---
openapi: 3.0.3
info:
title: Cybrid Organization API
termsOfService: https://www.cybrid.xyz/tos
description: "# Cybrid API documentation\n\nWelcome to Cybrid, an all-in-one crypto
platform that enables you to easily **build** and **launch** white-label crypto
products or services.\n\nIn these documents, you'll find details on how our REST
API operates and generally how our platform functions.\n\nIf you're looking for
our UI SDK Widgets for Web or Mobile (iOS/Android), generated API clients, or
demo applications, head over to our [Github repo](https://github.com/Cybrid-app).\n\n\U0001F4A1
We recommend bookmarking the [Cybrid LinkTree](https://linktr.ee/cybridtechnologies)
which contains many helpful links to platform resources.\n\n## Getting Started\n\nThis
is Cybrid's public interactive API documentation, which allows you to fully test
our APIs. If you'd like to use a different tool to exercise our APIs, you can
download the [Open API 3.0 yaml](https://bank.production.cybrid.app/api/schema/v1/swagger.yaml)
for import.\n\nIf you're new to our APIs and the Cybrid Platform, follow the below
guides to get set up and familiar with the platform:\n\n1. [Introduction](https://docs.cybrid.xyz/docs/introduction)\n2.
[Platform Overview](https://docs.cybrid.xyz/docs/platform-overview)\n3. [Testing
with Hosted Web Demo App](https://docs.cybrid.xyz/docs/hosted-demo-app)\n\nIn
[Getting Started in the Cybrid Sandbox](https://docs.cybrid.xyz/docs/cybrid-sandbox),
we walk you through how to use the [Cybrid Sandbox](https://id.sandbox.cybrid.app/)
to create a test bank and generate API keys. In [Getting Ready for Trading](https://docs.cybrid.xyz/docs/trade-process),
we walk through creating customers, customer identities, accounts, as well as
executing quotes and trades.\n\n## Working with the Cybrid Platform\n\nThere are
three primary ways you can interact with the Cybrid platform:\n\n1. Directly via
our RESTful API (this documentation)\n2. Using our API clients available in a
variety of languages ([Angular](https://github.com/Cybrid-app/cybrid-api-bank-angular),
[Java](https://github.com/Cybrid-app/cybrid-api-bank-java), [Kotlin](https://github.com/Cybrid-app/cybrid-api-bank-kotlin),
[Python](https://github.com/Cybrid-app/cybrid-api-bank-python), [Ruby](https://github.com/Cybrid-app/cybrid-api-bank-ruby),
[Swift](https://github.com/Cybrid-app/cybrid-api-bank-swift) or [Typescript](https://github.com/Cybrid-app/cybrid-api-bank-typescript))\n3.
Integrating a platform specific SDK ([Web](https://github.com/Cybrid-app/cybrid-sdk-web),
[Android](https://github.com/Cybrid-app/cybrid-sdk-android), [iOS](https://github.com/Cybrid-app/cybrid-sdk-ios))\n\nOur
complete set of APIs allows you to manage resources across three distinct areas:
your `Organization`, your `Banks` and your `Identities`. For most of your testing
and interaction you'll be using the `Bank` API, which is where the majority of
APIs reside.\n\n*The complete set of APIs can be found on the following pages:*\n\n|
API | Description
\ |\n|------------------------------------------------------------------|-------------------------------------------------------------|\n|
[Organization API](https://organization.production.cybrid.app/api/schema/swagger-ui)
\ | APIs to manage organizations |\n| [Bank API](https://bank.production.cybrid.app/api/schema/swagger-ui)
\ | APIs to manage banks (and all downstream customer activity)
|\n| [Identities API](https://id.production.cybrid.app/api/schema/swagger-ui)
\ | APIs to manage organization and bank identities |\n\nFor
questions please contact [Support](mailto:support@cybrid.xyz) at any time for
assistance, or contact the [Product Team](mailto:product@cybrid.xyz) for product
suggestions.\n\n## Authenticating with the API\n\nThe Cybrid Platform uses OAuth
2.0 Bearer Tokens to authenticate requests to the platform. Credentials to create
`Organization` and `Bank` tokens can be generated via the [Cybrid Sandbox](https://id.production.cybrid.app).
