Account Management API (LATEST)

API Integration Support: integration@dintero.com License: UNLICENSED

management-auth API

API for managing accounts and authentication

Changelog

All notable changes to the API.

2024-05-31

Extend partner API with additional optional read-only properties for account with most_expensive_product_price, gift_card_revenue_percentage, credit_rating, and currency

2024-04-30

Add support for configuring TOTP MFA for account user

2024-03-31

Add form_submitter to approvals. Add payout_interval_type payout destination approvals.

2024-02-22

Add invites and actions to creation of account

2024-02-01

Add new payment option billie when applying for payment methods

2023-12-01

Add endpoints for Visa Tokenization connection signup

Extend bambora connection with ability to set token_scope

Extend the account user with new aggrement property that can be used to track the terms and conditions accepted by the account user

2023-11-01

Extend partner API with aditional optional properties for account with price_package, sale_channel remove unsupported statistics.latests

Extend partner API with aditional optional read-only properties for account with payment_case_status, projected_sales, average_transaction_value merchant_category_code and delivery_timeline

Add new endpoint for archiving payout destination approvals that are not active.

2023-09-01

Add new endpoint for posting Bambora Direct connection

NB! Deprecates old Bambora connection endpoint:

2023-08-01

Extend partner API with aditional properties for account with statitics.metrics, permissions, company and applicant.

2023-06-01

Extend response bodies with approvals_payments_statuses and approvals_payout_destinations_statuses for partners accounts management.

Add new endpoints for managing Bambora PayFac connections

2023-04-01

2023-01-20

Extend applicants with optional signup_reference.

2022-10-06

Payout destinations are now referred to as Sellers, the data model is unchanged.

2022-07-01

Break Require includes=events.case.contracts to get CDD contract details from cases endpoint. The default response will now by default exclude contract details from response

2022-06-01

Add support for filtering sub-accounts on connection, connection_status and payment_options

2022-04-01

Add support for customer user login via Open ID connect. Configure oidc in the client grant and use the new authorize endpoint to let the user be verified and identified by external authorization server. The authorization code received after authorization received by the user can be used to get a Dintero access token via the token endpoint

2022-02-08

Add new endpoints for initiating a new payout destination application and listing payout destination applications

2022-02-01

2021-06-01

Add support for configuring SMS MFA for account user

2021-03-01

Make Swish cert and passphrase not required

Add support for changing account user password

Add support for authorize when verifying a signup.

2021-02-01

Document 429 Too Many Requests response from

Break: Require ident_type and ident to be include when requesting token with grant_type=authorization_code

Add support for sending verification code for passwordless login via SMS, and session_id={uuid} to resend the same verification code again Remove unsupported request options, send=linkandtype=account`.

2021-01-01

Add support for logging on without MFA even if configured with MFA

Add support for managing account users scopes with roles.

2020-11-01

Extend the endpoint for getting user accounts to include the accounts display_name and icon_url.

Add support for account users authenticated by external Identity providers. External authentication is limited to account users created with authentication_type=external.

Following endpoints has been updated to allow Bearer authorization using ID token issued by external Identity provider.

Account has been updated with jwks.uri property that is required to validate the ID tokens issued by external identity providers.

2020-09-01

Add new endpoint for handling HTTP redirect with ID token query parameter

Add new endpoint for uploading assets

2020-01-31

Add support for applicant.agreement.attachments

Add support for enabling MFA (OOB) for auth users.

2019-12-31

Extend the AccountApplicant with support for promo_code and utm campaign codes.

2019-11-31

Add support for creating client with description

2019-09-31

Extend settings with PayEx connections

2019-06-31

The scope required for accessing endpoint has changed, we will continue to support the old scopes but they was removed from the documentation

Support search, limit and starting_after query parameter when listing partner accounts

Support for issuing exchange token for a sub-account, to allow partner accounts to manage sub accounts.

2019-05-31

Support for including a Refresh Token when requesting an Access Token. Use grant-type=refresh_token to get an Access Token from a Refresh Token.

Support for revoking a Refresh Token

2018-12-17

Rename typo in Account definition All bussiness_name properties renamed to business_name

authenticate

Authorize Passwordless link

This endpoint is used to authorize Passwordless link sent to user by email/sms.

A valid request will redirect to This is the OAuth 2.0 grant that Client-side web apps utilize in order to access an API.

Authorizations:
JWT
path Parameters
oid
required
string <^[PT]{1}(?=(?:.{3}|.{8})$)[0-9]*$>

An id that uniquely identifies the account or owner (partner)

query Parameters
audience
required
string

The unique identifier of the target API you want to access.

response_type
required
string
Value: "authenticate"

This will specify the type of token you will receive at the end of the flow. Use token to get only an access_token

If response_type=token, after the user authenticates with the provider, this will redirect them to your application callback URL while passing the access_token in the address location.hash. This is used for Single Page Apps and on Native Mobile SDKs.

client_id
required
string

Your application's Client ID.

verification_code
required
string

one-time verification-code

scope
string
Value: "openid"

The scopes which you want to request authorization for.

state
string

An opaque value the clients adds to the initial request that Dintero includes when redirecting the back to the client. This value must be used by the client to prevent CSRF attacks.

redirect_uri
string

The URL to which Dintero will redirect the browser after authorization has been granted by the user.

