Customers API
The Customers API allows business clients to register and manage customer accounts. Customers registered through this API are automatically linked to your business account.
Use GET /api/v1/client/customers to list all customers linked to your business (paginated, with profile fields and onboarding status).
Customer Registration Options
We provide two endpoints for customer registration, depending on your KYC workflow:
Option 1: Register Customer with KYC Link
Endpoint: POST /api/v1/client/customers
Use this endpoint when you want to:
- Create a customer account with basic information
- Receive a KYC onboarding link to share with your customer
- Let your customer complete KYC verification themselves through the provided link
Best for: Self-service flows where customers handle their own KYC submission.
Option 2: Full Registration with KYC Data
Endpoint: POST /api/v1/client/customers/full
Use this endpoint when you want to:
- Create a customer account and submit all KYC data in a single request
- Provide complete customer information, address, compliance fields, identification numbers, and document images
- Submit everything programmatically without requiring customer interaction
Best for: Programmatic onboarding where you've already collected all KYC information from your customer.
Comparison
Register Customer (With KYC Link)
Register a new customer account for your business. The customer will be automatically associated with your business and can be used for quotes, transactions, and other operations. This endpoint returns a KYC onboarding link that you can share with your customer to complete verification.
Endpoint
POST /api/v1/client/customers
Authentication
This endpoint requires HMAC authentication (Business API Key). Include your API key and signature in the request headers:
For detailed information on HMAC authentication, see the Authentication Guide.
Request Body
Request Example
Success Response (201 Created)
Note: The onboarding_data field is only present if the customer's email is not verified. It contains the KYC onboarding URL that you can share with your customer to complete their verification.
Response Fields
Error Responses
Error Response Example
Example: cURL
Example: Postman Pre-request Script
Add this script to Postman's Pre-request Script tab to automatically generate HMAC signatures:
Setup Instructions:
-
Set Environment Variables in Postman:
- Go to your Postman environment
- Add
api_keywith your API key value - Add
secret_keywith your secret key value
-
Add Pre-request Script:
- Open your request in Postman
- Go to the Pre-request Script tab
- Paste the script above
- The script will automatically generate and add the required headers
-
Make Requests:
- The script runs automatically before each request
- No need to manually calculate signatures
- Headers are set automatically
Note: Postman uses CryptoJS for HMAC. If you don't have it available, you can use the Node.js crypto module version below.
Example: JavaScript/TypeScript (Node.js)
Example: Python
Important Notes
-
Business Association: Customers registered through this endpoint are automatically linked to your business account in the
business_customerstable. -
Customer Type: All customers registered via this API are set as
INDIVIDUALtype by default. -
KYC Status: New customers start with
PENDINGKYC status. A KYC onboarding URL is automatically generated and returned in theonboarding_datafield if the email is not verified. You can share this URL with your customer to complete their verification. -
Unique Constraints:
- Email addresses must be unique across the system
- Phone numbers must be unique across the system
- If a customer with the same email or phone already exists, registration will fail
-
Password Requirements:
- Minimum 8 characters
- Should include a mix of letters, numbers, and special characters for security
-
User Tag: If provided, the user tag must be:
- 4-20 characters long
- Alphanumeric only
- Lowercase only
- Unique across the system
-
Audit Trail: All customer registrations are logged in the business customer audit logs with action "ADDED".
Next Steps
After registering a customer, you can:
- Create Quotes - Create quotes for the customer
- Create Beneficiaries - Add payment recipients for the customer
- View Transactions - Track customer transactions
- Manage Virtual Wallets - Handle customer virtual wallet operations
Virtual Wallet Onboarding
Onboard a customer to a virtual wallet for a specific currency. This endpoint initiates the onboarding process for supported currencies.
Prerequisites:
- Customer must have completed KYC verification
- Customer must be registered and linked to your business account
Endpoint
POST /api/v1/client/virtual-wallet/onboarding
Authentication
This endpoint requires HMAC authentication (Business API Key). Include your API key and signature in the request headers:
For detailed information on HMAC authentication, see the Authentication Guide.
