer <YOUR_JWT_HERE>' \
  -H 'api-key: YOUR_API_KEY_HERE'

Response samples

200
400
default

Content type

application/json

{"fullDueDiligence": "NOT_STARTED",
"kycLevel": "KYC_LEVEL_1",
"ongoingFullDueDiligence": "NOT_STARTED",
"ongoingKycLevel": "KYC_LEVEL_1"
}

Start consumer KYC on mobile

Consumers need to complete due diligence (KYC) before they can create instruments and perform transactions. Use this call instead of /consumers/kyc only in case where the KYC is to be performed using a mobile device. The level of KYC that will be required from the user can be provided as an optional parameter - if this is not provided, KYC_LEVEL_2 will be assumed. The information returned in the response is to be used to integrate directly with Sumsub Mobile SDK.

Authorizations:

auth_tokenapi_key

Request Body schema: application/json

kycLevel

string (KycLevel)

The KYC level, which determines what KYC information will be requested from the consumer:

KYC_LEVEL_1: The most basic level of KYC required.
KYC_LEVEL_2: Full due diligence level 2

Enum: "KYC_LEVEL_1" "KYC_LEVEL_2"

Responses

Request samples

Content type

application/json

{"kycLevel": "KYC_LEVEL_1"
}

Response samples

200
400
409
default

Content type

application/json

{"verificationFlow": "string",
"accessToken": "string",
"identityType": "string",
"externalUserId": "string",
"kycProviderKey": "string",
"kycLevel": "KYC_LEVEL_1"
}

Charge fee to a consumer

Charge a fee to the logged-in consumer based on a pre-defined custom fee. Custom fees can be configured in the Multi Portal.

The fees collected will be deposited into your Revenue Account. The balance and transaction history of your revenue account can be viewed in the Multi Portal.

Authorizations:

auth_tokenapi_key

header Parameters

idempotency-ref

string

A unique call reference generated by the caller that, taking into consideration the payload as well as the operation itself, helps avoid duplicate operations. Idempotency reference uniqueness is maintained for at least 24 hours.

Request Body schema: application/json

feeType required	string The fee type as defined in the Multi Portal.
required	object (InstrumentId)

Responses

Request samples

Content type

application/json

{"feeType": "string",
"source": {"type": "managed_cards",
"id": "string"
}
}

Response samples

200
400
409
default

Content type

application/json

{"transactionId": {"type": "INSTRUMENT_CREATE",
"id": "string"
},
"profileId": "string",
"feeType": "string",
"source": {"type": "managed_cards",
"id": "string"
},
"availableBalanceAdjustment": {"currency": "str",
"amount": 0
},
"state": "INITIALISED",
"creationTimestamp": 0
}

Authorised Users

Corporate and Consumer identities can invite authorised users to access their account. Once on-boarded, authorised users can create and manage instruments and transactions on behalf of the identity they are on-boarded with.

In case of Corporate Identities, authorised users are typically employees who have access to company's banking products such as cards and bank accounts.

In case of Consumer Identities, authorised users are typically children/teens whose parents want them to have access to banking products such as cards and bank accounts.

Note that /users endpoints are to be used only for performing operations related to authorised users - getting or updating the details of root users is to be done via the respective /consumers or /corporates endpoints.

Create a user

Creates a user linked to the logged-in corporate or consumer identity.

Once on-boarded, users have access to all instruments (cards and accounts) of the identity.

Application-specific permissions to limit what each user can view and do need to be implemented in your application.

Authorizations:

auth_tokenapi_key

Request Body schema: application/json

name required	string <= 20 characters The first name of the user.
surname required	string <= 20 characters The last name of the user.
email required	string <email> (Email) E-mail Address of the user
	object (Mobile)
	object (Date)

Responses

Request samples

Content type

application/json

{"name": "string",
"surname": "string",
"email": "user@example.com",
"mobile": {"countryCode": "string",
"number": "string"
},
"dateOfBirth": {"year": 0,
"month": 0,
"day": 0
}
}

Response samples

200
400
404
409
default

Content type

application/json

{"id": "string",
"identity": {"type": "CONSUMER",
"id": "string"
},
"name": "string",
"surname": "string",
"email": "user@example.com",
"mobile": {"countryCode": "string",
"number": "string"
},
"active": true,
"dateOfBirth": {"year": 0,
"month": 0,
"day": 0
}
}

Get all users

Fetches all authorised users associated with the corporate or consumer identity the logged-in user belongs to.

