Creation of Authorised Users now requires the user to step-up their token

Effective:

• 27 February 2024 on Sandbox
• 20 March 2024 on Live

The creation of an Authorised User for a BuyerBuyer A business entity in the Payment Run solution that can be provided with financial services to perform embedded payment runs. Buyers are onboarded through a KYB process and can create payment runs to pay their suppliers. They have roles such as Admin, Controller, and Creator. is a key moment in the integrity of the security for that BuyerBuyer A business entity in the Payment Run solution that can be provided with financial services to perform embedded payment runs. Buyers are onboarded through a KYB process and can create payment runs to pay their suppliers. They have roles such as Admin, Controller, and Creator.. To mitigate against security risks, we are now requiring the user who is creating a new authorised user to step-up their token. Creating Authorised UsersAuthorised Users Individuals that have been invited by the root user to manage an identity's instruments and transactions. They are not the legal owners of the identity but can be granted access to perform operations on behalf of the identity. For corporates, card assignees are created as Authorised Users. continues to be an operation that can be performed by a user that has the Admin role.

Affected API endpoints:

• Create a user

More details on how to step-up a token are available in our documentation.