Skip to content
/
Get all users

Weavr Multi Product API (3.63.5)

Weavr Multi API provides a simple and flexible way to issue cards and accounts to your customers.

By integrating Weavr Multi API in your application you can embed banking capabilities within your app and provide a seamless experience for your customers.

Authentication

Each request to the Multi API must include an api-key that represents your account. You can obtain an API Key by registering for a Multi account here.

Almost all endpoints require a secondary authentication token auth_token that represents the user for whom the request is being executed.

Download OpenAPI description
openapi.json
openapi.yaml
Overview
URL
https://weavr.io
Languages
Servers
Mock server
https://api.weavr.io/_mock/products/multi/openapi
Weavr Sandbox Environment
https://sandbox.weavr.io/multi

Access

Manage authentication for your users.

Operations

Passwords

Manage your users' passwords.

Operations

Authentication Factors

Operations

Step-up Challenges

Operations

Confirmation Challenges

Operations

Corporates

Corporates are identities representing companies. Once on-boarded, Corporates can create and manage their own instruments via your application.

Operations

Consumers

Consumers are identities representing individuals. Once on-boarded, Consumers can create and manage their own instruments via your application.

Operations

Authorised Users

Corporate and Consumer identities can invite authorised users to access their account. Once on-boarded, authorised users can create and manage instruments and transactions on behalf of the identity they are on-boarded with.

In case of Corporate Identities, authorised users are typically employees who have access to company's banking products such as cards and bank accounts.

In case of Consumer Identities, authorised users are typically children/teens whose parents want them to have access to banking products such as cards and bank accounts.

Note that the /users GET endpoints return all users including root users. However, modification operations (create, update, activate, deactivate) on /users endpoints only apply to authorised users. To modify root user details, use the respective /consumers or /corporates endpoints.

Operations

Create a user

Request

Creates a user linked to the logged-in corporate or consumer identity.

Once on-boarded, users have access to all instruments (cards and accounts) of the identity.

Application-specific permissions to limit what each user can view and do need to be implemented in your application.

In order to Create an Authorised User you would need a stepped-up token. Before calling /multi/users you need to step-up ( issue a challenge multi/stepup/challenges/otp/{channel} )

More details on how to step-up a token can be found here Step-Up

Security
auth_token and api-key
Headers
idempotency-refstring

A unique call reference generated by the caller that, taking into consideration the payload as well as the operation itself, helps avoid duplicate operations. Idempotency reference uniqueness is maintained for at least 24 hours.

Bodyapplication/jsonrequired
namestring[ 1 .. 50 ] charactersrequired

The first name of the user.

surnamestring[ 1 .. 50 ] charactersrequired

The last name of the user.

emailstring(email)(Email)required

E-mail Address of the user

mobileobject(Mobile)
dateOfBirthobject(Date)

Date of birth of the authorised user.

tagstring(Tag)<= 50 characters^[a-zA-Z0-9_-]+$

The tag field is a custom field that can be used to search and filter.

countryOfResidencestring= 2 characters^[A-Z]+$
localestring(UserLocale)<= 5 characters^[a-z]{2}(-[A-Z]{2})?$

BCP47 locale code (e.g. en, en-US). The locale determines which email and SMS user notification templates are used.

brandstring(Brand)<= 25 characters^[a-zA-Z0-9]+$

Brand identifier used to determine the set of email and SMS user notification templates. Must be alphanumeric, up to 25 characters, and contain no spaces.

curl -i -X POST \
  https://api.weavr.io/_mock/products/multi/openapi/users \
  -H 'Authorization: Bearer <YOUR_JWT_HERE>' \
  -H 'Content-Type: application/json' \
  -H 'api-key: YOUR_API_KEY_HERE' \
  -H 'idempotency-ref: string' \
  -d '{
    "name": "string",
    "surname": "string",
    "email": "user@example.com",
    "mobile": {
      "countryCode": "stri",
      "number": "string"
    },
    "dateOfBirth": {
      "year": 1900,
      "month": 1,
      "day": 1
    },
    "tag": "string",
    "countryOfResidence": "st",
    "locale": "en-GB",
    "brand": "string"
  }'

Responses

Success

Headers
request-refstringrequired

A request identifier. Providing this reference when contacting our support team will help us investigate your query.

Bodyapplication/json
idstring^[0-9]+$required

The unique identifier of the user.

identityobject(IdentityId)required

The identity that the user belongs to.

identity.​typestringrequired

Indicates the identity type.

Enum"CONSUMER""CORPORATE"
identity.​idstring^[0-9]+$required

The identifier for the identity.

namestring<= 100 charactersrequired

The first name of the user.

surnamestring<= 100 charactersrequired

The last name of the user.

emailstring(email)(Email)required

E-mail Address of the user

mobileobject(Mobile)
activebooleanrequired

The state of the user. If the active attribute is false, then the user will not be able to log in.

dateOfBirthobject(Date)

Date of birth of the authorised user.

tagstring(Tag)<= 50 characters^[a-zA-Z0-9_-]+$

The tag field is a custom field that can be used to search and filter.

countryOfResidencestring= 2 characters^[A-Z]+$
localestring(UserLocale)<= 5 characters^[a-z]{2}(-[A-Z]{2})?$

BCP47 locale code (e.g. en, en-US). The locale determines which email and SMS user notification templates are used.

brandstring(Brand)<= 25 characters^[a-zA-Z0-9]+$

Brand identifier used to determine the set of email and SMS user notification templates. Must be alphanumeric, up to 25 characters, and contain no spaces.

