Weavr Multi Product BackOffice API (3.9.0)

Download OpenAPI specification:Download

Weavr Multi Back Office API allows you, as an innovator, to perform various back office operations concerning identities and their instruments, without requiring the users to be logged in.

A token is to be obtained through the access_token method, and this will allow relevant operations to be performed on behalf of this same identity.

Authentication

api_key

The API Key representing your Multi account.

Security Scheme Type	API Key
Header parameter name:	api-key

auth_token

The authentication token representing the user. This will be included in the login response object.

Security Scheme Type	HTTP
HTTP Authorization Scheme	bearer
Bearer format	"JWT"

Access Token

Acquire a token granting you access to perform sensitive operations on behalf of an identity.

Acquire a new access token

Acquire a Bearer token granting you access to securely perform delegated access operations on behalf of the given identity.

The token representing the identity should be included in the Authorization header of all requests to endpoints representing Delegated Access operations.

Authorizations:

api_key

Request Body schema: application/json

required	object (IdentityId)
	object (IdentityId)

Responses

Request samples

Content type

application/json

{"identity": {"type": "CONSUMER",
"id": "string"
},
"temp": {"type": "CONSUMER",
"id": "string"
}
}

Response samples

200
400
409
default

Content type

application/json

{"token": {"token": "string"
},
"identity": {"type": "CONSUMER",
"id": "string"
},
"credentials": {"type": "ROOT",
"id": "string"
}
}

User Impersonation

Impersonate login for an identity Deprecated

Get a token representing the given identity. This token can then be used to authorise certain secure operations on behalf of the identity.

Authorizations:

auth_tokenapi_key

Request Body schema: application/json

required	object (IdentityId)
	object (IdentityId)

Responses

Request samples

Content type

application/json

{"identity": {"type": "CONSUMER",
"id": "string"
},
"temp": {"type": "CONSUMER",
"id": "string"
}
}

Response samples

200
400
409
default

Content type

application/json

{"token": {"token": "string"
},
"identity": {"type": "CONSUMER",
"id": "string"
},
"credentials": {"type": "ROOT",
"id": "string"
}
}

Corporates

Charge fee to a corporate Deprecated

Charge a fee to the corporate identified by the auth token, based on a pre-defined custom fee. Custom fees can be configured in the Multi Portal.

The fees collected will be deposited into your Revenue Account. The balance and transaction history of your revenue account can be viewed in the Multi Portal.

Authorizations:

auth_tokenapi_key

header Parameters

idempotency-ref

string

A unique call reference generated by the caller that, taking into consideration the payload as well as the operation itself, helps avoid duplicate operations. Idempotency reference uniqueness is maintained for at least 24 hours.

Request Body schema: application/json

feeType required	string The fee type as defined in the Multi Portal.
required	object (InstrumentId)

Responses

Request samples

Content type

application/json

{"feeType": "string",
"source": {"id": "string",
"type": "managed_cards"
}
}

Response samples

200
400
404
409
default

Content type

application/json

{"transactionId": {"type": "AUTHORISATION",
"id": "string"
},
"profileId": "string",
"feeType": "string",
"source": {"id": "string",
"type": "managed_cards"
},
"availableBalanceAdjustment": {"currency": "str",
"amount": 0
},
"retryAuthor": {"type": "string",
"id": "string"
},
"retryNote": "string",
"state": "INITIALISED",
"creationTimestamp": 0
}

Consumers

Charge fee to a consumer Deprecated

Charge a fee to the logged-in consumer based on a pre-defined custom fee. Custom fees can be configured in the Multi Portal.

The fees collected will be deposited into your Revenue Account. The balance and transaction history of your revenue account can be viewed in the Multi Portal.

Authorizations:

auth_tokenapi_key

header Parameters

idempotency-ref

string

A unique call reference generated by the caller that, taking into consideration the payload as well as the operation itself, helps avoid duplicate operations. Idempotency reference uniqueness is maintained for at least 24 hours.

Request Body schema: application/json

feeType required	string The fee type as defined in the Multi Portal.
required	object (InstrumentId)

Responses

Request samples

Content type

application/json

{"feeType": "string",
"source": {"id": "string",
"type": "managed_cards"
}
}

Response samples

200
400
409
default

Content type

application/json

{"transactionId": {"type": "AUTHORISATION",
"id": "string"
},
"profileId": "string",
"feeType": "string",
"source": {"id": "string",
"type": "managed_cards"
},
"availableBalanceAdjustment": {"currency": "str",
"amount": 0
},
"retryAuthor": {"type": "string",
"id": "string"
},
"retryNote": "string",
"state": "INITIALISED",
"creationTimestamp": 0
}

Authorised Users

Corporate and Consumer identities can invite authorised users to access their account. Once on-boarded, authorised users can create and manage instruments and transactions on behalf of the identity they are on-boarded with.
With the access_token representing the identity and the consent of the identity, you will be able to create and invite authorised users for the Identity.

Creating and inviting users on behalf of identities are restricted features; by default these endpoints are not available for use.

Create a user

Creates a user linked to the identity represented by the access_token.

Creating authorised users on behalf of an identity is a restricted feature and by default, this functionality is not available for use.

Authorizations:

auth_tokenapi_key

header Parameters

idempotency-ref

string

A unique call reference generated by the caller that, taking into consideration the payload as well as the operation itself, helps avoid duplicate operations. Idempotency reference uniqueness is maintained for at least 24 hours.

Request Body schema: application/json

name required	string <= 20 characters The first name of the user.
surname required	string <= 20 characters The last name of the user.
email required	string <email> (Email) E-mail Address of the user
	object (Mobile)
	object (Date)
tag	string (Tag) <= 50 characters ^[a-zA-Z0-9_-]+$ The tag field is a custom field that can be used to search and filter.