Request Body
Request Example
Success Response (200 OK)
Response Fields
Error Responses
Error Response Examples
User has not completed KYC (403):
No KYC record found (404):
Invalid currency (400):
Example: cURL
Important Notes
-
KYC Requirement: The customer must have completed KYC verification before virtual wallet onboarding can proceed. The system checks the KYC status and will return a
403error if KYC is not completed. -
Supported Currencies: Currently supports the following currencies:
CAD(Canadian Dollar)USD(US Dollar)EUR(Euro)GBP(British Pound)
-
Idempotency: If a customer is already onboarded for a specific currency, the endpoint may return success if the wallet already exists.
-
Processing Time: The onboarding process typically completes within seconds.
-
Error Handling: If the onboarding fails, a
500error will be returned. Check the error message for details.
Full Customer Registration with KYC Data
Register a new customer with complete KYC information including documents in a single transaction. This endpoint creates the user account and submits all KYC data and documents for verification. All operations are performed in a transaction and will be rolled back if any step fails.
Use this endpoint when: You have already collected all KYC information (including documents) from your customer and want to submit everything programmatically in one request.
Endpoint
POST /api/v1/client/customers/full
Authentication
This endpoint requires HMAC authentication (Business API Key). Include your API key and signature in the request headers:
For detailed information on HMAC authentication, see the Authentication Guide.
Request Body
Basic User Information
Address Information
Identification Numbers (Optional)
Array of identification document numbers. Compatible with multiple document types.
Document Images (Optional)
Base64-encoded document images. You can provide images for ID card, passport, driver's license, and selfie photo.
ID Card:
documents.id_card_front- Base64 encoded front imagedocuments.id_card_back- Base64 encoded back imagedocuments.id_card_number- Document numberdocuments.id_card_issuing_country- ISO country codedocuments.id_card_issued_at- Issue date (YYYY-MM-DD)documents.id_card_expires_at- Expiry date (YYYY-MM-DD)
Passport:
documents.passport_front- Base64 encoded front imagedocuments.passport_back- Base64 encoded back imagedocuments.passport_number- Document numberdocuments.passport_issuing_country- ISO country codedocuments.passport_issued_at- Issue date (YYYY-MM-DD)documents.passport_expires_at- Expiry date (YYYY-MM-DD)
Driver's License:
documents.drivers_license_front- Base64 encoded front imagedocuments.drivers_license_back- Base64 encoded back imagedocuments.drivers_license_number- Document numberdocuments.drivers_license_issuing_country- ISO country codedocuments.drivers_license_issued_at- Issue date (YYYY-MM-DD)documents.drivers_license_expires_at- Expiry date (YYYY-MM-DD)
Selfie Photo:
documents.selfie_photo- Base64 encoded selfie photo
Image encoding: Document image fields accept either raw standard base64 or a data URI (
data:image/jpeg;base64,.../data:image/png;base64,...).
KYC Compliance Fields (Required)
These fields are written to the KYC provider vault as custom fields and are required before headless KYC can run. Use the exact enum values below (case-sensitive).
Allowed account_purpose values:
Allowed employment_status values:
Employed · Homemaker · Retired · SelfEmployed · Student · Unemployed
Allowed source_of_funds values:
CompanyFunds · EcommerceReseller · GamblingProceeds · Gifts · GovernmentBenefits · Inheritance · InvestmentsLoans · PensionRetirement · Salary · SaleOfAssetsRealEstate · Savings · SomeoneElsesFunds
Allowed monthly_volume values:
Additional Fields (Optional)
Request Example
Success Response (201 Created)
Response Fields
Error Responses
Error Response Example
Example: cURL
Minimal Example (Required Fields Only):
Complete Example (With All KYC Data and Documents):
Note: In the complete example above, the base64 image strings are truncated for readability. In a real request, you would include the full base64-encoded image data. The images should be clear, legible, and meet the minimum size requirements (20KB per image).
