Skip to content
/
Activate a user

Weavr Embedded Payment Run API (v1)

Weavr Payment Run Plug-in API provides a simple and flexible way for Embedders to add payment execution capabilities in their application.

By integrating Weavr Payment Run plug-in API in your application, you can embed banking and payment capabilities within your app to boost productivity for your users in a seamless experience.

Authentication

Each request to the API must include an api_key that represents your account. You can obtain an API Key by registering for a Embedder account here.

Almost all endpoints require a secondary authentication token auth_token that represents the user for whom the request is being executed.

Postman Collection

To help you get started with your integration, you can download the Postman collection here. The collection includes the steps you’ll need to follow to integrate Embedded Payment Run within your app.

The collection makes use of environment variables to pre-fill details associated with your Sandbox account, such as your account’s API Key. You can download your Sandbox Account environment file from the Sandbox Portal.

Download OpenAPI description
openapi.json
openapi.yaml
Overview
License
private
Languages
Servers
Mock server
https://api.weavr.io/_mock/products/payment-run/openapi
Sandbox
https://sandbox.weavr.io/payment-run

Tokens

Operations

Passwords

Operations

Additional Factors

Operations

Step up

Operations

Buyers

Buyers are identities representing a business

Once on-boarded, Buyers can create payment runs and pay their suppliers in your application.

Operations

Buyer Authorised Users

Buyers can invite authorised users to access their account. Once on-boarded, authorised users can transact on behalf of the identity they are on-boarded with.

Authorised users are typically employees who have access to company's banking accounts.

Note that /users endpoints are to be used only for performing operations related to authorised users - getting or updating the details of admin users is to be done via /buyers endpoints.

Operations

Update a user

Request

Update the details of a user identified by the user_id in the the path parameter. After calling this endpoint you need to step-up ( issue a challenge /stepup/challenges/otp/{channel} ). More details on how to step-up a token can be found here Step-Up..

Only the fields that are specified in the request body will be updated. All other fields will remain unchanged.

When patching a mobile number, the new mobile number should be enrolled for Additional Factors.

Required user role: ADMIN

Security
apiKey and authToken
Path
user_idstring^[0-9]+$required

The unique identifier for the user.

Example: 110747174434373672
Bodyapplication/jsonrequired
namestring<= 20 characters

The first name of the user.

surnamestring<= 20 characters

The last name of the user.

emailstring(email)

E-mail Address of the user

mobileobject

Mobile number of the user

dateOfBirthobject

Date of birth of the authorised user.

rolesArray of stringsnon-empty

Roles define the level of access assigned to the user.

  • CREATOR: Users assigned this role can create, view and update payment runs.
  • CONTROLLER: Users assigned this role can view and link their company's bank accounts as well as fund payment runs.
Items Enum"CREATOR""CONTROLLER"
curl -i -X PATCH \
  https://api.weavr.io/_mock/products/payment-run/openapi/v1/users/110747174434373672 \
  -H 'Authorization: Bearer <YOUR_JWT_HERE>' \
  -H 'Content-Type: application/json' \
  -H 'api-key: YOUR_API_KEY_HERE' \
  -d '{
    "name": "string",
    "surname": "string",
    "email": "user@example.com",
    "mobile": {
      "countryCode": "string",
      "number": "string"
    },
    "dateOfBirth": {
      "year": 1900,
      "month": 1,
      "day": 1
    },
    "roles": [
      "CREATOR"
    ]
  }'

Responses

Success

Bodyapplication/json
idstring^[0-9]+$required

The unique identifier of the user.

buyerIdstring^[0-9]+$required

The identifier for the identity.

namestring<= 100 charactersrequired

The first name of the user.

surnamestring<= 100 charactersrequired

The last name of the user.

emailstring(email)required

E-mail Address of the user

mobileobject

Mobile number of the user

activebooleanrequired

The state of the user. If the active attribute is false, then the user will not be able to log in.

dateOfBirthobject

Date of birth of the authorised user.

rolesArray of stringsnon-emptyrequired

Roles define the level of access assigned to the user.