Responses

Request samples

Content type

application/json

{"name": "string",
"surname": "string",
"email": "user@example.com",
"mobile": {"countryCode": "string",
"number": "string"
},
"dateOfBirth": {"year": 1900,
"month": 1,
"day": 1
},
"tag": "string"
}

Response samples

200
400
404
409
default

Content type

application/json

{"id": "string",
"identity": {"type": "CONSUMER",
"id": "string"
},
"name": "string",
"surname": "string",
"email": "user@example.com",
"mobile": {"countryCode": "string",
"number": "string"
},
"active": true,
"dateOfBirth": {"year": 1900,
"month": 1,
"day": 1
},
"tag": "string"
}

Send a user invite

Once a user is created using the userCreate operation, the user needs to setup his/her password.

An invitation needs to be sent to the user in order to be able to set up the password for the first time. The invitation email, which remains valid for 1 month, will contain a URL having all information required to setup the password.

Inviting authorised users on behalf of an identity is a restricted feature and by default, this functionality is not available for use.

Authorizations:

auth_tokenapi_key

path Parameters

user_id

required

string (UserId) ^[0-9]+$

The unique identifier for the user.

Responses

Request samples

curl -i -X POST \
  https://sandbox.weavr.io/multi/backoffice/users/:user_id/invite \
  -H 'Authorization: Bearer <YOUR_JWT_HERE>' \
  -H 'api-key: YOUR_API_KEY_HERE'

Response samples

400
404
409
default

Content type

application/json

{"message": "string",
"syntaxErrors": {"invalidFields": [{"params": ["string"
],
"fieldName": "string",
"error": "REQUIRED"
}
]
}
}

Managed Accounts

Managed Accounts are a type of financial instrument offered by Weavr. They hold funds for their owner, and can be upgraded to IBANs so as to receive and send funds to instruments outside of the Weavr Platform, via Wire Transfers. These accounts can also be used as sources and destinations in the transfer transaction.

With the access_token representing the identity and the consent of the identity, you will be able to operations on the identity's managed accounts, such as getting a managed account's details and retrieving its statement.

Get a managed account

Fetch the managed account identified by the id in path.

Authorizations:

auth_tokenapi_key

path Parameters

id

required

string^[0-9]+$

The unique identifier of the Managed Account.

Responses

Request samples

curl -i -X GET \
  https://sandbox.weavr.io/multi/backoffice/managed_accounts/:id \
  -H 'Authorization: Bearer <YOUR_JWT_HERE>' \
  -H 'api-key: YOUR_API_KEY_HERE'

Response samples

200
400
403
404
default

Content type

application/json

{"id": "string",
"profileId": "string",
"tag": "string",
"friendlyName": "string",
"currency": "str",
"balances": {"availableBalance": 0,
"actualBalance": 0
},
"state": {"state": "ACTIVE",
"blockedReason": "USER",
"destroyedReason": "SYSTEM"
},
"creationTimestamp": 0
}

Get a managed account statement

Returns a list of transactions against the managed account identified by the id path parameter, matching the criteria provided in the request.

Authorizations:

auth_tokenapi_key

path Parameters

id

required

string^[0-9]+$

The unique identifier of the managed account.

query Parameters

offset	integer <int32> >= 0 The offset value for paging, indicating the initial item number to be returned from the data set satisfying the given criteria. Leave out to fetch the first page of results.
limit	integer <int32> [ 1 .. 100 ] The limit of the results for paging, starting at the offset. Limit is always capped at 100.
orderByTimestamp	string Orders the result in ascending or descending order. ASC: Ascending order, oldest transactions first. DESC: Descending order, most recent transactions first. If not specified, the transactions will be returned in descending order. Enum: "ASC" "DESC"
fromTimestamp	integer <int64> Filter for transactions having transaction timestamp after `fromTimestamp`. Timestamp is expressed in Epoch timestamp using millisecond precision. Leave out to fetch all managed accounts.
toTimestamp	integer <int64> Filter for transactions having transaction timestamp before `toTimestamp`. Timestamp is expressed in Epoch timestamp using millisecond precision. Leave out to fetch all managed accounts. Must be higher than fromTimestamp if both parameters are provided.
showFundMovementsOnly	boolean Deprecated. Use singleEntryPerTransaction instead. Returns only the entries which contain fund movements.
singleEntryPerTransaction	boolean Returns transactions that span multiple movements as a single entry. Only includes transactions that have been completed. Defaults to true for PDF statements, false otherwise. Note: due to the fact that only completed transactions are included, some transactions that are in progress and have modified the balance of the instrument will not be shown, which could lead to seemingly inconsistent balance being displayed.

header Parameters

accept

string

A request parameter specifying the type of response the client would like. Must be one of application/json, application/pdf or text/csv.

The default response type (application/json) will be returned if specified incorrectly or not specified.

Responses

Request samples

curl -i -X GET \
  'https://sandbox.weavr.io/multi/backoffice/managed_accounts/:id/statement?offset=0&limit=1&orderByTimestamp=ASC&fromTimestamp=0&toTimestamp=0&showFundMovementsOnly=true&singleEntryPerTransaction=true' \
  -H 'Authorization: Bearer <YOUR_JWT_HERE>' \
  -H 'accept: string' \
  -H 'api-key: YOUR_API_KEY_HERE'

Response samples

200
400
403
404
default

Content type

{"entry": [{"transactionId": {"type": "AUTHORISATION",
"id": "string"
},
"entryState": "PENDING",
"originalAmount": {"currency": "str",
"amount": 0
},
"forexRate": {"value": 0,
"scale": -128
},
"transactionAmount": {"currency": "str",
"amount": 0
},
"availableBalanceAdjustment": {"currency": "str",
"amount": 0
},
"actualBalanceAdjustment": {"currency": "str",
"amount": 0
},
"balanceAfter": {"currency": "str",
"amount": 0
},
"availableBalanceAfter": {"currency": "str",
"amount": 0
},
"actualBalanceAfter": {"currency": "str",
"amount": 0
},
"transactionFee": {"currency": "str",
"amount": 0
},
"cardholderFee": {"currency": "str",
"amount": 0
},
"processedTimestamp": 0,
"sourceAmount": {"currency": "str",
"amount": 0
},
"additionalFields": {"property1": "string",
"property2": "string"
}
}
],
"count": 0,
"responseCount": 0,
"startBalance": {"currency": "str",
"amount": 0
},
"endBalance": {"currency": "str",
"amount": 0
},
"footer": "string"
}

Managed Cards

Managed Cards are a type of financial instrument offered by Weavr. Cards created in prepaid mode have their own balance, whereas those created in debit mode tap into the balance of their parent Managed Accounts. Apart from being used at merchants for puchases, prepaid mode cards can also be used as sources and destinations in the transfer transaction.