The redirect_uri value must be specified as a valid callback URL under your Client's Settings.

connection
string

The name of the connection configured to your client.

Responses

Response samples

Content type
application/json
{
  • "error": {
    }
}

Authorize with OIDC

Authorizations:
JWT
path Parameters
oid
required
string <^[PT]{1}(?=(?:.{3}|.{8})$)[0-9]*$>

An id that uniquely identifies the account or owner (partner)

query Parameters
audience
required
string

The unique identifier of the target API you want to access. The audience must have a Grant with OIDC configured

response_type
required
string
Value: "code"
client_id
required
string

The client_id of your application

redirect_uri
required
string

The URL to redirect after authorization has been granted by the user.

scope
string

Scope of the access request, space-separated list.

client_token
string
Example: client_token=eyJhbGci...t7P4

Authorization token to use if no authorization header is included

Responses

Response samples

Content type
application/json
{
  • "error": {
    }
}

Token verified by OIDC

Use this endpoint to obtains an access token by presenting its authorization grant

scopes:

  • write:accounts:/auth/users
Authorizations:
JWT
path Parameters
oid
required
string <^[PT]{1}(?=(?:.{3}|.{8})$)[0-9]*$>

An id that uniquely identifies the account or owner (partner)

Request Body schema: application/json
required
audience
required
string

The unique identifier of the target API you want to access. The audience must be a grant associated with the client that has oidc configured

code
required
string
grant_type
required
string
Value: "authorization_code"
client_id
required
string
redirect_uri
string

The redirect URL which the user agent is redirected to after finishing a login.

Responses

Request samples

Content type
application/json
{}

Response samples

Content type
application/json
{
  • "access_token": "eyJhbGci...t7P4",
  • "token_type": "Bearer",
  • "expires_in": 86400,
  • "user_info": {}
}

Passwordless

Passwordless connections do not require the user to remember a password. Instead, another mechanism is used to prove identity, such as a one-time code sent through email or SMS, every time the account user logs in.

  • The client_id/audience must have a grant with type authorization_code to allow sending verification-code
  • This endpoint is designed to be called from the client-side and is subjected to rate limits

scopes:

  • admin:accounts
  • write:accounts
  • write:accounts:/auth/passwordless
  • write:accounts:/auth/passwordless-sms
  • write:accounts:/auth/passwordless-email
Authorizations:
JWT
path Parameters
oid
required
string <^[PT]{1}(?=(?:.{3}|.{8})$)[0-9]*$>

An id that uniquely identifies the account or owner (partner)

Request Body schema: application/json
required
client_id
required
string
connection
required
string
Enum: "email" "sms"

How to send the code to the user.

audience
required
string

The unique identifier of the target API you want to access.

email
string

The user's email address

type
string
Default: "customer"
Enum: "company" "customer"

Passwordless for type company/customer requires that the email is registered to a customers users

send
string
Default: "code"
Value: "code"

Use code to send a verification code.

login_session_id
string

Use login_session_id to resend the same verifcation code to an alternative connection.

Responses

Request samples

Content type
application/json
{
  • "audience": "string",
  • "client_id": "string",
  • "connection": "email",
  • "email": "string",
  • "type": "company",
  • "send": "code",
  • "login_session_id": "string"
}

Response samples

Content type
application/json
{
  • "error": {
    }
}

Passwordless Code

Passwordless connections do not require the user to remember a password. Instead, another mechanism is used to prove identity, such as a one-time code sent through email or SMS, every time the account user logs in.

Use this endpoint to generate a one-time verification-code that can be sent to the user.

The client_id/audience must have a grant with type authorization_code to allow creating a verification-code

scopes:

  • admin:accounts
  • write:accounts
  • write:accounts:/auth/passwordless/code
Authorizations:
JWT
path Parameters
oid
required
string <^[PT]{1}(?=(?:.{3}|.{8})$)[0-9]*$>

An id that uniquely identifies the account or owner (partner)

Request Body schema: application/json
required
audience
required
string

The unique identifier of the target API you want to grant the user

client_id
required
string

The client whoose grants will be granted to the user, the

user_id
required
string

The user_id / subject to grant access

Responses

Request samples

Content type
application/json
{
  • "audience": "string",
  • "client_id": "string",
  • "user_id": "string"
}

Response samples

Content type
application/json
{
  • "verification_code": "string"
}

Redirect with ID token

Use this endpoint to redirect to an URL with a ID token added.