Authorizations:

auth_tokenapi_key

query Parameters

offset	integer <int32> >= 0 The offset value for paging, indicating the initial item number to be returned from the data set satisfying the given criteria. Leave out to fetch the first page of results.
limit	integer <int32> [ 1 .. 100 ] The limit of the results for paging, starting at the offset. Limit is always capped at 100.
active	boolean Filter for active or deactivated users. Leave out to fetch all users.
email	string <email> (Email) Filter by the email address of the user.

Responses

Request samples

curl -i -X GET \
  'https://sandbox.weavr.io/multi/users?offset=0&limit=1&active=true&email=user%40example.com' \
  -H 'Authorization: Bearer <YOUR_JWT_HERE>' \
  -H 'api-key: YOUR_API_KEY_HERE'

Response samples

200
400
404
default

Content type

application/json

{"users": [{"id": "string",
"identity": {"type": "CONSUMER",
"id": "string"
},
"name": "string",
"surname": "string",
"email": "user@example.com",
"mobile": {"countryCode": "string",
"number": "string"
},
"active": true,
"dateOfBirth": {"year": 0,
"month": 0,
"day": 0
}
}
],
"count": 0,
"responseCount": 0
}

Get a user

Retrieves the user identified by the user_id path parameter.

Authorizations:

auth_tokenapi_key

path Parameters

user_id

required

string (UserId) ^[0-9]+$

The unique identifier for the user.

Responses

Request samples

curl -i -X GET \
  https://sandbox.weavr.io/multi/users/:user_id \
  -H 'Authorization: Bearer <YOUR_JWT_HERE>' \
  -H 'api-key: YOUR_API_KEY_HERE'

Response samples

200
400
404
default

Content type

application/json

{"id": "string",
"identity": {"type": "CONSUMER",
"id": "string"
},
"name": "string",
"surname": "string",
"email": "user@example.com",
"mobile": {"countryCode": "string",
"number": "string"
},
"active": true,
"dateOfBirth": {"year": 0,
"month": 0,
"day": 0
}
}

Update a user

Update the details of a user identified by the user_id in the the path parameter.

Only the fields that are specified in the request body will be updated. All other fields will remain unchanged.

Authorizations:

auth_tokenapi_key

path Parameters

user_id

required

string (UserId) ^[0-9]+$

The unique identifier for the user.

Request Body schema: application/json

name	string <= 20 characters The first name of the user.
surname	string <= 20 characters The last name of the user.
email	string <email> (Email) E-mail Address of the user
	object (Mobile)
	object (Date)

Responses

Request samples

Content type

application/json

{"name": "string",
"surname": "string",
"email": "user@example.com",
"mobile": {"countryCode": "string",
"number": "string"
},
"dateOfBirth": {"year": 0,
"month": 0,
"day": 0
}
}

Response samples

200
400
404
409
default

Content type

application/json

{"id": "string",
"identity": {"type": "CONSUMER",
"id": "string"
},
"name": "string",
"surname": "string",
"email": "user@example.com",
"mobile": {"countryCode": "string",
"number": "string"
},
"active": true,
"dateOfBirth": {"year": 0,
"month": 0,
"day": 0
}
}

Activate a user

Activate the user identified by the user_id path parameter.

By default, any new users created will be automatically activated. This operation needs to be used only if the user was previously de-activated using the userDeactivate operation, or if the user was de-activated automatically after multiple incorrect login attempts.

Authorizations:

auth_tokenapi_key

path Parameters

user_id

required

string (UserId) ^[0-9]+$

The unique identifier for the user.

Responses

Request samples

curl -i -X POST \
  https://sandbox.weavr.io/multi/users/:user_id/activate \
  -H 'Authorization: Bearer <YOUR_JWT_HERE>' \
  -H 'api-key: YOUR_API_KEY_HERE'

Response samples

400
404
default

Content type

application/json

{"message": "string",
"syntaxErrors": {"invalidFields": [{"params": ["string"
],
"fieldName": "string",
"error": "REQUIRED"
}
]
}
}

Deactivate a user

De-activate the user identified by the user_id path parameter.

Deactivated users cannot log in or execute any operations with their credentials.

This operations is not final and a user can be re-activated using the userActivate operation. Note that another active user would need to log in so as to re-activate the de-activated user.

Authorizations:

auth_tokenapi_key

path Parameters

user_id

required

string (UserId) ^[0-9]+$

The unique identifier for the user.

