Skip to content
/
Validate a password

Weavr Embedded Payment Run API (v1)

Weavr Payment Run Plug-in API provides a simple and flexible way for Embedders to add payment execution capabilities in their application.

By integrating Weavr Payment Run plug-in API in your application, you can embed banking and payment capabilities within your app to boost productivity for your users in a seamless experience.

Authentication

Each request to the API must include an api_key that represents your account. You can obtain an API Key by registering for a Embedder account here.

Almost all endpoints require a secondary authentication token auth_token that represents the user for whom the request is being executed.

Postman Collection

To help you get started with your integration, you can download the Postman collection here. The collection includes the steps you’ll need to follow to integrate Embedded Payment Run within your app.

The collection makes use of environment variables to pre-fill details associated with your Sandbox account, such as your account’s API Key. You can download your Sandbox Account environment file from the Sandbox Portal.

Download OpenAPI description
openapi.json
openapi.yaml
Overview
License
private
Languages
Servers
Mock server
https://api.weavr.io/_mock/products/payment-run/openapi
Sandbox
https://sandbox.weavr.io/payment-run

Tokens

Operations

Passwords

Operations

Update a password

Request

Update the password for the logged-in user.

Security
apiKey and authToken
Bodyapplication/jsonrequired
oldPasswordobjectrequired

The user's password or passcode used to log in a user. Passwords must be:

  • between 8 and 30 characters
  • include a lowercase character
  • include an uppercase character
  • include a digit and a special character
  • different from any of the 5 last such passwords used.

For non-PCI compliant integrations, the password submitted must be tokenised.

oldPassword.​valuestring(password)[ 1 .. 100 ] charactersrequired
newPasswordobjectrequired

The user's password or passcode used to log in a user. Passwords must be:

  • between 8 and 30 characters
  • include a lowercase character
  • include an uppercase character
  • include a digit and a special character
  • different from any of the 5 last such passwords used.

For non-PCI compliant integrations, the password submitted must be tokenised.

newPassword.​valuestring(password)[ 1 .. 100 ] charactersrequired
curl -i -X POST \
  https://api.weavr.io/_mock/products/payment-run/openapi/v1/passwords/update \
  -H 'Authorization: Bearer <YOUR_JWT_HERE>' \
  -H 'Content-Type: application/json' \
  -H 'api-key: YOUR_API_KEY_HERE' \
  -d '{
    "oldPassword": {
      "value": "pa$$word"
    },
    "newPassword": {
      "value": "pa$$word"
    }
  }'

Responses

OK

Headers
request-refstringrequired

A request identifier. Providing this reference when contacting our support team will help us investigate your query.

Bodyapplication/json
passwordInfoobject

Additional information related to the user's password.

tokenstring

The authorisation token to be used in the Authorization header for secured operations.

Response
application/json
{
  "passwordInfo": {
    "buyerId": "string",
    "expiryDate": 0
  },
  "token": "string"
}

Validate a password

Request

Check that a password adheres to all complexity checks.

Security
apiKey
Bodyapplication/jsonrequired
passwordobjectrequired

The user's password or passcode used to log in a user. Passwords must be:

  • between 8 and 30 characters
  • include a lowercase character
  • include an uppercase character
  • include a digit and a special character
  • different from any of the 5 last such passwords used.

For non-PCI compliant integrations, the password submitted must be tokenised.

password.​valuestring(password)[ 1 .. 100 ] charactersrequired
curl -i -X POST \
  https://api.weavr.io/_mock/products/payment-run/openapi/v1/passwords/validate \
  -H 'Content-Type: application/json' \
  -H 'api-key: YOUR_API_KEY_HERE' \
  -d '{
    "password": {
      "value": "pa$$word"
    }
  }'

Responses

Success - No Content.

Headers
request-refstringrequired

A request identifier. Providing this reference when contacting our support team will help us investigate your query.

Response
No content

Initiate lost password process

Request

Initiate the lost password process.

If the email address provided is associated with an active user, an email will be sent, containing a URL that redirects the user to change their password. The URL contains request parameters for all of the parameters required to change the password for the user via the /passwords/lost_password/resume POST endpoint.

Security
apiKey
Bodyapplication/jsonrequired
emailstring(email)required

E-mail Address of the user

curl -i -X POST \
  https://api.weavr.io/_mock/products/payment-run/openapi/v1/passwords/lost_password/start \
  -H 'Content-Type: application/json' \
  -H 'api-key: YOUR_API_KEY_HERE' \
  -d '{
    "email": "user@example.com"
  }'

Responses

Success - No Content.

Headers
request-refstringrequired

A request identifier. Providing this reference when contacting our support team will help us investigate your query.

Response
No content

Additional Factors

Operations

Step up

Operations

Buyers

Buyers are identities representing a business

Once on-boarded, Buyers can create payment runs and pay their suppliers in your application.

Operations

Buyer Authorised Users

Buyers can invite authorised users to access their account. Once on-boarded, authorised users can transact on behalf of the identity they are on-boarded with.

Authorised users are typically employees who have access to company's banking accounts.

Note that /users endpoints are to be used only for performing operations related to authorised users - getting or updating the details of admin users is to be done via /buyers endpoints.

Operations

Payment runs

A Payment run contains a list of supplier payments. A Payment run can be

  • created by a user with a CREATOR role
  • confirmed by a user with a CONTROLLER role
  • funded by a user with a CONTROLLER role

Note that the Controller user must have their mobile device enrolled to SCA.

Before a payment run can be executed, it must be funded. Users with the CONTROLLER role must link their company's bank account(s) that are represented as Linked Accounts, which than can be used as the funding source for a payment run.

Depending on the bank's constraints it may not be possible to deposit the total amount of funds required for a payment run, in which case the payment run will be automatically split into funding groups. All funding groups must be funded and executed for the payment run to be marked as completed.

Note that even if the payment is created successfully, you still need to check its status in order to determine if it is completed orfailed.

Operations

Linked Accounts

Linked accounts represent bank accounts that the buyer has with other banks. Once set up, they are used to fund payment runs.

Operations

Institutions

Institutions supported by Embedded Payment Run.

Operations

Simulator

Simulators enable you to trigger processes in Sandbox that in Production are triggered from an external action rather than from your application. this way you can test scenarios that otherwise you would only encounter in the Live environment.

Note: These endpoints are only available on Sandbox and won’t work in the Live environment.

Operations

Buyers

Buyers are identities representing companies. Once on-boarded, Buyers can create and manage their own instruments via your application.

Webhooks

Payment runs

Notification that the Payment Run and payment statuses have been updated.

Webhooks

Linked Accounts

Notification that the status of a Linked Account has been updated.

Webhooks

Login

Tokens webhooks

Webhooks

Stepup

Notification that a step-up has been completed or declined.

Webhooks

Authentication Factors

Notification of the Authentication Factors that are used for the Identity.

Webhooks

Transactions

Notification that the status of a transaction has been updated.

Webhooks