With the access_token representing the identity and the consent of the identity, you will be able to perform operations on the identity's Managed Cards, such as getting a Managed Card's details and managing its spend rules.

Get a managed card

Returns all details of the managed card identified by the id path parameter.

Authorizations:

auth_tokenapi_key

path Parameters

id

required

string^[0-9]+$

The unique identifier of a card.

Responses

Request samples

curl -i -X GET \
  https://sandbox.weavr.io/multi/backoffice/managed_cards/:id \
  -H 'Authorization: Bearer <YOUR_JWT_HERE>' \
  -H 'api-key: YOUR_API_KEY_HERE'

Response samples

200
400
404
default

Content type

application/json

Example

{"id": "string",
"profileId": "string",
"externalHandle": "string",
"tag": "string",
"friendlyName": "string",
"currency": "str",
"state": {"state": "ACTIVE",
"blockedReason": "USER",
"destroyedReason": "SYSTEM"
},
"type": "VIRTUAL",
"cardBrand": "MASTERCARD",
"cardNumber": {"value": "string"
},
"cvv": {"value": "str"
},
"cardNumberFirstSix": "string",
"cardNumberLastFour": "string",
"nameOnCard": "string",
"nameOnCardLine2": "string",
"startMmyy": "stri",
"expiryMmyy": "stri",
"cardLevelClassification": "CONSUMER",
"expiryPeriodMonths": 1,
"renewalType": "RENEW",
"renewalTimestamp": 0,
"creationTimestamp": 0,
"cardholderMobileNumber": "string",
"billingAddress": {"addressLine1": "string",
"addressLine2": "string",
"city": "string",
"postCode": "string",
"state": "string",
"country": "st"
},
"physicalCardDetails": {"bulkDelivery": true,
"productReference": "string",
"carrierType": "string",
"pendingActivation": true,
"pinBlocked": true,
"manufacturingState": "REQUESTED",
"replacement": {"replacementReason": "DAMAGED",
"replacementId": "string"
},
"deliveryAddress": {"name": "string",
"surname": "string",
"addressLine1": "string",
"addressLine2": "string",
"city": "string",
"postCode": "string",
"state": "string",
"country": "st",
"contactNumber": "string"
},
"deliveryMethod": "STANDARD_DELIVERY",
"deliveryTrackingCode": "string",
"deliveryTrackingMethod": "string",
"nameOnCardLine2": "string"
},
"digitalWallets": {"pushProvisioningEnabled": true,
"walletsEnabled": true,
"artworkReference": "string"
},
"authForwardingDefaultTimeoutDecision": "APPROVE",
"threeDSecureAuthConfig": {"linkedUserId": "string",
"primaryChannel": "OTP_SMS",
"fallbackChannel": "OTP_SMS"
},
"mode": "PREPAID_MODE",
"externalData": [{"name": "string",
"value": "string"
}
],
"userId": "string",
"balances": {"availableBalance": 0,
"actualBalance": 0
}
}

Remove a managed card

Destroys the managed card identified by the id path parameter. Unlike block, this action is not reversible.

A managed card must be empty before it can be destroyed using this operation.

Authorizations:

auth_tokenapi_key

path Parameters

id

required

string^[0-9]+$

The unique identifier of a managed card.

Responses

Request samples

curl -i -X POST \
  https://sandbox.weavr.io/multi/backoffice/managed_cards/:id/remove \
  -H 'Authorization: Bearer <YOUR_JWT_HERE>' \
  -H 'api-key: YOUR_API_KEY_HERE'

Response samples

400
404
409
default

Content type

application/json

{"message": "string",
"validationErrors": [{"fieldName": "string",
"message": "string",
"error": "MUST_BE_FALSE",
"params": ["string"
],
"invalidValue": ["string"
]
}
]
}

Block a managed card

Blocks the managed card identified by the id path parameter. This is a reversible action and the card can be unblocked using the managedCardUnblock operation.

Authorizations:

auth_tokenapi_key

path Parameters

id

required

string^[0-9]+$

The unique identifier of a managed card.

Responses

Request samples

curl -i -X POST \
  https://sandbox.weavr.io/multi/backoffice/managed_cards/:id/block \
  -H 'Authorization: Bearer <YOUR_JWT_HERE>' \
  -H 'api-key: YOUR_API_KEY_HERE'

Response samples

400
404
409
default

Content type

application/json

{"message": "string",
"validationErrors": [{"fieldName": "string",
"message": "string",
"error": "MUST_BE_FALSE",
"params": ["string"
],
"invalidValue": ["string"
]
}
]
}

Unblock a managed card

Unblocks the managed card identified by the id path parameter. The managed card must have state.blockedReason as USER so that it can be unblocked. If the managed card was blocked by SYSTEM, users cannot unblock it.

Authorizations:

auth_tokenapi_key

path Parameters

id

required

string^[0-9]+$

The unique identifier of the managed card.

Responses

Request samples

curl -i -X POST \
  https://sandbox.weavr.io/multi/backoffice/managed_cards/:id/unblock \
  -H 'Authorization: Bearer <YOUR_JWT_HERE>' \
  -H 'api-key: YOUR_API_KEY_HERE'

Response samples

400
404
409
default

Content type

application/json

{"message": "string",
"validationErrors": [{"fieldName": "string",
"message": "string",
"error": "MUST_BE_FALSE",
"params": ["string"
],
"invalidValue": ["string"
]
}
]
}

Get all spend rules for a managed card

Fetch the list of spend rules associated with the managed card identified by the id path parameter.

