Skip to content

Weavr Multi Product BackOffice API (v3)

Weavr Multi Back Office API allows you, as an innovator, to perform various back office operations concerning identities and their instruments, without requiring the users to be logged in.

A token is to be obtained through the access_token method, and this will allow relevant operations to be performed on behalf of this same identity.

Download OpenAPI description
openapi.json
openapi.yaml
Overview
URL
https://weavr.io
Languages
Servers
Mock server
https://api.weavr.io/_mock/products/multi-backoffice/openapi
Weavr Sandbox Environment
https://sandbox.weavr.io/multi/backoffice

Access Token

Acquire a token granting you access to perform sensitive operations on behalf of an identity.

Operations

User Impersonation

Operations

Corporates

Operations

Consumers

Operations

Authorised Users

Corporate and Consumer identities can invite authorised users to access their account. Once on-boarded, authorised users can create and manage instruments and transactions on behalf of the identity they are on-boarded with.
With the access_token representing the identity and the consent of the identity, you will be able to create and invite authorised users for the Identity.

Creating and inviting users on behalf of identities are restricted features; by default these endpoints are not available for use.

Operations

Managed Accounts

Managed Accounts are a type of financial instrument offered by Weavr. They hold funds for their owner, and can be upgraded to IBANs so as to receive and send funds to instruments outside of the Weavr Platform, via Wire Transfers. These accounts can also be used as sources and destinations in the transfer transaction.

With the access_token representing the identity and the consent of the identity, you will be able to operations on the identity's managed accounts, such as getting a managed account's details and retrieving its statement.

Operations

Managed Cards

Managed Cards are a type of financial instrument offered by Weavr. Cards created in prepaid mode have their own balance, whereas those created in debit mode tap into the balance of their parent Managed Accounts. Apart from being used at merchants for puchases, prepaid mode cards can also be used as sources and destinations in the transfer transaction.

With the access_token representing the identity and the consent of the identity, you will be able to perform operations on the identity's Managed Cards, such as getting a Managed Card's details and managing its spend rules.

Operations

Get a managed card

Request

Returns all details of the managed card identified by the id path parameter.

Security
auth_token and api_key
Path
idstring^[0-9]+$required

The unique identifier of a card.

curl -i -X GET \
  'https://api.weavr.io/_mock/products/multi-backoffice/openapi/managed_cards/{id}' \
  -H 'Authorization: Bearer <YOUR_JWT_HERE>' \
  -H 'api-key: YOUR_API_KEY_HERE'

Responses

Success

Headers
request-refstringrequired

A request identifier. Providing this reference when contacting our support team will help us investigate your query.

Bodyapplication/json
idstring^[0-9]+$required

The unique identifier of the card.

profileIdstring(ProfileId)^[0-9]+$required

The profile Id which a specific identity, instrument or transaction type is linked to.

Profiles contain configuration and determine behavioral aspects of the newly created transaction, for example, fees that may apply.

You can have one or more profiles linked to your application, and these can be used to drive different behaviors according to your product's needs.

Profile Ids can be found in the Multi Portal, in the API Credentials page.

externalHandlestringrequired

A uniquely generated code used to identify a card.

This code is to be used instead of the sensitive card number in order to refer to a card when opening a support ticket.

tagstring(Tag)<= 50 characters^[a-zA-Z0-9_-]+$

The tag field is a custom field that can be used to search and filter.

friendlyNamestring[ 1 .. 50 ] charactersrequired

The friendly name given to the card.

currencystring(Currency)= 3 characters^[A-Z]*$required

The currency expressed in ISO-4217 code. Example: GBP, EUR, USD.

stateobject(ManagedInstrumentState)required
state.​statestring(InstrumentState)required

The state of the instrument indicating what it can and cannot do as follows:

