Skip to main content

Back-Office API


The Weavr Back-Office API is a RESTful API that enables you to automate operations for your end-customers.

The The API includes a subset of the operations already offered in the Multi API that do not require your end-customer to be logged in.

You can test the Weavr Back-Office API in the Sandbox environment, which does not affect your live data or interact with any banking networks. The environment that you use (Sandbox or Live) determines whether our platform treats the request as a test request or a live request. The API endpoints and API keys for the two environments are different.

When you register with Weavr, you get an Innovator account in the Sandbox environment where you can choose the appropriate Financial Plug-In for your application. We will give you access to the Live environment after we review your business (KYB) and your application.

After you open a Weavr Sandbox account and configure your application profiles, you can start building your application. API environment URLs are as follows.

Liveon request

Back-Office operations

The Weavr Back-Office API will facilitate the following day-to-day backoffice operations:

  • Charge fee to a corporate
  • Charge fee to a consumer
  • Get a managed account's details
  • Get a managed account statement
  • Get a managed card's details
  • Get a managed card statement
  • Create/update/delete/get spend rules for a managed card
  • Create/get a transfer transaction
  • Get all transfer transaction
  • Un/block a card

Calling the Back-Office APIs

Before running any API call from the Back-Office API set, you will need to obtain a token representing the given identity. This token can be obtained through the impersonate_identity_login method.

The full API documentation is available here.

Handling Errors

When you invoke the Weavr Back-Office API, you may encounter errors, which may be caused by the request or by the server. Our API returns errors according to the standard HTTP status code scheme. For example, you may receive the following codes:

  • 4XX: Client error
    • 400: Bad request
    • 401: Unauthorised
    • 403: Not authenticated
    • 409: Conflict, together with an error code that identifies the issue
  • 5XX: Server error
    • 500: Internal server error
    • 503: Service unavailable

Idempotent Requests

An API is idempotent if you can make the same call many times but the result does not change. In other words, if you make many identical requests to an idempotent API, the effect is the same as if you made just one request.

GET and DELETE operations are guaranteed to be idempotent. If you want POST operations to be idempotent, you need to provide the idempotency-ref parameter. Subsequent requests with the same idempotency reference are idempotent. Otherwise, repeated requests will result in duplicate operations.