Platform endpoints
How to call each route group — auth, request/response summary, and caller notes. The formal request/response schema is the OpenAPI contract; these pages link to it rather than restating it. State journeys are in lifecycle.
All routes sit under the global /v1 prefix and require a bearer token (a B2B JWT). Every call is
scoped to the client/brand carried by that token — you only see and act on resources in your own
tenant. Most resource routes also require an active party context; per-route requirements are noted
on each page.
Customer-facing route groups
| Route group | Page |
|---|---|
| Parties — provision, search, get/update/delete, relationships | parties |
| Identity verification (KYX) — initiate, upload, status | parties |
| Accounts — list/open/read, alias, transactions, signatories | accounts |
| Cards — list/create/read, activate/lock/unlock/cancel, PIN, transaction settings | cards |
| Payments — BPAY/BSB/PayID lookups, schemes, validate, initiate | payments |
| Payees — list/read/create/delete | payees |
Scheduled payments — list, cancel (prefix /parties/scheduled) | scheduled-payments |
| Statements — list, download | statements |
| Notifications — send, list, read, cancel, purge | notifications |
| Banking products — catalogue read | banking-products |
| Address — autocomplete, metadata | address |
Operator route groups (/v1/admin/*)
Operator-only; see admin for the auth modes and ordering rules.
| Route group | Page |
|---|---|
| Clients & brands | Clients |
| Products | Products |
| External applications | External applications |
| Routing policies | Routing policies |
| Configuration (business rules) | Configuration |
| Domain-object mapping | Mapping |