Access tokens can be generated for a `Customer` as well via the [Cybrid IdP](https://id.production.cybrid.app)
as well.\n\nAn `Organization` access token applies broadly to the whole Organization
and all of its `Banks`, whereas, a `Bank` access token is specific to an individual
Bank. `Customer` tokens, similarly, are scoped to a specific customer in a bank.\n\nBoth
`Organization` and `Bank` tokens can be created using the OAuth Client Credential
Grant flow. Each Organization and Bank has its own unique `Client ID` and `Secret`
that allows for machine-to-machine authentication.\n\nA `Bank` can then generate
`Customer` access tokens via API using our [Identities API](https://id.production.cybrid.app/api/schema/swagger-ui).\n\n**⚠️ Never share your Client ID or Secret publicly or in your
source code repository.**\n\nYour `Client ID` and `Secret` can be exchanged
for a time-limited `Bearer Token` by interacting with the Cybrid Identity Provider
or through interacting with the **Authorize** button in this document.\n\nThe
following curl command can be used to quickly generate a `Bearer Token` for use
in testing the API or demo applications.\n\n```\n# Example request when using
Bank credentials\ncurl -X POST https://id.production.cybrid.app/oauth/token -d
'{\n \"grant_type\": \"client_credentials\",\n \"client_id\": \"\",\n \"client_secret\": \"\",\n \"scope\": \"banks:read
banks:write bank_applications:read bank_applications:write bank_applications:execute
accounts:read accounts:execute counterparties:read counterparties:pii:read counterparties:write
counterparties:execute customers:read customers:pii:read customers:write customers:execute
prices:read quotes:execute quotes:read trades:execute trades:read transfers:execute
transfers:read transfers:write external_bank_accounts:read external_bank_accounts:pii:read
external_bank_accounts:write external_bank_accounts:execute external_wallets:read
external_wallets:execute workflows:read workflows:execute deposit_addresses:read
deposit_addresses:execute deposit_bank_accounts:read deposit_bank_accounts:execute
invoices:read invoices:write invoices:execute identity_verifications:read identity_verifications:pii:read
identity_verifications:write identity_verifications:execute persona_sessions:execute
plans:execute plans:read executions:execute executions:read files:read files:pii:read
files:execute\"\n }' -H \"Content-Type: application/json\"\n\n# When using Organization
credentials set `scope` to 'organizations:read organizations:write organization_applications:read
organization_applications:write organization_applications:execute banks:read banks:write
banks:execute bank_applications:read bank_applications:write bank_applications:execute
users:read users:write users:execute counterparties:read counterparties:pii:read
customers:read customers:pii:read accounts:read prices:read quotes:execute quotes:read
trades:execute trades:read transfers:read transfers:write transfers:execute external_bank_accounts:read
external_bank_accounts:pii:read external_wallets:read workflows:read deposit_addresses:read
deposit_bank_accounts:read invoices:read subscriptions:read subscriptions:write
subscriptions:execute subscription_events:read subscription_events:execute identity_verifications:read
identity_verifications:pii:read identity_verifications:execute persona_sessions:execute
plans:execute plans:read executions:execute executions:read files:read files:pii:read
files:execute'\n```\n**⚠️ Note: The above curl will create
a bearer token with full scope access. Delete scopes if you'd like to restrict
access.**\n\n## Authentication Scopes\n\nThe Cybrid platform supports the
use of scopes to control the level of access a token is limited to. Scopes do
not grant access to resources; instead, they provide limits, in support of the
least privilege principal.\n\nThe following scopes are available on the platform
and can be requested when generating either an Organization, Bank or Customer
token. Generally speaking, the _Read_ scope is required to read and list resources,
the _Write_ scope is required to update a resource and the _Execute_ scope is
required to create a resource.\n\n| Resource | Read scope (Token
Type) | Write scope (Token Type) |
Execute scope (Token Type) |\n|-----------------------|------------------------------------------------------------|-----------------------------------------------|--------------------------------------------------|\n|
Account | accounts:read (Organization, Bank, Customer) |
\ | accounts:execute (Bank, Customer)
\ |\n| Bank | banks:read (Organization, Bank) |
banks:write (Organization, Bank) | banks:execute (Organization) |\n|
Customer | customers:read (Organization, Bank, Customer) |
customers:write (Bank, Customer) | customers:execute (Bank) |\n|
Counterparty | counterparties:read (Organization, Bank, Customer) |
counterparties:write (Bank, Customer) | counterparties:execute (Bank)
\ |\n| Deposit Address | deposit_addresses:read (Organization,
Bank, Customer) | deposit_addresses:write (Bank, Customer) | deposit_addresses:execute
(Bank, Customer) |\n| External Bank Account | external_bank_accounts:read
(Organization, Bank, Customer) | external_bank_accounts:write (Bank, Customer)
| external_bank_accounts:execute (Bank, Customer) |\n| External Wallet |
external_wallet:read (Organization, Bank, Customer) | |
external_wallet:execute (Bank, Customer) |\n| Organization |
organizations:read (Organization) | organizations:write
(Organization) | |\n|
User | users:read (Organization) |
\ | users:execute (Organization)
\ |\n| Price | prices:read (Bank, Customer)
\ | |
\ |\n| Quote |
quotes:read (Organization, Bank, Customer) | |
quotes:execute (Organization, Bank, Customer) |\n| Trade |
trades:read (Organization, Bank, Customer) | |
trades:execute (Organization, Bank, Customer) |\n| Transfer |
transfers:read (Organization, Bank, Customer) | |
transfers:execute (Organization, Bank, Customer) |\n| Workflow |
workflows:read (Organization, Bank, Customer) | |
workflows:execute (Bank, Customer) |\n| Invoice |
invoices:read (Organization, Bank, Customer) | invoices:write (Bank,
Customer) | invoices:execute (Bank, Customer) |\n\n##
Available Endpoints\n\nThe available APIs for the [Identity](https://id.production.cybrid.app/api/schema/swagger-ui),
[Organization](https://organization.production.cybrid.app/api/schema/swagger-ui)