Responses

Request samples

curl -i -X POST \
  https://sandbox.weavr.io/multi/users/:user_id/deactivate \
  -H 'Authorization: Bearer <YOUR_JWT_HERE>' \
  -H 'api-key: YOUR_API_KEY_HERE'

Response samples

400
404
default

Content type

application/json

{"message": "string",
"syntaxErrors": {"invalidFields": [{"params": ["string"
],
"fieldName": "string",
"error": "REQUIRED"
}
]
}
}

Send a user invite

Once a user is created using the userCreate operation, the user needs to setup his/her password.

An invitation needs to be sent to the user in order to be able to set up the password for the first time. The invitation email, which remains valid for 1 month, will contain a URL having all information required to setup the password via the userInviteConsume.

Authorizations:

auth_tokenapi_key

path Parameters

user_id

required

string (UserId) ^[0-9]+$

The unique identifier for the user.

Responses

Request samples

curl -i -X POST \
  https://sandbox.weavr.io/multi/users/:user_id/invite \
  -H 'Authorization: Bearer <YOUR_JWT_HERE>' \
  -H 'api-key: YOUR_API_KEY_HERE'

Response samples

400
404
409
default

Content type

application/json

{"message": "string",
"syntaxErrors": {"invalidFields": [{"params": ["string"
],
"fieldName": "string",
"error": "REQUIRED"
}
]
}
}

Validate a user invite

Check if a user's invite is still valid. This operation is useful to avoid having the user fill in a form only to be held by a validation issue (eg. expired invite).

Authorizations:

api_key

path Parameters

user_id

required

string (UserId) ^[0-9]+$

The unique identifier for the user.

Request Body schema: application/json

inviteCode

required

string (Nonce) <= 50 characters ^[a-zA-Z0-9_.*@-]*$|^[a-zA-Z0-9.!#$%&*+\\/=?^...

A randomly generated one-time use code.

Responses

Request samples

Content type

application/json

{"inviteCode": "string"
}

Response samples

400
404
409
default

Content type

application/json

{"message": "string",
"syntaxErrors": {"invalidFields": [{"params": ["string"
],
"fieldName": "string",
"error": "REQUIRED"
}
]
}
}

Consume a user invite

Consumes an invitation perviously sent to the user via userInviteSend. This is needed so that the invited user sets up the password.

Note that on the Sandbox Environment, the inviteCode is always set to "123456".

Authorizations:

api_key

path Parameters

user_id

required

string (UserId) ^[0-9]+$

The unique identifier for the user.

Request Body schema: application/json

inviteCode required	string (Nonce) <= 50 characters ^[a-zA-Z0-9_.@-]$\|^[a-zA-Z0-9.!#$%&*+\\/=?^... A randomly generated one-time use code.
required	object (SensitivePassword) The user's password or passcode used to log in a user. Passwords must be: between 8 and 30 characters include a lowercase character include an uppercase character include a digit and a special character different from any of the 5 last such passwords used. For non-PCI compliant integrations, the password submitted must be tokenised.

Responses

Request samples

Content type

application/json

{"inviteCode": "string",
"password": {"value": "pa$$word"
}
}

Response samples

200
400
404
409
default

Content type

application/json

{"token": "string"
}

Managed Accounts

Managed Accounts are a type of financial instrument offered by Weavr.

They hold funds for their owner, and can be upgraded to IBANs so as to receive and send funds to instruments outside of the Weavr Platform, via Wire Transfers.

Managed accounts can also be used as source and destination instruments in the transfer and send transactions.

Get all managed accounts

Retrieves all managed accounts belonging to the logged-in identity.

Authorizations:

auth_tokenapi_key

query Parameters

offset	integer <int32> >= 0 The offset value for paging, indicating the initial item number to be returned from the data set satisfying the given criteria. Leave out to fetch the first page of results.
limit	integer <int32> [ 1 .. 100 ] The limit of the results for paging, starting at the offset. Limit is always capped at 100.
profileId	string (ProfileId) ^[0-9]+$ Filter by the managed account profile. Leave out to fetch all managed accounts.
friendlyName	string [ 1 .. 50 ] characters Filter by the managed account friendly name. Leave out to fetch all managed accounts. The exact name must be provided, as wildcards are not supported.
state	Array of strings (InstrumentState) unique Items Enum: "ACTIVE" "BLOCKED" "DESTROYED"
state.blockedReason	Array of strings (BlockedReason) unique Items Enum: "USER" "SYSTEM" "LOST"
state.destroyedReason	Array of strings (DestroyedReason) unique Items Enum: "SYSTEM" "USER" "LOST" "STOLEN" "EXPIRED"
currency	string (Currency) 3 characters ^[A-Z]*$ Filter by the managed account currency. Currencies are expressed as an ISO 4217 code. Leave out to fetch all managed accounts.
createdFrom	integer <int64> Filter by the managed account creation date. Leave out to fetch all managed accounts.
createdTo	integer <int64> Filter by the managed account created date. Leave out to fetch all managed accounts.
tag	string Filter by the managed account tag. The exact tag must be provided, as wildcards are not supported. Leave out to fetch all managed accounts.

