Back-Office API
Overview
The Weavr Back-Office API is a RESTful API that enables you to automate operations for your end-customers.
You can test the Weavr Back-Office API in the Sandbox environment, which does not affect your live data or interact with any banking networks. The environment that you use (Sandbox or Live) determines whether our platform treats the request as a test request or a live request. The API endpoints and API keys for the two environments are different.
When you register with Weavr, you get an Innovator account in the Sandbox environment where you can choose the appropriate Financial Plug-In for your application. We will give you access to the Live environment after we review your business (KYB) and your application.
After you open a Weavr Sandbox account and configure your application profiles, you can start building your application. API environment URLs are as follows.
| Environment | Endpoint |
|---|---|
| Sandbox | https://sandbox.weavr.io/multi/backoffice |
| Live | on request |
Back-Office operations
The Weavr Back-Office API will facilitate the following day-to-day back office operations:
- Charge fee to a corporate or a consumer
- Get a managed account's details
- Get a managed account statement
- Get a managed card's details
- Get a managed card statement
- Create/update/delete/get spend rules for a managed card
- Create/get a transfer transaction
- Get all transfer transaction
- Un/block a card
- Remove a card
Calling the Back-Office APIs
Before running any API call from the Back-Office API set, you will need to obtain a token representing the given identity. This token can be obtained through the access_token method.
The full API documentation is available here.
Handling Errors
When you invoke the Weavr Back-Office API, you may encounter errors, which may be caused by the request or by the server. Our API returns errors according to the standard HTTP status code scheme. For example, you may receive the following codes:
- 4XX: Client error
- 400: Bad request
- 401: Unauthorised
- 403: Not authenticated
- 409: Conflict, together with an error code that identifies the issue
- 5XX: Server error
- 500: Internal server error
- 503: Service unavailable
Idempotent Requests
An API is idempotent if you can make the same call many times but the result does not change. In other words, if you make many identical requests to an idempotent API, the effect is the same as if you made just one request.
GET and DELETE operations are guaranteed to be idempotent.
If you want POST operations to be idempotent, you need to provide the idempotency-ref parameter. Subsequent requests with the same idempotency reference are idempotent. Otherwise, repeated requests will result in duplicate operations.