Authorizations:

auth_tokenapi_key

path Parameters

id

required

string^[0-9]+$

Responses

Request samples

curl -i -X GET \
  https://sandbox.weavr.io/multi/backoffice/managed_cards/:id/spend_rules \
  -H 'Authorization: Bearer <YOUR_JWT_HERE>' \
  -H 'api-key: YOUR_API_KEY_HERE'

Response samples

200
400
404
default

Content type

application/json

{"allowedMerchantCategories": ["string"
],
"blockedMerchantCategories": ["string"
],
"allowedMerchantIds": ["string"
],
"blockedMerchantIds": ["string"
],
"allowedMerchantCountries": ["st"
],
"blockedMerchantCountries": ["st"
],
"allowContactless": true,
"allowAtm": true,
"allowECommerce": true,
"allowCashback": true,
"allowCreditAuthorisations": true,
"minTransactionAmount": 0,
"maxTransactionAmount": 0,
"spendLimit": [{"value": {"currency": "str",
"amount": 0
},
"interval": "DAILY"
}
],
"cardLevelSpendRules": {"allowedMerchantCategories": ["string"
],
"blockedMerchantCategories": ["string"
],
"allowedMerchantIds": ["string"
],
"blockedMerchantIds": ["string"
],
"allowedMerchantCountries": ["st"
],
"blockedMerchantCountries": ["st"
],
"allowContactless": true,
"allowAtm": true,
"allowECommerce": true,
"allowCashback": true,
"allowCreditAuthorisations": true,
"spendLimit": [{"value": {"currency": "str",
"amount": 0
},
"interval": "DAILY"
}
],
"minTransactionAmount": 0,
"maxTransactionAmount": 0
},
"profileLevelSpendRules": {"allowedMerchantCategories": ["string"
],
"blockedMerchantCategories": ["string"
],
"allowedMerchantIds": ["string"
],
"blockedMerchantIds": ["string"
],
"allowedMerchantCountries": ["st"
],
"blockedMerchantCountries": ["st"
],
"allowContactless": true,
"allowAtm": true,
"allowECommerce": true,
"allowCashback": true,
"allowCreditAuthorisations": true,
"authForwardingEnabled": true
},
"identityLevelSpendRules": {"allowedMerchantCategories": ["string"
],
"blockedMerchantCategories": ["string"
],
"allowedMerchantIds": ["string"
],
"blockedMerchantIds": ["string"
],
"allowedMerchantCountries": ["st"
],
"blockedMerchantCountries": ["st"
],
"allowContactless": true,
"allowAtm": true,
"allowECommerce": true,
"allowCashback": true,
"allowCreditAuthorisations": true,
"minTransactionAmount": 0,
"maxTransactionAmount": 0
}
}

Create spend rules for a managed card

Create the spend rules associated with the managed card identified by the id path parameter.

Authorizations:

auth_tokenapi_key

path Parameters

id

required

string^[0-9]+$

Request Body schema: application/json

allowedMerchantCategories	Array of strings <= 50 items Whitelist MCC: A list of allowed merchant category codes (MCCs). If the MCC does not match, then the transaction will be declined. If an MCC is also in the blocked list, the blocked list will take precedence.
blockedMerchantCategories	Array of strings <= 50 items Blacklist MCC: A list of disallowed merchant category codes (MCCs). If the MCC matches, then the transaction will be declined. If an MCC is also in the allowed list, the blocked list will take precedence.
allowedMerchantIds	Array of strings <= 50 items Whitelist Merchant Id: A list of allowed merchant IDs. If the Merchant Id does not match, then the transaction will be declined. If a Merchant Id is also provided in the blocked list, the blocked list will take precedence.
blockedMerchantIds	Array of strings <= 50 items Blacklist Merchant Id: A list of disallowed merchant IDs. If the Merchant Id matches, then the transaction will be declined. If a Merchant Id is also in the allowed list, the blocked list will take precedence.
allowedMerchantCountries	Array of strings <= 50 items Whitelist Merchant Country: A list of allowed merchant countries, in ISO 3166-1 alpha-2 format. If the Merchant country does not match, then the transaction will be declined. If a Merchant Country is also provided in the blocked list, the blocked list will take precedence.
blockedMerchantCountries	Array of strings <= 50 items Blacklist Merchant Country: A list of disallowed merchant countries, in ISO 3166-1 alpha-2 format. If the Merchant country matches, then the transaction will be declined. If a Merchant Country is also in the allowed list, the blocked list will take precedence.
allowContactless	boolean Indicates if a contactless transaction is allowed on the card.
allowAtm	boolean Indicates if an ATM Withdrawal transaction is allowed on the card.
allowECommerce	boolean Indicates if an online transaction is allowed on the card.
allowCashback	boolean Indicates if a cashback transaction at a physical terminal is allowed on the card.
allowCreditAuthorisations	boolean Indicates if a the card can receive a credit transaction.
	Array of objects (SpendLimit) The total amount of funds that can be spent using this card, in a given time interval.
minTransactionAmount	integer <int64> >= 0 The minimum transaction amount, in card currency, that is allowed. If the transaction amount is less than this value, then the transaction will be declined.
maxTransactionAmount	integer <int64> >= 0 The maximum transaction amount, in card currency, that is allowed. If the transaction amount is greater than this value, then the transaction will be declined.

Responses

Request samples

Content type

application/json

{"allowedMerchantCategories": ["string"
],
"blockedMerchantCategories": ["string"
],
"allowedMerchantIds": ["string"
],
"blockedMerchantIds": ["string"
],
"allowedMerchantCountries": ["st"
],
"blockedMerchantCountries": ["st"
],
"allowContactless": true,
"allowAtm": true,
"allowECommerce": true,
"allowCashback": true,
"allowCreditAuthorisations": true,
"spendLimit": [{"value": {"currency": "str",
"amount": 0
},
"interval": "DAILY"
}
],
"minTransactionAmount": 0,
"maxTransactionAmount": 0
}

Response samples

400
404
409
default

Content type

application/json

{"message": "string",
"validationErrors": [{"fieldName": "string",
"message": "string",
"error": "MUST_BE_FALSE",
"params": ["string"
],
"invalidValue": ["string"
]
}
]
}

Update spend rules for a managed card

Must be user after a POST, to update individual spend rules associated with the managed card identified by the id path parameter.