  • ACTIVE: The instrument is in an active state and can be used in transactions.
  • BLOCKED: The instrument is temporarily blocked and cannot be used. Any funds on the instrument are also frozen. The blockedReason provides more information as to why it was blocked.
  • DESTROYED: The instrument has been permanently destroyed. The destroyReason provides more information as to why it was destroyed.
  • NOT_ENABLED: The instrument is not enabled for use, since the linked user has not completed all necessary verification steps.
Enum"ACTIVE""BLOCKED""DESTROYED""NOT_ENABLED"
state.​blockedReasonstring(BlockedReason)

The reason why the instrument has been blocked:

  • USER: The root, or an authorised user, of the identity owning the instrument has temporarily blocked the instrument.
  • SYSTEM: The platform or an administrator of the platform has temporarily blocked the instrument.
  • LOST: The instrument has been blocked because it was marked as lost.
Enum"USER""SYSTEM""LOST"
state.​destroyedReasonstring(DestroyedReason)

The reason why the instrument has been destroyed:

  • SYSTEM: The platform or an administrator of the platform has destroyed the instrument.
  • USER: The root, or an authorised user, of the identity owning the instrument has destroyed the instrument.
  • LOST: The instrument was automatically destroyed as it was marked as lost.
  • STOLEN: The instrument was automatically destroyed as it was marked as stolen.
  • EXPIRED: The instrument was automatically destroyed as it expired.
  • COMPROMISED: The instrument was automatically destroyed as it was marked as compromised.
Enum"SYSTEM""USER""LOST""STOLEN""EXPIRED""COMPROMISED"
typestringrequired

The type of card:

  • VIRTUAL: Not a printed or embedded card. The card can be used online or added to digital wallets.
  • PHYSICAL: A physical card that can be printed and shipped to your customers or embedded in a Wearable device. It can be used at physical terminals.
Enum"VIRTUAL""PHYSICAL"
cardBrandstringrequired

The card scheme, or brand of the card.

Enum"MASTERCARD""VISA"
cardNumberobject(SensitiveCardNumber)required

The full card number of the card.

Unless you are PCI-DSS compliant and have opted to switch off Weavr's security model, the card number will be tokenised.

To show the full unredacted card number to your user, you need to embed the Card number UI Component in your application. This accepts the tokenised card number and shows the unredacted card number to the user on screen.

cardNumber.​valuestring<= 16 characters
cvvobject(SensitiveCvv)required

The CVV of the card.

Unless you are PCI-DSS compliant and have opted to switch off Weavr's security model, the card's CVV will be tokenised.

To show the card's CVV to your user, you need to embed the CVV UI Component in your application. This accepts the tokenised CVV and shows the plain text CVV number to the user on screen.

cvv.​valuestring<= 3 characters
cardNumberFirstSixstring^[0-9]{6}$required

The first six digits of the card number.

cardNumberLastFourstring^[0-9]{4}$required

The last four digits of the card number.

nameOnCardstring<= 27 characters^[a-zA-Z0-9ßÀÁÂÃÄÅǍÆÇÈÉÊËÌÍÎÏÒÓÔÕÖØŠÙÚÛÜŸÝĄĆČ...required

The card holder’s name for the card. This may be verified by merchants when the card is used online. For Physical cards, this field will be printed on the card. The maximum characters allowed will depend on the design chosen and will be provided to you by Weavr when setting up your plastic cards.

nameOnCardLine2string<= 27 characters^[a-zA-Z0-9ßÀÁÂÃÄÅǍÆÇÈÉÊËÌÍÎÏÒÓÔÕÖØŠÙÚÛÜŸÝĄĆČ...

Line 2 of the 'name on card' field. For Physical cards, this field will be printed on the card. The maximum characters allowed will depend on the design chosen and will be provided to you by Weavr when setting up your plastic cards.

startMmyystring= 4 characters^[0-9]*$required

The start date of this card, in MMYY format.

expiryMmyystring= 4 charactersrequired

The end date of this card, in MMYY format.

cardLevelClassificationstringrequired

The card classification determines whether the card is from Consumer or Corporate BINs.

