Accounts

request access the first step to working with cross river apis is to submit a request https //crossriver service now\ com/csm?id=cos sandbox request form\&sys id=713de878c300b5105d3eafdc7a013184\&sysparm category=df09f2623310c2906b697d934d5c7b4a for sandbox access make sure you fill in all the relevant fields the more accurate the information you give us at this stage, the faster you'll be onboarded into our systems include your full name the name of the company you work for/represent the url of the official company website the location/address of your company a working telephone number including international dialing code your static public ip address in ipv4 format (not hexadecimal format) important you must have an allowlisted static public ip to access our products your internal it department should be able to provide you with your static ip for more information on static ips see here once we allowlist your static ip, we send you 2 encrypted emails with your credentials one email with your client id and one email with your client secret your relationship manager will give you your partner id the request and response models for cross river products are available in our swagger authentication and authorization oauth 2 0 https //oauth net/2/ is a popular protocol for authorization this controls entry to our system and ensures that only authorized entities can access our apis and other protected resources the information you enter into our authentication system is confidential and can never be accessed from any other cross river applications access cross river apis our system authenticates machine clients and authorizes them to talk to our apis authenticate your identity the cross river integration team provides you with a client id and a client secret that you use when requesting an access token you can use a web based tool, like postman , to send api requests important auth0 support has ended please note the updated endpoints below sandbox https //idptest crbcos com/connect/token https //idptest crbcos com/connect/token auth0 support in the sandbox environment has ended production https //idp crbcos com/connect/token https //idp crbcos com/connect/token https request components http component attribute description endpoint post /connect/token endpoint for retrieving an access token header content type application/x www form urlencoded body grant type this field will always have a value of client credentials body client id the unique identifier for a client body client secret an encrypted string of characters used to sign and validate id tokens important secrets aren't recoverable by cr if you lose a secret, a new one must be generated do not commit your secrets into source control body audience a way for the user to validate if a particular access token is meant for them acquire an access token sample call for an access token in curl curl location request post 'https //idptest crbcos com/connect/token' \\ \ header 'content type application/x www form urlencoded' \\ \ data urlencode 'grant type=client credentials' \\ \ data urlencode 'client id=\[your id here]' \\ \ data urlencode 'client secret=\[your secret here]' \\ \ data urlencode 'audience=https //api crbcos com/' sample call for an access token in postman detailed instructions for using postman to create an access token request tokens using explorer go into the explorer, click the arrow down next your login, and click copy access token the access token is copied to your clipboard and ready for use in the sandbox request tokens using the api cos uses openid connect and oauth 2 0 for authentication and authorization before you can use the api, you must obtain an access token using the client id and client secret provided to you once a token has been obtained, it must be passed in the authorization header of each request to the api to request a token send a post to our auth server containing the client id and client secret provided token request post https //crbcos sandbox auth0 com/oauth/token { "header" 'content type application/x www form urlencoded`, "grant type" "client credentials", "client id" "\[your id here]", "client secret" "\[your secret here]", "audience" "https //api crbcos com/" }curl location request post 'https //crbcos sandbox auth0 com/oauth/token' \ header 'content type application/x www form urlencoded' \ data urlencode 'grant type=client credentials' \ data urlencode 'client id=\[your id here]' \ data urlencode 'client secret=\[your secret here]' \ data urlencode 'audience=https //api crbcos com/' successful authentication and access token returned when you've successfully authenticated, an access token will be returned to you this access token allows you to send information securely as a json object for use in our apis add this token to the header of your api calls make sure to protect your token don’t log it anyone who steals your token can impersonate your client for the lifetime of the token sample response from curl request { "access token" "xxxxx", "expires in" 86400, "token type" "bearer" } present tokens present tokens in the request header in the header of each api request, the access token obtained should be included as follows api request header authorization bearer \[your token here] sample call for wire payment in curl curl location request post 'https //sandbox crbcos com/wires/v1/payments' \ header 'authorization bearer your token here' \ header 'content type application/x www form urlencoded' \ data raw '{ "accountnumber" "2255685659", "businessfunctioncode" "ctr", "receiverroutingnumber" "021000021", "beneficiaryfi" { "idcode" "f", "identifier" "021000021", "name" "jp morgan chase" }, "beneficiary" { "idcode" "d", "identifier" "123456789", "name" "peter griffin" }, "beneficiaryreference" "xyz123", "amount" 10000, "purpose" "payment" }' present tokens in swagger in the top of the swagger screen, paste the token from the clipboard into the token field and click explore the token is now activated the access token should be stored and used until it expires the token response you receive specifies the expiration time in seconds do not request a new token for every api request it is recommended you use the current token until you receive a 401 unauthorized error, at which point you would request a new token send your first api request to start working with accounts, make sure you have api credentials partner id (you get this id from your relationship manager) customer record product id (defines the type of account being opened) we also recommend that you register for the relevant webhook events you can now create your first account we have a full sandbox to explore the sandbox is a completely isolated environment, so feel free to experiment when you're ready to move to production, let us know and we will get you production credentials to access the live environment ach https //sandbox crbcos com/ach/swagger/ui/index#/ https //sandbox crbcos com/ach/swagger/ui/index#/ wires https //sandbox crbcos com/wires/swagger/ui/index#/ https //sandbox crbcos com/wires/swagger/ui/index#/ core https //sandbox crbcos com/core/swagger/ui/index#/ https //sandbox crbcos com/core/swagger/ui/index#/ webhooks https //sandbox crbcos com/webhooks/swagger/ui/index#/ https //sandbox crbcos com/webhooks/swagger/ui/index#/ rtp https //sandbox crbcos com/rtp/swagger/ui/index#/ https //sandbox crbcos com/rtp/swagger/ui/index#/ card management https //sandbox crbcos com/cardmanagement/swagger/ui/index#/ https //sandbox crbcos com/cardmanagement/swagger/ui/index#/ status page to see a list of upcoming releases, monitor current api status, view incident reports, or get notified of scheduled maintenance, visit our status page https //crossriverbank statuspage io/ and subscribe to alerts