Authorizations:

auth_tokenapi_key

path Parameters

id

required

string^[0-9]+$

Request Body schema: application/json

allowedMerchantCategories	Array of strings <= 50 items Whitelist MCC: A list of allowed merchant category codes (MCCs). If the MCC does not match, then the transaction will be declined. If an MCC is also in the blocked list, the blocked list will take precedence.
blockedMerchantCategories	Array of strings <= 50 items Blacklist MCC: A list of disallowed merchant category codes (MCCs). If the MCC matches, then the transaction will be declined. If an MCC is also in the allowed list, the blocked list will take precedence.
allowedMerchantIds	Array of strings <= 50 items Whitelist Merchant Id: A list of allowed merchant IDs. If the Merchant Id does not match, then the transaction will be declined. If a Merchant Id is also provided in the blocked list, the blocked list will take precedence.
blockedMerchantIds	Array of strings <= 50 items Blacklist Merchant Id: A list of disallowed merchant IDs. If the Merchant Id matches, then the transaction will be declined. If a Merchant Id is also in the allowed list, the blocked list will take precedence.
allowedMerchantCountries	Array of strings <= 50 items Whitelist Merchant Country: A list of allowed merchant countries, in ISO 3166-1 alpha-2 format. If the Merchant country does not match, then the transaction will be declined. If a Merchant Country is also provided in the blocked list, the blocked list will take precedence.
blockedMerchantCountries	Array of strings <= 50 items Blacklist Merchant Country: A list of disallowed merchant countries, in ISO 3166-1 alpha-2 format. If the Merchant country matches, then the transaction will be declined. If a Merchant Country is also in the allowed list, the blocked list will take precedence.
allowContactless	boolean Indicates if a contactless transaction is allowed on the card.
allowAtm	boolean Indicates if an ATM Withdrawal transaction is allowed on the card.
allowECommerce	boolean Indicates if an online transaction is allowed on the card.
allowCashback	boolean Indicates if a cashback transaction at a physical terminal is allowed on the card.
allowCreditAuthorisations	boolean Indicates if a the card can receive a credit transaction.
	Array of objects (SpendLimit) The total amount of funds that can be spent using this card, in a given time interval.
minTransactionAmount	integer <int64> >= 0 The minimum transaction amount, in card currency, that is allowed. If the transaction amount is less than this value, then the transaction will be declined.
maxTransactionAmount	integer <int64> >= 0 The maximum transaction amount, in card currency, that is allowed. If the transaction amount is greater than this value, then the transaction will be declined.
updateSpendLimitMethod	string (SpendLimitUpdateMethod) The spend limit update method to apply. Currently supported: OVERWRITE: (default option if nothing selected). Overwrites the previous values for the spendLimit object i.e. sets new limits INCREMENT : This will increase the existing value of the spend limit by the amount input the value field. If used in conjunction with an ALWAYS interval, this can be used to increment a spend limit on a periodic basis (controlled by you, e.g. monthly), and means that any 'unused' balance from the previous period will still available to spend. See examples in our documentation Enum: "OVERWRITE" "INCREMENT"

Responses

Request samples

Content type

application/json

{"allowedMerchantCategories": ["string"
],
"blockedMerchantCategories": ["string"
],
"allowedMerchantIds": ["string"
],
"blockedMerchantIds": ["string"
],
"allowedMerchantCountries": ["st"
],
"blockedMerchantCountries": ["st"
],
"allowContactless": true,
"allowAtm": true,
"allowECommerce": true,
"allowCashback": true,
"allowCreditAuthorisations": true,
"spendLimit": [{"value": {"currency": "str",
"amount": 0
},
"interval": "DAILY"
}
],
"minTransactionAmount": 0,
"maxTransactionAmount": 0,
"updateSpendLimitMethod": "OVERWRITE"
}

Response samples

400
404
409
default

Content type

application/json

{"message": "string",
"validationErrors": [{"fieldName": "string",
"message": "string",
"error": "MUST_BE_FALSE",
"params": ["string"
],
"invalidValue": ["string"
]
}
]
}

Delete all spend rules for a managed card

Remove all spend rules associated with the managed card identified by the id path parameter.

Authorizations:

auth_tokenapi_key

path Parameters

id

required

string^[0-9]+$

Responses

Request samples

curl -i -X DELETE \
  https://sandbox.weavr.io/multi/backoffice/managed_cards/:id/spend_rules \
  -H 'Authorization: Bearer <YOUR_JWT_HERE>' \
  -H 'api-key: YOUR_API_KEY_HERE'

Response samples

400
404
default

Content type

application/json

{"message": "string",
"validationErrors": [{"fieldName": "string",
"message": "string",
"error": "MUST_BE_FALSE",
"params": ["string"
],
"invalidValue": ["string"
]
}
]
}

Get a managed card statement

Returns a list of transactions against the managed card identified by the id path parameter, matching the criteria provided in the request.

Authorizations:

auth_tokenapi_key

path Parameters

id

required

string^[0-9]+$

The unique identifier of a managed card.

query Parameters

offset	integer <int32> >= 0 The offset value for paging, indicating the initial item number to be returned from the data set satisfying the given criteria. Leave out to fetch the first page of results.
limit	integer <int32> [ 1 .. 100 ] The limit of the results for paging, starting at the offset. Limit is always capped at 100.
orderByTimestamp	string Orders the result in ascending or descending order. ASC: Ascending order, oldest transactions first. DESC: Descending order, most recent transactions first. If not specified, the transactions will be returned in descending order. Enum: "ASC" "DESC"
fromTimestamp	integer <int64> Filter for transactions having transaction timestamp after `fromTimestamp`. Timestamp is expressed in Epoch timestamp using millisecond precision. Leave out to fetch all managed accounts.
toTimestamp	integer <int64> Filter for transactions having transaction timestamp before `toTimestamp`. Timestamp is expressed in Epoch timestamp using millisecond precision. Leave out to fetch all managed accounts. Must be higher than fromTimestamp if both parameters are provided.
singleEntryPerTransaction	boolean Returns transactions that span multiple movements as a single entry. Only includes transactions that have been completed. Defaults to true for PDF statements, false otherwise. Note: due to the fact that only completed transactions are included, some transactions that are in progress and have modified the balance of the instrument will not be shown, which could lead to seemingly inconsistent balance being displayed.

header Parameters

accept

string

A request parameter specifying the type of response the client would like. Must be one of application/json, application/pdf or text/csv.

