Skip to content

Weavr Multi Product API (3.63.5)

Weavr Multi API provides a simple and flexible way to issue cards and accounts to your customers.

By integrating Weavr Multi API in your application you can embed banking capabilities within your app and provide a seamless experience for your customers.

Authentication

Each request to the Multi API must include an api-key that represents your account. You can obtain an API Key by registering for a Multi account here.

Almost all endpoints require a secondary authentication token auth_token that represents the user for whom the request is being executed.

Download OpenAPI description
openapi.json
openapi.yaml
Overview
URL
https://weavr.io
Languages
Servers
Mock server
https://api.weavr.io/_mock/products/multi/openapi
Weavr Sandbox Environment
https://sandbox.weavr.io/multi

Access

Manage authentication for your users.

Operations

Passwords

Manage your users' passwords.

Operations

Authentication Factors

Operations

Step-up Challenges

Operations

Confirmation Challenges

Operations

Corporates

Corporates are identities representing companies. Once on-boarded, Corporates can create and manage their own instruments via your application.

Operations

Consumers

Consumers are identities representing individuals. Once on-boarded, Consumers can create and manage their own instruments via your application.

Operations

Authorised Users

Corporate and Consumer identities can invite authorised users to access their account. Once on-boarded, authorised users can create and manage instruments and transactions on behalf of the identity they are on-boarded with.

In case of Corporate Identities, authorised users are typically employees who have access to company's banking products such as cards and bank accounts.

In case of Consumer Identities, authorised users are typically children/teens whose parents want them to have access to banking products such as cards and bank accounts.

Note that the /users GET endpoints return all users including root users. However, modification operations (create, update, activate, deactivate) on /users endpoints only apply to authorised users. To modify root user details, use the respective /consumers or /corporates endpoints.

Operations

Beneficiaries

Operations

Managed Accounts

Managed Accounts are a type of financial instrument offered by Weavr.

They hold funds for their owner, and can be upgraded to IBANs so as to receive and send funds to instruments outside of the Weavr Platform, via Wire Transfers.

Managed accounts can also be used as source and destination instruments in the transfer and send transactions.

Operations

Managed Cards

Managed Cards are a type of financial instrument offered by Weavr.

You can create virtual or physical cards that are issued to the consumer or corporate identity.

A card created in prepaid mode has its own balance, whereas a card created in debit mode does not have its own balance but taps into the balance of its parent managed account.

Operations

Linked Accounts

Linked Accounts are external bank accounts that users connect to their profiles within the Weavr Platform.

These accounts allow users to link their existing bank accounts, held at external financial institutions, to the Weavr Platform, enabling secure and efficient transfer of funds between their own accounts.

Linked Accounts are designed to streamline the process of moving money between a user’s various bank accounts, providing a convenient and integrated way to manage personal finances across different financial institutions.

Operations

Sends

The Send transaction is used to send funds between managed accounts and managed cards belonging to different identities.

Operations

Transfers

The Transfer transaction is used to transfer funds between managed accounts and managed cards belonging to same identity.

Operations

Outgoing Wire Transfers

The Outgoing Wire Transfer transaction is used to transfer funds from managed accounts to an external bank account.

Operations

Incoming Wire Transfers

Webhooks

Approve or reject incoming wire transfersWebhook

Request

Security
webhooks_key
Headers
request-refstring

A unique call reference included in every call, that enables the receiver to avoid duplicate handling of a webhook request (e.g. webhook was resent).

published-timestampinteger(int64)required

The timestamp, expressed in Epoch timestamp using millisecond precision, when this event was published.

signature-v2stringrequired

The signature to verify the authenticity of this request. This is the base64 hash (HmacSHA256) of the call-ref + payload + published-timestamp using your API key.

signaturestringDeprecatedrequired

The signature to verify the authenticity of this request. This is the base64 hash (HmacSHA256) of the published-timestamp using your API key.

Bodyapplication/json
idstring^[0-9]+$required

The unique identifier of the bank transfer

sourceobjectrequired
source.​instrumentobjectrequired
source.​instrument.​typestringrequired
Enum"linked_accounts""unknown_sender_accounts"
source.​instrument.​instrumentLinkedAccount (object) or UnknownSenderAccount (object)required
One of:
source.​instrument.​instrument.​idstring^[0-9]+$required

The unique identifier of the linked account.

source.​instrument.​instrument.​profileIdstring(ProfileId)^[0-9]+$required

The profile Id which a specific identity, instrument or transaction type is linked to.

Profiles contain configuration and determine behavioral aspects of the newly created transaction, for example, fees that may apply.

You can have one or more profiles linked to your application, and these can be used to drive different behaviors according to your product's needs.