and [Bank](https://bank.production.cybrid.app/api/schema/swagger-ui) API services
are listed below:\n\n| API Service | Model | API Endpoint Path
\ | Description |\n|--------------|----------------------|--------------------------------|---------------------------------------------------------------------------------------------------|\n|
Identity | Bank | /api/bank_applications | Create
and list banks |\n|
Identity | CustomerToken | /api/customer_tokens | Create
customer JWT access tokens |\n|
Identity | Organization | /api/organization_applications | Create
and list organizations |\n|
Identity | Organization | /api/users | Create
and list organization users |\n|
Organization | Organization | /api/organizations | APIs to
retrieve and update organization name |\n|
Bank | Account | /api/accounts | Create
and list accounts, which hold a specific asset for a customers |\n|
Bank | Asset | /api/assets | Get a list
of assets supported by the platform (ex: BTC, ETH) |\n|
Bank | Bank | /api/banks | Create,
update and list banks, the parent to customers, accounts, etc |\n|
Bank | Customer | /api/customers | Create
and list customers |\n|
Bank | Counterparty | /api/counterparties | Create
and list counterparties |\n|
Bank | DepositAddress | /api/deposit_addresses | Create,
get and list deposit addresses |\n|
Bank | ExternalBankAccount | /api/external_bank_accounts | Create,
get and list external bank accounts, which connect customer bank accounts to the
platform |\n| Bank | ExternalWallet | /api/external_wallets |
Create, get, list and delete external wallets, which connect customer wallets
to the platform |\n| Bank | IdentityVerification | /api/identity_verifications
\ | Create and list identity verifications, which are performed on customers
for KYC |\n| Bank | Invoice | /api/invoices
\ | Create, get, cancel and list invoices |\n|
Bank | PaymentInstruction | /api/payment_instructions | Create,
get and list payment instructions for invoices |\n|
Bank | Price | /api/prices | Get the
current prices for assets on the platform |\n|
Bank | Quote | /api/quotes | Create
and list quotes, which are required to execute trades |\n|
Bank | Symbol | /api/symbols | Get a list
of symbols supported for trade (ex: BTC-USD) |\n|
Bank | Trade | /api/trades | Create
and list trades, which buy or sell cryptocurrency |\n|
Bank | Transfer | /api/transfers | Create,
get and list transfers (e.g., funding, book) |\n|
Bank | Workflow | /api/workflows | Create,
get and list workflows |\n\n##
Understanding Object Models & Endpoints\n\n**Organizations**\n\nAn `Organization`
is meant to represent the organization partnering with Cybrid to use our platform.\n\nAn
`Organization` typically does not directly interact with `customers`. Instead,
an Organization has one or more `banks`, which encompass the financial service
offerings of the platform.\n\n**Banks**\n\nA `Bank` is owned by an `Organization`
and can be thought of as an environment or container for `customers` and product
offerings. Banks are created in either `Sandbox` or `Production` mode, where `Sandbox`
is the environment that you would test, prototype and build in prior to moving
to `Production`.\n\nAn `Organization` can have multiple `banks`, in either `Sandbox`
or `Production` environments. A `Sandbox Bank` will be backed by stubbed data
and process flows. For instance, funding source transfer processes as well as
trades will be simulated rather than performed, however asset prices are representative
of real-world values. You have an unlimited amount of simulated fiat currency
for testing purposes.\n\n**Customers**\n\n`Customers` represent your banking users
on the platform. At present, we offer support for `Individuals` as Customers.\n\n`Customers`
must be verified (i.e., KYC'd) in our system before they can play any part on
the platform, which means they must have an associated and a passing `Identity
Verification`. See the Identity Verifications section for more details on how
a customer can be verified.\n\n`Customers` must also have an `Account` to be able
to transact, in the desired asset class. See the Accounts APIs for more details
on setting up accounts for the customer.\n"
version: v0.129.53
contact:
name: Cybrid Support
email: support@cybrid.app
license:
name: Apache-2.0
url: https://www.apache.org/licenses/LICENSE-2.0.html
paths:
"/api/organizations/{organization_guid}":
get:
summary: Get organization
tags:
- Organizations
operationId: getOrganization
description: |-
Retrieve an organization.
Required scope: **organizations:read**
security:
- BearerAuth: []
oauth2:
- organizations:read
parameters:
- name: organization_guid
in: path
required: true
description: Identifier for the organization.
schema:
type: string
responses:
'200':
description: organization found
content:
application/json:
schema:
"$ref": "#/components/schemas/Organization"
'400':
description: invalid organization
content:
application/json:
examples:
not_found:
value:
status: 404
error_message: organization not found
message_code: not_found
schema:
"$ref": "#/components/schemas/ErrorResponse"
'401':
description: Invalid requests - Malformed Authentication Header
content:
application/json:
examples:
invalid_subject:
value:
status: 401
error_message: 'Invalid Subject type. Required: organization'
message_code: invalid_subject
invalid_signature:
value:
status: 401
error_message: Signature verification raised
message_code: authentication_failed
invalid_audience:
value:
status: 401
error_message: Invalid audience
message_code: authentication_failed
invalid_issuer:
value:
status: 401
error_message: Invalid issuer
message_code: authentication_failed
expired_signature:
value:
status: 401
error_message: Signature has expired
message_code: authentication_failed
malformed_auth_header:
value:
status: 401
error_message: Authorization header is malformed.
message_code: authentication_malformed
schema:
"$ref": "#/components/schemas/ErrorResponse"
'403':
description: Invalid scope
content:
application/json:
examples:
invalid_scope:
value:
status: 403
error_message: 'Invalid scopes. Required: organizations:read'
message_code: invalid_scopes
schema:
"$ref": "#/components/schemas/ErrorResponse"
patch:
summary: Patch organization
tags:
- Organizations
operationId: updateOrganization
description: |-
Update an organization.