The default response type (application/json) will be returned if specified incorrectly or not specified.

Responses

Request samples

curl -i -X GET \
  'https://sandbox.weavr.io/multi/backoffice/managed_cards/:id/statement?offset=0&limit=1&orderByTimestamp=ASC&fromTimestamp=0&toTimestamp=0&singleEntryPerTransaction=true' \
  -H 'Authorization: Bearer <YOUR_JWT_HERE>' \
  -H 'accept: string' \
  -H 'api-key: YOUR_API_KEY_HERE'

Response samples

200
400
403
404
default

Content type

{"entry": [{"transactionId": {"type": "AUTHORISATION",
"id": "string"
},
"entryState": "PENDING",
"originalAmount": {"currency": "str",
"amount": 0
},
"forexRate": {"value": 0,
"scale": -128
},
"transactionAmount": {"currency": "str",
"amount": 0
},
"availableBalanceAdjustment": {"currency": "str",
"amount": 0
},
"actualBalanceAdjustment": {"currency": "str",
"amount": 0
},
"balanceAfter": {"currency": "str",
"amount": 0
},
"availableBalanceAfter": {"currency": "str",
"amount": 0
},
"actualBalanceAfter": {"currency": "str",
"amount": 0
},
"transactionFee": {"currency": "str",
"amount": 0
},
"cardholderFee": {"currency": "str",
"amount": 0
},
"processedTimestamp": 0,
"sourceAmount": {"currency": "str",
"amount": 0
},
"additionalFields": {"property1": "string",
"property2": "string"
}
}
],
"count": 0,
"responseCount": 0,
"startBalance": {"currency": "str",
"amount": 0
},
"endBalance": {"currency": "str",
"amount": 0
},
"footer": "string"
}

Transfers

Create a transfer transaction

Transfers funds between managed accounts and managed cards belonging to the same corporate or consumer identity.

The Transfer Profile (configured in the Multi Portal) specified determines the behaviour and restrictions of the transaction (for example, fees).

Authorizations:

auth_tokenapi_key

header Parameters

idempotency-ref

string

A unique call reference generated by the caller that, taking into consideration the payload as well as the operation itself, helps avoid duplicate operations. Idempotency reference uniqueness is maintained for at least 24 hours.

Request Body schema: application/json

profileId required	string (ProfileId) ^[0-9]+$ The profile Id which a specific identity, instrument or transaction type is linked to. Profiles contain configuration and determine behavioral aspects of the newly created transaction, for example, fees that may apply. You can have one or more profiles linked to your application, and these can be used to drive different behaviors according to your product's needs. Profile Ids can be found in the Multi Portal, in the API Credentials page.
tag	string (Tag) <= 50 characters ^[a-zA-Z0-9_-]+$ The tag field is a custom field that can be used to search and filter.
required	object (InstrumentId)
description	string <= 255 characters ^[a-zA-Z0-9\\/\\-?:().$_,'+\\s#=!\"%&*<>;\\{@... The description details that are included in the transaction as reference.
required	object (InstrumentId)
required	object (CurrencyAmount) The object representing a monetary amount in a particular currency.
scheduledTimestamp	string (ScheduledTimestamp) ^[0-9]+$ The epoch timestamp at which the transaction is scheduled to be executed.

Responses

Request samples

Content type

application/json

{"profileId": "string",
"tag": "string",
"source": {"id": "string",
"type": "managed_cards"
},
"description": "string",
"destination": {"id": "string",
"type": "managed_cards"
},
"destinationAmount": {"currency": "str",
"amount": 0
},
"scheduledTimestamp": "string"
}

Response samples

200
400
409
default

Content type

application/json

{"id": "string",
"profileId": "string",
"tag": "string",
"source": {"id": "string",
"type": "managed_cards"
},
"destination": {"id": "string",
"type": "managed_cards"
},
"destinationAmount": {"currency": "str",
"amount": 0
},
"description": "string",
"state": "INITIALISED",
"creationTimestamp": 0,
"scheduledTimestamp": "string",
"executionTimestamp": "string",
"cancellationReason": "string"
}

Get all transfer transactions

Retrieves all the transfer transactions performed by the logged-in identity.

Authorizations:

auth_tokenapi_key

query Parameters

offset	integer <int32> >= 0 The offset value for paging, indicating the initial item number to be returned from the data set satisfying the given criteria. Leave out to fetch the first page of results.
limit	integer <int32> [ 1 .. 100 ] The limit of the results for paging, starting at the offset. Limit is always capped at 100.
profileId	string (ProfileId) ^[0-9]+$ Filter by the transfer profile. Leave out to fetch all transfer transactions.
	object (InstrumentId) Filter by the source instrument id.
state	Array of strings (TransactionState) unique Filter by the transfer transaction state. Leave out to fetch all states. Items Enum: "INITIALISED" "COMPLETED" "REJECTED" "FAILED" "PENDING" "SCHEDULED" "CANCELLED"
createdFrom	integer <int64> Filter for transfer transactions created after `createdFrom` timestamp. Timestamp is expressed in Epoch timestamp using millisecond precision. Leave out to fetch all transfers.
createdTo	integer <int64> Filter for transfer transactions created before `createdTo` timestamp. Timestamp is expressed in Epoch timestamp using millisecond precision. Leave out to fetch all transfers.
tag	string Filter by the transfer tag. The exact tag must be provided, as wildcards are not supported. Leave out to fetch all entries.