Responses

Request samples

curl -i -X GET \
  'https://sandbox.weavr.io/multi/managed_accounts?offset=0&limit=1&profileId=string&friendlyName=string&state=ACTIVE&state.blockedReason=USER&state.destroyedReason=SYSTEM&currency=str&createdFrom=0&createdTo=0&tag=string' \
  -H 'Authorization: Bearer <YOUR_JWT_HERE>' \
  -H 'api-key: YOUR_API_KEY_HERE'

Response samples

200
400
403
default

Content type

application/json

{"accounts": [{"id": "string",
"profileId": "string",
"tag": "string",
"friendlyName": "string",
"currency": "str",
"balances": {"availableBalance": 0,
"actualBalance": 0
},
"state": {"state": "ACTIVE",
"blockedReason": "USER",
"destroyedReason": "SYSTEM"
},
"creationTimestamp": 0
}
],
"count": 0,
"responseCount": 0
}

Create a managed account

Creates a managed account for the consumer or corporate identity. The Managed Account Profile (configured in the Multi Portal) specified determines the behavior and restrictions that the managed account will have."

Authorizations:

auth_tokenapi_key

header Parameters

idempotency-ref

string

A unique call reference generated by the caller that, taking into consideration the payload as well as the operation itself, helps avoid duplicate operations. Idempotency reference uniqueness is maintained for at least 24 hours.

Request Body schema: application/json

profileId required	string (ProfileId) ^[0-9]+$ The profile Id which a specific identity, instrument or transaction type is linked to. Profiles contain configuration and determine behavioral aspects of the newly created transaction, for example, fees that may apply. You can have one or more profiles linked to your application, and these can be used to drive different behaviors according to your product's needs. Profile Ids can be found in the Multi Portal, in the API Credentials page.
friendlyName required	string [ 1 .. 50 ] characters The friendly name to be given to the managed account.
currency required	string (Currency) 3 characters ^[A-Z]*$ The currency expressed in ISO-4217 code. Example: GBP, EUR, USD.
tag	string (Tag) <= 50 characters ^[a-zA-Z0-9_-]+$ The tag field is a custom field that can be used to search and filter.

Responses

Request samples

Content type

application/json

{"profileId": "string",
"friendlyName": "string",
"currency": "str",
"tag": "string"
}

Response samples

200
400
403
409
default

Content type

application/json

{"id": "string",
"profileId": "string",
"tag": "string",
"friendlyName": "string",
"currency": "str",
"balances": {"availableBalance": 0,
"actualBalance": 0
},
"state": {"state": "ACTIVE",
"blockedReason": "USER",
"destroyedReason": "SYSTEM"
},
"creationTimestamp": 0
}

Get a managed account

Fetch the managed account identified by the id in path.

Authorizations:

auth_tokenapi_key

path Parameters

id

required

string^[0-9]+$

The unique identifier of the Managed Account.

Responses

Request samples

curl -i -X GET \
  https://sandbox.weavr.io/multi/managed_accounts/:id \
  -H 'Authorization: Bearer <YOUR_JWT_HERE>' \
  -H 'api-key: YOUR_API_KEY_HERE'

Response samples

200
400
403
404
default

Content type

application/json

{"id": "string",
"profileId": "string",
"tag": "string",
"friendlyName": "string",
"currency": "str",
"balances": {"availableBalance": 0,
"actualBalance": 0
},
"state": {"state": "ACTIVE",
"blockedReason": "USER",
"destroyedReason": "SYSTEM"
},
"creationTimestamp": 0
}

Update a managed account

Update the details for the managed account identified by the id in the path.

Authorizations:

auth_tokenapi_key

path Parameters

id

required

string^[0-9]+$

The unique identifier of the managed account.