Important Notes
-
Transaction Safety: All operations (user creation, KYC submission, reference creation) are performed in a single database transaction. If any step fails, the entire operation is rolled back.
-
Document Format: Document images must be base64-encoded (raw base64 or
data:image/...;base64,...data URI). Supported formats include JPEG, PNG, and PDF. Images should be clear and legible. -
Document Requirements:
- Documents must be current and not expired (unless expiry date is not applicable)
- Both front and back images are required where applicable
- Minimum image size: 20KB per image
- Images must be clear and readable
-
KYC Compliance Fields:
account_purpose,employment_status,source_of_funds, andmonthly_volumeare required. Use only the allowed enum values listed above. Missing or invalid values return400before the account is created. -
KYC Processing: The KYC data and documents are submitted for verification immediately upon registration. The verification status will be updated via webhooks.
-
Address Information: Complete address information is required and will be used for verification purposes.
-
Identification Numbers: You can provide multiple identification numbers (e.g., passport, visa, etc.) in the
identification_numbersarray. -
Error Handling: If the KYC submission fails, the entire transaction (including user creation) will be rolled back to maintain data consistency.
Update Customer
Update an existing customer's information. All fields are optional - only provided fields will be updated. If documents are provided, they will be automatically uploaded to the KYC provider if the customer has an existing KYC inquiry.
Use this endpoint when: You need to update customer information, upload additional documents, or modify address details after initial registration.
Endpoint
PATCH /api/v1/client/customers/:customer_id
Authentication
This endpoint requires HMAC authentication (Business API Key). Include your API key and signature in the request headers:
For detailed information on HMAC authentication, see the Authentication Guide.
Path Parameters
Request Body
All fields are optional. Only fields you want to update need to be included.
Basic User Information
Note: Email cannot be updated via this endpoint.
Address Information (Optional)
Note: If address doesn't exist and you're creating it, street_1, city, postal_code, and country_code are required. For updates, all fields are optional and only provided fields will be updated.
Document Images (Optional)
Base64-encoded document images. If provided and the customer has an existing KYC inquiry, documents will be automatically uploaded to the KYC provider. Document uploads are best-effort - errors are logged but don't fail the update.
ID Card:
documents.id_card_front- Base64 encoded front imagedocuments.id_card_back- Base64 encoded back image
Passport:
documents.passport_front- Base64 encoded front imagedocuments.passport_back- Base64 encoded back image
Driver's License:
documents.drivers_license_front- Base64 encoded front imagedocuments.drivers_license_back- Base64 encoded back image
Selfie Photo:
documents.selfie_photo- Base64 encoded selfie photo
Additional Fields (Optional)
Request Examples
Update Basic Information:
Update Address:
Upload Documents:
Complete Update (Multiple Fields):
Success Response (200 OK)
Response Fields
Error Responses
Error Response Examples
Customer Not Found (404):
Customer Doesn't Belong to Business (403):
Phone Number Already in Use (409):
Invalid Date Format (400):
Example: cURL
Update Basic Information:
Update Address:
Upload Documents:
Example: JavaScript/TypeScript (Node.js)
Example: Python
Important Notes
-
Partial Updates: All fields are optional. Only fields you provide will be updated. Fields not included in the request will remain unchanged.
-
Email Cannot Be Updated: Email addresses cannot be changed via this endpoint. If you need to change an email, you'll need to create a new customer account.
-
Document Uploads:
- Documents are automatically uploaded to the KYC provider if the customer has an existing KYC inquiry
- Document uploads are best-effort - if upload fails, the error is logged but the customer update still succeeds
- If no KYC inquiry exists, document uploads are skipped (no error returned)
-
Address Updates:
- If address doesn't exist, it will be created (requires
street_1,city,postal_code, andcountry_code) - If address exists, only provided fields will be updated
- Partial address updates are supported
- If address doesn't exist, it will be created (requires
-
Phone Number Validation:
- Phone numbers must be unique across the system
- If updating to a phone number that's already in use by another customer, the update will fail with a
409error
-
User Tag Validation:
- User tags must be 4-20 characters, alphanumeric, lowercase
- User tags must be unique across the system
- If updating to a tag that's already in use, the update will fail with a
409error
-
Date of Birth Format: Must be in
YYYY-MM-DDformat (e.g.,"1990-01-15"). -
Transaction Safety: All database updates happen within a transaction. If any update fails, the entire operation is rolled back.