  • CREATOR: Users assigned this role can create, view and update payment runs.
  • CONTROLLER: Users assigned this role can view and link their company's bank accounts as well as fund payment runs.
Items Enum"CREATOR""CONTROLLER"
addedByobject
Response
application/json
{
  "id": "string",
  "buyerId": "string",
  "name": "string",
  "surname": "string",
  "email": "user@example.com",
  "mobile": {
    "countryCode": "string",
    "number": "string"
  },
  "active": true,
  "dateOfBirth": {
    "year": 1900,
    "month": 1,
    "day": 1
  },
  "roles": [
    "CREATOR"
  ],
  "addedBy": {
    "rolesNames": [ … ],
    "userId": "string"
  }
}

Activate a user

Request

Activate the user identified by the user_id path parameter.

By default, any new users created will be automatically activated. This operation needs to be used only if the user was previously de-activated using the userDeactivate operation, or if the user was de-activated automatically after multiple incorrect login attempts.

Required user role: ADMIN

Security
apiKey and authToken
Path
user_idstring^[0-9]+$required

The unique identifier for the user.

Example: 110747174434373672
Headers
idempotency-refstring

A unique call reference generated by the caller that, taking into consideration the payload as well as the operation itself, helps avoid duplicate operations. Idempotency reference uniqueness is maintained for at least 24 hours.

curl -i -X POST \
  https://api.weavr.io/_mock/products/payment-run/openapi/v1/users/110747174434373672/activate \
  -H 'Authorization: Bearer <YOUR_JWT_HERE>' \
  -H 'api-key: YOUR_API_KEY_HERE' \
  -H 'idempotency-ref: string'

Responses

Success - No Content.

Headers
request-refstringrequired

A request identifier. Providing this reference when contacting our support team will help us investigate your query.

Response
No content

Deactivate a user

Request

De-activate the user identified by the user_id path parameter.

Deactivated users cannot log in or execute any operations with their credentials.

This operations is not final and a user can be re-activated using the userActivate operation. Note that another active user would need to log in so as to re-activate the de-activated user.

Required user role: ADMIN

Security
apiKey and authToken
Path
user_idstring^[0-9]+$required

The unique identifier for the user.

Example: 110747174434373672
Headers
idempotency-refstring

A unique call reference generated by the caller that, taking into consideration the payload as well as the operation itself, helps avoid duplicate operations. Idempotency reference uniqueness is maintained for at least 24 hours.

curl -i -X POST \
  https://api.weavr.io/_mock/products/payment-run/openapi/v1/users/110747174434373672/deactivate \
  -H 'Authorization: Bearer <YOUR_JWT_HERE>' \
  -H 'api-key: YOUR_API_KEY_HERE' \
  -H 'idempotency-ref: string'

Responses

Success - No Content.

Headers
request-refstringrequired

A request identifier. Providing this reference when contacting our support team will help us investigate your query.

Response
No content

Payment runs

A Payment run contains a list of supplier payments. A Payment run can be

  • created by a user with a CREATOR role
  • confirmed by a user with a CONTROLLER role
  • funded by a user with a CONTROLLER role

Note that the Controller user must have their mobile device enrolled to SCA.

Before a payment run can be executed, it must be funded. Users with the CONTROLLER role must link their company's bank account(s) that are represented as Linked Accounts, which than can be used as the funding source for a payment run.

Depending on the bank's constraints it may not be possible to deposit the total amount of funds required for a payment run, in which case the payment run will be automatically split into funding groups. All funding groups must be funded and executed for the payment run to be marked as completed.

Note that even if the payment is created successfully, you still need to check its status in order to determine if it is completed orfailed.

Operations

Linked Accounts

Linked accounts represent bank accounts that the buyer has with other banks. Once set up, they are used to fund payment runs.

Operations

Institutions

Institutions supported by Embedded Payment Run.

Operations

Simulator

Simulators enable you to trigger processes in Sandbox that in Production are triggered from an external action rather than from your application. this way you can test scenarios that otherwise you would only encounter in the Live environment.

Note: These endpoints are only available on Sandbox and won’t work in the Live environment.

Operations

Buyers

Buyers are identities representing companies. Once on-boarded, Buyers can create and manage their own instruments via your application.

Webhooks

Payment runs

Notification that the Payment Run and payment statuses have been updated.

Webhooks

Linked Accounts

Notification that the status of a Linked Account has been updated.

Webhooks

Login

Tokens webhooks

Webhooks

Stepup

Notification that a step-up has been completed or declined.

Webhooks

Authentication Factors

Notification of the Authentication Factors that are used for the Identity.

Webhooks

Transactions

Notification that the status of a transaction has been updated.

Webhooks