openapi: 3.1.0 info: title: Stellar Disbursement Platform API version: 2.1.0 summary: The Stellar Disbursement Platform (SDP) is a tool built for organizations to make bulk payments to a group of recipients over the Stellar network. description: | The Stellar Disbursement Platform (SDP) is a tool built for organizations to make bulk payments to a group of recipients over the Stellar network. This is an open-source project that is built on top of the Stellar network, and the code can be found on the following repositories: - [stellar/stellar-disbursement-platform-backend](https://github.com/stellar/stellar-disbursement-platform-backend): This repository contains the backend and infrastructure code for the Stellar Disbursement Platform. - [stellar/stellar-disbursement-platform-frontend](https://github.com/stellar/stellar-disbursement-platform-frontend): This repository contains the web frontend code for the Stellar Disbursement Platform. - [stellar/helm-charts](https://github.com/stellar/helm-charts/tree/main/charts/stellar-disbursement-platform): This repository contains the Helm chart for deploying the Stellar Disbursement Platform using kubernetes. termsOfService: https://stellar.org/terms-of-service license: name: Apache 2.0 url: http://www.apache.org/licenses/LICENSE-2.0.html servers: - url: '' tags: - name: Admin x-displayName: Admin (Tenant Management) description: The Admin API oversees the management of tenants within the system, facilitating tasks such as provisioning new tenants, updating their information, and retrieving tenant data. - name: Authentication description: Authentication controls the log in/log out process for all SDP users, as well as the token refresh process. Authentication uses a JWT approach signed with an ES256 private key. - name: API Keys description: API Keys functionality allows to create access key with granular permissions and resource management. - name: Balances description: Endpoints related to balances. A balance is an amount of a particular asset held by an organization, tenant, or account. - name: Bridge Integration description: | Bridge integration endpoints for connecting organizations with Bridge services. **Integration Flow:** 1. Organization opts into Bridge (OPTED_IN status) 2. Complete KYC verification process via Bridge 3. Create virtual account for USD deposits (READY_FOR_DEPOSIT status) 4. Receive USD deposits that are automatically converted to USDC on Stellar **Status Description:** - NOT_ENABLED → Bridge service not configured - NOT_OPTED_IN → Organization hasn't opted in - OPTED_IN → Organization opted in, KYC link created - READY_FOR_DEPOSIT → Virtual account created, ready for deposits - ERROR → Integration error occurred - name: Disbursements description: Endpoints related to disbursements. A disbursement is a group of payments sent to multiple individuals at once. An SDP user with the appropriate role triggers a new disbursement through the SDP dashboard by uploading a list of receivers and amounts. When the receiver has linked their wallet to the SDP, the payment automatically begins. SDP users can track their disbursements in real-time through the SDP dashboard. Each disbursement must have a unique name defined by the organization. - name: Organization description: Organization endpoints manage the process of getting and updating organizational profile information. The organization's profile has basic information set at the time of SDP deployment. It can be modified by the Owner. Organizations can also manage their preferences, like which assets to use, through these endpoints. - name: Payments description: Endpoints related to payments. An SDP payment is an individual payment from an organization to a receiver. Each payment is part of a disbursement and occurs on the Stellar network. Granular payment status is stored in the SDP database and can be viewed in real-time on the SDP dashboard. - name: Profile description: 'Profiles endpoints manage the process of getting and updating individual profile information. Profile information is set when the account is created and can be updated by the user on the SDP dashboard Profile page. Note: profiles never refer to receivers of funds.' - name: Receivers description: | Endpoints related to receivers. A receiver is an individual receiving a payment in a disbursement. The receiver is tracked by phone number to reduce the need for personally identifiable information. Each receiver must be unique within the disbursement. Each receiver will have at least one wallet associated with them. The wallet public key will remain null until the receiver registers with a wallet provider and links the wallet to the SDP through SEP-24. Receivers must verify their identity through that process, which requires the SDP to store verification information on receivers like date of birth, national ID number, or personal PIN. This information can be updated by the organization through the receiver endpoints. - name: Registration description: | The registration endpoints guide the process for a receiver to verify their identity and link their wallet address to an SDP. The registration process only needs to happen once per receiver to link their wallet. Only SDP-compatible wallet providers can facilitate the registration process. These endpoints must be supported and hit by the wallet providers after the receiver gets the initial invite. After the wallet address is successfully linked, the payment automatically begins. There are two parts to the registration flow. First, the wallet must authenticate and initiate a registration flow using the Anchor Platform Endpoints defined below. Note that these endpoints are hosted on a different host than the Stellar Disursement Platform. The second part of the registration flow is handled by the webview that is opened within the wallet application. This webview uses the endpoints defined in the Stellar Disbursement Platfrom Endpoints section to complete the registration process. The wallet application can chose not to use the webview and intstead integrate directly with the API. - name: Statistics description: Statistics endpoints return general aggregated data per organization, as well as disbursement-specific metrics. SDP users can use this data to monitor their disbursements over time. - name: Users description: The users endpoints facilitate the creation of new SDP users - including setting the appropriate role, sending an email invitation, and activating a user - and managing roles. paths: /login: post: tags: - Authentication summary: Log In description: 'Allows credentialed SDP users to log in to the SDP dashboard with a password. Note: all passwords must be at least 8 characters long and a combination of uppercase letters, lowercase letters, numbers, and symbols.' operationId: LogIn requestBody: content: '*/*': schema: required: - email - password type: object properties: email: type: string password: type: string recaptcha_token: type: string description: Token for reCAPTCHA validation. ReCAPTCHA token is required unless the `DISABLE_RECAPTCHA` configuration is set to true. example: email: johndoe@mail.com password: mysecret required: false responses: '200': description: OK content: application/json: schema: type: object properties: token: type: string example: token: eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VyIjp7ImlkIjoidXNlci1pZCIsImVtYWlsIjoiZW1haWxAZW1haWwuY29tIiwicm9sZXMiOlt7Im5hbWUiOiJTdXBlcnZpc29yIn1dfSwiZXhwIjoxNjc1OTYyOTQ3fQ.4Zj9yBXch-iuFYF-kc_EhHPxjpwp_egMOLbOv4bZKO1MFvcmEgZ5MlXH1_1fZfgUxaNBcMCdRM6MGSqKocwGnA example: token: eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VyIjp7ImlkIjoidXNlci1pZCIsImVtYWlsIjoiZW1haWxAZW1haWwuY29tIiwicm9sZXMiOlt7Im5hbWUiOiJTdXBlcnZpc29yIn1dfSwiZXhwIjoxNjc1OTYyOTQ3fQ.4Zj9yBXch-iuFYF-kc_EhHPxjpwp_egMOLbOv4bZKO1MFvcmEgZ5MlXH1_1fZfgUxaNBcMCdRM6MGSqKocwGnA '400': description: Bad Request content: application/json: schema: type: object properties: error: type: string extras: type: object properties: status: type: number message: type: string example: error: Invalid credentials extras: status: 400 message: Invalid username or password example: error: Invalid credentials extras: status: 400 message: Invalid username or password x-codegen-request-body-name: body /refresh-token: post: tags: - Authentication summary: Refresh Token description: A user’s token expires after 15 minutes. This endpoint handles refreshing the user’s token without disrupting their experience. It is triggered within the 30-second window before the token expires. operationId: RefreshToken responses: '200': description: Returns a new access token content: application/json: schema: type: object properties: token: type: string example: token: eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VyIjp7ImlkIjoidXNlci1pZCIsImVtYWlsIjoiZW1haWxAZW1haWwuY29tIiwicm9sZXMiOlt7Im5hbWUiOiJTdXBlcnZpc29yIn1dfSwiZXhwIjoxNjc1OTYyOTQ3fQ.4Zj9yBXch-iuFYF-kc_EhHPxjpwp_egMOLbOv4bZKO1MFvcmEgZ5MlXH1_1fZfgUxaNBcMCdRM6MGSqKocwGnA example: token: eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VyIjp7ImlkIjoidXNlci1pZCIsImVtYWlsIjoiZW1haWxAZW1haWwuY29tIiwicm9sZXMiOlt7Im5hbWUiOiJTdXBlcnZpc29yIn1dfSwiZXhwIjoxNjc1OTYyOTQ3fQ.4Zj9yBXch-iuFYF-kc_EhHPxjpwp_egMOLbOv4bZKO1MFvcmEgZ5MlXH1_1fZfgUxaNBcMCdRM6MGSqKocwGnA '400': description: Bad Request content: application/json: schema: type: object properties: error: type: string description: Details about the error extras: type: object properties: {} '401': description: Unauthorized content: application/json: schema: type: object properties: error: type: string extras: type: object properties: status: type: number message: type: string example: error: Not authorized extras: status: 401 message: Not authorized example: error: Not authorized extras: status: 401 message: Not authorized security: - BearerAuth: [] /mfa: post: tags: - Authentication summary: Provide Multi-Factor Authentication description: Governs the multi-factor authentication process for SDP user login, including the ability to remember the device so MFA is not always required. operationId: authenticateMFA parameters: - name: Device-ID in: header description: Identifier of the device required: false style: simple explode: false schema: type: string requestBody: description: MFA request data content: '*/*': schema: required: - mfa_code type: object properties: mfa_code: type: string description: Multi-factor authentication code remember_me: type: boolean description: Boolean flag to remember the user recaptcha_token: type: string description: Token for reCAPTCHA validation. ReCAPTCHA token is required unless the `DISABLE_RECAPTCHA` configuration is set to true. required: true responses: '200': description: Successful authentication content: application/json: schema: type: object properties: token: type: string description: Authentication token '400': description: Bad Request content: application/json: schema: type: object properties: error: type: string description: Details about the error extras: type: object properties: {} '401': description: Unauthorized content: application/json: schema: type: object properties: error: type: string extras: type: object properties: status: type: number message: type: string example: error: Not authorized extras: status: 401 message: Not authorized example: error: Not authorized extras: status: 401 message: Not authorized x-codegen-request-body-name: body /forgot-password: post: tags: - Authentication summary: Forgot Password description: Sends an email with a token to an SDP user who has gone through the Forgot Password process. operationId: forgotPassword requestBody: description: Forgot password request data content: '*/*': schema: required: - email type: object properties: email: type: string description: Email of the user format: email recaptcha_token: type: string description: Token for reCAPTCHA validation required: true responses: '200': description: Forgot password email sent successfully content: '*/*': schema: $ref: '#/components/schemas/MessageResponse' '400': description: Bad Request content: '*/*': schema: type: object properties: error: type: string description: Details about the error extras: type: object properties: {} x-codegen-request-body-name: body /reset-password: post: tags: - Authentication summary: Reset Rassword description: Allows an SDP user who has gone through the Forgot Password process to set their new password with a token sent via email. operationId: resetPassword requestBody: description: Reset password request data content: '*/*': schema: required: - password - reset_token type: object properties: password: type: string description: New password for the user reset_token: type: string description: Token used to identify a valid password reset request required: true responses: '200': description: Password reset successfully content: {} '400': description: Bad Request content: application/json: schema: type: object properties: error: type: string description: Details about the error extras: type: object properties: {} x-codegen-request-body-name: body /disbursements: get: tags: - Disbursements summary: List All Disbursements description: Fetches all disbursements the organization has created. This endpoint supports pagination. The response includes basic aggregations on payments within the disbursement. operationId: ListAllDisbursements parameters: - name: page in: query description: The page requested. required: false style: form explode: true schema: type: number default: 1 - name: page_limit in: query description: Define how many results will be returned in the response. required: false style: form explode: true schema: type: number default: 20 - name: q in: query description: A search term used to query through the disbursement names. required: false style: form explode: true schema: type: string - name: status in: query description: Comma-separated list of disbursement statuses to filter by. required: false style: form explode: true schema: type: string enum: - DRAFT - READY - STARTED - PAUSED - COMPLETED example: DRAFT - name: created_at_after in: query description: 'Only return disbursements that are created after this date. Format: YYYY-MM-DD' required: false style: form explode: true schema: type: string example: '2006-01-02' - name: created_at_before in: query description: 'Only return disbursements that are created before this date. Format: YYYY-MM-DD' required: false style: form explode: true schema: type: string example: '2006-01-02' - name: sort in: query description: Field used to sort disbursements required: false style: form explode: true schema: type: string default: created_at enum: - name - created_at - name: direction in: query description: Direction for sorting disbursements. required: false style: form explode: true schema: type: string default: desc enum: - asc - desc responses: '200': description: A list of Disbursement details content: application/json: schema: $ref: '#/components/schemas/DisbursementPagination' '401': description: Unauthorized content: application/json: schema: type: object properties: error: type: string extras: type: object properties: status: type: number message: type: string example: error: Not authorized extras: status: 401 message: Not authorized example: error: Not authorized extras: status: 401 message: Not authorized '403': description: Forbidden content: application/json: schema: type: object properties: error: type: string example: error: Forbidden example: error: Forbidden security: - BearerAuth: [] post: tags: - Disbursements summary: Create Disbursement description: 'Creates a new disbursement in `draft ` state with basic details. Important: a disbursement is not triggered until the organization adds receivers through the Upload Disbursement Instructions endpoint and the status changes from `draft ` to `ready `.' operationId: CreateDisbursement requestBody: content: '*/*': schema: type: object properties: name: type: string wallet_id: type: string asset_id: type: string verification_field: $ref: '#/components/schemas/VerificationField' registration_contact_type: $ref: '#/components/schemas/RegistrationContactType' receiver_registration_message_template: type: string example: name: My New Disbursement name wallet_id: e2de8544-b7e2-40a9-ad40-411f70d5c4bf asset_id: d227a68c-2f40-11ee-be56-0242ac120002 verification_field: DATE_OF_BIRTH registration_contact_type: PHONE_NUMBER receiver_registration_message_template: You have a payment waiting for you from {{.OrganizationName}}. Click {{.RegistrationLink}} to register. required: false responses: '201': description: A new disbursement content: application/json: schema: $ref: '#/components/schemas/Disbursement' '400': description: Bad Request content: application/json: schema: type: object properties: error: type: string extras: type: object properties: status: type: number message: type: string example: error: Bad request extras: status: 400 message: Invalid wallet provided example: error: Bad request extras: status: 400 message: Invalid wallet provided '401': description: Unauthorized content: application/json: schema: type: object properties: error: type: string extras: type: object properties: status: type: number message: type: string example: error: Not authorized extras: status: 401 message: Not authorized example: error: Not authorized extras: status: 401 message: Not authorized '403': description: Forbidden content: application/json: schema: type: object properties: error: type: string example: error: Forbidden example: error: Forbidden security: - BearerAuth: [] x-codegen-request-body-name: body /disbursements/{id}: get: tags: - Disbursements summary: Retrieve a Disbursement description: Fetches information on a specific disbursement by `id `. operationId: RetrieveADisbursement parameters: - name: id in: path description: ID of the `Disbursement`. required: true style: simple explode: false schema: type: string responses: '200': description: Disbursement details content: application/json: schema: $ref: '#/components/schemas/Disbursement' '401': description: Unauthorized content: application/json: schema: type: object properties: error: type: string extras: type: object properties: status: type: number message: type: string example: error: Not authorized extras: status: 401 message: Not authorized example: error: Not authorized extras: status: 401 message: Not authorized '403': description: Forbidden content: application/json: schema: type: object properties: error: type: string example: error: Forbidden example: error: Forbidden '404': description: Not Found content: application/json: schema: type: object properties: error: type: string extras: type: object properties: status: type: number message: type: string example: error: Not found extras: status: 404 message: Disbursement not found example: error: Not found extras: status: 404 message: Disbursement not found security: - BearerAuth: [] delete: tags: - Disbursements summary: Deletes a Draft Disbursement description: Deletes a Disbursement in Draft or Ready Status by `id`. operationId: DeleteADisbursement parameters: - name: id in: path description: ID of the `Disbursement`. required: true style: simple explode: false schema: type: string responses: '200': description: Deleted Disbursement details content: application/json: schema: $ref: '#/components/schemas/Disbursement' '400': description: Bad Request, Cannot delete a disbursement that has started $ref: '#/components/responses/BadRequestResponse' '401': description: Unauthorized $ref: '#/components/responses/UnauthorizedResponse' '403': description: Forbidden $ref: '#/components/responses/ForbiddenResponse' '404': description: Not Found $ref: '#/components/responses/NotFoundResponse' security: - BearerAuth: [] /disbursements/{id}/receivers: get: tags: - Disbursements summary: List All Disbursement Receivers description: Fetches a list of receivers within a specific disbursement using the disbursement `id `. This endpoint supports pagination and sorting. operationId: ListAllDisbursementReceivers parameters: - name: id in: path description: ID of the Disbursement required: true style: simple explode: false schema: type: string - name: page in: query description: The page number to fetch. required: false style: form explode: true schema: type: number default: 1 - name: page_limit in: query description: The number of records to return per page. required: false style: form explode: true schema: type: number default: 20 - name: sort in: query description: Field used to sort receivers required: false style: form explode: true schema: type: string default: updated_at enum: - updated_at - created_at - name: direction in: query description: Direction for sorting receivers. required: false style: form explode: true schema: type: string default: desc enum: - asc - desc responses: '200': description: A list of Disbursement Receivers content: application/json: schema: $ref: '#/components/schemas/DisbursementReceiverPagination' '401': description: Unauthorized $ref: '#/components/responses/UnauthorizedResponse' '403': description: Forbidden $ref: '#/components/responses/ForbiddenResponse' '404': description: Not Found $ref: '#/components/responses/NotFoundResponse' security: - BearerAuth: [] /disbursements/{id}/instructions: get: tags: - Disbursements summary: Download Disbursement Instructions description: Allows an SDP user to download the raw CSV file that was uploaded when creating the disbursement. This will only return results after instructions have been attached to a draft disbursement. operationId: DownloadDisbursementInstructions parameters: - name: id in: path description: ID of the Disbursement required: true style: simple explode: false schema: type: string responses: '200': description: Disbursement CSV file headers: Content-Disposition: description: The filename of the returned CSV file. style: simple explode: false schema: type: string Content-Type: description: text/csv style: simple explode: false schema: type: string content: text/csv: example: '' '400': description: Bad request, invalid request parameters $ref: '#/components/responses/BadRequestResponse' '401': description: Unauthorized $ref: '#/components/responses/UnauthorizedResponse' '403': description: Forbidden $ref: '#/components/responses/ForbiddenResponse' '404': description: Disbursement Not Found $ref: '#/components/responses/NotFoundResponse' security: - BearerAuth: [] post: tags: - Disbursements summary: Upload Disbursement Instructions description: Adds a file containing a list of receivers to a `DRAFT` disbursement. This step is required before a disbursement can begin. The file must be a CSV and has a different possible formats according with the disbursement configuration, and they can be found at [public/resources/disbursementTemplates](https://github.com/stellar/stellar-disbursement-platform-frontend/tree/58873bbf36cff4614e603daf449079b1d9fad24a/public/resources/disbursementTemplates). The operation is idempotent, guaranteed by deleting and recreating the disbursement attributes when this endpoint is called. operationId: UploadDisbursementInstructions parameters: - name: id in: path description: ID of the Disbursement required: true style: simple explode: false schema: type: string requestBody: content: multipart/form-data: schema: required: - file type: object properties: file: type: string description: 'Disbursement instructions file to upload. The CSV file columns can vary depending om the way the disbursement was configured, and the fields are a subset of the following: [`phone`, `email`, `id`, `amount`, `verification`, `paymentID`, `walletAddress`]' format: binary required: true responses: '201': description: Created content: application/json: schema: type: object properties: message: type: string example: message: File uploaded succesfully example: message: File uploaded succesfully '400': description: Bad Request content: application/json: schema: type: object properties: error: type: string extras: type: object properties: foo: type: string message: type: string example: error: Invalid file format *.xyz extras: foo: bar message: Not authorized example: error: Invalid file format *.xyz extras: foo: bar message: Not authorized '401': description: Unauthorized content: application/json: schema: type: object properties: error: type: string extras: type: object properties: status: type: number message: type: string example: error: Not authorized extras: status: 401 message: Not authorized example: error: Not authorized extras: status: 401 message: Not authorized '403': description: Forbidden content: application/json: schema: type: object properties: error: type: string example: error: Forbidden example: error: Forbidden '404': description: Not Found content: application/json: schema: type: object properties: error: type: string extras: type: object properties: status: type: number message: type: string example: error: Not found extras: status: 404 message: Disbursement not found example: error: Not found extras: status: 404 message: Disbursement not found security: - BearerAuth: [] /disbursements/{id}/status: patch: tags: - Disbursements summary: Update a Disbursement Status description: Updates the status of a disbursement according to the state machine. The disbursement must move from `draft ` to `ready ` in order to start the disbursement and trigger payments. Payments will start as soon as this endpoint is hit. A disbursement can also be moved into `paused ` state by an SDP user to prevent further payments from going out and restarted when they are ready. operationId: UpdateADisbursementStatus parameters: - name: id in: path description: ID of the disbursement required: true style: simple explode: false schema: type: string responses: '200': description: Message Response content: application/json: schema: $ref: '#/components/schemas/MessageResponse' example: message: Disbursement started '400': description: Bad Request content: application/json: schema: type: object properties: error: type: string extras: type: object properties: status: type: number message: type: string example: error: Bad request extras: status: 400 message: Disbursement is not ready to be started example: error: Bad request extras: status: 400 message: Disbursement is not ready to be started '401': description: Unauthorized content: application/json: schema: type: object properties: error: type: string extras: type: object properties: status: type: number message: type: string example: error: Not authorized extras: status: 401 message: Not authorized example: error: Not authorized extras: status: 401 message: Not authorized '403': description: Forbidden content: application/json: schema: type: object properties: error: type: string example: error: Forbidden example: error: Forbidden '404': description: Not Found content: application/json: schema: type: object properties: error: type: string extras: type: object properties: status: type: number message: type: string example: error: Not found extras: status: 404 message: Disbursement not found example: error: Not found extras: status: 404 message: Disbursement not found security: - BearerAuth: [] /exports/disbursements: get: tags: - Exports summary: Export Disbursements description: Exports a CSV file of disbursements. operationId: exportDisbursements parameters: - name: q in: query description: A search term used to query through the disbursement names. required: false style: form explode: true schema: type: string - name: status in: query description: Comma-separated list of disbursement statuses to filter by. required: false style: form explode: true schema: $ref: '#/components/schemas/DisbursementStatus' example: DRAFT - name: created_at_after in: query description: 'Only return disbursements that are created after this date. Format: YYYY-MM-DD' required: false style: form explode: true schema: type: string example: '2006-01-02' - name: created_at_before in: query description: 'Only return disbursements that are created before this date. Format: YYYY-MM-DD' required: false style: form explode: true schema: type: string example: '2006-01-02' - name: sort in: query description: Field used to sort disbursements required: false style: form explode: true schema: type: string default: created_at enum: - name - created_at - name: direction in: query description: Direction for sorting disbursements. required: false style: form explode: true schema: type: string default: desc enum: - asc - desc responses: '200': description: CSV file of disbursements content: text/csv: schema: type: string format: binary '401': description: Unauthorized $ref: '#/components/responses/UnauthorizedResponse' '403': description: Forbidden $ref: '#/components/responses/ForbiddenResponse' security: - BearerAuth: [] /exports/payments: get: tags: - Exports summary: Export Payments description: Exports a CSV file of payments. operationId: exportPaymentsCSV parameters: - name: q in: query description: Search payments by ID, external_payment_id, receiver wallet address, or disbursement name. required: false style: form explode: true schema: type: string - name: type in: query description: Type of payments required: false style: form explode: true schema: type: string enum: - DIRECT - DISBURSEMENT - name: status in: query description: Exact match on the status of the payment. required: false style: form explode: true schema: $ref: '#/components/schemas/PaymentStatus' example: DRAFT - name: receiver_id in: query description: UUID that represents a receiver in the database required: false style: form explode: true schema: type: string example: b6b667ad-6cc2-46cf-9be7-561daace7d48 - name: created_at_after in: query description: 'Only return payments that are created after this date. Format: YYYY-MM-DD' required: false style: form explode: true schema: type: string example: '2006-01-02' - name: created_at_before in: query description: 'Only return payments that are created before this date. Format: YYYY-MM-DD' required: false style: form explode: true schema: type: string example: '2006-01-02' - name: sort in: query description: Field used to sort payments. required: false style: form explode: true schema: type: string default: updated_at enum: - updated_at - created_at - name: direction in: query description: Direction for sorting payments. required: false style: form explode: true schema: type: string default: desc enum: - asc - desc responses: '200': description: CSV file of payments content: text/csv: schema: type: string format: binary '401': description: Unauthorized $ref: '#/components/responses/UnauthorizedResponse' '403': description: Forbidden $ref: '#/components/responses/ForbiddenResponse' security: - BearerAuth: [] /exports/receivers: get: tags: - Exports summary: Export Receivers description: Exports a CSV file of receivers. operationId: exportReceiversCSV parameters: - name: q in: query description: A search term used to query through the receiver phone_number, email, and ID. required: false style: form explode: true schema: type: string - name: status in: query description: Exact match on the status of the receiver wallet. required: false style: form explode: true schema: $ref: '#/components/schemas/ReceiversWalletStatus' example: DRAFT - name: created_at_after in: query description: 'Only return receivers that are created after this date. Format: YYYY-MM-DD' required: false style: form explode: true schema: type: string example: '2006-01-02' - name: created_at_before in: query description: 'Only return receivers that are created before this date. Format: YYYY-MM-DD' required: false style: form explode: true schema: type: string example: '2006-01-02' - name: sort in: query description: Field used to sort receivers required: false style: form explode: true schema: type: string default: updated_at enum: - updated_at - created_at - name: direction in: query description: Direction for sorting receivers. required: false style: form explode: true schema: type: string default: desc enum: - asc - desc responses: '200': description: CSV file of receivers content: text/csv: schema: type: string format: binary '401': description: Unauthorized $ref: '#/components/responses/UnauthorizedResponse' '403': description: Forbidden $ref: '#/components/responses/ForbiddenResponse' security: - BearerAuth: [] /payments: get: tags: - Payments summary: List All Payments description: Returns all individual payments matching the request criteria. This endpoint supports pagination, and filtering on payment status, type, receiver ID, and timestamp. Each payment has details on the transaction itself, receiver, disbursement, asset, status history, and blockchain information. operationId: ListAllPayments parameters: - name: page in: query description: The page requested. required: false style: form explode: true schema: type: number default: 1 - name: q in: query description: Search payments by ID, external_payment_id, receiver wallet address, or disbursement name. required: false style: form explode: true schema: type: string - name: type in: query description: Type of payments required: false style: form explode: true schema: type: string enum: - DIRECT - DISBURSEMENT - name: page_limit in: query description: Define how many results will be returned in the response. required: false style: form explode: true schema: type: number default: 20 - name: status in: query description: Exact match on the status of the payment. required: false style: form explode: true schema: type: string enum: - DRAFT - READY - PENDING - PAUSED - SUCCESS - FAILED - CANCELED example: DRAFT - name: receiver_id in: query description: UUID that represents a receiver in the database required: false style: form explode: true schema: type: string example: b6b667ad-6cc2-46cf-9be7-561daace7d48 - name: created_at_after in: query description: 'Only return payments that are created after this date. Format: YYYY-MM-DD' required: false style: form explode: true schema: type: string example: '2006-01-02' - name: created_at_before in: query description: 'Only return payments that are created before this date. Format: YYYY-MM-DD' required: false style: form explode: true schema: type: string example: '2006-01-02' - name: sort in: query description: Field used to sort payments required: false style: form explode: true schema: type: string default: updated_at enum: - updated_at - created_at - name: direction in: query description: Direction for sorting payments. required: false style: form explode: true schema: type: string default: desc enum: - asc - desc responses: '200': description: A paginated list of payments content: application/json: schema: $ref: '#/components/schemas/PaymentPagination' '401': description: Unauthorized content: application/json: schema: type: object properties: error: type: string extras: type: object properties: status: type: number message: type: string example: error: Not authorized extras: status: 401 message: Not authorized example: error: Not authorized extras: status: 401 message: Not authorized '403': description: Forbidden content: application/json: schema: type: object properties: error: type: string example: error: Forbidden example: error: Forbidden security: - BearerAuth: [] post: tags: - Payments summary: Create