Authorizations:
JWT
path Parameters
oid
required
string <^[PT]{1}(?=(?:.{3}|.{8})$)[0-9]*$>

An id that uniquely identifies the account or owner (partner)

Request Body schema: application/json
required
redirect_uri
required
string <uri> ^https?://.*

The HTTP URL to redirect to

object <= 5 properties

Include custom claims to the ID token. Custom claims will be prefixed by ext_.

claims
Array of strings
Items Enum: "name" "email"

Specify optional claims to include in the ID token

Responses

Request samples

Content type
application/json
{
  • "redirect_uri": "http://example.com",
  • "custom_claims": {
    },
  • "claims": [
    ]
}

Response samples

Content type
application/json

Revoke Token

Use this endpoint to invalidate a Refresh Token if it has been compromised.

scopes:

  • admin:accounts
  • write:accounts
  • create:accounts:auth:refresh_token
Authorizations:
JWT
path Parameters
oid
required
string <^[PT]{1}(?=(?:.{3}|.{8})$)[0-9]*$>

An id that uniquely identifies the account or owner (partner)

Request Body schema: application/json
required
token
required
string

Responses

Request samples

Content type
application/json
{
  • "token": "YOUR_REFRESH_TOKEN"
}

Response samples

Content type
application/json
{ }

Get Token

Use this endpoint to directly request an access_token

Client Access Token

Use HTTP Basic authentication scheme for authenticating grant_type client_credentials, use client_id/client_secret as user/password.

Code/Password Token

Use HTTP Bearer authentication scheme for authenticating grant_type authorization_code or password, where the Bearer value must be a JWT toke with access to the token endpoint.

Account User Token

Use HTTP Bearer authentication scheme for authenticating grant_type account_user_token, where the Bearer value must be a account user JWT token.

Use ID token as Bearer toke if the user was authenticated externally. The ID must include a email claim that identifies the account user.

Refresh Token

Use HTTP Bearer authentication scheme for authenticating grant_type refresh_token where the Bearer value must be an Access Token for the clients that was used to create the Refresh Token.

Multi-factor authentication (MFA)

When a request is made to the endpoint to get an access token, normally you either get an error, or you get an access token. However, when the MFA is enabled, the endpoint may return a new error with error.code: mfa_required.

When an mfa_required error is returned, the client must perform a challenge. This is done by sending a request to the auth/mfa/challenge endpoint

To verify MFA using an OOB challenge, the client must make a request to this endpoint with grant_type=mfa-oob. Include the oob_code you received from the challenge response, as well as the mfa_token you received as part of mfa_required error.

scopes:

  • admin:accounts
  • write:accounts
  • write:accounts:/auth/users
  • write:accounts:/auth/users/no-mfa
Authorizations:
clientAuthJWT
path Parameters
oid
required
string <^[PT]{1}(?=(?:.{3}|.{8})$)[0-9]*$>

An id that uniquely identifies the account or owner (partner)

Request Body schema: application/json
required
grant_type
required
string

Responses

Request samples

Content type
application/json
Example
{
  • "grant_type": "account_user"
}

Response samples

Content type
application/json
{
  • "access_token": "eyJhbGci...t7P4",
  • "token_type": "Bearer",
  • "expires_in": 86400,
  • "refresh_token": "string"
}

Exchange Token

Use this endpoint to exchange access_token to a sub-account

scopes:

  • admin:accounts
  • read:accounts
Authorizations:
JWT
path Parameters
partner_id
required
string <^[PT]{1}\d{3}00000$> = 9 characters

An id that uniquely identifies the partner account

Request Body schema: application/json
required
account_id
required
string <^[PT]{1}\d{8}$>

The account_id to create exchange access_token for

Responses

Request samples

Content type
application/json
{
  • "account_id": "string"
}

Response samples

Content type
application/json
{
  • "access_token": "eyJhbGci...t7P4",
  • "token_type": "Bearer",
  • "expires_in": 86400,
  • "refresh_token": "string"
}

clients

Clients collection

Retrieve a list of all client applications

scopes:

  • admin:accounts
  • read:accounts
Authorizations:
JWT
path Parameters
oid
required
string <^[PT]{1}(?=(?:.{3}|.{8})$)[0-9]*$>

An id that uniquely identifies the account or owner (partner)

Responses

Response samples

Content type
application/json
[
  • {
    }
]

Create Client

Creates a new client application.

scopes:

  • admin:accounts
  • write:accounts
Authorizations:
JWT
path Parameters
oid
required
string <^[PT]{1}(?=(?:.{3}|.{8})$)[0-9]*$>

An id that uniquely identifies the account or owner (partner)

Request Body schema: application/json
required
name
string
description
string
client_id
string

Your client ID.

callbacks
Array of strings

Responses

Request samples

Content type
application/json
{
  • "name": "string",
  • "description": "string",
  • "client_id": "string",
  • "callbacks": [
    ]
}