Enum"CONSUMER""CORPORATE"
expiryPeriodMonthsinteger(int32)[ 1 .. 120 ]required

The validity timeframe of the card, in months.

renewalTypestring(CardRenewalType)required

Indicates how the card will be handled once it is close to expiring.

  • RENEW: The card will be automatically renewed, keeping the same card number but with a new expiry date and CVV.
  • NO_RENEW: Once the expiry date is reached, the card is destroyed.
Enum"RENEW""NO_RENEW"
renewalTimestampinteger(int64)

The timestamp when the card will be renewed, expressed in Epoch timestamp using millisecond precision.

creationTimestampinteger(int64)required

The timestamp when the card was created, expressed in Epoch timestamp using millisecond precision.

billingAddressobject(BillingAddress)required

The billing address set for the cardholder. This can be checked by the merchant during online purchases.

billingAddress.​addressLine1string[ 1 .. 150 ] charactersrequired

The first line of the address.

billingAddress.​addressLine2string<= 150 characters

The second line of the address.

billingAddress.​citystring<= 50 charactersrequired

The city of the address.

billingAddress.​postCodestring<= 10 characters^[A-Za-z0-9 -]*$required

The post code associated with the address.

billingAddress.​statestring<= 50 characters

The state of the address.

billingAddress.​countrystring= 2 characters^[A-Z]+$required

The country of the address expressed in ISO 3166 alpha-2 format.

physicalCardDetailsobject(PhysicalCardDetails)
digitalWalletsobject(DigitalWallets)required
digitalWallets.​pushProvisioningEnabledboolean

Indicates whether the card is enabled for push provisioning in a digital wallet.

digitalWallets.​walletsEnabledboolean

Indicates whether the card is enabled for tokenisation in a digital wallet.

digitalWallets.​artworkReferencestring

The artwork reference that will be used if the card is enabled for tokenisation in a digital wallet.

authForwardingDefaultTimeoutDecisionstring

Default decision for auth forwarding on timeout

Enum"APPROVE""DECLINE"
modestringrequired

The mode with which this card was created:

  • A prepaid mode card has its own balance and can have funds transferred to or from it.
  • A debit mode card does not have its own balance but will be able to spend funds belonging to its parent managed account, subject to a configurable spend limit.
Discriminator
externalDataArray of objects(ExternalData)<= 10 itemsunique

External data fields, as provided and managed by the caller that are to be stored and associated with a Managed Card instance. This information is not processed or used by Weavr but some of the values could be shown in specific reports and used as filters

userIdstring(UserId)^[0-9]+$

The Authorised User to be linked to the card, whose authentication details will be used for actions such as 3DS authentication, or manual provisioning to a digital wallet. This field can be used instead of threeDSecureAuthConfig as it better describes the wider scope of possible uses.

replacementobject(ManagedCardReplacement)

Indicates if the card is replaced by another card.

balancesobject(ManagedInstrumentBalance)

Instruments with funds have 2 balances, the availableBalance indicating the funds that are available for transactions such as purchases, and the actualBalance indicating the funds that are actually on the instrument.

cardholderMobileNumberstring[ 5 .. 15 ] charactersDeprecated^\+[0-9]+$

The mobile number including country code of the card holder, needed for 3DS challenge.