Required scope: **organizations:write**
security:
- BearerAuth: []
oauth2:
- organizations:write
parameters:
- name: organization_guid
in: path
required: true
description: Identifier for the organization.
schema:
type: string
responses:
'200':
description: organization found
content:
application/json:
schema:
"$ref": "#/components/schemas/Organization"
'400':
description: Invalid requests - invalid organization name length
content:
application/json:
schema:
"$ref": "#/components/schemas/ErrorResponse"
examples:
invalid_value:
value:
status: 400
error_message: name must be at the most 128 characters long
message_code: invalid_value
malformed_auth_header:
value:
status: 401
error_message: Authorization header is malformed.
message_code: authentication_malformed
'401':
description: Unauthorized - Authentication failed, invalid subject
content:
application/json:
examples:
invalid_subject:
value:
status: 401
error_message: 'Invalid Subject type. Required: organization'
message_code: invalid_subject
invalid_signature:
value:
status: 401
error_message: Signature verification raised
message_code: authentication_failed
invalid_audience:
value:
status: 401
error_message: Invalid audience
message_code: authentication_failed
invalid_issuer:
value:
status: 401
error_message: Invalid issuer
message_code: authentication_failed
expired_signature:
value:
status: 401
error_message: Signature has expired
message_code: authentication_failed
schema:
"$ref": "#/components/schemas/ErrorResponse"
'403':
description: Invalid scope
content:
application/json:
examples:
invalid_scope:
value:
status: 403
error_message: 'Invalid scopes. Required: internal:organizations:execute'
message_code: invalid_scopes
schema:
"$ref": "#/components/schemas/ErrorResponse"
requestBody:
content:
application/json:
schema:
"$ref": "#/components/schemas/PatchOrganization"
required: true
"/api/subscription_deliveries/":
post:
summary: Create SubscriptionDelivery
tags:
- SubscriptionDeliveries
operationId: createSubscriptionDelivery
description: |-
Creates a SubscriptionDelivery.
## Subscription Delivery
Create a SubscriptionDelivery to retry the delivery of a SubscriptionEvent to a Subscription.
## State
| State | Description |
|-------|-------------|
| storing | The Platform is storing the SubscriptionDelivery details in our private store |
| completed | The Platform has successfully delivered the SubscriptionEvent to specified Subscription |
| failing | The Platform is failing to deliver the SubscriptionDelivery, a new attempt will be made (see `next_attempt_at`) |
| failed | The Platform has failed to deliver the SubscriptionDelivery, no more attempts will be made |
Required scope: **subscription_events:execute
security:
- BearerAuth: []
oauth2:
- subscription_events:execute
parameters: []
responses:
'201':
description: SubscriptionDelivery created
content:
application/json:
schema:
"$ref": "#/components/schemas/SubscriptionDelivery"
'401':
description: 'Unauthorized - Authentication failed, '
content:
application/json:
examples:
invalid_subject:
value:
status: 401
error_message: 'Invalid Subject type. Required: bank or customer'
message_code: invalid_subject
invalid_signature:
value:
status: 401
error_message: Signature verification raised
message_code: authentication_failed
invalid_audience:
value:
status: 401
error_message: Invalid audience
message_code: authentication_failed
invalid_issuer:
value:
status: 401
error_message: Invalid issuer
message_code: authentication_failed
expired_signature:
value:
status: 401
error_message: Signature has expired
message_code: authentication_failed
malformed_auth_header:
value:
status: 401
error_message: Authorization header is malformed.
message_code: authentication_malformed
schema:
"$ref": "#/components/schemas/ErrorResponse"
'403':
description: Invalid scope
content:
application/json:
examples:
invalid_scope:
value:
status: 403
error_message: 'Invalid scopes. Required: subscription_events:execute'
message_code: invalid_scopes
schema:
"$ref": "#/components/schemas/ErrorResponse"
requestBody:
content:
application/json:
schema:
"$ref": "#/components/schemas/PostSubscriptionDelivery"
required: true
"/api/subscription_deliveries/{subscription_delivery_guid}":
get:
summary: 'Get Subscription Delivery '
tags:
- SubscriptionDeliveries
operationId: getSubscriptionDelivery
description: |-
Retrieves a subscription delivery.
Required scope: **subscription_events:read**
security:
- BearerAuth: []
oauth2:
- subscription_events:read
parameters:
- name: subscription_delivery_guid
in: path
required: true
description: Identifier for the subscription delivery.
schema:
type: string
responses:
'200':
description: Subscription delivery found
content:
application/json:
schema:
"$ref": "#/components/schemas/SubscriptionDelivery"
'401':
description: 'Unauthorized - Authentication failed, '
content:
application/json:
examples:
invalid_subject:
value:
status: 401
error_message: 'Invalid Subject type. Required: customer or bank
or internal'
message_code: invalid_subject
invalid_signature:
value:
status: 401
error_message: Signature verification raised
message_code: authentication_failed
invalid_audience:
value:
status: 401
error_message: Invalid audience
message_code: authentication_failed
invalid_issuer:
value:
status: 401
error_message: Invalid issuer
message_code: authentication_failed
expired_signature:
value:
status: 401
error_message: Signature has expired
message_code: authentication_failed
malformed_auth_header:
value:
status: 401
error_message: Authorization header is malformed.
message_code: authentication_malformed
schema:
"$ref": "#/components/schemas/ErrorResponse"
'403':
description: Invalid scope
content:
application/json:
examples:
invalid_scope:
value:
status: 403
error_message: 'Invalid scopes. Required: subscription_events:read'
message_code: invalid_scopes
schema:
"$ref": "#/components/schemas/ErrorResponse"
'404':
description: Subscription delivery not found
content:
application/json:
examples:
not_found:
value:
status: 404
error_message: Subscription delivery not found
message_code: not_found
schema:
"$ref": "#/components/schemas/ErrorResponse"
"/api/subscription_deliveries":
get:
summary: Get subscription deliveries list
tags:
- SubscriptionDeliveries
operationId: listSubscriptionDeliveries
description: |-
Retrieves a listing of subscription deliveries s.