Profile Ids can be found in the Multi Portal, in the API Credentials page.

source.​instrument.​instrument.​tagstring(Tag)<= 50 characters^[a-zA-Z0-9_-]+$

The tag field is a custom field that can be used to search and filter.

source.​instrument.​instrument.​friendlyNamestring[ 1 .. 50 ] characters

A user-friendly label assigned to the Linked Account to help end-users easily identify it within the application. This name can be updated at any time using the PATCH endpoint

source.​instrument.​instrument.​namestring[ 1 .. 100 ] charactersrequired

The full name or corporate name of the account holder as registered with the external bank or payment service provider. This is the name under which the account is officially held.

source.​instrument.​instrument.​typestring(AccountType)

An account can be of two types, Personal or Business:

  • PERSONAL means that the account held at the external bank or PSP is registered under the ownership of a natural person or consumer identity;
  • BUSINESS means that the account held at the external bank or PSP is registered under the ownership of a corporate entity.
Enum"BUSINESS""PERSONAL"
source.​instrument.​instrument.​currencystring(Currency)= 3 characters^[A-Z]*$

The currency expressed in ISO-4217 code. Example: GBP, EUR, USD.

source.​instrument.​instrument.​countrystring= 2 characters^[A-Z]+$required

The country of the bank or institution at which the account is held.

source.​instrument.​instrument.​accountReferenceAccountNumberAndSortCode (object) or Iban (object) or AccountDescriptor (object)

The IBAN or Account Number and Sort Code of the account held at the external bank or payment service provider.

One of:

Bank details

source.​instrument.​instrument.​statestring(LinkedAccountState)required

The state of the linked account:

  • PENDING_VERIFICATION: The Linked Account is pending the completion of the required verification steps.
  • ACTIVE: The Linked Account is verified and active, ready to be used for self-to-self wire transfers.
  • BLOCKED: The Linked Account is temporarily blocked, preventing any use of this external account in self-to-self wire transfers. A Linked Account can be unblocked by calling the Multi API endpoint POST /linked_accounts/{id}/unblock.
  • REMOVED: The Linked Account has been removed from the platform and can no longer be used for self-to-self wire transfers unless a new verification is completed in future.
  • REJECTED: The Linked Account failed the verification process and cannot be used for self-to-self wire transfers unless a new verification is completed in future. A Linked Account can transition through these different overall states, starting at the PENDING_VERIFICATION state until all verification steps are followed through.
Enum"PENDING_VERIFICATION""BLOCKED""ACTIVE""REJECTED""REMOVED"
source.​instrument.​instrument.​creationTimestampinteger(int64)

The timestamp when the linked account was created, expressed in Epoch timestamp using millisecond precision.

source.​instrument.​instrument.​ownerobject(StringWrappedTypeId)
source.​instrument.​referencestring

This is an external reference (if available), input by the sender when creating the payment, and intended for the recipient.

destinationobjectrequired
destination.​instrumentobjectrequired
destination.​instrument.​typestringrequired
Value"managed_accounts"
destination.​instrument.​instrumentManagedAccount (object)required
One of:
destination.​instrument.​instrument.​idstring^[0-9]+$required

The unique identifier of a Managed Account.

destination.​instrument.​instrument.​profileIdstring(ProfileId)^[0-9]+$required

The profile Id which a specific identity, instrument or transaction type is linked to.

Profiles contain configuration and determine behavioral aspects of the newly created transaction, for example, fees that may apply.

You can have one or more profiles linked to your application, and these can be used to drive different behaviors according to your product's needs.

Profile Ids can be found in the Multi Portal, in the API Credentials page.

destination.​instrument.​instrument.​tagstring(Tag)<= 50 characters^[a-zA-Z0-9_-]+$

The tag field is a custom field that can be used to search and filter.

destination.​instrument.​instrument.​friendlyNamestring[ 1 .. 50 ] charactersrequired

The friendly name given to the managed account.

destination.​instrument.​instrument.​currencystring(Currency)= 3 characters^[A-Z]*$required

The currency expressed in ISO-4217 code. Example: GBP, EUR, USD.

destination.​instrument.​instrument.​balancesobject(ManagedInstrumentBalance)required

Instruments with funds have 2 balances, the availableBalance indicating the funds that are available for transactions such as purchases, and the actualBalance indicating the funds that are actually on the instrument.

destination.​instrument.​instrument.​balances.​availableBalanceinteger(int64)

The funds available for transactions on the instrument. Funds that are blocked or pending are not included in the available balance.

destination.​instrument.​instrument.​balances.​actualBalanceinteger(int64)