threeDSecureAuthConfigobject(ThreeDSecureAuthConfig)Deprecated
Response
application/json
{
  "id": "string",
  "profileId": "string",
  "externalHandle": "string",
  "tag": "string",
  "friendlyName": "string",
  "currency": "str",
  "state": {
    "state": "ACTIVE",
    "blockedReason": "USER",
    "destroyedReason": "SYSTEM"
  },
  "type": "VIRTUAL",
  "cardBrand": "MASTERCARD",
  "cardNumber": {
    "value": "string"
  },
  "cvv": {
    "value": "str"
  },
  "cardNumberFirstSix": "string",
  "cardNumberLastFour": "string",
  "nameOnCard": "string",
  "nameOnCardLine2": "string",
  "startMmyy": "stri",
  "expiryMmyy": "stri",
  "cardLevelClassification": "CONSUMER",
  "expiryPeriodMonths": 1,
  "renewalType": "RENEW",
  "renewalTimestamp": 0,
  "creationTimestamp": 0,
  "cardholderMobileNumber": "string",
  "billingAddress": {
    "addressLine1": "string",
    "addressLine2": "string",
    "city": "string",
    "postCode": "string",
    "state": "string",
    "country": "st"
  },
  "physicalCardDetails": {
    "bulkDelivery": true,
    "productReference": "string",
    "carrierType": "string",
    "pendingActivation": true,
    "pinBlocked": true,
    "manufacturingState": "REQUESTED",
    "replacement": {},
    "deliveryAddress": {},
    "deliveryMethod": "STANDARD_DELIVERY",
    "deliveryTrackingCode": "string",
    "deliveryTrackingMethod": "string",
    "deliveryTrackingUrl": "string",
    "nameOnCardLine2": "string"
  },
  "digitalWallets": {
    "pushProvisioningEnabled": true,
    "walletsEnabled": true,
    "artworkReference": "string"
  },
  "authForwardingDefaultTimeoutDecision": "APPROVE",
  "threeDSecureAuthConfig": {
    "linkedUserId": "string",
    "primaryChannel": "OTP_SMS",
    "fallbackChannel": "OTP_SMS"
  },
  "mode": "PREPAID_MODE",
  "externalData": [
    {}
  ],
  "userId": "string",
  "replacement": {
    "id": "string",
    "reason": "DAMAGED"
  },
  "balances": {
    "availableBalance": 0,
    "actualBalance": 0
  }
}

Update a managed card's renewal type

Request

Update the renewal type of the managed card identified by the id path parameter.

Please contact our support team or your account manager to request access to this endpoint.

Security
auth_token and api_key
Path
idstring^[0-9]+$required

The unique identifier of a card.

Headers
idempotency-refstring

A unique call reference generated by the caller that, taking into consideration the payload as well as the operation itself, helps avoid duplicate operations. Idempotency reference uniqueness is maintained for at least 24 hours.

Bodyapplication/jsonrequired
renewalTypestring(CardRenewalType)required

Indicates how the card will be handled once it is close to expiring.

  • RENEW: The card will be automatically renewed, keeping the same card number but with a new expiry date and CVV.
  • NO_RENEW: Once the expiry date is reached, the card is destroyed.
Enum"RENEW""NO_RENEW"
curl -i -X PATCH \
  'https://api.weavr.io/_mock/products/multi-backoffice/openapi/managed_cards/{id}/renewal' \
  -H 'Authorization: Bearer <YOUR_JWT_HERE>' \
  -H 'Content-Type: application/json' \
  -H 'api-key: YOUR_API_KEY_HERE' \
  -H 'idempotency-ref: string' \
  -d '{
    "renewalType": "RENEW"
  }'

Responses

Success - No Content.

Headers
request-refstringrequired

A request identifier. Providing this reference when contacting our support team will help us investigate your query.

Response
No content

Remove a managed card

Request

Destroys the managed card identified by the id path parameter. Unlike block, this action is not reversible.

A managed card must be empty before it can be destroyed using this operation.

Security
auth_token and api_key
Path
idstring^[0-9]+$required

The unique identifier of a managed card.

curl -i -X POST \
  'https://api.weavr.io/_mock/products/multi-backoffice/openapi/managed_cards/{id}/remove' \
  -H 'Authorization: Bearer <YOUR_JWT_HERE>' \
  -H 'api-key: YOUR_API_KEY_HERE'

Responses

Success - No Content.

Headers
request-refstringrequired

A request identifier. Providing this reference when contacting our support team will help us investigate your query.

Response
No content

Transfers

Operations

Fees

Operations

Operations

Operations

Manage

Operations