Response samples

Content type
application/json
{
  • "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
  • "created_at": "2019-08-24T14:15:22Z",
  • "created_by": "1c92f7e1-2897-4d46-bdcc-c127a914fb4e",
  • "updated_at": "2019-08-24T14:15:22Z",
  • "deleted_by": "1c92f7e1-2897-4d46-bdcc-c127a914fb4e",
  • "deleted_at": "2019-08-24T14:15:22Z",
  • "name": "string",
  • "description": "string",
  • "client_id": "string",
  • "callbacks": [
    ],
  • "client_secret": "JYCRP/x7iBGWA1fun0J9laH5sEg5cP9g/4QivhfGzm4"
}

Get Client

Retrieves a client by its id.

scopes:

  • admin:accounts
  • read:accounts
Authorizations:
JWT
path Parameters
oid
required
string <^[PT]{1}(?=(?:.{3}|.{8})$)[0-9]*$>

An id that uniquely identifies the account or owner (partner)

id
required
string

The id of the client

Responses

Response samples

Content type
application/json
{
  • "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
  • "created_at": "2019-08-24T14:15:22Z",
  • "created_by": "1c92f7e1-2897-4d46-bdcc-c127a914fb4e",
  • "updated_at": "2019-08-24T14:15:22Z",
  • "deleted_by": "1c92f7e1-2897-4d46-bdcc-c127a914fb4e",
  • "deleted_at": "2019-08-24T14:15:22Z",
  • "name": "string",
  • "description": "string",
  • "client_id": "string",
  • "callbacks": [
    ]
}

Delete Client

Deletes a client and all its related assets

scopes:

  • admin:accounts
  • write:accounts
Authorizations:
JWT
path Parameters
oid
required
string <^[PT]{1}(?=(?:.{3}|.{8})$)[0-9]*$>

An id that uniquely identifies the account or owner (partner)

id
required
string

The id of the client

Responses

Response samples

Content type
application/json
{
  • "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
  • "created_at": "2019-08-24T14:15:22Z",
  • "created_by": "1c92f7e1-2897-4d46-bdcc-c127a914fb4e",
  • "updated_at": "2019-08-24T14:15:22Z",
  • "deleted_by": "1c92f7e1-2897-4d46-bdcc-c127a914fb4e",
  • "deleted_at": "2019-08-24T14:15:22Z",
  • "name": "string",
  • "description": "string",
  • "client_id": "string",
  • "callbacks": [
    ]
}

Rotate a client secret.

Rotate a client secret.

scopes:

  • admin:accounts
  • write:accounts
Authorizations:
JWT
path Parameters
oid
required
string <^[PT]{1}(?=(?:.{3}|.{8})$)[0-9]*$>

An id that uniquely identifies the account or owner (partner)

id
required
string

The id of the client

Responses

Response samples

Content type
application/json
{
  • "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
  • "created_at": "2019-08-24T14:15:22Z",
  • "created_by": "1c92f7e1-2897-4d46-bdcc-c127a914fb4e",
  • "updated_at": "2019-08-24T14:15:22Z",
  • "deleted_by": "1c92f7e1-2897-4d46-bdcc-c127a914fb4e",
  • "deleted_at": "2019-08-24T14:15:22Z",
  • "name": "string",
  • "description": "string",
  • "client_id": "string",
  • "callbacks": [
    ],
  • "client_secret": "JYCRP/x7iBGWA1fun0J9laH5sEg5cP9g/4QivhfGzm4"
}

grants

Client grants collection

Manage your Client Grants (also called Client Credentials Grants). Using Client Grants, your Client can request an access token using its credentials (a Client ID and a Client Secret). The access token then represents your Client during API calls.

Use the Grant type to limit how the grant can be used when requesting an access token. A Grant with type password can only be used when requesting an access token with grant_type set to password.

scopes:

  • admin:accounts
  • read:accounts
Authorizations:
JWT
path Parameters
oid
required
string <^[PT]{1}(?=(?:.{3}|.{8})$)[0-9]*$>

An id that uniquely identifies the account or owner (partner)

query Parameters
audience
string <= 1

filter client grants by audience

client_id
string <= 1

filter client grants by client_id

Responses

Response samples

Content type
application/json
[
  • {
    }
]

Create client grant

scopes:

  • admin:accounts
  • write:accounts
Authorizations:
JWT
path Parameters
oid
required
string <^[PT]{1}(?=(?:.{3}|.{8})$)[0-9]*$>

An id that uniquely identifies the account or owner (partner)

Request Body schema: application/json
required
client_id
required
string
audience
required
string
scope
required
Array of strings[ items non-empty ]
type
string
Default: "any"
Enum: "any" "authorization_code" "client_credentials" "password"

Limit the usage of the grant. A grant with grant_types set to only authorization_code cannot be used in Get Token when calling the endpoint with grant_type=client_credentials

object

Open ID connect configuration for the Grant. The option enables client to verify the identify of the End-User based on the authentication performed by an authorization server

The grant type must be set to authorization_code when configured.