Response
application/json
{
  "id": "string",
  "identity": {
    "type": "CONSUMER",
    "id": "string"
  },
  "name": "string",
  "surname": "string",
  "email": "user@example.com",
  "mobile": {
    "countryCode": "stri",
    "number": "string"
  },
  "active": true,
  "dateOfBirth": {
    "year": 1900,
    "month": 1,
    "day": 1
  },
  "tag": "string",
  "countryOfResidence": "st",
  "locale": "en-GB",
  "brand": "string"
}

Get all users

Request

Fetches all users associated with the corporate or consumer identity the logged-in user belongs to.

Security
auth_token and api-key
Query
offsetinteger(int32)>= 0

The offset value for paging, indicating the initial item number to be returned from the data set satisfying the given criteria. Leave out to fetch the first page of results.

limitinteger(int32)[ 1 .. 100 ]

The limit of the results for paging, starting at the offset. Limit is always capped at 100.

activeboolean

Filter for active or deactivated users. Leave out to fetch all users.

emailstring(email)(Email)

Filter by the email address of the user.

tagstring

Filter by the managed account/card tag. The exact tag must be provided, as wildcards are not supported. Leave out to fetch all managed accounts/card.

curl -i -X GET \
  'https://api.weavr.io/_mock/products/multi/openapi/users?offset=0&limit=1&active=true&email=user%40example.com&tag=string' \
  -H 'Authorization: Bearer <YOUR_JWT_HERE>' \
  -H 'api-key: YOUR_API_KEY_HERE'

Responses

Success

Headers
request-refstringrequired

A request identifier. Providing this reference when contacting our support team will help us investigate your query.

Bodyapplication/json
usersArray of objects(User)

The list of users matching the criteria specified.

countinteger(int32)

The total number of records (excluding the paging limit).

responseCountinteger(int32)

The total number of records returned in this response (always capped at 100).

Response
application/json
{
  "users": [
    { … }
  ],
  "count": 0,
  "responseCount": 0
}

Get a user

Request

Retrieves the user identified by the user_id path parameter.

Security
auth_token and api-key
Path
user_idstring(UserId)^[0-9]+$required

The unique identifier for the user.

curl -i -X GET \
  'https://api.weavr.io/_mock/products/multi/openapi/users/{user_id}' \
  -H 'Authorization: Bearer <YOUR_JWT_HERE>' \
  -H 'api-key: YOUR_API_KEY_HERE'

Responses

Success

Headers
request-refstringrequired

A request identifier. Providing this reference when contacting our support team will help us investigate your query.

Bodyapplication/json
idstring^[0-9]+$required

The unique identifier of the user.

identityobject(IdentityId)required

The identity that the user belongs to.

identity.​typestringrequired

Indicates the identity type.

Enum"CONSUMER""CORPORATE"
identity.​idstring^[0-9]+$required

The identifier for the identity.

namestring<= 100 charactersrequired

The first name of the user.

surnamestring<= 100 charactersrequired

The last name of the user.

emailstring(email)(Email)required

E-mail Address of the user

mobileobject(Mobile)
activebooleanrequired

The state of the user. If the active attribute is false, then the user will not be able to log in.

dateOfBirthobject(Date)

Date of birth of the authorised user.

tagstring(Tag)<= 50 characters^[a-zA-Z0-9_-]+$

The tag field is a custom field that can be used to search and filter.

countryOfResidencestring= 2 characters^[A-Z]+$
localestring(UserLocale)<= 5 characters^[a-z]{2}(-[A-Z]{2})?$

BCP47 locale code (e.g. en, en-US). The locale determines which email and SMS user notification templates are used.

brandstring(Brand)<= 25 characters^[a-zA-Z0-9]+$

Brand identifier used to determine the set of email and SMS user notification templates. Must be alphanumeric, up to 25 characters, and contain no spaces.

Response
application/json
{
  "id": "string",
  "identity": {
    "type": "CONSUMER",
    "id": "string"
  },
  "name": "string",
  "surname": "string",
  "email": "user@example.com",
  "mobile": {
    "countryCode": "stri",
    "number": "string"
  },
  "active": true,
  "dateOfBirth": {
    "year": 1900,
    "month": 1,
    "day": 1
  },
  "tag": "string",
  "countryOfResidence": "st",
  "locale": "en-GB",
  "brand": "string"
}

Beneficiaries

Operations

Managed Accounts

Managed Accounts are a type of financial instrument offered by Weavr.

They hold funds for their owner, and can be upgraded to IBANs so as to receive and send funds to instruments outside of the Weavr Platform, via Wire Transfers.

Managed accounts can also be used as source and destination instruments in the transfer and send transactions.

Operations

Managed Cards

Managed Cards are a type of financial instrument offered by Weavr.

You can create virtual or physical cards that are issued to the consumer or corporate identity.

A card created in prepaid mode has its own balance, whereas a card created in debit mode does not have its own balance but taps into the balance of its parent managed account.

Operations

Linked Accounts

Linked Accounts are external bank accounts that users connect to their profiles within the Weavr Platform.

These accounts allow users to link their existing bank accounts, held at external financial institutions, to the Weavr Platform, enabling secure and efficient transfer of funds between their own accounts.

Linked Accounts are designed to streamline the process of moving money between a user’s various bank accounts, providing a convenient and integrated way to manage personal finances across different financial institutions.

Operations

Sends

The Send transaction is used to send funds between managed accounts and managed cards belonging to different identities.

Operations

Transfers

The Transfer transaction is used to transfer funds between managed accounts and managed cards belonging to same identity.

Operations

Outgoing Wire Transfers

The Outgoing Wire Transfer transaction is used to transfer funds from managed accounts to an external bank account.

Operations

Incoming Wire Transfers

Webhooks

Operations

Operations

Manage

Operations