Responses

Request samples

curl -i -X GET \
  'https://sandbox.weavr.io/multi/backoffice/transfers?offset=0&limit=1&profileId=string&id=string&type=managed_cards&state=INITIALISED&createdFrom=0&createdTo=0&tag=string' \
  -H 'Authorization: Bearer <YOUR_JWT_HERE>' \
  -H 'api-key: YOUR_API_KEY_HERE'

Response samples

200
400
403
default

Content type

application/json

{"transfer": [{"id": "string",
"profileId": "string",
"tag": "string",
"source": {"id": "string",
"type": "managed_cards"
},
"destination": {"id": "string",
"type": "managed_cards"
},
"destinationAmount": {"currency": "str",
"amount": 0
},
"description": "string",
"state": "INITIALISED",
"creationTimestamp": 0,
"scheduledTimestamp": "string",
"executionTimestamp": "string",
"cancellationReason": "string"
}
],
"count": 0,
"responseCount": 0
}

Get a transfer transaction

Retrieve the transfer transaction identified by the id path parameter.

Authorizations:

auth_tokenapi_key

path Parameters

id

required

string^[0-9]+$

The unique identifier of the Transfer transaction.

Responses

Request samples

curl -i -X GET \
  https://sandbox.weavr.io/multi/backoffice/transfers/:id \
  -H 'Authorization: Bearer <YOUR_JWT_HERE>' \
  -H 'api-key: YOUR_API_KEY_HERE'

Response samples

200
400
403
404
default

Content type

application/json

{"id": "string",
"profileId": "string",
"tag": "string",
"source": {"id": "string",
"type": "managed_cards"
},
"destination": {"id": "string",
"type": "managed_cards"
},
"destinationAmount": {"currency": "str",
"amount": 0
},
"description": "string",
"state": "INITIALISED",
"creationTimestamp": 0,
"scheduledTimestamp": "string",
"executionTimestamp": "string",
"cancellationReason": "string"
}

Fees

Charge identity a pre-defined custom fee

Charge a fee to the identity identified by the auth token, based on a pre-defined custom fee. Custom fees can be configured in the Multi Portal.

The fees collected will be deposited into your Revenue Account. The balance and transaction history of your revenue account can be viewed in the Multi Portal.

Authorizations:

auth_tokenapi_key

header Parameters

idempotency-ref

string

A unique call reference generated by the caller that, taking into consideration the payload as well as the operation itself, helps avoid duplicate operations. Idempotency reference uniqueness is maintained for at least 24 hours.

Request Body schema: application/json

feeType required	string The fee type as defined in the Multi Portal.
required	object (InstrumentId)

Responses

Request samples

Content type

application/json

{"feeType": "string",
"source": {"id": "string",
"type": "managed_cards"
}
}

Response samples

200
400
404
409
default

Content type

application/json

{"transactionId": {"type": "AUTHORISATION",
"id": "string"
},
"profileId": "string",
"feeType": "string",
"source": {"id": "string",
"type": "managed_cards"
},
"availableBalanceAdjustment": {"currency": "str",
"amount": 0
},
"retryAuthor": {"type": "string",
"id": "string"
},
"retryNote": "string",
"state": "INITIALISED",
"creationTimestamp": 0
}

Operations

Update spend rules for a managed card

Submit the details to update the spend rules of Managed Cards.

The bulkId returned in the response can subsequently be used to launch the updating of Managed Card spend rules process through . A submitted bulk process can be managed (executed, accessed, paused, resumed and cancelled) by any other Authorised User of the same identity of the user that submits the details.

The status of the bulk process after execution of this operation is set to ‘SUBMITTED’. The execution of the bulk process is launched through the Execute bulk process operation.

The submission of data for a bulk process does not expire but it can be cancelled through .

The system is configured to accept bulk requests to process up to a maximum of 10,000 bulk operations.

Each spend rules update operation in this bulk process is processed via Update a Managed Card.

Authorizations:

auth_tokenapi_key

Request Body schema: application/json

Array ()

	object
	object (UpdateCardLevelSpendRules)

Responses

Request samples

Content type

application/json

[{"pathParams": {"_id_": "string"
},
"requestBody": {"allowedMerchantCategories": ["string"
],
"blockedMerchantCategories": ["string"
],
"allowedMerchantIds": ["string"
],
"blockedMerchantIds": ["string"
],
"allowedMerchantCountries": ["st"
],
"blockedMerchantCountries": ["st"
],
"allowContactless": true,
"allowAtm": true,
"allowECommerce": true,
"allowCashback": true,
"allowCreditAuthorisations": true,
"spendLimit": [{"value": {"currency": "str",
"amount": 0
},
"interval": "DAILY"
}
],
"minTransactionAmount": 0,
"maxTransactionAmount": 0,
"updateSpendLimitMethod": "OVERWRITE"
}
}
]

Response samples

201

Content type

application/json

{"bulkId": "string",
"operationCount": 0,
"path": "string"
}

Manage

Get all bulk processes

Filter bulk processes.

query Parameters

offset	integer <int32> >= 0 The offset value for paging, indicating the initial item number to be returned from the data set satisfying the given criteria. Leave out to fetch the first page of results.
limit	integer <int32> [ 1 .. 100 ] The limit of the results for paging, starting at the offset. Limit is always capped at 100.
status	string (BulkProcessStatus) Enum: "SUBMITTED" "RUNNING" "PARTIALLY_COMPLETED" "COMPLETED" "FAILED" "PAUSED" "CANCELLED"

Responses

Request samples

curl -i -X GET \
  'https://sandbox.weavr.io/multi/backoffice/bulks?offset=0&limit=1&status=SUBMITTED'

Response samples

200
400
404
409
default

Content type

application/json

{"count": 0,
"bulk_processes": [{"bulkId": "string",
"status": "string",
"submittedItemsCount": 0
}
],
"responseCount": 0
}

Get bulk process

Retrieves details on the bulk process identified by the bulk_id parameter.

Authorizations:

auth_tokenapi_key

path Parameters

bulk_id

required

string (BulkId) ^[0-9]+$

The bulk id of the bulk process.