Required scope: **subscription_events:read**
security:
- BearerAuth: []
oauth2:
- subscription_events:read
parameters:
- name: page
in: query
required: false
schema:
"$ref": "#/components/schemas/ListRequestPage"
description: The page index to retrieve.
- name: per_page
in: query
required: false
schema:
"$ref": "#/components/schemas/ListRequestPerPage"
description: The number of entities per page to return.
- name: guid
in: query
required: false
description: Comma separated subscription_delivery_guids to list subscription
deliveries for.
schema:
type: string
- name: subscription_event_guid
in: query
required: false
description: Comma separated subscription_event_guids to list subscription
deliveries for.
schema:
type: string
- name: subscription_guid
in: query
required: false
description: Comma separated subscription_guids to list subscription deliveries
for.
schema:
type: string
responses:
'200':
description: Get list of subscription deliveries
content:
application/json:
schema:
"$ref": "#/components/schemas/SubscriptionDeliveryList"
'400':
description: Invalid requests
content:
application/json:
examples:
invalid_value:
value:
status: 400
error_message: Invalid value. comma separated guids must be at
the most 4096 characters long
message_code: invalid_value
schema:
"$ref": "#/components/schemas/ErrorResponse"
'401':
description: 'Unauthorized - Authentication failed, '
content:
application/json:
examples:
invalid_subject:
value:
status: 401
error_message: 'Invalid Subject type. Required: customer or bank
or internal'
message_code: invalid_subject
invalid_signature:
value:
status: 401
error_message: Signature verification raised
message_code: authentication_failed
invalid_audience:
value:
status: 401
error_message: Invalid audience
message_code: authentication_failed
invalid_issuer:
value:
status: 401
error_message: Invalid issuer
message_code: authentication_failed
expired_signature:
value:
status: 401
error_message: Signature has expired
message_code: authentication_failed
malformed_auth_header:
value:
status: 401
error_message: Authorization header is malformed.
message_code: authentication_malformed
schema:
"$ref": "#/components/schemas/ErrorResponse"
'403':
description: Invalid scope
content:
application/json:
examples:
invalid_scope:
value:
status: 403
error_message: 'Invalid scopes. Required: subscription_events:read'
message_code: invalid_scopes
schema:
"$ref": "#/components/schemas/ErrorResponse"
"/api/subscription_events/{subscription_event_guid}":
get:
summary: 'Get Subscription Event '
tags:
- SubscriptionEvents
operationId: getSubscriptionEvent
description: |-
Retrieves a Subscription Event.
Required scope: **subscription_events:read**
security:
- BearerAuth: []
oauth2:
- subscription_events:read
parameters:
- name: subscription_event_guid
in: path
required: true
description: Identifier for the Subscription Event.
schema:
type: string
responses:
'200':
description: Subscription Event found
content:
application/json:
schema:
"$ref": "#/components/schemas/SubscriptionEvent"
'401':
description: 'Unauthorized - Authentication failed, '
content:
application/json:
examples:
invalid_subject:
value:
status: 401
error_message: 'Invalid Subject type. Required: customer or bank
or internal'
message_code: invalid_subject
invalid_signature:
value:
status: 401
error_message: Signature verification raised
message_code: authentication_failed
invalid_audience:
value:
status: 401
error_message: Invalid audience
message_code: authentication_failed
invalid_issuer:
value:
status: 401
error_message: Invalid issuer
message_code: authentication_failed
expired_signature:
value:
status: 401
error_message: Signature has expired
message_code: authentication_failed
malformed_auth_header:
value:
status: 401
error_message: Authorization header is malformed.
message_code: authentication_malformed
schema:
"$ref": "#/components/schemas/ErrorResponse"
'403':
description: Invalid scope
content:
application/json:
examples:
invalid_scope:
value:
status: 403
error_message: 'Invalid scopes. Required: subscription_events:read'
message_code: invalid_scopes
schema:
"$ref": "#/components/schemas/ErrorResponse"
'404':
description: Subscription Event not found
content:
application/json:
examples:
not_found:
value:
status: 404
error_message: Subscription Event not found
message_code: not_found
schema:
"$ref": "#/components/schemas/ErrorResponse"
"/api/subscription_events":
get:
summary: Get subscription events list
tags:
- SubscriptionEvents
operationId: listSubscriptionEvents
description: |-
Retrieves a listing of subscription events s.
Required scope: **subscription_events:read**
security:
- BearerAuth: []
oauth2:
- subscription_events:read
parameters:
- name: page
in: query
required: false
schema:
"$ref": "#/components/schemas/ListRequestPage"
description: The page index to retrieve.
- name: per_page
in: query
required: false
schema:
"$ref": "#/components/schemas/ListRequestPerPage"
description: The number of entities per page to return.