Responses

Request samples

Content type
application/json
{}

Response samples

Content type
application/json
{
  • "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
  • "created_at": "2019-08-24T14:15:22Z",
  • "created_by": "1c92f7e1-2897-4d46-bdcc-c127a914fb4e",
  • "updated_at": "2019-08-24T14:15:22Z",
  • "deleted_by": "1c92f7e1-2897-4d46-bdcc-c127a914fb4e",
  • "deleted_at": "2019-08-24T14:15:22Z",
  • "client_id": "string",
  • "scope": [
    ],
  • "type": "any",
  • "oidc": {}
}

Delete client grant

scopes:

  • admin:accounts
  • write:accounts
Authorizations:
JWT
path Parameters
oid
required
string <^[PT]{1}(?=(?:.{3}|.{8})$)[0-9]*$>

An id that uniquely identifies the account or owner (partner)

id
required
string

The id of the client grant to delete

Responses

Response samples

Content type
application/json
{
  • "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
  • "created_at": "2019-08-24T14:15:22Z",
  • "created_by": "1c92f7e1-2897-4d46-bdcc-c127a914fb4e",
  • "updated_at": "2019-08-24T14:15:22Z",
  • "deleted_by": "1c92f7e1-2897-4d46-bdcc-c127a914fb4e",
  • "deleted_at": "2019-08-24T14:15:22Z",
  • "client_id": "string",
  • "scope": [
    ],
  • "type": "any",
  • "oidc": {}
}

roles

Roles collection

Retrieve filtered list of roles that can be assigned to users.

scopes:

  • admin:accounts
  • read:accounts
Authorizations:
JWT
path Parameters
oid
required
string <^[PT]{1}(?=(?:.{3}|.{8})$)[0-9]*$>

An id that uniquely identifies the account or owner (partner)

query Parameters
search
string

lookup roles matching id, name and description

name
string

lookup roles by name

include_deleted
boolean
Default: false

include deleted roles in the response

limit
integer [ 1 .. 100 ]
Default: 10

A limit on the number of objects to be returned. Limit can range between 1 and 100 items, and the default is 10 items.

starting_after
string

cursor for use in pagination. starting_after is an object ID that defines your place in the list. For instance, if you make a list request and receive 100 objects, end the result contains paging_token=pt1, your subsequent call can include starting_after=pt1 in order to fetch the next page of the list.

Responses

Response samples

Content type
application/json
[
  • {
    }
]

Create a role

scopes:

  • admin:accounts
  • write:accounts
Authorizations:
JWT
path Parameters
oid
required
string <^[PT]{1}(?=(?:.{3}|.{8})$)[0-9]*$>

An id that uniquely identifies the account or owner (partner)

Request Body schema: application/json
required
scope
required
Array of strings[ items non-empty ]
name
string
description
string

Responses

Request samples

Content type
application/json
{
  • "name": "order support",
  • "description": "Administrate orders",
  • "scope": [
    ]
}

Response samples

Content type
application/json
{
  • "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
  • "created_at": "2019-08-24T14:15:22Z",
  • "created_by": "1c92f7e1-2897-4d46-bdcc-c127a914fb4e",
  • "updated_at": "2019-08-24T14:15:22Z",
  • "deleted_by": "1c92f7e1-2897-4d46-bdcc-c127a914fb4e",
  • "deleted_at": "2019-08-24T14:15:22Z",
  • "name": "order support",
  • "description": "Administrate orders",
  • "scope": [
    ]
}

Get role

scopes:

  • admin:accounts
  • read:accounts
Authorizations:
JWT
path Parameters
oid
required
string <^[PT]{1}(?=(?:.{3}|.{8})$)[0-9]*$>

An id that uniquely identifies the account or owner (partner)

role_id
required
string

The id of the rule to delete

Responses

Response samples

Content type
application/json
{
  • "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
  • "created_at": "2019-08-24T14:15:22Z",
  • "created_by": "1c92f7e1-2897-4d46-bdcc-c127a914fb4e",
  • "updated_at": "2019-08-24T14:15:22Z",
  • "deleted_by": "1c92f7e1-2897-4d46-bdcc-c127a914fb4e",
  • "deleted_at": "2019-08-24T14:15:22Z",
  • "name": "order support",
  • "description": "Administrate orders",
  • "scope": [
    ]
}

Update role

scopes:

  • admin:accounts
  • write:accounts
Authorizations:
JWT
path Parameters
oid
required
string <^[PT]{1}(?=(?:.{3}|.{8})$)[0-9]*$>

An id that uniquely identifies the account or owner (partner)

role_id
required
string

The id of the rule to delete

Request Body schema: application/json
required
scope
required
Array of strings[ items non-empty ]
name
string
description
string

Responses

Request samples

Content type
application/json
{
  • "name": "order support",
  • "description": "Administrate orders",
  • "scope": [
    ]
}