-
Business Ownership: You can only update customers that belong to your business. Attempting to update a customer from another business will result in a
403error. -
Document Format: Document images must be base64-encoded. Supported formats include JPEG, PNG, and PDF. Images should be clear and legible.
List Customers
List customers registered under your business. Results are paginated and include basic profile fields (name, email, phone, date of birth, country code, user tag) plus Footprint onboarding status for each customer.
Use this endpoint when: You need to display a customer directory, sync customers into your system, or check onboarding status in bulk without calling the per-customer onboarding endpoint for each row.
Endpoint
GET /api/v1/client/customers
Authentication
This endpoint requires HMAC authentication (Business API Key). Include your API key and signature in the request headers:
For detailed information on HMAC authentication, see the Authentication Guide.
Query Parameters
Success Response (200 OK)
Response Fields
Customer object (data[])
onboarding_status object
Pagination object
Onboarding Status Values
Error Responses
Request Examples
cURL
JavaScript/TypeScript
Python
Notes
-
Business scope: Only customers linked to your business are returned. Customers belonging to other businesses are never included.
-
Pagination: Use
page_idandpage_sizeto walk through results.total_countandtotal_pagesin the response tell you when you've fetched all pages. -
Onboarding status: Each row includes
onboarding_statusso you can check KYC state in one call. UseGET /api/v1/client/customers/:customer_id/onboarding-statuswhen you only need status for a single customer. -
Optional fields:
date_of_birth,country_code,user_tag,middle_name, andphone_numberare omitted from the response when not set on the customer. -
Date filters: When using
created_between_fromorcreated_between_to, you must also passtz(IANA timezone, e.g.America/Toronto).
Get Customer Onboarding Status
Get the KYC/onboarding status of a customer registered by your business. This endpoint returns the current KYC verification status from the KYC provider (Footprint or Persona).
Use this endpoint when: You need to check the KYC verification status of a customer to determine if they can proceed with transactions or if additional verification is required.
Endpoint
GET /api/v1/client/customers/:customer_id/onboarding-status
Authentication
This endpoint requires HMAC authentication (Business API Key). Include your API key and signature in the request headers:
For detailed information on HMAC authentication, see the Authentication Guide.
Path Parameters
Success Response (200 OK)
Response Fields
KYC Status Values
Error Responses
Error Response Example
Request Example
cURL
JavaScript/TypeScript
Python
Important Notes
-
Business Ownership: You can only check the onboarding status of customers that belong to your business. Attempting to check a customer from another business will result in a
403error. -
KYC Provider: The endpoint checks both Footprint and Persona external references. If a customer has a successful status (PASS, ACCEPTED, VERIFIED, or APPROVED) from either provider, the status will be
PASS. -
Status Priority: The endpoint checks Footprint first, then Persona. If either provider has a successful status,
PASSis returned. Otherwise, if a record exists with a non-successful status,PENDINGis returned. -
No KYC Record: If the customer has no KYC records with either provider, the status will be
KYC_NOT_INITIATED. -
Status Updates: KYC status is updated via webhooks when the KYC provider processes verification. You can also poll this endpoint to check the current status.
-
Use Cases:
- Check if a customer can proceed with transactions (status =
PASS) - Determine if KYC verification is still pending
- Verify if a customer has started the KYC process
- Check if a customer can proceed with transactions (status =
Related Resources
- Authentication Guide - Learn how to authenticate API requests
- Quotes API - Create quotes for registered customers
- Transactions API - View customer transaction history