The funds that are actually on the instrument. Funds that are blocked or pending, due to for example, a purchase authorisation or a pending deposit, are included in the actual balance.

destination.​instrument.​instrument.​stateobject(ManagedInstrumentState)required
destination.​instrument.​instrument.​state.​statestring(InstrumentState)required

The state of the instrument indicating what it can and cannot do as follows:

  • ACTIVE: The instrument is in an active state and can be used in transactions.
  • BLOCKED: The instrument is temporarily blocked and cannot be used. Any funds on the instrument are also frozen. The blockedReason provides more information as to why it was blocked.
  • DESTROYED: The instrument has been permanently destroyed. The destroyReason provides more information as to why it was destroyed.
Enum"ACTIVE""BLOCKED""DESTROYED"
destination.​instrument.​instrument.​state.​blockedReasonstring(BlockedReason)

The reason why the instrument has been blocked:

  • USER: The root, or an authorised user, of the identity owning the instrument has temporarily blocked the instrument.
  • SYSTEM: The platform or an administrator of the platform has temporarily blocked the instrument.
  • LOST: The instrument has been blocked because it was marked as lost.
Enum"USER""SYSTEM""LOST"
destination.​instrument.​instrument.​state.​destroyedReasonstring(DestroyedReason)

The reason why the instrument has been destroyed:

  • SYSTEM: The platform or an administrator of the platform has destroyed the instrument.
  • USER: The root, or an authorised user, of the identity owning the instrument has destroyed the instrument.
  • LOST: The instrument was automatically destroyed as it was marked as lost.
  • STOLEN: The instrument was automatically destroyed as it was marked as stolen.
  • EXPIRED: The instrument was automatically destroyed as it expired.
  • COMPROMISED: The instrument was automatically destroyed as it was marked as compromised.
Enum"SYSTEM""USER""LOST""STOLEN""EXPIRED""COMPROMISED"
destination.​instrument.​instrument.​creationTimestampinteger(int64)required

The time when the managed account was created, expressed in Epoch timestamp using millisecond precision.

destination.​ownerobjectrequired
destination.​owner.​typestringrequired
Enum"consumers""corporates"
destination.​owner.​ownerCorporate (object) or Consumer (object)required
One of:
destination.​owner.​owner.​idobject(IdentityId)required

The unique identifier of the Corporate Identity.

destination.​owner.​owner.​id.​typestringrequired

Indicates the identity type.

Enum"CONSUMER""CORPORATE"
destination.​owner.​owner.​id.​idstring^[0-9]+$required

The identifier for the identity.

destination.​owner.​owner.​profileIdstring(ProfileId)^[0-9]+$required

The profile Id which a specific identity, instrument or transaction type is linked to.

Profiles contain configuration and determine behavioral aspects of the newly created transaction, for example, fees that may apply.

You can have one or more profiles linked to your application, and these can be used to drive different behaviors according to your product's needs.

Profile Ids can be found in the Multi Portal, in the API Credentials page.

destination.​owner.​owner.​tagstring(Tag)<= 50 characters^[a-zA-Z0-9_-]+$

The tag field is a custom field that can be used to search and filter.

destination.​owner.​owner.​rootUserobject(CorporateRootUser)required

The root user of the Corporate Identity.

destination.​owner.​owner.​rootUser.​idobject(IdentityId)required
destination.​owner.​owner.​rootUser.​namestring<= 100 charactersrequired

First name of the root user.

destination.​owner.​owner.​rootUser.​surnamestring<= 100 charactersrequired

Last name of the root user.

destination.​owner.​owner.​rootUser.​emailstring(email)(Email)required

E-mail Address of the user

destination.​owner.​owner.​rootUser.​mobileobject(Mobile)required
destination.​owner.​owner.​rootUser.​companyPositionstring(CompanyPosition)required

The company position of the Corporate Root User.

Enum"DIRECTOR""AUTHORISED_REPRESENTATIVE"
destination.​owner.​owner.​rootUser.​activebooleanrequired

The state of the root user. If false, then the user will not be able to log in.

destination.​owner.​owner.​rootUser.​emailVerifiedbooleanrequired

Indicates if the root user's email has been verified.

destination.​owner.​owner.​rootUser.​mobileNumberVerifiedbooleanrequired

Indicates if the root user's mobile number has been verified.

destination.​owner.​owner.​rootUser.​dateOfBirthobject(Date)

Date of birth of the authorised user.

destination.​owner.​owner.​rootUser.​tagstring(Tag)<= 50 characters^[a-zA-Z0-9_-]+$

The tag field is a custom field that can be used to search and filter.

destination.​owner.​owner.​rootUser.​localestring(UserLocale)<= 5 characters^[a-z]{2}(-[A-Z]{2})?$

BCP47 locale code (e.g. en, en-US). The locale determines which email and SMS user notification templates are used.

destination.​owner.​owner.​rootUser.​brandstring(Brand)<= 25 characters^[a-zA-Z0-9]+$

Brand identifier used to determine the set of email and SMS user notification templates. Must be alphanumeric, up to 25 characters, and contain no spaces.

destination.​owner.​owner.​companyobjectrequired
destination.​owner.​owner.​company.​namestring<= 100 charactersrequired

The registered name of the company.

destination.​owner.​owner.​company.​typestring(CompanyType)required

Supported company types - if company type is not listed, please contact our support team to check if the company type can be supported.

