Skip to content
Login/
Login attempt

Weavr Embedded Payment Run API (v1)

Weavr Payment Run Plug-in API provides a simple and flexible way for Embedders to add payment execution capabilities in their application.

By integrating Weavr Payment Run plug-in API in your application, you can embed banking and payment capabilities within your app to boost productivity for your users in a seamless experience.

Authentication

Each request to the API must include an api_key that represents your account. You can obtain an API Key by registering for a Embedder account here.

Almost all endpoints require a secondary authentication token auth_token that represents the user for whom the request is being executed.

Postman Collection

To help you get started with your integration, you can download the Postman collection here. The collection includes the steps you’ll need to follow to integrate Embedded Payment Run within your app.

The collection makes use of environment variables to pre-fill details associated with your Sandbox account, such as your account’s API Key. You can download your Sandbox Account environment file from the Sandbox Portal.

Download OpenAPI description
openapi.json
openapi.yaml
Overview
License
private
Languages
Servers
Mock server
https://api.weavr.io/_mock/products/payment-run/openapi
Sandbox
https://sandbox.weavr.io/payment-run

Tokens

Operations

Passwords

Operations

Additional Factors

Operations

Step up

Operations

Buyers

Buyers are identities representing a business

Once on-boarded, Buyers can create payment runs and pay their suppliers in your application.

Operations

Buyer Authorised Users

Buyers can invite authorised users to access their account. Once on-boarded, authorised users can transact on behalf of the identity they are on-boarded with.

Authorised users are typically employees who have access to company's banking accounts.

Note that /users endpoints are to be used only for performing operations related to authorised users - getting or updating the details of admin users is to be done via /buyers endpoints.

Operations

Payment runs

A Payment run contains a list of supplier payments. A Payment run can be

  • created by a user with a CREATOR role
  • confirmed by a user with a CONTROLLER role
  • funded by a user with a CONTROLLER role

Note that the Controller user must have their mobile device enrolled to SCA.

Before a payment run can be executed, it must be funded. Users with the CONTROLLER role must link their company's bank account(s) that are represented as Linked Accounts, which than can be used as the funding source for a payment run.

Depending on the bank's constraints it may not be possible to deposit the total amount of funds required for a payment run, in which case the payment run will be automatically split into funding groups. All funding groups must be funded and executed for the payment run to be marked as completed.

Note that even if the payment is created successfully, you still need to check its status in order to determine if it is completed orfailed.

Operations

Linked Accounts

Linked accounts represent bank accounts that the buyer has with other banks. Once set up, they are used to fund payment runs.

Operations

Institutions

Institutions supported by Embedded Payment Run.

Operations

Simulator

Simulators enable you to trigger processes in Sandbox that in Production are triggered from an external action rather than from your application. this way you can test scenarios that otherwise you would only encounter in the Live environment.

Note: These endpoints are only available on Sandbox and won’t work in the Live environment.

Operations

Buyers

Buyers are identities representing companies. Once on-boarded, Buyers can create and manage their own instruments via your application.

Webhooks

Payment runs

Notification that the Payment Run and payment statuses have been updated.

Webhooks

Linked Accounts

Notification that the status of a Linked Account has been updated.

Webhooks

Login

Tokens webhooks

Webhooks

Login attemptWebhook

Request

Notification that a login attempt was completed successfully or declined.

Headers
call-refstring

A call reference generated by the caller and unique to the caller to provide correlation between the caller and system with a maximum length of 255

published-timestampinteger(int64)required

The timestamp, expressed in Epoch timestamp using millisecond precision, when this event was published.

signaturestringrequired

The signature to verify the authenticity of this request. This is the base64 hash (HmacSHA256) of the published-timestamp using your API key.

signature-v2stringrequired

The signature to verify the authenticity of this request. This is the base64 hash (HmacSHA256) of the call-ref header, the request body, and the published-timestamp header, all concatenated without spaces, and signed using your API key.

Bodyapplication/jsonrequired
typestring
Value"loginWatch"
payloadobject
application/json
{
  "type": "loginWatch",
  "payload": {
    "credential": { … },
    "buyerId": "string",
    "type": "string",
    "status": "VERIFIED",
    "publishedTimestamp": "string"
  }
}

Responses

Return a 200 status to indicate that the data was received successfully

Stepup

Notification that a step-up has been completed or declined.

Webhooks

Authentication Factors

Notification of the Authentication Factors that are used for the Identity.

Webhooks

Transactions

Notification that the status of a transaction has been updated.

Webhooks