Direct Payment description: Creates a new direct payment that is immediately sent to the specified receiver if they have a valid registered wallet. Direct payments bypass the disbursement workflow and are processed instantly. operationId: CreateDirectPayment requestBody: content: application/json: schema: $ref: '#/components/schemas/CreateDirectPaymentRequest' required: true responses: '201': description: Direct payment created successfully content: application/json: schema: $ref: '#/components/schemas/Payment' '400': description: Bad Request $ref: '#/components/responses/BadRequestResponse' '401': description: Unauthorized $ref: '#/components/responses/UnauthorizedResponse' '403': description: Forbidden $ref: '#/components/responses/ForbiddenResponse' '404': description: Not Found $ref: '#/components/responses/NotFoundResponse' security: - BearerAuth: [] /payments/{id}: get: tags: - Payments summary: Retrieve a Payment description: Fetches detailed information on a specific payment by `id `. operationId: RetrieveAPayment parameters: - name: id in: path description: ID of the `Payment`. required: true style: simple explode: false schema: type: string responses: '200': description: Payment details content: application/json: schema: $ref: '#/components/schemas/Payment' '401': description: Unauthorized content: application/json: schema: type: object properties: error: type: string extras: type: object properties: status: type: number message: type: string example: error: Not authorized extras: status: 401 message: Not authorized example: error: Not authorized extras: status: 401 message: Not authorized '403': description: Forbidden content: application/json: schema: type: object properties: error: type: string example: error: Forbidden example: error: Forbidden '404': description: Not Found content: application/json: schema: type: object properties: error: type: string extras: type: object properties: status: type: number message: type: string example: error: Not found extras: status: 404 message: Payment not found example: error: Not found extras: status: 404 message: Payment not found security: - BearerAuth: [] /payments/retry: patch: tags: - Payments summary: Retry Payments description: Retries failed payments by ID. operationId: RetryPayments requestBody: content: application/json: schema: type: object required: - payment_ids properties: payment_ids: type: array items: type: string example: payment_ids: - 9f687f8f-1f8f-4c8a-8e0f-1e67ed7c1330 - 6c2b9f20-53fd-4f1b-b7e2-9a2b1eb1d7c0 required: true responses: '200': description: Payments retried successfully content: application/json: schema: $ref: '#/components/schemas/MessageResponse' example: message: Payments retried successfully '400': description: Bad Request $ref: '#/components/responses/BadRequestResponse' '401': description: Unauthorized $ref: '#/components/responses/UnauthorizedResponse' '403': description: Forbidden $ref: '#/components/responses/ForbiddenResponse' security: - BearerAuth: [] /payments/{id}/status: patch: tags: - Payments summary: Update Payment Status description: Cancels a payment by setting its status to `CANCELED`. operationId: UpdatePaymentStatus parameters: - name: id in: path description: ID of the `Payment`. required: true style: simple explode: false schema: type: string requestBody: content: application/json: schema: type: object required: - status properties: status: type: string enum: - CANCELED example: status: CANCELED required: true responses: '200': description: Payment updated successfully content: application/json: schema: $ref: '#/components/schemas/MessageResponse' example: message: Payment canceled '400': description: Bad Request $ref: '#/components/responses/BadRequestResponse' '401': description: Unauthorized $ref: '#/components/responses/UnauthorizedResponse' '403': description: Forbidden $ref: '#/components/responses/ForbiddenResponse' '404': description: Not Found $ref: '#/components/responses/NotFoundResponse' security: - BearerAuth: [] /receivers/verification-types: get: tags: - Receivers summary: List Verification Types description: Returns the supported receiver verification types. operationId: ListReceiverVerificationTypes responses: '200': description: A list of verification types content: application/json: schema: type: array items: $ref: '#/components/schemas/VerificationField' '401': description: Unauthorized $ref: '#/components/responses/UnauthorizedResponse' '403': description: Forbidden $ref: '#/components/responses/ForbiddenResponse' security: - BearerAuth: [] /receivers: get: tags: - Receivers summary: List All Receivers description: Returns all receivers matching the request criteria. This endpoint supports pagination and filtering on receiver status, receiver attributes, and timestamp. Each payment has details on the receiver, high-level payments metrics, and wallets associated with the receiver. operationId: ListAllReceivers parameters: - name: page in: query description: The page requested. required: false style: form explode: true schema: type: number default: 1 - name: page_limit in: query description: Define how many results will be returned in the response. required: false style: form explode: true schema: type: number default: 20 - name: q in: query description: A search term used to query through the receiver phone_number, email, and ID. required: false style: form explode: true schema: type: string - name: status in: query description: Exact match on the status of the receiver wallet. required: false style: form explode: true schema: type: string enum: - DRAFT - READY - REGISTERED - FLAGGED example: DRAFT - name: created_at_after in: query description: 'Only return receivers that are created after this date. Format: YYYY-MM-DD' required: false style: form explode: true schema: type: string example: '2006-01-02' - name: created_at_before in: query description: 'Only return receivers that are created before this date. Format: YYYY-MM-DD' required: false style: form explode: true schema: type: string example: '2006-01-02' - name: sort in: query description: Field used to sort receivers required: false style: form explode: true schema: type: string default: updated_at enum: - updated_at - created_at - name: direction in: query description: Direction for sorting receivers. required: false style: form explode: true schema: type: string default: desc enum: - asc - desc responses: '200': description: A paginated list of Receiver details content: application/json: schema: $ref: '#/components/schemas/ReceiverPagination' '401': description: Unauthorized content: application/json: schema: type: object properties: error: type: string extras: type: object properties: status: type: number message: type: string example: error: Not authorized extras: status: 401 message: Not authorized example: error: Not authorized extras: status: 401 message: Not authorized '403': description: Forbidden content: application/json: schema: type: object properties: error: type: string example: error: Forbidden example: error: Forbidden security: - BearerAuth: [] post: tags: - Receivers summary: Create Receiver description: Creates a new Receiver. Allows clients to create a single receiver record, which can later be referenced in payments or disbursements. operationId: CreateReceiver requestBody: content: application/json: schema: $ref: '#/components/schemas/CreateReceiverRequest' required: true responses: '201': description: Receiver created successfully content: application/json: schema: $ref: '#/components/schemas/Receiver' '400': description: Bad Request $ref: '#/components/responses/BadRequestResponse' '401': description: Unauthorized $ref: '#/components/responses/UnauthorizedResponse' '403': description: Forbidden $ref: '#/components/responses/ForbiddenResponse' '409': description: Conflict - receiver already exists content: application/json: schema: type: object properties: error: type: string extras: type: object security: - BearerAuth: [] /receivers/{id}: get: tags: - Receivers summary: Retrieve a Receiver description: Fetches detailed information on a specific receiver by `id `, including all associated wallets. operationId: RetrieveAReceiver parameters: - name: id in: path description: ID of the `Receiver`. required: true style: simple explode: false schema: type: string responses: '200': description: Receiver Details content: application/json: schema: $ref: '#/components/schemas/Receiver' '401': description: Unauthorized content: application/json: schema: type: object properties: error: type: string extras: type: object properties: status: type: number message: type: string example: error: Not authorized extras: status: 401 message: Not authorized example: error: Not authorized extras: status: 401 message: Not authorized '403': description: Forbidden content: application/json: schema: type: object properties: error: type: string example: error: Forbidden example: error: Forbidden '404': description: Not Found content: application/json: schema: type: object properties: error: type: string extras: type: object properties: status: type: number message: type: string example: error: Not found extras: status: 404 message: Resource not found security: - BearerAuth: [] patch: tags: - Receivers summary: Update a Receiver description: This endpoint allows an organization to add and update information on the receiver, including email address, external ID, date of birth, personal PIN, and national ID number. The response includes all information on the receiver. operationId: UpdateReceiver parameters: - name: id in: path description: ID of the `Receiver`. required: true style: simple explode: false schema: type: string requestBody: description: List of fields to patch for the receiver content: '*/*': schema: $ref: '#/components/schemas/PatchReceiverRequest' required: true responses: '200': description: Updated Receiver Details content: application/json: schema: $ref: '#/components/schemas/Receiver' '400': description: Bad Request content: application/json: schema: type: object properties: error: type: string description: Details about the error extras: type: object properties: {} '401': description: Unauthorized content: application/json: schema: type: object properties: error: type: string extras: type: object properties: status: type: number message: type: string example: error: Not authorized extras: status: 401 message: Not authorized example: error: Not authorized extras: status: 401 message: Not authorized '403': description: Forbidden content: application/json: schema: type: object properties: error: type: string example: error: Forbidden example: error: Forbidden '404': description: Not Found content: application/json: schema: type: object properties: error: type: string extras: type: object properties: status: type: number message: type: string example: error: Not found extras: status: 404 message: Resource not found '409': description: Conflicting phone number or email content: application/json: schema: type: object properties: error: type: string extras: type: object example: error: The provided email is already associated with another user. extras: email: email must be unique security: - BearerAuth: [] x-codegen-request-body-name: body /receivers/{receiver_id}/wallets/{receiver_wallet_id}: patch: tags: - Receivers summary: Update Receiver Wallet description: Updates a receiver wallet's Stellar address and memo for user-managed wallets. operationId: UpdateReceiverWallet parameters: - name: receiver_id in: path description: ID of the `Receiver`. required: true style: simple explode: false schema: type: string - name: receiver_wallet_id in: path description: ID of the receiver wallet. required: true style: simple explode: false schema: type: string requestBody: content: application/json: schema: type: object required: - stellar_address properties: stellar_address: type: string description: Stellar account or contract address for the receiver wallet. stellar_memo: type: string description: Optional memo for the Stellar address. example: stellar_address: GCXAJ3XJ3VK3JFH3QMDFOSKM2NMMZBSO3VIT6EUPQWSDW2J74M23RRSL stellar_memo: '12345' required: true responses: '200': description: Receiver wallet updated successfully content: application/json: schema: $ref: '#/components/schemas/ReceiverWallet' '400': description: Bad Request $ref: '#/components/responses/BadRequestResponse' '401': description: Unauthorized $ref: '#/components/responses/UnauthorizedResponse' '403': description: Forbidden $ref: '#/components/responses/ForbiddenResponse' '404': description: Not Found $ref: '#/components/responses/NotFoundResponse' security: - BearerAuth: [] /receivers/wallets/{receiver_wallet_id}/status: patch: tags: - Receivers summary: Update Receiver Wallet Status description: Updates a receiver wallet's status. Only `READY` is supported. operationId: UpdateReceiverWalletStatus parameters: - name: receiver_wallet_id in: path description: ID of the receiver wallet. required: true style: simple explode: false schema: type: string requestBody: content: application/json: schema: type: object required: - status properties: status: type: string enum: - READY example: status: READY required: true responses: '200': description: Receiver wallet status updated successfully content: application/json: schema: $ref: '#/components/schemas/MessageResponse' '400': description: Bad Request $ref: '#/components/responses/BadRequestResponse' '401': description: Unauthorized $ref: '#/components/responses/UnauthorizedResponse' '403': description: Forbidden $ref: '#/components/responses/ForbiddenResponse' '404': description: Not Found $ref: '#/components/responses/NotFoundResponse' security: - BearerAuth: [] /registration-contact-types: get: tags: - Disbursements summary: List Registration Contact Types description: Returns the supported registration contact types for disbursement instructions. operationId: ListRegistrationContactTypes responses: '200': description: A list of registration contact types content: application/json: schema: type: array items: $ref: '#/components/schemas/RegistrationContactType' '401': description: Unauthorized $ref: '#/components/responses/UnauthorizedResponse' '403': description: Forbidden $ref: '#/components/responses/ForbiddenResponse' security: - BearerAuth: [] /statistics: get: tags: - Statistics summary: Retrieve All Statistics description: Fetches all metrics on all disbursements the organization has created. The response includes basic aggregations on payments, receivers, receiver wallets, and assets. operationId: RetrieveAllStatistics responses: '200': description: General Statistics response content: application/json: schema: $ref: '#/components/schemas/GeneralStatistics' '401': description: Unauthorized content: application/json: schema: type: object properties: error: type: string extras: type: object properties: status: type: number message: type: string example: error: Not authorized extras: status: 401 message: Not authorized example: error: Not authorized extras: status: 401 message: Not authorized security: - BearerAuth: [] /statistics/{id}: get: tags: - Statistics summary: Retrieve Disbursement Statistics description: Fetches metrics on a specific disbursement by `id `. operationId: RetrieveDisbursementStatistics parameters: - name: id in: path description: ID of the `Disbursement`. required: true style: simple explode: false schema: type: string responses: '200': description: Returns statistics for disbursement content: application/json: schema: $ref: '#/components/schemas/DisbursementsStatistics' '401': description: Unauthorized content: application/json: schema: type: object properties: error: type: string extras: type: object properties: status: type: number message: type: string example: error: Not authorized extras: status: 401 message: Not authorized example: error: Not authorized extras: status: 401 message: Not authorized '403': description: Forbidden content: application/json: schema: type: object properties: error: type: string example: error: Forbidden example: error: Forbidden security: - BearerAuth: [] /sep24-interactive-deposit/info: get: tags: - Registration summary: Get Receiver Registration Info description: Returns the registration context for the receiver, including organization details and reCAPTCHA configuration. operationId: GetReceiverRegistrationInfo responses: '200': description: Registration context content: application/json: schema: type: object properties: privacy_policy_link: type: string organization_name: type: string organization_logo: type: string truncated_contact_info: type: string is_registered: type: boolean is_recaptcha_disabled: type: boolean recaptcha_site_key: type: string example: privacy_policy_link: https://example.com/privacy organization_name: Stellar Aid organization_logo: https://example.com/logo.png truncated_contact_info: '******1234' is_registered: false is_recaptcha_disabled: false recaptcha_site_key: 6Lc...site_key '401': description: Unauthorized $ref: '#/components/responses/UnauthorizedResponse' security: - SEP24Auth: [] /sep24-interactive-deposit/otp: post: tags: - Registration summary: Send One-Time Passcode description: This endpoint generates a 6-digit OTP and sends it to the user contact (email or phone number SMS) provided in the request body, as long as it matches the receiver contact info stored in the SDP. A valid SEP-24 token should be included in this request's Authorization header. operationId: SendOneTimePasscode requestBody: description: Object containing phone number content: application/json: schema: required: - recaptcha_token type: object properties: phone_number: type: string description: Phone number to which the OTP will be sent. Either `phone_number` or `email` is required. email: type: string description: Email to which the OTP will be sent. Either `phone_number` or `email` is required. recaptcha_token: type: string description: Token for reCAPTCHA validation (required unless reCAPTCHA is disabled). required: true responses: '200': description: OTP sent successfully content: application/json: schema: type: object properties: message: type: string verification_field: $ref: '#/components/schemas/VerificationField' example: message: if your phone number is registered, you'll receive an OTP verification_field: DATE_OF_BIRTH '400': description: Bad Request content: application/json: schema: type: object properties: error: type: string description: Details about the error extras: type: object properties: {} '401': description: Unauthorized content: application/json: schema: type: object properties: error: type: string extras: type: object properties: status: type: number message: type: string example: error: Not authorized extras: status: 401 message: Not authorized example: error: Not authorized extras: status: 401 message: Not authorized security: - SEP24Auth: [] x-codegen-request-body-name: body /sep24-interactive-deposit/verification: post: tags: - Registration summary: Verify Receiver Registration description: This endpoint verifies the receiver's registration by validating the OTP and other verification values provided in the request body. A valid SEP-24 token should be included in the Authorization header of the request. operationId: VerifyReceiverRegistration requestBody: description: Verification data including phone_number/email, OTP, verification value, and reCAPTCHA token content: application/json: schema: $ref: '#/components/schemas/ReceiverRegistrationRequest' required: true responses: '200': description: Verification successful content: application/json: schema: type: object properties: message: type: string example: ok '400': description: Bad Request content: application/json: schema: type: object properties: error: type: string description: Details about the error extras: type: object properties: {} '401': description: Unauthorized content: application/json: schema: type: object properties: error: type: string extras: type: object properties: status: type: number message: type: string example: error: Not authorized extras: status: 401 message: Not authorized example: error: Not authorized extras: status: 401 message: Not authorized security: - SEP24Auth: [] x-codegen-request-body-name: body /wallet-registration/start: get: tags: - Registration summary: Start Wallet Registration description: Serves the SEP-24 interactive registration UI. operationId: StartWalletRegistration parameters: - name: token in: query description: SEP-24 token for authorization. required: true style: form explode: true schema: type: string - name: transaction_id in: query description: SEP-24 transaction ID. required: true style: form explode: true schema: type: string - name: lang in: query description: Optional language override for the webview. required: false style: form explode: true schema: type: string responses: '200': description: HTML webview for receiver registration. content: text/html: schema: type: string '400': description: Bad Request $ref: '#/components/responses/BadRequestResponse' '401': description: Unauthorized $ref: '#/components/responses/UnauthorizedResponse' security: - SEP24QueryAuth: [] /.well-known/stellar.toml: get: tags: - Registration summary: Retrieve Stellar Info File description: Allows the wallet to fetch the SEP-10 server url, SEP-10 signing public key and SEP-24 server url. operationId: RetrieveStellarInfoFile responses: '200': description: Token is valid and the webpage will be loaded normally. content: text/toml: example: | ACCOUNTS=["GBC2HVWFIFN7WJHFORVBCDKJORXXXXXXXXXXXXXXXXXXXXXXXX", "GDA34JZ26FZY64XCSY46CUNSHLX762LHJXQXXXXXXXXXXXXXXXXXXXXXXXX"] SIGNING_KEY="GDA34JZ26FZY64XCSY46XXXXXXXXXXXXXXXXXXXXXXXX" NETWORK_PASSPHRASE="Test SDF Network ; September 2015" HORIZON_URL="https://horizon-testnet.stellar.org" WEB_AUTH_ENDPOINT="https://ap-stellar-disbursement-platform-backend-dev.stellar.org/sep10/auth" TRANSFER_SERVER_SEP0024="https://ap-stellar-disbursement-platform-backend-dev.stellar.org/sep24" [[DOCUMENTATION]] ORG_NAME="Stellar Aid" [[CURRENCIES]] code = "EUROC" issuer = "GBBD47IF6LWK7P7MDEVSCWR7DPUWV3NY3DTQEVFL4NAT4AQH3ZLLFLA5" is_asset_anchored = true anchor_asset_type = "fiat" status = "live" desc = "EUROC" [[CURRENCIES]] code = "USDC" issuer = "GBBD47IF6LWK7P7MDEVSCWR7DPUWV3NY3DTQEVFL4NAT4AQH3ZLLFLA5" is_asset_anchored = true anchor_asset_type = "fiat" status = "live" desc = "USDC" /sep10/auth: get: tags: - Registration summary: Request Challenge Transaction description: Allows the wallet to get the SEP-10 challenge transaction to be signed. More information [here](https://github.com/stellar/stellar-protocol/blob/master/ecosystem/sep-0010.md#challenge). The endpoint url can change but is provided in the Get Stellar toml endpoint response under the `WEB_AUTH_ENDPOINT` variable. operationId: RequestChallengeTransaction parameters: - name: account in: query description: The client account (G...) that the client wishes to authenticate with the server. required: true style: form explode: true schema: type: string - name: memo in: query description: The memo to attach to the challenge transaction. Only permitted if a Stellar account (G...) is used. The memo must be of type id. Other memo types are not supported. required: false style: form explode: true schema: type: string - name: home_domain in: query description: Home domain for SEP-10. Defaults to the server base domain if omitted. required: false style: form explode: true schema: type: string - name: client_domain in: query description: Client domain for wallet attribution. Required when SEP-10 client attribution is enabled (default). required: false style: form explode: true schema: type: string responses: '200': description: OK content: application/json: schema: type: object properties: transaction: type: string network_passphrase: type: string example: transaction: AAAAAgAAAADIiRu2BrqqeOcP28PWCkD4D5Rjjsqh71HwvqFX+F4VXAAAAGQAAAAAAAAAAAAAAAEAAAAAXzrUcQAAAABfOtf1AAAAAAAAAAEAAAABAAAAAEEB8rhqNa70RYjaNnF1ARE2CbL50iR9HPXST/fImJN1AAAACgAAADB0aGlzaXNhdGVzdC5zYW5kYm94LmFuY2hvci5hbmNob3Jkb21haW4uY29tIGF1dGgAAAABAAAAQGdGOFlIQm1zaGpEWEY0L0VJUFZucGVlRkxVTDY2V0tKMVBPYXZuUVVBNjBoL09XaC91M2Vvdk54WFJtSTAvQ2UAAAAAAAAAAfheFVwAAABAheKE1HjGnUCNwPbX8mz7CqotShKbA+xM2Hbjl6X0TBpEprVOUVjA6lqMJ1j62vrxn1mF3eJzsLa9s9hRofG3Ag== network_passphrase: Test SDF Network ; September 2015 example: transaction: AAAAAgAAAADIiRu2BrqqeOcP28PWCkD4D5Rjjsqh71HwvqFX+F4VXAAAAGQAAAAAAAAAAAAAAAEAAAAAXzrUcQAAAABfOtf1AAAAAAAAAAEAAAABAAAAAEEB8rhqNa70RYjaNnF1ARE2CbL50iR9HPXST/fImJN1AAAACgAAADB0aGlzaXNhdGVzdC5zYW5kYm94LmFuY2hvci5hbmNob3Jkb21haW4uY29tIGF1dGgAAAABAAAAQGdGOFlIQm1zaGpEWEY0L0VJUFZucGVlRkxVTDY2V0tKMVBPYXZuUVVBNjBoL09XaC91M2Vvdk54WFJtSTAvQ2UAAAAAAAAAAfheFVwAAABAheKE1HjGnUCNwPbX8mz7CqotShKbA+xM2Hbjl6X0TBpEprVOUVjA6lqMJ1j62vrxn1mF3eJzsLa9s9hRofG3Ag== network_passphrase: Test SDF Network ; September 2015 '400': description: Bad Request $ref: '#/components/responses/BadRequestResponse' post: tags: - Registration summary: Provide Signed Challenge Transaction description: Allows the wallet to post the signed SEP-10 challenge transaction. More information [here](https://github.com/stellar/stellar-protocol/blob/master/ecosystem/sep-0010.md#challenge). The endpoint url can change but is provided in the toml file under the `WEB_AUTH_ENDPOINT ` variable. operationId: ProvideSignedChallengeTransaction requestBody: content: application/json: schema: type: object properties: transaction: type: string example: transaction: AAAAAgAAAADIiRu2BrqqeOcP28PWCkD4D5Rjjsqh71HwvqFX+F4VXAAAAGQAAAAAAAAAAAAAAAEAAAAAXzrUcQAAAABfOtf1AAAAAAAAAAEAAAABAAAAAEEB8rhqNa70RYjaNnF1ARE2CbL50iR9HPXST/fImJN1AAAACgAAADB0aGlzaXNhdGVzdC5zYW5kYm94LmFuY2hvci5hbmNob3Jkb21haW4uY29tIGF1dGgAAAABAAAAQGdGOFlIQm1zaGpEWEY0L0VJUFZucGVlRkxVTDY2V0tKMVBPYXZuUVVBNjBoL09XaC91M2Vvdk54WFJtSTAvQ2UAAAAAAAAAAvheFVwAAABAheKE1HjGnUCNwPbX8mz7CqotShKbA+xM2Hbjl6X0TBpEprVOUVjA6lqMJ1j62vrxn1mF3eJzsLa9s9hRofG3AsiYk3UAAABArIrkvqmA0V9lIZcVyCUdja6CiwkPwsV8BfI4CZOyR1Oq7ysvNJWwY0G42dpxN9OP1qz4dum8apG2hqvxVWjkDQ== application/x-www-form-urlencoded: schema: type: object properties: transaction: type: string example: transaction: AAAAAgAAAADIiRu2BrqqeOcP28PWCkD4D5Rjjsqh71HwvqFX+F4VXAAAAGQAAAAAAAAAAAAAAAEAAAAAXzrUcQAAAABfOtf1AAAAAAAAAAEAAAABAAAAAEEB8rhqNa70RYjaNnF1ARE2CbL50iR9HPXST/fImJN1AAAACgAAADB0aGlzaXNhdGVzdC5zYW5kYm94LmFuY2hvci5hbmNob3Jkb21haW4uY29tIGF1dGgAAAABAAAAQGdGOFlIQm1zaGpEWEY0L0VJUFZucGVlRkxVTDY2V0tKMVBPYXZuUVVBNjBoL09XaC91M2Vvdk54WFJtSTAvQ2UAAAAAAAAAAvheFVwAAABAheKE1HjGnUCNwPbX8mz7CqotShKbA+xM2Hbjl6X0TBpEprVOUVjA6lqMJ1j62vrxn1mF3eJzsLa9s9hRofG3AsiYk3UAAABArIrkvqmA0V9lIZcVyCUdja6CiwkPwsV8BfI4CZOyR1Oq7ysvNJWwY0G42dpxN9OP1qz4dum8apG2hqvxVWjkDQ== required: true responses: '200': description: SEP-10 handshake was successful. content: application/json: schema: type: object properties: token: type: string example: token: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJHQTZVSVhYUEVXWUZJTE5VSVdBQzM3WTRRUEVaTVFWREpIREtWV0ZaSjJLQ1dVQklVNUlYWk5EQSIsImp0aSI6IjE0NGQzNjdiY2IwZTcyY2FiZmRiZGU2MGVhZTBhZDczM2NjNjVkMmE2NTg3MDgzZGFiM2Q2MTZmODg1MTkwMjQiLCJpc3MiOiJodHRwczovL2ZsYXBweS1iaXJkLWRhcHAuZmlyZWJhc2VhcHAuY29tLyIsImlhdCI6MTUzNDI1Nzk5NCwiZXhwIjoxNTM0MzQ0Mzk0fQ.8nbB83Z6vGBgC1X9r3N6oQCFTBzDiITAfCJasRft0z0 example: token: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJHQTZVSVhYUEVXWUZJTE5VSVdBQzM3WTRRUEVaTVFWREpIREtWV0ZaSjJLQ1dVQklVNUlYWk5EQSIsImp0aSI6IjE0NGQzNjdiY2IwZTcyY2FiZmRiZGU2MGVhZTBhZDczM2NjNjVkMmE2NTg3MDgzZGFiM2Q2MTZmODg1MTkwMjQiLCJpc3MiOiJodHRwczovL2ZsYXBweS1iaXJkLWRhcHAuZmlyZWJhc2VhcHAuY29tLyIsImlhdCI6MTUzNDI1Nzk5NCwiZXhwIjoxNTM0MzQ0Mzk0fQ.8nbB83Z6vGBgC1X9r3N6oQCFTBzDiITAfCJasRft0z0 '400': description: Bad Request $ref: '#/components/responses/BadRequestResponse' x-codegen-request-body-name: body /sep24/info: get: tags: - Registration summary: SEP-24 Info description: Returns supported assets and feature flags for SEP-24 registration deposits. operationId: GetSEP24Info responses: '200': description: SEP-24 info response content: application/json: schema: type: object properties: deposit: type: object additionalProperties: type: object properties: enabled: type: boolean min_amount: type: number max_amount: type: number withdraw: type: object additionalProperties: type: object properties: enabled: type: boolean min_amount: type: number max_amount: type: number fee: type: object properties: enabled: type: boolean features: type: object properties: account_creation: type: boolean claimable_balances: type: boolean /sep24/transactions/deposit/interactive: post: tags: - Registration summary: Request Registration URL description: | The deposit endpoint allows a wallet to get deposit information from an anchor, so a user has all the information needed to initiate a deposit. It also lets the anchor specify additional information that the user must submit interactively via a popup or embedded browser window to be able to deposit. Please check the detailed documentation [here](https://github.com/stellar/stellar-protocol/blob/master/ecosystem/sep-0024.md#deposit-2). operationId: RequestRegistrationURL externalDocs: description: Find more info here url: https://github.com/stellar/stellar-protocol/blob/master/ecosystem/sep-0024.md#deposit-2 requestBody: content: application/json: schema: type: object required: - asset_code properties: asset_code: type: string description: Stellar asset code for the deposit. account: type: string description: Stellar account for the deposit; defaults to the SEP-10 subject. lang: type: string description: Language for the interactive flow. claimable_balance_supported: type: string description: Indicates if claimable balances are supported. example: asset_code: USDC account: GACW7NONV43MZIFHCOKCQJAKSJSISSICFVUJ2C6EZIW5773OU3HD64VI lang: en application/x-www-form-urlencoded: schema: type: object required: - asset_code properties: asset_code: type: string description: Stellar asset code for the deposit. account: type: string description: Stellar account for the deposit; defaults to the SEP-10 subject. lang: type: string description: Language for the interactive flow. claimable_balance_supported: type: string description: Indicates if claimable balances are supported. example: asset_code: USDC account: GACW7NONV43MZIFHCOKCQJAKSJSISSICFVUJ2C6EZIW5773OU3HD64VI lang: en required: false responses: '200': description: An anchor requires the user to fill out information on a webpage hosted by the anchor. content: application/json: schema: type: object properties: type: type: string description: Always set to interactive_customer_info_needed. example: interactive_customer_info_needed url: type: string description: URL hosted by the anchor. The wallet should show this URL to the user as a popup. example: https://api.example.com/kycflow?account=GACW7NONV43MZIFHCOKCQJAKSJSISSICFVUJ2C6EZIW5773OU3HD64VI id: type: string description: The anchor's internal ID for this deposit / withdrawal request. The wallet will use this ID to query the /transaction endpoint to check status of the request. example: 82fhs729f63dh0v4 '400': description: Bad Request $ref: '#/components/responses/BadRequestResponse' '401': description: Unauthorized $ref: '#/components/responses/UnauthorizedResponse' security: - SEP10Auth: [] /profile: get: tags: - Profile summary: Get Profile description: Fetches the individual information of the logged in user to populate the Profile page. operationId: GetProfile responses: '200': description: Returns user profile content: application/json: schema: $ref: '#/components/schemas/Profile' security: - BearerAuth: [] patch: tags: - Profile summary: Update User Profile description: 'Updates the profile details of the logged in user. Note: all fields are optional but at least one should be sent in the request.' operationId: UpdateUserProfile requestBody: content: '*/*': schema: type: object properties: first_name: type: string last_name: type: string email: type: string example: first_name: FirstName last_name: LastName email: email@email.com required: false responses: '200': description: OK content: application/json: schema: $ref: '#/components/schemas/MessageResponse' example: message: user profile updated successfully '401': description: Unauthorized content: application/json: schema: type: object properties: error: type: string extras: type: object properties: status: type: number message: type: string example: error: Not authorized extras: status: 401 message: Not authorized example: error: Not authorized extras: status: 401 message: Not authorized '403': description: Forbidden content: application/json: schema: type: object properties: error: type: string example: error: Forbidden example: error: Forbidden security: - BearerAuth: [] /profile/reset-password: patch: tags: - Profile summary: Reset Password description: Updates the password for the logged in user. operationId: ResetUserPassword requestBody: content: application/json: schema: type: object required: - current_password - new_password properties: current_password: type: string new_password: type: string example: current_password: currentPassword123! new_password: newPassword123! required: true responses: '200': description: OK content: application/json: schema: $ref: '#/components/schemas/MessageResponse' example: message: user password updated successfully '400': description: Bad Request $ref: '#/components/responses/BadRequestResponse' '401': description: Unauthorized $ref: '#/components/responses/UnauthorizedResponse' '403': description: Forbidden $ref: '#/components/responses/ForbiddenResponse' security: - BearerAuth: [] x-codegen-request-body-name: body /organization: get: tags: - Organization summary: Get Organization Info description: This endpoint returns the organization's info. It is used in many places across the UI. It returns the name in the navbar and the public key of the organization’s distribution account. operationId: GetOrganizationInfo responses: '200': description: Returns organization details content: application/json: schema: $ref: '#/components/schemas/Organization' '401': description: Unauthorized content: application/json: schema: type: object properties: error: type: string extras: type: object properties: status: type: number message: type: string example: error: Not authorized extras: status: 401 message: Not authorized example: error: Not authorized extras: status: 401 message: Not authorized security: - BearerAuth: [] patch: tags: - Organization summary: Update Organization Profile description: 'Updates the organization profile details. Only account owners have permission to do this. Note: both fields are optional but at least one should be sent in the request. It is not necessary to set the header Content-Type for this request. It is set automatically by the HTTP client.' operationId: UpdateOrganizationProfile requestBody: content: multipart/form-data: schema: type: object properties: logo: type: string description: The logo of the organization, file type must be png or jpeg. format: binary data: type: string description: | A JSON string that contains the details to update. Contains the following keys: `organization_name` (string): the new name of the organization, `timezone_utc_offset` (string): the new timezone offset of the organization, `is_approval_required` (boolean): whether the approval workflow is enabled or not. `receiver_registration_message_template` (string): the message template sent to the receivers inviting them to registration. Sending this field empty sets the `default` value for it. `otp_message_template` (string): the message template sent to the receivers sending the OTP to complete the registration flow. Sending this field empty sets the `default` value for it. For example: '{"organization_name": "NewOrgName", "timezone_utc_offset": "+02:00", "is_approval_required": true, "receiver_registration_message_template": "You have a payment waiting for you from {{.OrganizationName}}. Click {{.RegistrationLink}} to register.", "otp_message_template": "{{.OTP}} is your {{.OrganizationName}} phone verification code."