Enum"SOLE_TRADER""LLC""PUBLIC_LIMITED_COMPANY""LIMITED_LIABILITY_PARTNERSHIP""NON_PROFIT_ORGANISATION"
destination.​owner.​owner.​company.​registrationNumberstring[ 1 .. 20 ] characters

The company registration number.

destination.​owner.​owner.​company.​registeredAddressobject(LegalAddress)

The legal address of the company. This information is captured via the Due Diligence (KYB) process.

destination.​owner.​owner.​company.​businessAddressobject(Address)

The address where the business is based.

destination.​owner.​owner.​company.​countryOfRegistrationstring= 2 characters^[A-Z]+$required

The country of company registration in ISO 3166 alpha-2.

destination.​owner.​owner.​company.​incorporatedOnobject(Date)

The company's date of incorporation

destination.​owner.​owner.​acceptedTermsboolean

Must be set to true to indicate that the root user has accepted the terms and conditions.

destination.​owner.​owner.​ipAddressstring[ 5 .. 45 ] charactersrequired

The IP address of the user doing the registration.

destination.​owner.​owner.​baseCurrencystring(Currency)= 3 characters^[A-Z]*$required

The currency expressed in ISO-4217 code. Example: GBP, EUR, USD.

destination.​owner.​owner.​feeGroupstring

Fee groups allow the possibility to charge different fees to users under the same profile. If fee groups are not required, ignore this field.

destination.​owner.​owner.​creationTimestampinteger(int64)required

The time when the Corporate was created, expressed in Epoch timestamp using millisecond precision.

destination.​owner.​owner.​retailQualifierstring

Indicates the type of corporate entity based on its retail status.

Enum"RETAIL""NON_RETAIL""UNKNOWN"
destination.​owner.​owner.​industrystring(Industry)Deprecated

The industry of the identity.

Enum"ACCOUNTING""AUDIT""FINANCE""PUBLIC_SECTOR_ADMINISTRATION""ART_ENTERTAINMENT""AUTO_AVIATION""BANKING_LENDING""BUSINESS_CONSULTANCY_LEGAL""CONSTRUCTION_REPAIR""EDUCATION_PROFESSIONAL_SERVICES"
destination.​owner.​owner.​sourceOfFundsstring(CorporateSourceOfFunds)Deprecated

The corporate's source of funds.

Enum"LABOUR_CONTRACT""CIVIL_CONTRACT""RENT""FUNDS_FROM_OTHER_AUXILIARY_SOURCES""SALE_OF_MOVABLE_ASSETS""SALE_OF_REAL_ESTATE""ORDINARY_BUSINESS_ACTIVITY""DIVIDENDS""LOAN_FROM_FINANCIAL_INSTITUTIONS_CREDIT_UNIONS""LOAN_FROM_THIRD_PARTIES"
destination.​owner.​owner.​sourceOfFundsOtherstringDeprecated

Description of source of funds in case OTHER was chosen.

amountobject(CurrencyAmount)required

The object representing a monetary amount in a particular currency.

amount.​currencystring(Currency)= 3 characters^[A-Z]*$required

The currency expressed in ISO-4217 code. Example: GBP, EUR, USD.

amount.​amountinteger(int64)required

The monetary amount, scaled to the lowest denomination of the currency.

Example, an amount of 1000 for a EUR currency is actually 1000 Euro cents or EUR 10.00.

timestampinteger(int64)required

The timestamp of the transaction, using epoch timestamp with millisecond precision.

application/json
{
  "id": "string",
  "source": {
    "instrument": { … }
  },
  "destination": {
    "instrument": { … },
    "owner": { … }
  },
  "amount": {
    "currency": "str",
    "amount": 0
  },
  "timestamp": 0
}

Responses

Authorisation event received with APPROVED or DECLINED decision.

Bodyapplication/json
resultstring
Enum"APPROVED""DENIED"
Response
application/json
{
  "result": "APPROVED"
}

Operations

Operations

Manage

Operations