Request Body schema: application/json

tag	string (Tag) <= 50 characters ^[a-zA-Z0-9_-]+$ The tag field is a custom field that can be used to search and filter.
friendlyName	string [ 1 .. 50 ] characters Updates the friendly name of the managed account. Leave blank if no change is needed.

Responses

Request samples

Content type

application/json

{"tag": "string",
"friendlyName": "string"
}

Response samples

200
400
403
404
default

Content type

application/json

{"id": "string",
"profileId": "string",
"tag": "string",
"friendlyName": "string",
"currency": "str",
"balances": {"availableBalance": 0,
"actualBalance": 0
},
"state": {"state": "ACTIVE",
"blockedReason": "USER",
"destroyedReason": "SYSTEM"
},
"creationTimestamp": 0
}

Upgrade a managed account with IBAN

Assign an IBAN to a Managed Account.

IBANs enable managed accounts to receive and send funds via wire transfers.

Assigning an IBAN to a Managed Account may be done asynchronously, in which case the ManagedAccountIBAN.state will be set to PENDING_ALLOCATION until bank details are ready to use.

Authorizations:

auth_tokenapi_key

path Parameters

id

required

string^[0-9]+$

The unique identifier of the Managed Account.

Responses

Request samples

curl -i -X POST \
  https://sandbox.weavr.io/multi/managed_accounts/:id/iban \
  -H 'Authorization: Bearer <YOUR_JWT_HERE>' \
  -H 'api-key: YOUR_API_KEY_HERE'

Response samples

200
400
404
409
default

Content type

application/json

{"state": "UNALLOCATED",
"bankAccountDetails": [{"beneficiaryNameAndSurname": "string",
"beneficiaryBank": "string",
"beneficiaryBankAddress": "string",
"paymentReference": "string",
"details": {"iban": "stringstringstr",
"bankIdentifierCode": "stringst"
}
}
]
}

Get a managed account IBAN

Fetch the IBAN details associated with the Managed Account identified by the id in the path.

Authorizations:

auth_tokenapi_key

path Parameters

id

required

string^[0-9]+$

Responses

Request samples

curl -i -X GET \
  https://sandbox.weavr.io/multi/managed_accounts/:id/iban \
  -H 'Authorization: Bearer <YOUR_JWT_HERE>' \
  -H 'api-key: YOUR_API_KEY_HERE'

Response samples

200
400
404
default

Content type

application/json

{"state": "UNALLOCATED",
"bankAccountDetails": [{"beneficiaryNameAndSurname": "string",
"beneficiaryBank": "string",
"beneficiaryBankAddress": "string",
"paymentReference": "string",
"details": {"iban": "stringstringstr",
"bankIdentifierCode": "stringst"
}
}
]
}

Block a managed account

Temporarily blocks a managed account.

Authorizations:

auth_tokenapi_key

path Parameters

id

required

string^[0-9]+$

The unique identifier of the managed account.

Responses

Request samples

curl -i -X POST \
  https://sandbox.weavr.io/multi/managed_accounts/:id/block \
  -H 'Authorization: Bearer <YOUR_JWT_HERE>' \
  -H 'api-key: YOUR_API_KEY_HERE'

Response samples

400
404
409
default

Content type

application/json

{"message": "string",
"syntaxErrors": {"invalidFields": [{"params": ["string"
],
"fieldName": "string",
"error": "REQUIRED"
}
]
}
}

Unblock a managed account

Unblocks the managed account identified by the id path parameter. The managed account must have state.blockedReason as USER so that it can be unblocked. If the managed account was blocked by SYSTEM, users cannot unblock it.

Authorizations:

auth_tokenapi_key

path Parameters

id

required

string^[0-9]+$

The unique identifier of the managed account.

Responses

Request samples

curl -i -X POST \
  https://sandbox.weavr.io/multi/managed_accounts/:id/unblock \
  -H 'Authorization: Bearer <YOUR_JWT_HERE>' \
  -H 'api-key: YOUR_API_KEY_HERE'

Response samples

400
404
409
default

Content type

application/json

{"message": "string",
"syntaxErrors": {"invalidFields": [{"params": ["string"
],
"fieldName": "string",
"error": "REQUIRED"
}
]
}
}

Get a managed account statement

Returns a list of transactions against the managed account identified by the id path parameter, matching the criteria provided in the request.