Response samples

Content type
application/json
{
  • "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
  • "created_at": "2019-08-24T14:15:22Z",
  • "created_by": "1c92f7e1-2897-4d46-bdcc-c127a914fb4e",
  • "updated_at": "2019-08-24T14:15:22Z",
  • "deleted_by": "1c92f7e1-2897-4d46-bdcc-c127a914fb4e",
  • "deleted_at": "2019-08-24T14:15:22Z",
  • "name": "order support",
  • "description": "Administrate orders",
  • "scope": [
    ]
}

Delete role

scopes:

  • admin:accounts
  • write:accounts
Authorizations:
JWT
path Parameters
oid
required
string <^[PT]{1}(?=(?:.{3}|.{8})$)[0-9]*$>

An id that uniquely identifies the account or owner (partner)

role_id
required
string

The id of the rule to delete

Responses

Response samples

Content type
application/json
{
  • "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
  • "created_at": "2019-08-24T14:15:22Z",
  • "created_by": "1c92f7e1-2897-4d46-bdcc-c127a914fb4e",
  • "updated_at": "2019-08-24T14:15:22Z",
  • "deleted_by": "1c92f7e1-2897-4d46-bdcc-c127a914fb4e",
  • "deleted_at": "2019-08-24T14:15:22Z",
  • "name": "order support",
  • "description": "Administrate orders",
  • "scope": [
    ]
}

keys

Get public keys

Retrieve the JSON Web Key Set (JWKS) that can be used to validate access_token

scopes:

  • admin:accounts
  • read:accounts
Authorizations:
JWT
path Parameters
oid
required
string <^[PT]{1}(?=(?:.{3}|.{8})$)[0-9]*$>

An id that uniquely identifies the account or owner (partner)

Responses

Response samples

Content type
application/json
[
  • {
    }
]

users

Admin users

Create User

Create a new user

scopes:

  • admin:accounts
  • write:accounts
  • write:accounts:/auth/users
Authorizations:
JWT
path Parameters
aid
required
string <^[PT]{1}\d{8}$> = 9 characters

An id that uniquely identifies the account.

Request Body schema: application/json
required
username
required
string [ 1 .. 255 ] characters

The user's username.

password
required
string >= 8 characters

The user's password

Array of objects (AuthUserLinks)

Links to resources related to the user, links is required when MFA is enabled.

object (AuthUserMfa)

Require Multi-factor authentication (MFA) for the user

Responses

Request samples

Content type
application/json
{
  • "username": "string",
  • "links": [],
  • "mfa": {
    },
  • "password": "stringst"
}

Response samples

Content type
application/json
{
  • "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
  • "created_at": "2019-08-24T14:15:22Z",
  • "created_by": "1c92f7e1-2897-4d46-bdcc-c127a914fb4e",
  • "updated_at": "2019-08-24T14:15:22Z",
  • "deleted_by": "1c92f7e1-2897-4d46-bdcc-c127a914fb4e",
  • "deleted_at": "2019-08-24T14:15:22Z",
  • "username": "string",
  • "links": [],
  • "mfa": {
    }
}

Update user

Update existing user with new password

scopes:

  • admin:accounts
  • write:accounts
  • write:accounts:/auth/users
Authorizations:
JWT
path Parameters
aid
required
string <^[PT]{1}\d{8}$> = 9 characters

An id that uniquely identifies the account.

username
required
string <= 255 characters

Username identifying the user

Request Body schema: application/json
required
password
required
string >= 8 characters

The user's password

Array of objects (AuthUserLinks)

Links to resources related to the user, links is required when MFA is enabled.

object (AuthUserMfa)

Require Multi-factor authentication (MFA) for the user

Responses

Request samples

Content type
application/json
{
  • "password": "stringst",
  • "links": [],
  • "mfa": {
    }
}

Response samples

Content type
application/json
{
  • "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
  • "created_at": "2019-08-24T14:15:22Z",
  • "created_by": "1c92f7e1-2897-4d46-bdcc-c127a914fb4e",
  • "updated_at": "2019-08-24T14:15:22Z",
  • "deleted_by": "1c92f7e1-2897-4d46-bdcc-c127a914fb4e",
  • "deleted_at": "2019-08-24T14:15:22Z",
  • "username": "string",
  • "links": [],
  • "mfa": {
    }
}

Delete user

Delete existing user

scopes:

  • admin:accounts
  • write:accounts
  • write:accounts:/auth/users
Authorizations:
JWT
path Parameters
aid
required
string <^[PT]{1}\d{8}$> = 9 characters

An id that uniquely identifies the account.

username
required
string <= 255 characters

Username identifying the user

Responses

Response samples

Content type
application/json
{
  • "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
  • "created_at": "2019-08-24T14:15:22Z",
  • "created_by": "1c92f7e1-2897-4d46-bdcc-c127a914fb4e",
  • "updated_at": "2019-08-24T14:15:22Z",
  • "deleted_by": "1c92f7e1-2897-4d46-bdcc-c127a914fb4e",
  • "deleted_at": "2019-08-24T14:15:22Z",
  • "username": "string",
  • "links": [],
  • "mfa": {
    }
}