}' format: json responses: '200': description: OK content: application/json: schema: $ref: '#/components/schemas/MessageResponse' example: message: organization profile updated successfully '401': description: Unauthorized content: application/json: schema: type: object properties: error: type: string extras: type: object properties: status: type: number message: type: string example: error: Not authorized extras: status: 401 message: Not authorized example: error: Not authorized extras: status: 401 message: Not authorized '403': description: Forbidden content: application/json: schema: type: object properties: error: type: string example: error: Forbidden example: error: Forbidden security: - BearerAuth: [] /organization/logo: get: tags: - Organization summary: Retrieve Organization Logo description: Retrieves the logo of the organization for display in the UI navbar. operationId: GetOrganizationLogo responses: '200': description: OK content: application/octet-stream: schema: type: string format: binary /organization/circle-config: patch: tags: - Organization summary: Circle Account Setup description: 'Updates the Circle configuration for the organization. Only account owners have permission to do this. Note: in the first time configuration, all fields are mandatory, but after it is been configured at least once, you can replace a single field at a time.' operationId: PatchOrganizationCircle requestBody: description: Circle configuration to be updated content: application/json: schema: type: object properties: api_key: type: string description: The Circle API key with permissions to POST & GET transfers wallet_id: type: string description: The ID of the Circle walet from where the funds will be sent required: true responses: '200': description: Circle configuration updated successfully content: application/json: schema: type: object properties: message: type: string example: Circle configuration updated '400': description: Bad Request content: application/json: schema: type: object properties: error: type: string description: Details about the error extras: type: object properties: {} security: - BearerAuth: [] x-codegen-request-body-name: body /balances: get: tags: - Balances summary: Get Organization (Circle) Balances description: ATTENTION, this endpoint is only enabled when the tenant distribution account type is `CIRCLE`. operationId: GetOrganization(Circle)Balances responses: '200': description: Returns the organization's Circle balances content: application/json: schema: required: - account - balances type: object properties: account: $ref: '#/components/schemas/DistributionAccount' balances: type: array description: The organization's Circle balances items: $ref: '#/components/schemas/Balance' '400': description: Bad request, not supported when the distribution account is not of the CIRCLE type. $ref: '#/components/responses/BadRequestResponse' '401': description: Unauthorized content: application/json: schema: type: object properties: error: type: string extras: type: object properties: status: type: number message: type: string example: error: Not authorized extras: status: 401 message: Not authorized example: error: Not authorized extras: status: 401 message: Not authorized security: - BearerAuth: [] /assets: get: tags: - Organization summary: Get All Assets description: 'Fetches the list of available assets to populate the dropdown box in the New Disbursement flow. Note: the organization must hold a balance in a particular asset to use it in a disbursement.' operationId: GetAllAssets responses: '200': description: A list of assets content: application/json: schema: type: array items: $ref: '#/components/schemas/Asset' '401': description: Unauthorized content: application/json: schema: type: object properties: error: type: string extras: type: object properties: status: type: number message: type: string example: error: Not authorized extras: status: 401 message: Not authorized example: error: Not authorized extras: status: 401 message: Not authorized '403': description: Forbidden content: application/json: schema: type: object properties: error: type: string example: error: Forbidden example: error: Forbidden security: - BearerAuth: [] post: tags: - Organization summary: Create Asset description: 'This endpoint is used to create a new asset that can be used in a Disbursement. Note: the organization must hold a balance in a particular asset to use it in a disbursement.' operationId: CreateAsset requestBody: description: Asset to be created content: application/json: schema: required: - code - issuer type: object properties: code: type: string description: The asset code example: USDC issuer: type: string description: The issuer example: GBBD47IF6LWK7P7MDEVSCWR7DPUWV3NY3DTQEVFL4NAT4AQH3ZLLFLA5 required: true responses: '201': description: Asset created successfully content: {} '400': description: Bad request, invalid request body or the provided code/issuer is invalid. content: {} security: - BearerAuth: [] x-codegen-request-body-name: body /assets/{id}: delete: tags: - Organization summary: Delete Asset description: This endpoint is used to soft delete an asset. operationId: DeleteAsset parameters: - name: id in: path description: ID of the asset to delete required: true style: simple explode: false schema: type: string responses: '200': description: Asset deleted successfully content: {} '204': description: Asset already deleted content: {} '404': description: Asset not found content: {} security: - BearerAuth: [] /wallets: get: tags: - Wallets summary: Get All Wallets description: Fetches the list of available wallet providers to populate the dropdown box in the New Disbursement flow. The organization should coordinate with the wallet provider before selecting a particular wallet provider for a disbursement. By default, soft-deleted wallets are excluded from the response. Use the `include_deleted` parameter to include them. operationId: GetAllWallets parameters: - name: include_deleted in: query description: When set to `true`, includes soft-deleted wallets in the response. When `false` or omitted, only non-deleted wallets are returned. required: false style: form explode: true schema: type: boolean default: false - name: enabled in: query description: Filter wallets by enabled/disabled status. required: false style: form explode: true schema: type: boolean - name: user_managed in: query description: Filter by user-managed wallets. required: false style: form explode: true schema: type: boolean - name: supported_assets in: query description: Comma-separated list of asset codes or IDs to filter wallets by supported assets (max 20). required: false style: form explode: true schema: type: string responses: '200': description: A list of wallets content: application/json: schema: type: array items: $ref: '#/components/schemas/Wallet' '400': description: Bad request - validation errors $ref: '#/components/responses/BadRequestResponse' '401': description: Unauthorized content: application/json: schema: type: object properties: error: type: string extras: type: object properties: status: type: number message: type: string example: error: Not authorized extras: status: 401 message: Not authorized example: error: Not authorized extras: status: 401 message: Not authorized '403': description: Forbidden content: application/json: schema: type: object properties: error: type: string example: error: Forbidden example: error: Forbidden security: - BearerAuth: [] post: tags: - Wallets summary: Create Wallet description: Creates a new wallet provider that can be used for disbursements. The wallet must be configured with supported assets and proper authentication domains. operationId: CreateWallet requestBody: content: application/json: schema: $ref: '#/components/schemas/CreateWalletRequest' required: true responses: '201': description: Wallet created successfully content: application/json: schema: $ref: '#/components/schemas/Wallet' '400': description: Bad request - validation errors $ref: '#/components/responses/BadRequestResponse' '401': description: Unauthorized $ref: '#/components/responses/UnauthorizedResponse' '403': description: Forbidden $ref: '#/components/responses/ForbiddenResponse' '409': description: Conflict - wallet name, homepage, or deep link schema already exists content: application/json: schema: type: object properties: error: type: string extras: type: object security: - BearerAuth: [] /wallets/{id}: patch: tags: - Wallets summary: Update Wallet description: 'This endpoint is used to enable or disable a wallet provider. Note: the organization should coordinate with the wallet provider before selecting a particular wallet provider for a disbursement.' operationId: UpdateWallet parameters: - name: id in: path description: ID of the wallet to update required: true style: simple explode: false schema: type: string requestBody: description: Wallet to be updated content: application/json: schema: $ref: '#/components/schemas/UpdateWalletRequest' required: true responses: '200': description: Wallet updated successfully content: application/json: schema: $ref: '#/components/schemas/Wallet' '400': description: Bad request, usually caused by the `enabled` field missing from the request body. $ref: '#/components/responses/BadRequestResponse' '401': description: Unauthorized $ref: '#/components/responses/UnauthorizedResponse' '403': description: Forbidden $ref: '#/components/responses/ForbiddenResponse' '404': description: Wallet not found $ref: '#/components/responses/NotFoundResponse' security: - BearerAuth: [] delete: tags: - Wallets summary: Delete Wallet description: Soft deletes a wallet provider. operationId: DeleteWallet parameters: - name: id in: path description: ID of the wallet to delete required: true style: simple explode: false schema: type: string responses: '204': description: Wallet deleted successfully content: {} '401': description: Unauthorized $ref: '#/components/responses/UnauthorizedResponse' '403': description: Forbidden $ref: '#/components/responses/ForbiddenResponse' '404': description: Wallet not found $ref: '#/components/responses/NotFoundResponse' security: - BearerAuth: [] /users: get: tags: - Users summary: Get All Users description: Fetches all SDP users within the organization, whether they are active yet or not. operationId: GetAllUsers responses: '200': description: Returns a paginated list of User Details content: application/json: schema: $ref: '#/components/schemas/Users' '401': description: Unauthorized content: application/json: schema: type: object properties: error: type: string extras: type: object properties: status: type: number message: type: string example: error: Not authorized extras: status: 401 message: Not authorized example: error: Not authorized extras: status: 401 message: Not authorized '403': description: Forbidden content: application/json: schema: type: object properties: error: type: string example: error: Forbidden example: error: Forbidden security: - BearerAuth: [] post: tags: - Users summary: Create User description: This endpoint creates a new SDP user as the result of an SDP owner adding their information in the UI. It also handles sending the invite email. operationId: CreateUser requestBody: content: '*/*': schema: type: object properties: first_name: type: string last_name: type: string roles: type: array items: type: string email: type: string example: first_name: John last_name: Doe roles: - business email: email@email.com required: false responses: '201': description: Created content: application/json: schema: $ref: '#/components/schemas/User' '401': description: Unauthorized content: application/json: schema: type: object properties: error: type: string extras: type: object properties: status: type: number message: type: string example: error: Not authorized extras: status: 401 message: Not authorized example: error: Not authorized extras: status: 401 message: Not authorized '403': description: Forbidden content: application/json: schema: type: object properties: error: type: string example: error: Forbidden example: error: Forbidden security: - BearerAuth: [] x-codegen-request-body-name: body /users/activation: patch: tags: - Users summary: Update User Activation Status description: Updates the SDP user’s activation status. This endpoint is primarily used to move a user into active status when they accept the invite to join an SDP organization account and create a password. operationId: UpdateUserActivationStatus requestBody: content: '*/*': schema: type: object properties: user_id: type: string is_active: type: boolean example: user_id: 5ca230c9-da95-4bd1-b2a2-aa5d0df65efd is_active: false required: false responses: '200': description: Created content: application/json: schema: $ref: '#/components/schemas/User' example: message: user activation was updated successfully '401': description: Unauthorized content: application/json: schema: type: object properties: error: type: string extras: type: object properties: status: type: number message: type: string example: error: Not authorized extras: status: 401 message: Not authorized example: error: Not authorized extras: status: 401 message: Not authorized '403': description: Forbidden content: application/json: schema: type: object properties: error: type: string example: error: Forbidden example: error: Forbidden security: - BearerAuth: [] x-codegen-request-body-name: body /users/roles: get: tags: - Users summary: Get All Roles description: Fetches available SDP roles, such as owner, financial controller, business user, and developer. operationId: GetAllRoles responses: '200': description: OK content: application/json: schema: type: object properties: roles: type: array items: type: string example: roles: - developer - financial_controller - business - owner example: roles: - developer - financial_controller - business - owner '401': description: Unauthorized content: application/json: schema: type: object properties: error: type: string extras: type: object properties: status: type: number message: type: string example: error: Not authorized extras: status: 401 message: Not authorized example: error: Not authorized extras: status: 401 message: Not authorized '403': description: Forbidden content: application/json: schema: type: object properties: error: type: string example: error: Forbidden example: error: Forbidden security: - BearerAuth: [] patch: tags: - Users summary: Update User Role description: Updates an SDP user’s role by `user_ID `. operationId: UpdateUserRole requestBody: content: '*/*': schema: type: object properties: user_id: type: string roles: type: array items: type: string example: user_id: 5ca230c9-da95-4bd1-b2a2-aa5d0df65efd roles: - developer required: false responses: '200': description: OK content: application/json: schema: type: object properties: message: type: string example: message: user roles were updated successfully example: message: user roles were updated successfully '401': description: Unauthorized content: application/json: schema: type: object properties: error: type: string extras: type: object properties: status: type: number message: type: string example: error: Not authorized extras: status: 401 message: Not authorized example: error: Not authorized extras: status: 401 message: Not authorized '403': description: Forbidden content: application/json: schema: type: object properties: error: type: string example: error: Forbidden example: error: Forbidden security: - BearerAuth: [] x-codegen-request-body-name: body /tenants: get: tags: - Admin summary: Get All Tenants operationId: GetAllTenants responses: '200': description: A list of provisioned tenants with their configurations content: application/json: schema: $ref: '#/components/schemas/Tenants' '401': description: Unauthorized content: application/json: schema: type: object properties: error: type: string extras: type: object properties: status: type: number message: type: string example: error: Not authorized extras: status: 401 message: Not authorized example: error: Not authorized extras: status: 401 message: Not authorized security: - BasicAuth: [] post: tags: - Admin summary: Create Tenant operationId: CreateTenant requestBody: content: '*/*': schema: required: - distribution_account_type - name - organization_name - owner_email - owner_first_name - owner_last_name type: object properties: name: type: string description: The tenant name. It should match the pattern `^[a-z-]+$` distribution_account_type: type: string description: The distribution account type of the tenant. enum: - DISTRIBUTION_ACCOUNT.STELLAR.ENV - DISTRIBUTION_ACCOUNT.STELLAR.DB_VAULT - DISTRIBUTION_ACCOUNT.CIRCLE.DB_VAULT owner_email: type: string description: The owner user e-mail address owner_first_name: type: string description: The owner user first name owner_last_name: type: string description: The owner user last name