Authorizations:

auth_tokenapi_key

path Parameters

id

required

string^[0-9]+$

The unique identifier of the managed account.

query Parameters

offset	integer <int32> >= 0 The offset value for paging, indicating the initial item number to be returned from the data set satisfying the given criteria. Leave out to fetch the first page of results.
limit	integer <int32> [ 1 .. 100 ] The limit of the results for paging, starting at the offset. Limit is always capped at 100.
orderByTimestamp	string Orders the result in ascending or descending order. ASC: Ascending order, oldest transactions first. DESC: Descending order, most recent transactions first. If not specified, the transactions will be returned in descending order. Enum: "ASC" "DESC"
fromTimestamp	integer <int64> Filter for transactions having transaction timestamp after `fromTimestamp`. Timestamp is expressed in Epoch timestamp using millisecond precision. Leave out to fetch all managed accounts.
toTimestamp	integer <int64> Filter for transactions having transaction timestamp before `toTimestamp`. Timestamp is expressed in Epoch timestamp using millisecond precision. Leave out to fetch all managed accounts.
showFundMovementsOnly	boolean Returns only the entries which contain fund movements.

header Parameters

accept

string

A request parameter specifying the type of response the client would like. Must be one of application/json, application/pdf or text/csv.

The default response type (application/json) will be returned if specified incorrectly or not specified.

Responses

Request samples

curl -i -X GET \
  'https://sandbox.weavr.io/multi/managed_accounts/:id/statement?offset=0&limit=1&orderByTimestamp=ASC&fromTimestamp=0&toTimestamp=0&showFundMovementsOnly=true' \
  -H 'Authorization: Bearer <YOUR_JWT_HERE>' \
  -H 'accept: string' \
  -H 'api-key: YOUR_API_KEY_HERE'

Response samples

200
400
403
404
default

Content type

{"entry": [{"transactionId": {"type": "INSTRUMENT_CREATE",
"id": "string"
},
"entryState": "PENDING",
"originalAmount": {"currency": "str",
"amount": 0
},
"forexRate": {"value": 0,
"scale": -128
},
"transactionAmount": {"currency": "str",
"amount": 0
},
"availableBalanceAdjustment": {"currency": "str",
"amount": 0
},
"actualBalanceAdjustment": {"currency": "str",
"amount": 0
},
"balanceAfter": {"currency": "str",
"amount": 0
},
"availableBalanceAfter": {"currency": "str",
"amount": 0
},
"actualBalanceAfter": {"currency": "str",
"amount": 0
},
"transactionFee": {"currency": "str",
"amount": 0
},
"cardholderFee": {"currency": "str",
"amount": 0
},
"processedTimestamp": 0,
"sourceAmount": {"currency": "str",
"amount": 0
},
"additionalFields": {"property1": "string",
"property2": "string"
}
}
],
"count": 0,
"responseCount": 0
}

Remove a managed account

Destroys the managed account identified by the id path parameter. Unlike block, this action is not reversible.

A managed account must be emptied from any remaining funds before it can be destroyed.

Authorizations:

auth_tokenapi_key

path Parameters

id

required

string^[0-9]+$

The unique identifier of the managed account.

Responses

Request samples

curl -i -X POST \
  https://sandbox.weavr.io/multi/managed_accounts/:id/remove \
  -H 'Authorization: Bearer <YOUR_JWT_HERE>' \
  -H 'api-key: YOUR_API_KEY_HERE'

Response samples

400
404
409
default

Content type

application/json

{"message": "string",
"syntaxErrors": {"invalidFields": [{"params": ["string"
],
"fieldName": "string",
"error": "REQUIRED"
}
]
}
}

Managed Cards

Managed Cards are a type of financial instrument offered by Weavr.

You can create virtual or physical cards that are issued to the consumer or corporate identity.

A card created in prepaid mode has its own balance, whereas a card created in debit mode does not have its own balance but taps into the balance of its parent managed account.

Create a managed card

Creates a managed card for the consumer or corporate identity. The Managed Card Profile (configured in the Multi Portal) specified determines the behaviour and restrictions that the managed card will have.

Authorizations:

auth_tokenapi_key

header Parameters

idempotency-ref

string

A unique call reference generated by the caller that, taking into consideration the payload as well as the operation itself, helps avoid duplicate operations. Idempotency reference uniqueness is maintained for at least 24 hours.