- name: guid
in: query
required: false
description: Comma separated subscription_event_guids to list subscription
events for.
schema:
type: string
responses:
'200':
description: Get list of subscription events
content:
application/json:
schema:
"$ref": "#/components/schemas/SubscriptionEventList"
'400':
description: Invalid requests
content:
application/json:
examples:
invalid_value:
value:
status: 400
error_message: Invalid value. comma separated guids must be at
the most 4096 characters long
message_code: invalid_value
schema:
"$ref": "#/components/schemas/ErrorResponse"
'401':
description: 'Unauthorized - Authentication failed, '
content:
application/json:
examples:
invalid_subject:
value:
status: 401
error_message: 'Invalid Subject type. Required: customer or bank
or internal'
message_code: invalid_subject
invalid_signature:
value:
status: 401
error_message: Signature verification raised
message_code: authentication_failed
invalid_audience:
value:
status: 401
error_message: Invalid audience
message_code: authentication_failed
invalid_issuer:
value:
status: 401
error_message: Invalid issuer
message_code: authentication_failed
expired_signature:
value:
status: 401
error_message: Signature has expired
message_code: authentication_failed
malformed_auth_header:
value:
status: 401
error_message: Authorization header is malformed.
message_code: authentication_malformed
schema:
"$ref": "#/components/schemas/ErrorResponse"
'403':
description: Invalid scope
content:
application/json:
examples:
invalid_scope:
value:
status: 403
error_message: 'Invalid scopes. Required: subscription_events:read'
message_code: invalid_scopes
schema:
"$ref": "#/components/schemas/ErrorResponse"
"/api/subscriptions/":
post:
summary: Create Subscription
tags:
- Subscriptions
operationId: createSubscription
description: |-
Creates a Subscription.
## Subscription creation
Subscriptions can be created for webhook endpoints.
## State
| State | Description |
|-------|-------------|
| storing | The Platform is storing the subscription details in our private store |
| completed | The Platform has created the subscription |
| failed | The Platform was not able to successfully create the subscription |
Required scope: **subscriptions:execute
security:
- BearerAuth: []
oauth2:
- subscriptions:execute
parameters: []
responses:
'201':
description: Subscription created
content:
application/json:
schema:
"$ref": "#/components/schemas/Subscription"
'401':
description: 'Unauthorized - Authentication failed, '
content:
application/json:
examples:
invalid_subject:
value:
status: 401
error_message: 'Invalid Subject type. Required: bank or customer'
message_code: invalid_subject
invalid_signature:
value:
status: 401
error_message: Signature verification raised
message_code: authentication_failed
invalid_audience:
value:
status: 401
error_message: Invalid audience
message_code: authentication_failed
invalid_issuer:
value:
status: 401
error_message: Invalid issuer
message_code: authentication_failed
expired_signature:
value:
status: 401
error_message: Signature has expired
message_code: authentication_failed
malformed_auth_header:
value:
status: 401
error_message: Authorization header is malformed.
message_code: authentication_malformed
schema:
"$ref": "#/components/schemas/ErrorResponse"
'403':
description: Invalid scope
content:
application/json:
examples:
invalid_scope:
value:
status: 403
error_message: 'Invalid scopes. Required: subscriptions:execute'
message_code: invalid_scopes
schema:
"$ref": "#/components/schemas/ErrorResponse"
'422':
description: Unprocessable Content
content:
application/json:
examples:
unknown_organization:
value:
status: 422
error_message: Unknown organization
message_code: unknown_organization
invalid_https_url:
value:
status: 422
error_message: Https required for production
message_code: invalid_https_url
schema:
"$ref": "#/components/schemas/ErrorResponse"
requestBody:
content:
application/json:
schema:
"$ref": "#/components/schemas/PostSubscription"
required: true
"/api/subscriptions/{subscription_guid}":
delete:
summary: Delete Subscription
tags:
- Subscriptions
operationId: deleteSubscription
description: |-
Deletes a subscription.
Required scope: **subscriptions:execute**
security:
- BearerAuth: []
oauth2:
- subscriptions:execute
parameters:
- name: subscription_guid
in: path
required: true
description: Identifier for the subscription.
schema:
type: string
responses:
'204':
description: Subscription deleted
'401':
description: 'Unauthorized - Authentication failed, '
content:
application/json:
examples:
invalid_subject:
value:
status: 401
error_message: 'Invalid Subject type. Required: customer or bank
or internal'
message_code: invalid_subject
invalid_signature:
value:
status: 401
error_message: Signature verification raised
message_code: authentication_failed
invalid_audience:
value:
status: 401
error_message: Invalid audience
message_code: authentication_failed
invalid_issuer:
value:
status: 401
error_message: Invalid issuer
message_code: authentication_failed
expired_signature:
value:
status: 401
error_message: Signature has expired
message_code: authentication_failed
malformed_auth_header:
value:
status: 401
error_message: Authorization header is malformed.
message_code: authentication_malformed
schema:
"$ref": "#/components/schemas/ErrorResponse"
'403':
description: Invalid scope
content:
application/json:
examples:
invalid_scope:
value:
status: 403
error_message: 'Invalid scopes. Required: subscriptions:execute'
message_code: invalid_scopes
schema:
"$ref": "#/components/schemas/ErrorResponse"
'404':
description: Subscription not found
content:
application/json:
examples:
not_found:
value:
status: 404
error_message: Subscription not found
message_code: not_found
schema:
"$ref": "#/components/schemas/ErrorResponse"
get:
summary: 'Get Subscription '
tags:
- Subscriptions
operationId: getSubscription
description: |-
Retrieves a subscription.