organization_name: type: string description: The organization name base_url: type: string description: The SDP backend server's base URL. If this field is not provided, the SDP will generate one based on the host `BASE_URL` configuration, and the tenant name. sdp_ui_base_url: type: string description: The SDP UI/dashboard Base URL. If this field is not provided, the SDP will generate one based on the host `SDP_UI_BASE_URL` configuration, and the tenant name. example: name: redcorp distribution_account_type: DISTRIBUTION_ACCOUNT.STELLAR.DB_VAULT owner_email: owner@redcorp.org owner_first_name: Owner owner_last_name: Last organization_name: Red Corp base_url: https://redcorp-backend.sdp.org sdp_ui_base_url: https://redcorp.sdp.org required: false responses: '201': description: Provision a new tenant content: application/json: schema: $ref: '#/components/schemas/Tenant' '401': description: Unauthorized content: application/json: schema: type: object properties: error: type: string extras: type: object properties: status: type: number message: type: string example: error: Not authorized extras: status: 401 message: Not authorized example: error: Not authorized extras: status: 401 message: Not authorized security: - BasicAuth: [] x-codegen-request-body-name: body /tenants/{id}: get: tags: - Admin summary: Retrieve a Tenant operationId: RetrieveATenant parameters: - name: id in: path description: ID or Name of the `Tenant`. required: true style: simple explode: false schema: type: string responses: '200': description: Tenant details content: application/json: schema: $ref: '#/components/schemas/Tenant' '401': description: Unauthorized content: application/json: schema: type: object properties: error: type: string extras: type: object properties: status: type: number message: type: string example: error: Not authorized extras: status: 401 message: Not authorized example: error: Not authorized extras: status: 401 message: Not authorized '404': description: Not Found content: application/json: schema: type: object properties: error: type: string extras: type: object properties: status: type: number message: type: string example: error: Not found extras: status: 404 message: Resource not found security: - BasicAuth: [] delete: tags: - Admin summary: Soft delete a Tenant operationId: SoftDeleteATenant parameters: - name: id in: path description: ID of the `Tenant`. required: true style: simple explode: false schema: type: string responses: '200': description: Deleted Tenant details, with a non-empty `deleted_at` field content: application/json: schema: $ref: '#/components/schemas/Tenant' '304': description: The tenant was already deleted before this request. content: application/json: schema: $ref: '#/components/schemas/Tenant' '400': description: Bad request, when the tenant is not elligible to be deleted. For example, when the tenant is the default tenant or when it has not been patched with the deactivated status. $ref: '#/components/responses/BadRequestResponse' '404': description: Not Found content: application/json: schema: type: object properties: error: type: string extras: type: object properties: status: type: number message: type: string example: error: Not found extras: status: 404 message: Resource not found security: - BasicAuth: [] patch: tags: - Admin summary: Update a Tenant description: This endpoint updates the Tenant data. operationId: UpdateATenant parameters: - name: id in: path description: ID of the `Tenant`. required: true style: simple explode: false schema: type: string requestBody: description: List of fields to update for the tenant content: '*/*': schema: type: object properties: base_url: type: string description: The SDP backend server's base URL. sdp_ui_base_url: type: string description: The SDP UI/dashboard Base URL. status: type: string enum: - TENANT_CREATED - TENANT_PROVISIONED - TENANT_ACTIVATED - TENANT_DEACTIVATED required: true responses: '200': description: Updated Tenant details content: application/json: schema: $ref: '#/components/schemas/Tenant' '400': description: Bad Request content: application/json: schema: type: object properties: error: type: string description: Details about the error extras: type: object properties: {} '401': description: Unauthorized content: application/json: schema: type: object properties: error: type: string extras: type: object properties: status: type: number message: type: string example: error: Not authorized extras: status: 401 message: Not authorized example: error: Not authorized extras: status: 401 message: Not authorized '404': description: Not Found content: application/json: schema: type: object properties: error: type: string extras: type: object properties: status: type: number message: type: string example: error: Not found extras: status: 404 message: Resource not found security: - BasicAuth: [] x-codegen-request-body-name: body /tenants/default-tenant: post: tags: - Admin summary: Default Tenant description: | Sets the tenant specified in the request body as the default one, resolving all the incoming API request to that tenant when the env `SINGLE_TENANT_MODE` is set to true. Once set, the default tenant can be overwritten but never unset, although it is only effective when `SINGLE_TENANT_MODE` is set to true. Default tenant is useful for development purposes or when the SDP is used by a single organization. This allows the organization to skip specifying the tenant in every request and simplifies the SDP setup operationally by removing the need of providing wildcard TLS certificates for multi-tenant configurations. operationId: DefaultTenant requestBody: content: '*/*': schema: required: - id type: object properties: id: type: string description: The tenant id. example: id: 1736bed3-7b92-4760-8ff2-51fb08ee079f required: false responses: '201': description: Default tenant details content: application/json: schema: $ref: '#/components/schemas/Tenant' '401': description: Unauthorized content: application/json: schema: type: object properties: error: type: string extras: type: object properties: status: type: number message: type: string example: error: Not authorized extras: status: 401 message: Not authorized example: error: Not authorized extras: status: 401 message: Not authorized '403': description: Forbidden content: application/json: schema: type: object properties: error: type: string example: error: Forbidden example: error: Forbidden security: - BasicAuth: [] x-codegen-request-body-name: body /bridge-integration: get: summary: Get Bridge Integration Status description: | Retrieves the current Bridge integration status and information for the organization. Returns live data from the Bridge API including KYC status and virtual account details. operationId: getBridgeIntegration security: - BearerAuth: [] responses: '200': description: Bridge integration status retrieved successfully content: application/json: schema: $ref: '#/components/schemas/BridgeIntegrationInfo' examples: not_enabled: summary: Bridge service not enabled value: status: NOT_ENABLED not_opted_in: summary: Organization not opted in value: status: NOT_OPTED_IN opted_in: summary: Organization opted in, KYC pending value: status: OPTED_IN customer_id: cust_123abc kyc_status: id: kyc_456def full_name: John Doe email: john@example.com type: business kyc_link: https://bridge.stellar.org/kyc/456def tos_link: https://bridge.stellar.org/tos/456def kyc_status: under_review tos_status: approved created_at: '2025-01-01T00:00:00Z' customer_id: cust_123abc opted_in_by: user_789 opted_in_at: '2025-01-01T00:00:00Z' ready_for_deposit: summary: Virtual account created and ready value: status: READY_FOR_DEPOSIT customer_id: cust_123abc virtual_account: id: va_789xyz status: activated developer_fee_percent: '0.5' customer_id: cust_123abc source_deposit_instructions: bank_beneficiary_name: Stellar Bridge currency: usd bank_name: Wells Fargo bank_address: 123 Main St, San Francisco, CA bank_account_number: '1234567890' bank_routing_number: '121000248' payment_rails: - ach - wire destination: payment_rail: stellar currency: usdc address: GDQP2KPQGKIHYJGXNUIYOMHARUARCA7DJT5FO2FFOOKY3B2WSQHG4W37 blockchain_memo: '12345' virtual_account_created_by: user_789 virtual_account_created_at: '2025-01-01T00:00:00Z' '401': description: Unauthorized $ref: '#/components/responses/UnauthorizedResponse' '403': description: Forbidden $ref: '#/components/responses/ForbiddenResponse' '404': description: Not Found $ref: '#/components/responses/NotFoundResponse' tags: - Bridge Integration patch: summary: Update Bridge Integration Status description: | Updates the Bridge integration status. Supports two main operations: 1. Opt-in to Bridge (status: "OPTED_IN") - Creates KYC link for organization onboarding 2. Create Virtual Account (status: "READY_FOR_DEPOSIT") - Creates virtual account after KYC approval operationId: updateBridgeIntegration security: - BearerAuth: [] requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/BridgeIntegrationPatchRequest' examples: opt_in: summary: Opt into Bridge integration value: status: OPTED_IN email: john@example.com full_name: John Doe kyc_type: business create_virtual_account: summary: Create virtual account value: status: READY_FOR_DEPOSIT responses: '200': description: Bridge integration updated successfully content: application/json: schema: $ref: '#/components/schemas/BridgeIntegrationInfo' '401': description: Unauthorized $ref: '#/components/responses/UnauthorizedResponse' '403': description: Forbidden $ref: '#/components/responses/ForbiddenResponse' '404': description: Not Found $ref: '#/components/responses/NotFoundResponse' tags: - Bridge Integration /api-keys: get: tags: - API Keys summary: List API Keys description: Retrieves all API keys created by the current user. The results are ordered by creation date in descending order (most recent first). API key values are not included in the response for security reasons. operationId: ListAPIKeys responses: '200': description: API keys retrieved successfully content: application/json: schema: type: array items: $ref: '#/components/schemas/APIKey' '401': description: Unauthorized $ref: '#/components/responses/UnauthorizedResponse' '403': description: Forbidden $ref: '#/components/responses/ForbiddenResponse' security: - BearerAuth: [] post: tags: - API Keys summary: Create API Key description: Creates a new API Key to access SDP endpoints. API Key can be configured to have a granular read/write access, also API key can be restricted to the specific IP or range of the IPs. operationId: CreateAPIKey requestBody: content: application/json: schema: $ref: '#/components/schemas/CreateAPIKeyRequest' required: true responses: '201': description: API key created successfully content: application/json: schema: $ref: '#/components/schemas/CreateAPIKeyResponse' '400': description: Bad request - validation errors $ref: '#/components/responses/BadRequestResponse' '401': description: Unauthorized $ref: '#/components/responses/UnauthorizedResponse' '403': description: Forbidden $ref: '#/components/responses/ForbiddenResponse' security: - BearerAuth: [] /api-keys/{id}: get: tags: - API Keys summary: Get API Key Details description: Retrieves a specific API key by its ID. Returns the API key details including permissions and restrictions, but does not include the actual key value for security reasons. operationId: GetAPIKey parameters: - name: id in: path description: The unique identifier of the API key required: true schema: type: string responses: '200': description: API key retrieved successfully content: application/json: schema: $ref: '#/components/schemas/APIKey' '401': description: Unauthorized $ref: '#/components/responses/UnauthorizedResponse' '403': description: Forbidden $ref: '#/components/responses/ForbiddenResponse' '404': description: API key not found $ref: '#/components/responses/NotFoundResponse' security: - BearerAuth: [] patch: tags: - API Keys summary: Update API Key description: Updates an existing API key's permissions and IP restrictions. The API key name and expiration date cannot be modified after creation. operationId: UpdateAPIKey parameters: - name: id in: path description: The unique identifier of the API key to update required: true schema: type: string requestBody: content: application/json: schema: $ref: '#/components/schemas/UpdateAPIKeyRequest' required: true responses: '200': description: API key updated successfully content: application/json: schema: $ref: '#/components/schemas/APIKey' '400': description: Bad request - validation errors $ref: '#/components/responses/BadRequestResponse' '401': description: Unauthorized $ref: '#/components/responses/UnauthorizedResponse' '403': description: Forbidden $ref: '#/components/responses/ForbiddenResponse' '404': description: API key not found $ref: '#/components/responses/NotFoundResponse' security: - BearerAuth: [] delete: tags: - API Keys summary: Delete API Key description: Permanently deletes an API key. This action cannot be undone. Once deleted, the API key will no longer be able to authenticate API requests. operationId: DeleteAPIKey parameters: - name: id in: path description: The unique identifier of the API key to delete required: true schema: type: string responses: '204': description: API key deleted successfully '401': description: Unauthorized $ref: '#/components/responses/UnauthorizedResponse' '403': description: Forbidden $ref: '#/components/responses/ForbiddenResponse' '404': description: API key not found $ref: '#/components/responses/NotFoundResponse' security: - BearerAuth: [] components: schemas: Amount: type: object properties: asset_code: type: string example: USDC asset_issuer: type: string example: GBBD47IF6LWK7P7MDEVSCWR7DPUWV3NY3DTQEVFL4NAT4AQH3ZLLFLA5 received_amount: type: string example: '100.00' Asset: type: object properties: id: type: string example: ffaec4b3-46b0-4db4-a4c4-6c3508057705 code: type: string description: Asset code example: USDC issuer: type: string description: Asset issuer address example: GBBD47IF6LWK7P7MDEVSCWR7DPUWV3NY3DTQEVFL4NAT4AQH3ZLLFLA5 created_at: type: string format: date-time example: '2023-02-03T10:45:51Z' updated_at: type: string format: date-time example: '2023-02-03T10:45:51Z' deleted_at: type: string format: date-time example: '2023-06-03T10:55:51Z' description: The Stellar asset object Disbursement: type: object properties: id: type: string description: The unique identifier of the disbursement example: 619da857-8725-4c58-933d-c120a458e0f5 name: type: string description: The name of the disbursement example: Disbursement Name receiver_registration_message_template: type: string description: 'The custom template used to send invitations to receivers. The `default` message isn''t returned. In the message''s content it''s possible to add the following template variables: {{.OrganizationName}} which is the Organization Name configured and {{.RegistrationLink}} which is the link generated by SDP to send to the receiver (in case this is not present in the message, it''s automatically appended at the end).' example: You have a payment waiting for you from {{.OrganizationName}}. Click {{.RegistrationLink}} to register. registration_contact_type: $ref: '#/components/schemas/RegistrationContactType' wallet: $ref: '#/components/schemas/Wallet' asset: $ref: '#/components/schemas/Asset' status: $ref: '#/components/schemas/DisbursementStatus' verification_field: $ref: '#/components/schemas/VerificationField' status_history: $ref: '#/components/schemas/DisbursementStatusHistory' file_name: type: string example: disbursement-feb-03-2023.csv created_at: type: string format: date-time example: '2023-02-03T10:45:51Z' updated_at: type: string format: date-time example: '2023-02-03T10:45:51Z' total_payments: type: integer description: Total number of payments example: 10 total_payments_sent: type: integer description: Total number of successful payments example: 8 total_payments_failed: type: integer description: Total number of failed payments example: 1 total_payments_remaining: type: integer description: Total number of remaining payments example: 1 amount_disbursed: type: string description: The total amount disbursed so far example: '800.00' total_amount: type: string description: The total amount to be disbursed example: '1000.00' average_amount: type: string description: The average amount per payment example: '100.00' DisbursementLite: type: object properties: id: type: string description: The unique identifier of the disbursement format: uuid example: c51ba1d5-52d3-412f-a59c-6ef32d59ab43 name: type: string description: The name of the disbursement example: disbursement-june-29 receiver_registration_message_template: type: string description: 'The custom template used to send invitations to receivers. The `default` message isn''t returned. In the message''s content it''s possible to add the following template variables: `{{.OrganizationName}}` which is the Organization Name configured and `{{.RegistrationLink}}` which is the link generated by SDP to send to the receiver (in case this is not present in the message, it''s automatically appended at the end).' example: You have a payment waiting for you from {{.OrganizationName}}. Click {{.RegistrationLink}} to register. registration_contact_type: $ref: '#/components/schemas/RegistrationContactType' status: $ref: '#/components/schemas/DisbursementStatus' verification_field: $ref: '#/components/schemas/VerificationField' status_history: $ref: '#/components/schemas/DisbursementStatusHistory' file_name: type: string example: disbursement-feb-03-2023.csv created_at: type: string