Responses

Request samples

curl -i -X GET \
  https://sandbox.weavr.io/multi/backoffice/bulks/:bulk_id \
  -H 'Authorization: Bearer <YOUR_JWT_HERE>' \
  -H 'api-key: YOUR_API_KEY_HERE'

Response samples

200
400
404
default

Content type

application/json

{"bulkId": "string",
"status": "string",
"submittedItemsCount": 0
}

Get all operations in a bulk

Retrieves the bulk process operations that match the query parameters.

Authorizations:

auth_tokenapi_key

path Parameters

bulk_id

required

string (BulkId) ^[0-9]+$

The bulk id of the bulk process.

query Parameters

offset	integer <int32> >= 0 The offset value for paging, indicating the initial item number to be returned from the data set satisfying the given criteria. Leave out to fetch the first page of results.
limit	integer <int32> [ 1 .. 100 ] The limit of the results for paging, starting at the offset. Limit is always capped at 100.
sequence	integer <int64>
status	string (BulkProcessOperationStatus) Enum: "SUBMITTED" "RUNNING" "COMPLETED" "FAILED" "CANCELLED"

Responses

Request samples

curl -i -X GET \
  'https://sandbox.weavr.io/multi/backoffice/bulks/:bulk_id/operations?offset=0&limit=1&sequence=0&status=SUBMITTED' \
  -H 'Authorization: Bearer <YOUR_JWT_HERE>' \
  -H 'api-key: YOUR_API_KEY_HERE'

Response samples

200
400
404
default

Content type

application/json

{"count": 0,
"operations": [{"operationId": "string",
"sequence": 0,
"method": "string",
"path": "string",
"status": "SUBMITTED",
"requestPayload": "string",
"responsePayload": "string"
}
],
"responseCount": 0
}

Execute bulk process

Launches execution of operations of any bulk process identified by the bulk_id parameter.

The status of the bulk process has to be in a ‘SUBMITTED’ state and after execution initiates, the bulk process state is set to ‘RUNNING’.

The final state of execution can be any of

COMPLETED: the execution of the bulk process is complete and all bulk operations of the bulk process were executed successfully

FAILED: none of the operations of the bulk process have executed.

PARTIALLY_COMPLETED: the execution of the bulk process is complete and some of the bulk operations of the bulk process failed.

This operation is asynchronous and will return immediately. You can track the status of the execution of the bulk process through Get bulk process. You can also pause execution through bulkIdPause

Authorizations:

auth_tokenapi_key

path Parameters

bulk_id

required

string (BulkId) ^[0-9]+$

The bulk id of the bulk process.

Request Body schema: application/json

mode

string (BulkProcessMode)

ON_FAILURE_STOP : the execution of the bulk process stops after the first bulk operation that fails (operation returns a 4xx or 5xx response code). ON_FAILURE_CONTINUE: the execution of the bulk process resumes as normal even when any of the bulk operations fail.

Enum: "ON_FAILURE_STOP" "ON_FAILURE_CONTINUE"

Responses

Request samples

Content type

application/json

{"mode": "ON_FAILURE_STOP"
}

Response samples

400
404
409
default

Content type

application/json

{"message": "string",
"syntaxErrors": {"invalidFields": [{"params": ["string"
],
"fieldName": "string",
"error": "REQUIRED"
}
]
}
}

Pause bulk process

Pauses the execution of operations of the bulk process that is in state ‘RUNNING’ as identified by the bulk_id parameter.

The status of the bulk process after execution of this operation is set to ‘PAUSED’

The execution can be resumed through bulkIdResume

Authorizations:

auth_tokenapi_key

path Parameters

bulk_id

required

string (BulkId) ^[0-9]+$

The bulk id of the bulk process.

Responses

Request samples

curl -i -X POST \
  https://sandbox.weavr.io/multi/backoffice/bulks/:bulk_id/pause \
  -H 'Authorization: Bearer <YOUR_JWT_HERE>' \
  -H 'api-key: YOUR_API_KEY_HERE'

Response samples

400
404
409
default

Content type

application/json

{"message": "string",
"syntaxErrors": {"invalidFields": [{"params": ["string"
],
"fieldName": "string",
"error": "REQUIRED"
}
]
}
}

Resume bulk process

Resumes the execution of operations of the bulk process that is in state ' PAUSED' as identified by the bulk_id parameter.

The status of the bulk process after execution of this operation is set back to ‘RUNNING’

Authorizations:

auth_tokenapi_key

path Parameters

bulk_id

required

string (BulkId) ^[0-9]+$

The bulk id of the bulk process.

Responses

Request samples

curl -i -X POST \
  https://sandbox.weavr.io/multi/backoffice/bulks/:bulk_id/resume \
  -H 'Authorization: Bearer <YOUR_JWT_HERE>' \
  -H 'api-key: YOUR_API_KEY_HERE'

Response samples

400
404
409
default

Content type

application/json

{"message": "string",
"syntaxErrors": {"invalidFields": [{"params": ["string"
],
"fieldName": "string",
"error": "REQUIRED"
}
]
}
}

Cancel bulk process

Cancels the execution of operations of a bulk process that is in state ‘PAUSED’ or ‘RUNNING’ as identified by the bulk_id parameter.

The status of the bulk process after execution of this operation is set to ‘CANCELLED’. This is a final state and a cancelled bulk process cannot be resumed.

Authorizations:

auth_tokenapi_key

path Parameters

bulk_id

required

string (BulkId) ^[0-9]+$

The bulk id of the bulk process.

Responses

Request samples

curl -i -X POST \
  https://sandbox.weavr.io/multi/backoffice/bulks/:bulk_id/cancel \
  -H 'Authorization: Bearer <YOUR_JWT_HERE>' \
  -H 'api-key: YOUR_API_KEY_HERE'

Response samples

400
404
409
default

Content type

application/json

{"message": "string",
"syntaxErrors": {"invalidFields": [{"params": ["string"
],
"fieldName": "string",
"error": "REQUIRED"
}
]
}
}