Request Body schema: application/json

profileId required	string (ProfileId) ^[0-9]+$ The profile Id which a specific identity, instrument or transaction type is linked to. Profiles contain configuration and determine behavioral aspects of the newly created transaction, for example, fees that may apply. You can have one or more profiles linked to your application, and these can be used to drive different behaviors according to your product's needs. Profile Ids can be found in the Multi Portal, in the API Credentials page.
tag	string (Tag) <= 50 characters ^[a-zA-Z0-9_-]+$ The tag field is a custom field that can be used to search and filter.
friendlyName required	string [ 1 .. 50 ] characters The friendly name for the card.
nameOnCard required	string [ 1 .. 27 ] characters ^[a-zA-Z0-9ßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÑÒÓÔÕÖØŠÙÚÛÜŸÝŽĄĆ... The card holder's name for the card. This may be verified by merchants when the card is used online. For Physical cards, this field will be printed on the card.
cardholderMobileNumber required	string [ 5 .. 20 ] characters ^\\+[0-9]+$ The mobile number including country code of the card holder. For transactions that require a 3DS challenge, an SMS with a code will be sent on this number, to be entered during an online purchase.
required	object (Address)
	object (DigitalWallets)
mode required	string The card can be created in prepaid mode or debit mode. A prepaid mode card has its own balance and can have funds transferred to or from it. A debit mode card does not have its own balance but will be able to spend funds belonging to its parent managed account, subject to a configurable spend limit. PREPAID_MODE PREPAID_MODE DEBIT_MODE
currency required	string (Currency) 3 characters ^[A-Z]*$ The currency expressed in ISO-4217 code. Example: GBP, EUR, USD.

Responses

Request samples

Content type

application/json

Example

{"profileId": "string",
"tag": "string",
"friendlyName": "string",
"nameOnCard": "string",
"cardholderMobileNumber": "string",
"billingAddress": {"addressLine1": "string",
"addressLine2": "string",
"city": "string",
"postCode": "string",
"state": "string",
"country": "st"
},
"digitalWallets": {"pushProvisioningEnabled": true,
"walletsEnabled": true,
"artworkReference": "string"
},
"mode": "PREPAID_MODE",
"currency": "str"
}

Response samples

200
400
409
default

Content type

application/json

Example

{"id": "string",
"profileId": "string",
"externalHandle": "string",
"tag": "string",
"friendlyName": "string",
"currency": "str",
"state": {"state": "ACTIVE",
"blockedReason": "USER",
"destroyedReason": "SYSTEM"
},
"type": "VIRTUAL",
"cardBrand": "MASTERCARD",
"cardNumber": {"value": "string"
},
"cvv": {"value": "str"
},
"cardNumberFirstSix": "string",
"cardNumberLastFour": "stri",
"nameOnCard": "string",
"startMmyy": "stri",
"expiryMmyy": "stri",
"cardLevelClassification": "CONSUMER",
"expiryPeriodMonths": 1,
"renewalType": "AUTO_RENEW",
"creationTimestamp": 0,
"cardholderMobileNumber": "string",
"billingAddress": {"addressLine1": "string",
"addressLine2": "string",
"city": "string",
"postCode": "string",
"state": "string",
"country": "st"
},
"physicalCardDetails": {"productReference": "string",
"carrierType": "string",
"pendingActivation": true,
"pinBlocked": true,
"manufacturingState": "REQUESTED",
"replacement": {"replacementReason": "DAMAGED",
"replacementId": "string"
},
"deliveryAddress": {"name": "string",
"surname": "string",
"addressLine1": "string",
"addressLine2": "string",
"city": "string",
"postCode": "string",
"state": "string",
"country": "st"
},
"deliveryMethod": "STANDARD_DELIVERY",
"nameOnCardLine2": "string"
},
"digitalWallets": {"pushProvisioningEnabled": true,
"walletsEnabled": true,
"artworkReference": "string"
},
"mode": "PREPAID_MODE",
"balances": {"availableBalance": 0,
"actualBalance": 0
}
}

Get all managed cards

Fetch cards matching the search criteria provided.

Authorizations:

auth_tokenapi_key

query Parameters

offset	integer <int32> >= 0 The offset value for paging, indicating the initial item number to be returned from the data set satisfying the given criteria. Leave out to fetch the first page of results.
limit	integer <int32> [ 1 .. 100 ] The limit of the results for paging, starting at the offset. Limit is always capped at 100.
profileId	string (ProfileId) ^[0-9]+$ Filter by the managed card profile. Leave out to fetch all managed cards.
friendlyName	string [ 1 .. 50 ] characters Filter by the managed card friendly name. Leave out to fetch all managed cards. The exact name must be provided, as wildcards are not supported.
state	Array of strings (InstrumentState) unique Items Enum: "ACTIVE" "BLOCKED" "DESTROYED"
state.blockedReason	Array of strings (BlockedReason) unique Items Enum: "USER" "SYSTEM" "LOST"
state.destroyedReason	Array of strings (DestroyedReason) unique Items Enum: "SYSTEM" "USER" "LOST" "STOLEN" "EXPIRED"
currency	string (Currency) 3 characters ^[A-Z]*$ Filter by the managed card currency. Currencies are expressed as an ISO 4217 code. Leave out to fetch all managed cards.
type	string Filter by the type of the card. Enum: "VIRTUAL" "PHYSICAL"
externalHandle	string Search by the card's `externalHandle`.
cardNumberFirstSix	string 6 characters ^[0-9]*$ Filter by first six digits of the card.
cardNumberLastFour	string 4 characters ^[0-9]*$ Filter by last four digits of the card.
createdFrom	integer <int64> Filter for managed cards created after `createdFrom` timestamp. Timestamp is expressed in Epoch timestamp using millisecond precision. Leave out to fetch all managed cards.
createdTo	integer <int64> Filter for managed cards created before `createdTo` timestamp. Timestamp is expressed in Epoch timestamp using millisecond precision. Leave out to fetch all managed cards.
mode	string Filter by card mode (prepaid mode or debit mode). Enum: "DEBIT_MODE" "PREPAID_MODE"
tag	string Filter by the managed card tag. The exact tag must be provided, as wildcards are not supported. Leave out to fetch all managed cards.
parentManagedAccountId	string^[0-9]+$ Filter by the Id of the parent managed account associated with the card. This is applicable only for debit mode cards.
manufacturingState	Array of strings (ManufacturingState) unique Items Enum: "REQUESTED" "SENT_FOR_FULFILLMENT" "DISPATCHED" "DELIVERED"

Responses

Request samples

curl -i -X GET \
  'https://sandbox.weavr.io/multi/managed_cards?offset=0&limit=1&profileId=string&friendlyName=string&state=ACTIVE&state.blockedReason=USER&state.destroyedReason=SYSTEM&currency=str&type=VIRTUAL&externalHandle=string&cardNumberFirstSix=string&cardNumberLastFour=stri&createdFrom=0&createdTo=0&mode=DEBIT_MODE&tag=string&parentManagedAccountId=string&manufacturingState=REQUESTED' \
  -H 'Authorization: Bearer <YOUR_JWT_HERE>' \
  -H 'api-key: YOUR_API_KEY_HERE'

Response samples

200
400
403
default

Content type

application/json

{"cards": [{"id": "string",
"profileId": "string",
"externalHandle": "string",
"tag": "string",
"friendlyName": "string",
"currency": "str",
"state": {"state": "ACTIVE",
"blockedReason": "USER",
"destroyedReason": "SYSTEM"
},
"type": "VIRTUAL",
"cardBrand": "MASTERCARD",
"cardNumber": {"value": "string"
},
"cvv": {"value": "str"
},
"cardNumberFirstSix": "string",
"cardNumberLastFour": "stri",
"nameOnCard": "string",
"startMmyy": "stri",
"expiryMmyy": "stri",
"cardLevelClassification": "CONSUMER",
"expiryPeriodMonths": 1,
"renewalType": "AUTO_RENEW",
"creationTimestamp": 0,
"cardholderMobileNumber": "string",
"billingAddress": {"addressLine1": "string",
"addressLine2": "string",
"city": "string",
"postCode": "string",
"state": "string",
"country": "st"
},
"physicalCardDetails": {"productReference": "string",
"carrierType": "string",
"pendingActivation": true,
"pinBlocked": true,
"manufacturingState": "REQUESTED",
"replacement": {"replacementReason": "DAMAGED",
"replacementId": "string"
},
"deliveryAddress": {"name": "string",
"surname": "string",
"addressLine1": "string",
"addressLine2": "string",
"city": "string",
"postCode": "string",
"state": "string",
"country": "st"
},
"deliveryMethod": "STANDARD_DELIVERY",
"nameOnCardLine2": "string"
},
"digitalWallets": {"pushProvisioningEnabled": true,
"walletsEnabled": true,
"artworkReference": "string"
},
"mode": "string"
}
],
"count": 0,
"responseCount": 0
}

Get a managed card

Returns all details of the managed card identified by the id path parameter.

Authorizations:

auth_tokenapi_key

path Parameters

id

required

string^[0-9]+$

The unique identifier of a card.