Required scope: **subscriptions:read**
security:
- BearerAuth: []
oauth2:
- subscriptions:read
parameters:
- name: subscription_guid
in: path
required: true
description: Identifier for the subscription.
schema:
type: string
responses:
'200':
description: Subscription found
content:
application/json:
schema:
"$ref": "#/components/schemas/Subscription"
'401':
description: 'Unauthorized - Authentication failed, '
content:
application/json:
examples:
invalid_subject:
value:
status: 401
error_message: 'Invalid Subject type. Required: customer or bank
or internal'
message_code: invalid_subject
invalid_signature:
value:
status: 401
error_message: Signature verification raised
message_code: authentication_failed
invalid_audience:
value:
status: 401
error_message: Invalid audience
message_code: authentication_failed
invalid_issuer:
value:
status: 401
error_message: Invalid issuer
message_code: authentication_failed
expired_signature:
value:
status: 401
error_message: Signature has expired
message_code: authentication_failed
malformed_auth_header:
value:
status: 401
error_message: Authorization header is malformed.
message_code: authentication_malformed
schema:
"$ref": "#/components/schemas/ErrorResponse"
'403':
description: Invalid scope
content:
application/json:
examples:
invalid_scope:
value:
status: 403
error_message: 'Invalid scopes. Required: subscriptions:read'
message_code: invalid_scopes
schema:
"$ref": "#/components/schemas/ErrorResponse"
'404':
description: Subscription not found
content:
application/json:
examples:
not_found:
value:
status: 404
error_message: Subscription not found
message_code: not_found
schema:
"$ref": "#/components/schemas/ErrorResponse"
"/api/subscriptions":
get:
summary: Get subscriptions list
tags:
- Subscriptions
operationId: listSubscriptions
description: |-
Retrieves a listing of subscriptions.
Required scope: **subscriptions:read**
security:
- BearerAuth: []
oauth2:
- subscriptions:read
parameters:
- name: page
in: query
required: false
schema:
"$ref": "#/components/schemas/ListRequestPage"
description: The page index to retrieve.
- name: per_page
in: query
required: false
schema:
"$ref": "#/components/schemas/ListRequestPerPage"
description: The number of entities per page to return.
- name: guid
in: query
required: false
description: Comma separated subscription_guids to list subscriptions for.
schema:
type: string
- name: environment
in: query
required: false
description: Environment to list subscriptions for.
schema:
type: string
- name: state
in: query
required: false
description: State to list subscriptions for.
schema:
type: string
responses:
'200':
description: Get list of subscriptions
content:
application/json:
schema:
"$ref": "#/components/schemas/SubscriptionList"
'400':
description: Invalid requests
content:
application/json:
examples:
invalid_value:
value:
status: 400
error_message: Invalid value. comma separated guids must be at
the most 4096 characters long
message_code: invalid_value
schema:
"$ref": "#/components/schemas/ErrorResponse"
'401':
description: 'Unauthorized - Authentication failed, '
content:
application/json:
examples:
invalid_subject:
value:
status: 401
error_message: 'Invalid Subject type. Required: customer or bank
or internal'
message_code: invalid_subject
invalid_signature:
value:
status: 401
error_message: Signature verification raised
message_code: authentication_failed
invalid_audience:
value:
status: 401
error_message: Invalid audience
message_code: authentication_failed
invalid_issuer:
value:
status: 401
error_message: Invalid issuer
message_code: authentication_failed
expired_signature:
value:
status: 401
error_message: Signature has expired
message_code: authentication_failed
malformed_auth_header:
value:
status: 401
error_message: Authorization header is malformed.
message_code: authentication_malformed
schema:
"$ref": "#/components/schemas/ErrorResponse"
'403':
description: Invalid scope
content:
application/json:
examples:
invalid_scope:
value:
status: 403
error_message: 'Invalid scopes. Required: subscriptions:read'
message_code: invalid_scopes
schema:
"$ref": "#/components/schemas/ErrorResponse"
components:
securitySchemes:
oauth2:
type: oauth2
flows:
clientCredentials:
tokenUrl: https://id.production.cybrid.app/oauth/token
scopes:
organizations:write: organizations write
organizations:read: organizations read
subscriptions:write: subscriptions write
subscriptions:read: subscriptions read
subscriptions:execute: subscriptions execute
subscription_events:read: subscription_events read
subscription_events:execute: subscription_events execute
BearerAuth:
type: http
scheme: bearer
bearerFormat: JWT
schemas:
ListRequestCursor:
description: The cursor used to retrieve the page.
type: string
nullable: true
ListRequestPage:
description: The page index to retrieve.
type: integer
minimum: 0
ListRequestPerPage:
description: The number of entities per page to return.
type: integer
minimum: 1
maximum: 100
Organization:
type: object
properties:
guid:
type: string
description: Auto-generated unique identifier for the organization.
name:
type: string
description: Name provided for the organization.
maxLength: 128
created_at:
type: string
format: date-time
description: ISO8601 datetime the record was created at.
updated_at:
type: string
format: date-time
description: ISO8601 datetime the record was last updated at.
required:
- guid
- name
- created_at
PatchOrganization:
type: object
description: Request body for organization modification.
properties:
name:
type: string
description: Name for the organization.
nullable: true
minLength: 1
maxLength: 128
Subscription:
type: object
properties:
guid:
type: string
description: Auto-generated unique identifier for the subscription.
minLength: 32
maxLength: 32
organization_guid:
type: string
description: The organization guid for the subscription.
minLength: 32
maxLength: 32
name:
type: string
description: Name provided for the subscription.
minLength: 1
maxLength: 128
type:
type: string
description: The type of subscription.
enum:
- webhook
url:
type: string
description: The url for the subscription.
minLength: 1
maxLength: 1024
signing_key:
type: string
description: Subscription private signing key.