Change username

Update existing users username

scopes:

  • admin:accounts
Authorizations:
JWT
path Parameters
aid
required
string <^[PT]{1}\d{8}$> = 9 characters

An id that uniquely identifies the account.

username
required
string <= 255 characters

Username identifying the user

Request Body schema: application/json
required
username
required
string [ 1 .. 255 ] characters

The user's new usernname

Responses

Request samples

Content type
application/json
{
  • "username": "string"
}

Response samples

Content type
application/json
{
  • "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
  • "created_at": "2019-08-24T14:15:22Z",
  • "created_by": "1c92f7e1-2897-4d46-bdcc-c127a914fb4e",
  • "updated_at": "2019-08-24T14:15:22Z",
  • "deleted_by": "1c92f7e1-2897-4d46-bdcc-c127a914fb4e",
  • "deleted_at": "2019-08-24T14:15:22Z",
  • "username": "string",
  • "links": [],
  • "mfa": {
    }
}

challenge

Challenge request

Request a challenge for multi-factor authentication (MFA) based on the challenge types supported by the user.

The challenge_type is how the user will get the challenge and prove possession. Supported challenge types include:

  • oob: for SMS messages or out-of-band (OOB)

Use the response to request access token from the auth/token endpoint with grant_type=mfa_oob

scopes:

  • admin:accounts
  • write:accounts
  • write:accounts:/auth/mfa
Authorizations:
JWT
path Parameters
aid
required
string <^[PT]{1}\d{8}$> = 9 characters

An id that uniquely identifies the account.

Request Body schema: application/json
required
challenge_type
required
string
Value: "oob"

The challenge type accepted by your application

mfa_token
required
string

The token received from mfa_required error.

oob_channel
string
Default: "sms"
Enum: "sms" "email"

The channel to use for OOB. Can only be provided when challenge_type is oob.

Responses

Request samples

Content type
application/json
{
  • "challenge_type": "oob",
  • "oob_channel": "sms",
  • "mfa_token": "string"
}

Response samples

Content type
application/json
{
  • "challenge_type": "oob",
  • "binding_method": "prompt",
  • "oob_code": "bkaiew...akas"
}

Recovery

Request a recovery for user with multi-factor authentication (MFA) enabled.

A recovery is done with two out-of-band (OOB) challenges over different channels.

Use the response to request access token from the auth/token endpoint with grant_type=mfa_oob.

A 403 status with mfa_required error will be returned on success, use the response to request a new challenge from the auth/mfa/challenge endpoint.

scopes:

  • admin:accounts
  • write:accounts
  • write:accounts:/auth/mfa
Authorizations:
JWT
path Parameters
aid
required
string <^[PT]{1}\d{8}$> = 9 characters

An id that uniquely identifies the account.

Request Body schema: application/json
required
challenge_type
required
string
Value: "oob"

The challenge type accepted by your application

username
required
string

The end user's identifier.

audience
required
string

The unique identifier of the target API you want to access. The audience must be a grant associated with the client used in the request

oob_channel
string
Default: "sms"
Enum: "sms" "email"

The channel to use for OOB. Can only be provided when challenge_type is oob.

Responses

Request samples

Content type
application/json
{}

Response samples

Content type
application/json
{
  • "challenge_type": "oob",
  • "binding_method": "prompt",
  • "oob_code": "bkaiew...akas",
  • "mfa_token": "string"
}

accounts

Accounts collection

Get list of accounts filtered by the partner account

scopes:

  • admin:accounts
  • read:accounts
Authorizations:
JWT
path Parameters
oid
required
string <^[PT]{1}(?=(?:.{3}|.{8})$)[0-9]*$>

An id that uniquely identifies the account or owner (partner)

query Parameters
search
string

lookup accounts where search term match account id

connection
Array of strings

Filter accounts by payment connection applications.

Will return an account if it has applied, been approved or rejected for all the given connections.

Example: connection=payex&connection=vipps&connection=collector&connection=swish

connection_status
Array of strings

Filter accounts by connection status

Will return an account if all statuses are represented among the connections.

If the connection-filter is set, it will filter on the status only on those connections.

Example: connection_status=pending&connection_status=enabled&connection_status=declined

payment_option
Array of strings

Filter account by enabled payment_options

Will return an account if all the given payment_options are enabled on the account.

Example: payment_option=payex.creditcard&payment_option=vipps&payment_option=collector.invoice

account_manager
Array of strings

filter account by account_manager

limit
integer [ 1 .. 100 ]
Default: 10

A limit on the number of objects to be returned. Limit can range between 1 and 100 items, and the default is 10 items.

starting_after
string

cursor for use in pagination. starting_after is an object ID that defines your place in the list. For instance, if you make a list request and receive 100 objects, end the result contains paging_token=pt1, your subsequent call can include starting_after=pt1 in order to fetch the next page of the list.