description: The creation timestamp of the disbursement format: date-time example: '2023-06-30T01:22:57.831975Z' updated_at: type: string description: The last update timestamp of the disbursement format: date-time example: '2023-06-30T01:22:58.316511Z' DisbursementPagination: type: object properties: pagination: $ref: '#/components/schemas/Pagination' data: type: array items: $ref: '#/components/schemas/Disbursement' DisbursementReceiver: type: object properties: id: type: string example: ec3a57c0-5660-4b5a-af76-acadc7b09b93 email: type: string example: receiver@mail.org phone_number: type: string example: '+15552368475' external_id: type: string example: usr129001 receiver_wallet: $ref: '#/components/schemas/ReceiverWallet' payment: $ref: '#/components/schemas/Payment' created_at: type: string format: date-time example: '2023-02-03T10:45:51Z' updated_at: type: string format: date-time example: '2023-02-03T10:45:51Z' DisbursementReceiverPagination: type: object properties: pagination: $ref: '#/components/schemas/Pagination' data: type: array items: $ref: '#/components/schemas/DisbursementReceiver' DisbursementsStatistics: type: object properties: payment_counters: $ref: '#/components/schemas/PaymentCounters' payment_amounts_by_asset: type: array items: $ref: '#/components/schemas/PaymentAmountsByAsset' receiver_wallets_counters: $ref: '#/components/schemas/ReceiverWalletsCounters' total_receivers: type: integer description: Total number of receivers format: int64 example: 100 DisbursementStatus: type: string enum: - DRAFT - READY - STARTED - PAUSED - COMPLETED DisbursementStatusHistory: type: array items: $ref: '#/components/schemas/DisbursementStatusHistoryEntry' DisbursementStatusHistoryEntry: type: object properties: user_id: type: string example: 3f351b9e-ed0f-40fa-a314-14757b42dab1 status: $ref: '#/components/schemas/DisbursementStatus' timestamp: type: string format: date-time example: '2023-02-03T10:45:51Z' GeneralStatistics: type: object properties: total_disbursements: type: integer description: Total number of disbursements format: int64 example: 20 payment_counters: $ref: '#/components/schemas/PaymentCounters' payment_amounts_by_asset: type: array items: $ref: '#/components/schemas/PaymentAmountsByAsset' receiver_wallets_counters: $ref: '#/components/schemas/ReceiverWalletsCounters' total_receivers: type: integer description: Total number of receivers format: int64 example: 1000 MessageResponse: required: - message type: object properties: message: type: string Organization: required: - distribution_account - is_approval_required - logo_url - name - payment_cancellation_period_days - privacy_policy_link - receiver_invitation_resend_interval_days - timezone_utc_offset type: object properties: name: type: string example: Stellar Aid logo_url: type: string example: https://stellar-disbursement-platform-backend-dev.stellar.org/organization/logo distribution_account: $ref: '#/components/schemas/DistributionAccount' distribution_account_public_key: type: string description: DEPRECATED! Please refer to distribution_account.address instead. example: GCXAJ3XJ3VK3JFH3QMDFOSKM2NMMZBSO3VIT6EUPQWSDW2J74M23RRSL timezone_utc_offset: type: string example: '+00:00' is_approval_required: type: boolean description: Enables multi-user approval workflow for disbursements example: true receiver_invitation_resend_interval_days: type: integer description: The amount of days that the SDP will wait to resend the invitation to the receivers that have not registered. If `0`, that means the resending invitation feature is disabled. example: 5 payment_cancellation_period_days: type: integer description: The amount of days that the SDP will wait to cancel a payment that is waiting for the receiver to register. If `0`, that means the payment cancellation feature is disabled. example: 5 privacy_policy_link: type: string description: The link to the organization privacy policy example: https://stellar.org/privacy-policy receiver_registration_message_template: type: string description: 'The custom template used to send invitations to receivers. The `default` message isn''t returned. In the message''s content it''s possible to add the following template variables: {{.OrganizationName}} which is the Organization Name configured and {{.RegistrationLink}} which is the link generated by SDP to send to the receiver (in case this is not present in the message, it''s automatically appended at the end).' example: You have a payment waiting for you from {{.OrganizationName}}. Click {{.RegistrationLink}} to register. otp_message_template: type: string description: 'The custom OTP message template set to send OTP code to the receiver complete the registration flow. The `default` message isn''t returned. In the message''s content it''s possible to add the following template variables: {{.OrganizationName}} which is the Organization Name configured and {{.OTP}} which is the OTP code to send to the receiver complete the registration flow (in case this is not present in the message, it''s automatically appended at the end).' example: '{{.OTP}} is your {{.OrganizationName}} phone verification code.' DistributionAccount: required: - status - type type: object properties: address: type: string description: The address of the distribution account, present when the account type is `STELLAR`. example: GCXAJ3XJ3VK3JFH3QMDFOSKM2NMMZBSO3VIT6EUPQWSDW2J74M23RRSL circle_wallet_id: type: string description: The ID of the Circle wallet, present when the account type is `CIRCLE`. example: '1000646072' type: type: string description: The type of the distribution account. example: DISTRIBUTION_ACCOUNT.STELLAR.DB_VAULT enum: - DISTRIBUTION_ACCOUNT.STELLAR.ENV - DISTRIBUTION_ACCOUNT.STELLAR.DB_VAULT - DISTRIBUTION_ACCOUNT.CIRCLE.DB_VAULT status: type: string example: ACTIVE enum: - ACTIVE - PENDING_USER_ACTIVATION Balance: type: object properties: asset_code: type: string description: The asset code of the balance in the Stellar network. example: USDC asset_issuer: type: string description: The asset issuer of the balance in the Stellar network. example: GBBD47IF6LWK7P7MDEVSCWR7DPUWV3NY3DTQEVFL4NAT4AQH3ZLLFLA5 amount: type: string description: The amount of the balance. example: '100.00' description: The balances of the organization's distribution account. Currently, this is only used for the Circle distribution accounts. Pagination: type: object properties: next: type: string example: '?page=3&page_limit=2' prev: type: string example: '?page=1&page_limit=2' pages: type: integer example: 8 total: type: integer example: 16 Payment: type: object properties: id: type: string example: ddf22f55-3259-4822-a4e2-ce01334997f4 amount: type: string description: The amount of the payment example: '100.00' stellar_transaction_id: type: string description: The ID of the transaction in the Stellar network. It can be used tio track the payment in the Stellar network using [Stellar Laboratory](https://laboratory.stellar.org/), or [StellarExpert](https://stellar.expert/). example: 0b339d1c89d314186b8147c2af4c9a9ed5bbdbcd7ada8d138633907649b circle_transfer_request_id: type: string description: The Circle transfer request ID. It is only present when the payment was made using Circle. example: 74a68b6a-3f67-424b-b8b0-e593a19d7463 stellar_operation_id: type: string status: $ref: '#/components/schemas/PaymentStatus' status_history: $ref: '#/components/schemas/PaymentStatusHistory' type: type: string description: The type of the payment. enum: - DISBURSEMENT - DIRECT disbursement: $ref: '#/components/schemas/DisbursementLite' asset: $ref: '#/components/schemas/Asset' receiver_wallet: $ref: '#/components/schemas/ReceiverWalletLite' external_payment_id: type: string description: Optional external payment identifier provided by the client. example: payment-001 created_at: type: string format: date-time example: '2023-02-03T10:45:51Z' updated_at: type: string format: date-time example: '2023-02-03T10:45:51Z' PaymentPagination: type: object properties: pagination: $ref: '#/components/schemas/Pagination' data: type: array items: $ref: '#/components/schemas/Payment' PaymentStatus: type: string description: The status of the payment enum: - DRAFT - READY - PENDING - PAUSED - SUCCESS - FAILED - CANCELED PaymentStatusHistory: type: array description: An aggregated list of metadata objects containing the statuses and the timestamp of when these status changes occurred. items: $ref: '#/components/schemas/PaymentStatusHistoryEntry' PaymentStatusHistoryEntry: type: object properties: status: $ref: '#/components/schemas/PaymentStatus' status_message: type: string timestamp: type: string format: date-time example: '2023-02-03T10:45:51Z' PaymentCounters: type: object properties: draft: type: integer format: int64 example: 1 ready: type: integer format: int64 example: 2 pending: type: integer format: int64 example: 3 paused: type: integer format: int64 example: 1 success: type: integer format: int64 example: 5 failed: type: integer format: int64 example: 1 total: type: integer format: int64 example: 14 PaymentAmountsByAsset: type: object properties: asset_code: type: string example: USDC payment_amounts: $ref: '#/components/schemas/PaymentAmounts' PaymentAmounts: type: object properties: draft: type: string example: '100.00' ready: type: string example: '200.00' pending: type: string example: '300.00' paused: type: string example: '100.00' success: type: string example: '500.00' failed: type: string example: '100.00' average: type: string example: '100.00' total: type: string example: '1400.00' Profile: type: object properties: first_name: type: string example: Jane last_name: type: string example: Doe email: type: string example: jdoe@mail.org roles: type: array items: type: string organization_name: type: string example: first_name: Jane last_name: Doe email: jdoe@mail.org roles: - developer organization_name: Stellar Aid Receiver: type: object properties: id: type: string example: f83bb638-dda4-41e6-80c9-d03e6eec2aef phone_number: type: string example: '+15552368475' external_id: type: string example: usr12334 email: type: string example: jdoe@mail.org created_at: type: string example: '2023-02-03T10:45:51.000Z' total_payments: type: string example: '2' successful_payments: type: string example: '2' failed_payments: type: string example: '0' remaining_payments: type: string example: '0' registered_wallets: type: string example: '1' received_amounts: type: array items: $ref: '#/components/schemas/Amount' wallets: type: array items: $ref: '#/components/schemas/ReceiverWallet' ReceiverLite: type: object properties: id: type: string example: 029e2ed0-feb6-4c40-8b47-0836a85741a2 ReceiverPagination: type: object properties: pagination: $ref: '#/components/schemas/Pagination' data: type: array items: $ref: '#/components/schemas/Receiver' ReceiverWallet: type: object properties: id: type: string example: 803031d4-1d04-4879-b6d9-dc5641f9988e receiver: $ref: '#/components/schemas/ReceiverLite' wallet: $ref: '#/components/schemas/WalletLite' stellar_address: type: string example: GCXAJ3XJ3VK3JFH3QMDFOSKM2NMMZBSO3VIT6EUPQWSDW2J74M23RRSL stellar_memo: type: string stellar_memo_type: type: string created_at: type: string example: '2023-02-03T10:45:51.000Z' updated_at: type: string example: '2023-02-03T10:45:51.000Z' invited_at: type: string example: '2023-02-09T10:45:51.000Z' last_message_sent_at: type: string description: timestamp when the receiver last received an invitation about this wallet example: '2023-02-10T10:45:51.000Z' total_payments: type: string example: '2' payments_received: type: string example: '2' failed_payments: type: string example: '0' remaining_payments: type: string example: '0' received_amounts: type: array items: $ref: '#/components/schemas/Amount' status: $ref: '#/components/schemas/ReceiversWalletStatus' status_history: type: array items: $ref: '#/components/schemas/ReceiversWalletStatusHistoryEntry' ReceiverWalletLite: type: object properties: id: type: string example: 803031d4-1d04-4879-b6d9-dc5641f9988e receiver: $ref: '#/components/schemas/ReceiverLite' wallet: $ref: '#/components/schemas/WalletLite' stellar_address: type: string example: GCXAJ3XJ3VK3JFH3QMDFOSKM2NMMZBSO3VIT6EUPQWSDW2J74M23RRSL stellar_memo: type: string stellar_memo_type: type: string sep24_transaction_id: type: string created_at: type: string example: '2023-02-03T10:45:51.000Z' updated_at: type: string example: '2023-02-03T10:45:51.000Z' invitation_sent_at: type: string example: '2023-02-09T10:45:51.000Z' status: $ref: '#/components/schemas/ReceiversWalletStatus' status_history: type: array items: $ref: '#/components/schemas/ReceiversWalletStatusHistoryEntry' otp_confirmed_at: type: string format: date-time example: '2023-02-10T10:45:51Z' otp_confirmed_with: type: string ReceiverWalletsCounters: type: object properties: draft: type: integer format: int64 example: 1 ready: type: integer format: int64 example: 1 registered: type: integer format: int64 example: 1 flagged: type: integer format: int64 example: 1 total: type: integer format: int64 example: 4 ReceiversWalletStatus: type: string enum: - DRAFT - READY - REGISTERED - FLAGGED ReceiversWalletStatusHistoryEntry: type: object properties: status: $ref: '#/components/schemas/ReceiversWalletStatus' timestamp: type: string format: date-time example: '2023-02-10T10:45:51Z' Users: type: array items: $ref: '#/components/schemas/User' User: required: - email - first_name - id - is_active - last_name - roles type: object properties: id: type: string example: 1736bed3-7b92-4760-8ff2-51fb08ee079f first_name: type: string example: John last_name: type: string example: Doe email: type: string roles: type: array items: type: string is_active: type: boolean example: - id: 7a4c6555-1f73-49b3-a211-f95bd2b8ec90 first_name: John last_name: Doe email: email@email.com roles: - developer is_active: true - id: 5f4df1dd-c84f-482a-84ad-541ffd46e75a first_name: Jane last_name: Doe email: email@email.com roles: - financial_controller is_active: false VerificationField: type: string enum: - DATE_OF_BIRTH - YEAR_MONTH - PIN - NATIONAL_ID_NUMBER RegistrationContactType: type: string enum: - EMAIL - PHONE_NUMBER - EMAIL_AND_WALLET_ADDRESS - PHONE_NUMBER_AND_WALLET_ADDRESS Wallet: type: object properties: id: type: string example: 5ada9ed5-455a-4782-a0ee-160767e0deb1 name: type: string example: Vibrant Assist homepage: type: string example: https://vibrantapp.com sep_10_client_domain: type: string example: api-dev.vibrantapp.com deep_link_schema: type: string example: https://vibrantapp.com/sdp-dev created_at: type: string format: date-time example: '2023-07-31T20:50:45.648Z' updated_at: type: string format: date-time example: '2023-07-31T20:50:45.648Z' WalletLite: type: object properties: id: type: string example: 5ada9ed5-455a-4782-a0ee-160767e0deb1 name: type: string example: Vibrant Assist homepage: type: string example: https://vibrantapp.com sep_10_client_domain: type: string example: api-dev.vibrantapp.com deep_link_schema: type: string example: https://vibrantapp.com/sdp-dev enabled: type: boolean example: true user_managed: type: boolean example: false ReceiverRegistrationRequest: type: object properties: email: type: string description: Email associated with the receiver in the SDP database. Either `phone_number` or `email` is required. phone_number: type: string description: Phone number associated with the receiver in the SDP database. Either `phone_number` or `email` is required. otp: type: string description: One-Time Password received for verification verification: type: string description: Verification value provided by the user verification_field: $ref: '#/components/schemas/VerificationField' recaptcha_token: type: string description: Token received from Google reCAPTCHA PatchReceiverRequest: type: object properties: date_of_birth: type: string description: Date of birth of the receiver pin: type: string description: Personal identification number of the receiver national_id: type: string description: National ID of the receiver email: type: string description: Email of the receiver phone_number: type: string description: Phone number of the receiver external_id: type: string description: External ID of the receiver example: date_of_birth: '1980-01-01' pin: '1234' national_id: '123456789' email: john@example.com external_id: external123 Tenant: type: object properties: id: type: string example: 1736bed3-7b92-4760-8ff2-51fb08ee079f name: type: string description: The tenant name. It should match the pattern `^[a-z-]+$`. example: bluecorp base_url: type: string description: The SDP backend server's base URL. example: https://bluecorp-backend.sdp.org sdp_ui_base_url: type: string description: The SDP UI/dashboard Base URL. example: https://bluecorp.sdp.org status: type: string enum: - TENANT_CREATED - TENANT_PROVISIONED - TENANT_ACTIVATED - TENANT_DEACTIVATED distribution_account_address: type: string description: The Stellar account address used for distributing funds. example: GCXAJ3XJ3VK3JFH3QMDFOSKM2NMMZBSO3VIT6EUPQWSDW2J74M23RRSL distribution_account_type: type: string description: The Stellar account type used for distributing funds. enum: - DISTRIBUTION_ACCOUNT.STELLAR.ENV - DISTRIBUTION_ACCOUNT.STELLAR.DB_VAULT - DISTRIBUTION_ACCOUNT.CIRCLE.DB_VAULT distribution_account_status: type: string description: The status of the distribution account used for distributing funds. enum: - ACTIVE - PENDING_USER_ACTIVATION is_default: type: boolean description: Boolean flag that shows whether the tenant is the default or not. default: false created_at: type: string format: date-time example: '2024-03-27T17:21:51Z' updated_at: type: string format: date-time example: '2024-03-27T17:21:51Z' deleted_at: type: string description: The timestamp when the tenant was (soft) deleted. format: date-time example: '2024-03-27T17:21:51Z' required: - base_url - created_at - distribution_account_address - distribution_account_status - distribution_account_type - id - is_default - name - sdp_ui_base_url - status - updated_at example: id: 840dca45-d1df-44cd-83c1-65c04235c25f name: redcorp base_url: https://redcorp-backend.sdp.org sdp_ui_base_url: https://redcorp.sdp.org status: TENANT_PROVISIONED distribution_account: GCQVDMPOEN3HHJJ64V42KUTONOXN7C6V2PSVPALEVJ7PIYOB6M3DJV7N is_default: true created_at: '2024-03-27T17:21:51.000Z' updated_at: '2024-03-27T17:21:51.000Z' Tenants: type: array items: $ref: '#/components/schemas/Tenant' BridgeIntegrationInfo: type: object description: Complete Bridge integration information including status and related data properties: status: $ref: '#/components/schemas/BridgeIntegrationStatus' customer_id: type: string description: Bridge customer ID example: cust_123abc kyc_status: $ref: '#/components/schemas/KYCLinkInfo' virtual_account: $ref: '#/components/schemas/VirtualAccountInfo' opted_in_by: type: string description: User ID who opted the organization into Bridge example: user_789 opted_in_at: type: string format: date-time description: Timestamp when organization opted into Bridge example: '2025-01-01T00:00:00Z' virtual_account_created_by: type: string description: User ID who created the virtual account example: user_789 virtual_account_created_at: type: string format: date-time description: Timestamp when virtual account was created example: '2025-01-01T00:00:00Z' required: - status BridgeIntegrationStatus: type: string description: Current status of the Bridge integration enum: - NOT_ENABLED - NOT_OPTED_IN - OPTED_IN - READY_FOR_DEPOSIT - ERROR example: OPTED_IN BridgeIntegrationPatchRequest: type: object description: Request to update Bridge integration status properties: status: type: string description: Target status for the integration enum: - OPTED_IN - READY_FOR_DEPOSIT example: OPTED_IN email: type: string format: email description: Email address for KYC verification (optional, defaults to user email) example: john@example.com full_name: type: string description: Full name for KYC verification (optional, defaults to user name) example: John Doe kyc_type: $ref: '#/components/schemas/KYCType' required: - status KYCLinkInfo: type: object description: KYC verification link information properties: id: type: string description: Unique identifier for the KYC link example: kyc_456def full_name: type: string description: Full name of the person undergoing KYC example: John Doe email: type: string format: email description: Email address for KYC verification example: john@example.com type: $ref: '#/components/schemas/KYCType' kyc_link: type: string format: uri description: URL for completing KYC verification example: https://bridge.stellar.org/kyc/456def tos_link: type: string format: uri description: URL for accepting terms of service example: https://bridge.stellar.org/tos/456def kyc_status: $ref: '#/components/schemas/KYCStatus' tos_status: $ref: '#/components/schemas/TOSStatus' rejection_reasons: type: array items: type: string description: Reasons for KYC rejection (if applicable) example: - Incomplete documentation - Address verification failed created_at: type: string format: date-time description: When the KYC link was created example: '2025-01-01T00:00:00Z' customer_id: type: string description: Bridge customer ID example: cust_123abc required: - id - full_name - email - type - kyc_link - tos_link - kyc_status - tos_status - customer_id KYCType: type: string description: Type of KYC verification enum: - individual - business example: business KYCStatus: type: string description: | KYC verification status: - not_started: KYC process not yet started - incomplete: KYC process started but not complete - awaiting_ubo: Awaiting Ultimate Beneficial Owner verification - under_review: KYC submission under review - approved: KYC verification approved - rejected: KYC verification rejected - paused: KYC process paused - offboarded: Customer offboarded enum: - not_started - incomplete - awaiting_ubo - under_review - approved - rejected - paused - offboarded example: under_review TOSStatus: type: string description: | Terms of Service acceptance status: - pending: Terms of service not yet accepted - approved: Terms of service accepted enum: - pending - approved example: approved VirtualAccountInfo: type: object description: Virtual account information for USD deposits properties: id: type: string description: Unique identifier for the virtual account example: va_789xyz status: $ref: '#/components/schemas/VirtualAccountStatus' developer_fee_percent: type: string description: Developer fee percentage as a string example: '0.5' customer_id: type: string description: Bridge customer ID example: cust_123abc source_deposit_instructions: $ref: '#/components/schemas/VirtualAccountDepositInstructions' destination: $ref: '#/components/schemas/VirtualAccountDestination' required: - id - status - developer_fee_percent - customer_id - source_deposit_instructions - destination VirtualAccountStatus: type: string description: | Virtual account status: - activated: Account is active and ready for deposits - deactivated: Account is deactivated enum: - activated - deactivated example: activated VirtualAccountDepositInstructions: type: object description: Bank deposit instructions for sending USD to the virtual account properties: bank_beneficiary_name: type: string description: Name of the bank account beneficiary example: Stellar Bridge currency: type: string description: Currency for deposits example: usd bank_name: type: string description: Name of the receiving bank example: Wells Fargo bank_address: type: string description: Address of the receiving bank example: 123 Main St, San Francisco, CA bank_account_number: type: string description: Bank account number for deposits example: '1234567890' bank_routing_number: type: string description: Bank routing number example: '121000248' payment_rails: type: array items: type: string description: Supported payment rails for deposits example: - ach - wire required: - bank_beneficiary_name - currency - bank_name - bank_address - bank_account_number - bank_routing_number - payment_rails VirtualAccountDestination: type: object description: Destination configuration for converted funds properties: payment_rail: type: string description: Payment rail for destination example: stellar currency: type: string description: Destination currency example: usdc address: type: string description: Stellar address for receiving USDC example: GDQP2KPQGKIHYJGXNUIYOMHARUARCA7DJT5FO2FFOOKY3B2WSQHG4W37 blockchain_memo: type: string description: Blockchain memo for the destination transaction example: '12345' required: - payment_rail - currency - address APIKey: type: object properties: id: type: string description: Unique identifier for the API key name: type: string description: Human-readable name for the API key permissions: type: array items: type: string description: List of permissions granted to this API key allowed_ips: type: array items: type: string description: List of allowed IP addresses or CIDR ranges expiry_date: type: string format: date-time description: Expiration date of the API key created_at: type: string format: date-time description: When the API key was created created_by: type: string description: User who created the API key updated_at: type: string format: date-time description: When the API key was last updated updated_by: type: string description: User who last updated the API key last_used_at: type: string format: date-time description: When the API key was last used CreateAPIKeyRequest: type: object required: - name - permissions properties: name: type: string description: Human-readable name for the API key permissions: type: array description: List of permissions granted to this API key items: type: string enum: - read:all - write:all - read:disbursements - write:disbursements - read:receivers - write:receivers - read:payments - write:payments - read:organization - write:organization - read:users - write:users - read:wallets - write:wallets - read:statistics - read:exports minItems: 1 expiry_date: type: string format: date-time description: Optional expiration date for the API key (must be in the future) allowed_ips: oneOf: - type: string description: Single IP address or CIDR range - type: array items: type: string description: Array of IP addresses or CIDR ranges description: IP restrictions for the API key. If not provided, the key can be used from any IP CreateAPIKeyResponse: type: object properties: id: type: string description: Unique identifier for the API key name: type: string description: Human-readable name for the API key key: type: string description: The actual API key (only returned once at creation) permissions: type: array items: type: string description: List of permissions granted to this API key allowed_ips: type: array items: type: string description: List of allowed IP addresses or CIDR ranges expiry_date: type: string format: date-time description: Expiration date of the API key created_at: type: string format: date-time description: When the API key was created created_by: type: string description: User who created the API key updated_at: type: string format: date-time description: When the API key was last updated updated_by: type: string description: User who last updated the API key last_used_at: type: string format: date-time description: When the API key was last used UpdateAPIKeyRequest: type: object required: - permissions properties: permissions: type: array description: List of permissions granted to this API key items: type: string enum: - read:all - write:all - read:disbursements - write:disbursements - read:receivers - write:receivers - read:payments - write:payments - read:organization - write:organization - read:users - write:users - read:wallets - write:wallets - read:statistics - read:exports minItems: 1 allowed_ips: oneOf: - type: string description: Single IP address or CIDR range - type: array items: type: string description: Array of IP addresses or CIDR ranges description: IP restrictions for the API key. If not provided, existing restrictions remain unchanged CreateDirectPaymentRequest: type: object required: - amount - asset - receiver - wallet properties: amount: type: string description: The payment amount asset: type: object properties: id: type: string description: Asset ID (use either id or type) type: type: string enum: - native - classic - contract - fiat description: Asset type (use either id or type) code: type: string description: Asset code (required for classic and fiat assets) issuer: type: string description: Asset issuer address (required for classic assets) contract_id: type: string description: Contract ID (required for contract assets) description: Asset reference - specify either id or type with required fields receiver: type: object properties: id: type: string description: Receiver ID email: type: string description: Receiver email address phone_number: type: string description: Receiver phone number wallet_address: type: string description: Receiver wallet address (Stellar account or contract) description: Receiver reference - specify exactly one identifier wallet: type: object properties: id: type: string description: Wallet ID address: type: string description: Wallet address (Stellar account or contract) description: Wallet reference - specify either id or address external_payment_id: type: string description: Optional external payment identifier DirectPayment: type: object properties: id: type: string description: The unique identifier of the payment example: 619da857-8725-4c58-933d-c120a458e0f5 amount: type: string description: The payment amount example: '100.00' asset: $ref: '#/components/schemas/Asset' receiver: type: object properties: id: type: string example: 7a4c68dd-861c-4448-8813-ea3f6dda7b25 email: type: string example: horus@example.com phone_number: type: string example: '+1234567890' created_at: type: string format: date-time example: '2023-02-03T10:45:51Z' updated_at: type: string format: date-time example: '2023-02-03T10:45:51Z' description: The receiver object wallet: $ref: '#/components/schemas/Wallet' status: $ref: '#/components/schemas/PaymentStatus' external_payment_id: type: string description: External payment identifier example: payment-001 created_at: type: string format: date-time example: '2023-02-03T10:45:51Z' updated_at: type: string format: date-time example: '2023-02-03T10:45:51Z' CreateReceiverRequest: oneOf: - type: object required: - external_id - verifications properties: email: type: string description: Email address of the receiver format: email phone_number: type: string description: Phone number of the receiver external_id: type: string description: External identifier for the receiver verifications: type: array description: Verification requirements for the receiver items: type: object properties: type: type: string enum: - date_of_birth - pin - national_id - year_month description: Type of verification required value: type: string description: Expected verification value required: - type - value - type: object required: - external_id - wallets properties: email: type: string description: Email address of the receiver format: email phone_number: type: string description: Phone number of the receiver external_id: type: string description: External identifier for the receiver wallets: type: array description: Wallet information for the receiver (max 1 wallet) items: type: object properties: address: type: string description: Stellar address of the wallet memo: type: string description: Optional memo for the wallet address required: - address maxItems: 1 CreateWalletRequest: type: object required: - name - homepage - deep_link_schema - sep_10_client_domain properties: name: type: string description: Human-readable name of the wallet provider homepage: type: string description: Homepage URL of the wallet provider deep_link_schema: type: string description: Deep link schema for the wallet application sep_10_client_domain: type: string description: SEP-10 client domain for authentication enabled: type: boolean description: Whether the wallet is enabled for use default: true assets: type: array description: Array of asset references supported by this wallet items: oneOf: - type: object description: Asset reference by ID properties: id: type: string description: Asset ID required: - id - type: object description: Classic asset reference properties: type: type: string enum: - classic code: type: string description: Asset code issuer: type: string description: Asset issuer address required: - type - code - issuer - type: object description: Native XLM asset reference properties: type: type: string enum: - native required: - type assets_ids: type: array description: | Legacy: Array of asset IDs (cannot be used with assets field) items: type: string UpdateWalletRequest: type: object properties: name: type: string description: Human-readable name of the wallet provider homepage: type: string description: Homepage URL of the wallet provider deep_link_schema: type: string description: Deep link schema for the wallet application sep_10_client_domain: type: string description: SEP-10 client domain for authentication enabled: type: boolean description: Whether the wallet is enabled for use assets: type: array description: Array of asset references supported by this wallet items: oneOf: - type: object description: Asset reference by ID properties: id: type: string description: Asset ID required: - id - type: object description: Classic asset reference properties: type: type: string enum: - classic code: type: string description: Asset code issuer: type: string description: Asset issuer address required: - type - code - issuer - type: object description: Native XLM asset reference properties: type: type: string enum: - native required: - type minProperties: 1 responses: UnauthorizedResponse: description: Unauthorized content: application/json: schema: type: object properties: error: type: string extras: type: object properties: status: type: number message: type: string example: error: Not authorized extras: status: 401 message: Not authorized ForbiddenResponse: description: Forbidden content: application/json: schema: type: object properties: error: type: string example: error: Forbidden BadRequestResponse: description: Bad Request content: application/json: schema: type: object properties: error: type: string description: Details about the error extras: type: object properties: {} NotFoundResponse: description: Not Found content: application/json: schema: type: object properties: error: type: string extras: type: object properties: status: type: number message: type: string example: error: Not found extras: status: 404 message: Resource not found securitySchemes: BearerAuth: type: apiKey description: Authorization header containing an SDP JWT (ES256) or an SDP_ API key. name: Authorization in: header SEP10Auth: type: apiKey description: Authorization header containing a SEP-10 JWT (Bearer {token}). name: Authorization in: header SEP24Auth: type: apiKey description: Authorization header containing a SEP-24 JWT (Bearer {token}). name: Authorization in: header SEP24QueryAuth: type: apiKey description: Query parameter containing a SEP-24 JWT. name: token in: query x-original-swagger-version: '2.0'