deliveries_failing_since:
type: string
format: date-time
description: ISO8601 datetime the deliveries started failing.
nullable: true
environment:
type: string
description: The environment that the subscription is configured for; one
of sandbox or production.
state:
type: string
description: The state of the subscription; one of storing, completed, or
failed.
failure_code:
type: string
description: The failure code of a subscription (if any)
nullable: true
created_at:
type: string
format: date-time
description: ISO8601 datetime the record was created at.
updated_at:
type: string
format: date-time
description: ISO8601 datetime the record was last updated at.
required:
- guid
- name
- type
- url
- environment
- state
SubscriptionType:
type: string
enum:
- webhook
SubscriptionState:
type: string
enum:
- storing
- completed
- failed
SubscriptionEnvironment:
type: string
enum:
- sandbox
- production
PostSubscription:
type: object
description: Request body for subscription creation.
properties:
environment:
type: string
description: The environment that the subscription is configured for.
enum:
- sandbox
- production
type:
type: string
description: Type of the subscription.
enum:
- webhook
name:
type: string
description: Name provided for the subscription.
minLength: 1
maxLength: 128
url:
type: string
description: URL provided for the subscription.
minLength: 1
maxLength: 1024
required:
- environment
- type
- name
- url
SubscriptionList:
type: object
properties:
total:
description: The total number of records available.
type: integer
minimum: 0
page:
description: The page index to retrieve.
type: integer
minimum: 0
per_page:
description: The number of entities per page to return.
type: integer
minimum: 1
objects:
type: array
items:
"$ref": "#/components/schemas/Subscription"
required:
- total
- page
- per_page
- objects
SubscriptionEvent:
type: object
properties:
guid:
type: string
description: Auto-generated unique identifier for the subscription event.
bank_guid:
type: string
description: The bank guid for which the event is received.
event_type:
type: string
description: The type of the subscription event. One of trade.storing, trade.pending,
trade.executed, trade.cancelled, trade.completed, trade.settling, trade.failed,
transfer.storing, transfer.pending, transfer.holding, transfer.reviewing,
transfer.completed, transfer.failed, identity_verification.storing, identity_verification.pending,
identity_verification.reviewing, identity_verification.waiting, identity_verification.expired,
identity_verification.completed, plan.storing, plan.planning, plan.completed,
plan.failed, execution.storing, execution.executing, execution.completed,
or execution.failed.
object_guid:
type: string
description: The object guid for which the event is received.
environment:
type: string
description: The environment that the subscription event is configured for;
one of sandbox or production.
organization_guid:
type: string
description: The organization guid of the subscription event.
created_at:
type: string
format: date-time
description: ISO8601 datetime the record was created at.
updated_at:
type: string
format: date-time
description: ISO8601 datetime the record was last updated at.
required:
- guid
- event_type
- object_guid
- environment
- organization_guid
- created_at
SubscriptionEventList:
type: object
properties:
total:
description: The total number of records available.
type: integer
minimum: 0
page:
description: The page index to retrieve.
type: integer
minimum: 0
per_page:
description: The number of entities per page to return.
type: integer
minimum: 1
objects:
type: array
items:
"$ref": "#/components/schemas/SubscriptionEvent"
required:
- total
- page
- per_page
- objects
SubscriptionDelivery:
type: object
properties:
guid:
type: string
description: Auto-generated unique identifier for the subscription delivery.
response:
type: string
description: The response of the subscription delivery.
nullable: true
subscription_event_guid:
type: string
description: The subscription event guid of the subscription delivery.
subscription_guid:
type: string
description: The subscription guid of the subscription delivery.
state:
type: string
description: The state of the subscription delivery.
enum:
- storing
- completed
- failing
- failed
next_attempt_at:
type: string
format: date-time
description: ISO8601 datetime the next attempt will be made.
nullable: true
attempt_count:
type: integer
description: The number of attempts made to deliver the event.
completed_at:
type: string
format: date-time
description: ISO8601 datetime the event was delivered.
nullable: true
failed_at:
type: string
format: date-time
description: ISO8601 datetime the event delivery was marked as failed.
nullable: true
created_at:
type: string
format: date-time
description: ISO8601 datetime the record was created at.
updated_at:
type: string
format: date-time
description: ISO8601 datetime the record was last updated at.
required:
- guid
- subscription_event_guid
- subscription_guid
- state
- attempt_count
PostSubscriptionDelivery:
type: object
description: Request body for subscription delivery creation.
properties:
subscription_event_guid:
type: string
description: The event guid .
minLength: 32
maxLength: 32
subscription_guid:
type: string
description: The subscription guid.
minLength: 32
maxLength: 32
required:
- subscription_event_guid
- subscription_guid
SubscriptionDeliveryList:
type: object
properties:
total:
description: The total number of records available.
type: integer
minimum: 0
page:
description: The page index to retrieve.
type: integer
minimum: 0
per_page:
description: The number of entities per page to return.
type: integer
minimum: 1
objects:
type: array
items:
"$ref": "#/components/schemas/SubscriptionDelivery"
required:
- total
- page
- per_page
- objects
ErrorResponse:
type: object
properties:
status:
description: Status code for Http Request
type: integer
error_message:
description: Error message
type: string
message_code:
description: Message code for Error
type: string
required:
- status
- error_message
- message_code
servers:
- url: https://organization.sandbox.cybrid.app
description: Sandbox environment is simulated money movement
- url: https://organization.production.cybrid.app
description: Production environment is real money movement