Responses

Response samples

Content type
application/json
[
  • {
    }
]

Create Account

Create an account from an partner account

scopes:

  • admin:accounts
  • write:accounts
Authorizations:
JWT
path Parameters
oid
required
string <^[PT]{1}(?=(?:.{3}|.{8})$)[0-9]*$>

An id that uniquely identifies the account or owner (partner)

Request Body schema: application/json
required
required
object

The individual completing the account registration

required
object (AccountCompany)

The details of an account company

required
object (AccountBilling)

The details of the billing for the account

partner_id
string <^[PT]{1}(?=(?:.{3})$)[0-9]*$>

The id of the partner to associate with the account

invites
Array of strings <email> [ items <email > ]

Users to invite to the account

actions
Array of strings
Items Value: "send_invite"

The actions to perform on the account

  • 'send_invite' - send an invite to the applicant
object (Subscription)

Subscription plan for the account

livemode
boolean
Default: false

Flag indicating whether the account exists in live mode and test mode.

language_code
string

The preferred language for the account as defined by BCP 47 (IETF BCP 47, "Tags for Identifying Languages").

progression
string
Enum: "applied" "live" "frozen" "deactivated"

Status assigned to the account by the account partner

value is not visible for the merchant.

reseller_id
string

Reseller id assigned by the account partner

value is not visible for the merchant

object

Account manager responsible for the account.

value is not visible for the merchant

Array of objects

List the permission granted the account

sale_channel
string
Enum: "DIRECT" "INBOUND" "PARTNER" "REFERRAL"
price_package
string
object

Statistics for the account

Responses

Request samples

Content type
application/json
{
  • "partner_id": "string",
  • "applicant": {
    },
  • "invites": [
    ],
  • "actions": [
    ],
  • "company": {
    },
  • "billing": {
    },
  • "subscription": {
    },
  • "livemode": false,
  • "language_code": "string",
  • "progression": "applied",
  • "reseller_id": "DINTERO_ACCOUNT:99900000",
  • "account_manager": {
    },
  • "permissions": [
    ],
  • "sale_channel": "DIRECT",
  • "price_package": "string",
  • "statistics": {
    }
}

Response samples

Content type
application/json
{
  • "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
  • "created_at": "2019-08-24T14:15:22Z",
  • "created_by": "1c92f7e1-2897-4d46-bdcc-c127a914fb4e",
  • "updated_at": "2019-08-24T14:15:22Z",
  • "deleted_by": "1c92f7e1-2897-4d46-bdcc-c127a914fb4e",
  • "deleted_at": "2019-08-24T14:15:22Z",
  • "payment_case_status": "ACTIVE",
  • "projected_sales": "string",
  • "average_transaction_value": "string",
  • "merchant_category_code": "string",
  • "delivery_timeline": "P0W",
  • "most_expensive_product_price": "string",
  • "gift_card_revenue_percentage": "string",
  • "credit_rating": "string",
  • "currency": "NOK",
  • "applicant": {
    },
  • "company": {
    },
  • "billing": {
    },
  • "subscription": {
    },
  • "account_id": "string",
  • "partner_id": "string",
  • "livemode": false,
  • "active": false,
  • "language_code": "string",
  • "connections": {
    },
  • "services": {
    },
  • "progression": "applied",
  • "reseller_id": "DINTERO_ACCOUNT:99900000",
  • "account_manager": {
    },
  • "permissions": [
    ],
  • "sale_channel": "DIRECT",
  • "price_package": "string",
  • "statistics": {
    },
  • "approvals_payments_statuses": {
    },
  • "approvals_payout_destinations_statuses": {
    }
}

Delete Account

Delete an account

scopes:

  • admin:accounts
  • write:accounts
Authorizations:
JWT
path Parameters
oid
required
string <^[PT]{1}(?=(?:.{3}|.{8})$)[0-9]*$>

An id that uniquely identifies the account or owner (partner)

aid
required
string <^[PT]{1}\d{8}$> = 9 characters

An id that uniquely identifies the account.

Responses

Response samples

Content type
application/json
{
  • "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
  • "created_at": "2019-08-24T14:15:22Z",
  • "created_by": "1c92f7e1-2897-4d46-bdcc-c127a914fb4e",
  • "updated_at": "2019-08-24T14:15:22Z",
  • "deleted_by": "1c92f7e1-2897-4d46-bdcc-c127a914fb4e",
  • "deleted_at": "2019-08-24T14:15:22Z",
  • "payment_case_status": "ACTIVE",
  • "projected_sales": "string",
  • "average_transaction_value": "string",
  • "merchant_category_code": "string",
  • "delivery_timeline": "P0W",
  • "most_expensive_product_price": "string",
  • "gift_card_revenue_percentage": "string",
  • "credit_rating": "string",
  • "currency": "NOK",
  • "applicant": {
    },
  • "company": {
    },
  • "billing": {
    },
  • "subscription": {
    },
  • "account_id": "string",
  • "partner_id": "string",
  • "livemode": false,
  • "active": false,
  • "language_code": "string",
  • "connections": {