Weavr Multi Back Office API.
All paths and auth patterns are verified from weavr-multi-api-backoffice.redoc.ly
and api.weavr.io/products/multi-backoffice/openapi/.
Authentication (distinct from the Multi API)
The Back Office API uses a Bearer token in the Authorization header,
not the auth_token header used by the rest of the Multi API.
There are two kinds of tokens:
Access Token — obtained via
get_access_token/2. Used for general back-office operations on behalf of an identity. Header:Authorization: Bearer <access_token>Delegated Access Token — obtained via
get_delegated_access_token/2. Required specifically for Delegated Access endpoints (e.g. managing instruments on behalf of a user without their active session). Header:Authorization: Bearer <delegated_access_token>
Both are sent alongside api-key.
Back-office base URL
Nested under /multi/backoffice, not a separate top-level product:
- Sandbox:
https://sandbox.weavr.io/multi/backoffice - Live:
https://live.weavr.io/multi/backoffice
Configure with product: :multi_backoffice in Weavr.Config.new/1.
Confirmed endpoints
POST /access_token— acquire a general access tokenPOST /delegated_access_token— acquire a delegated access tokenPOST /users/{id}/invite— invite an authorised userGET /managed_accounts/{id}— get a managed accountGET /managed_accounts/{id}/statement— account statementGET /managed_cards/{id}— get a managed cardGET /managed_cards/{id}/spend_rules— get spend rulesPOST /managed_cards/{id}/spend_rules— create spend rulesPUT /managed_cards/{id}/spend_rules— update spend rulesGET /transfers/{id}— get a transferGET /bulks/{id}— get bulk processPOST /bulks/{id}/pause— pause a bulk processPOST /bulks/{id}/resume— resume a bulk processPOST /bulks/{id}/cancel— cancel a bulk process
Summary
Functions
Cancels a PAUSED or RUNNING bulk process. POST /bulks/{id}/cancel. Final state.
Creates spend rules for a managed card. POST /managed_cards/{id}/spend_rules.
Acquires a back-office Access Token for performing operations on behalf of an identity without requiring the user to be logged in.
Fetches a bulk process via the back-office API. GET /bulks/{id}.
Acquires a Delegated Access Token for performing delegated-access operations on behalf of an identity.
Fetches a managed account via the back-office API.
Fetches a managed account's statement via the back-office API. GET /managed_accounts/{id}/statement.
Fetches a managed card via the back-office API. GET /managed_cards/{id}.
Gets spend rules for a managed card. GET /managed_cards/{id}/spend_rules.
Fetches a transfer via the back-office API. GET /transfers/{id}.
Invites an authorised user via the back-office API.
Pauses a RUNNING bulk process via the back-office API.
Resumes a PAUSED bulk process via the back-office API. POST /bulks/{id}/resume.
Updates spend rules for a managed card. PUT /managed_cards/{id}/spend_rules.
Functions
@spec cancel_bulk(Weavr.Config.t(), String.t(), keyword()) :: :ok | {:error, Weavr.Error.t()}
Cancels a PAUSED or RUNNING bulk process. POST /bulks/{id}/cancel. Final state.
@spec create_managed_card_spend_rules(Weavr.Config.t(), String.t(), map(), keyword()) :: :ok | {:error, Weavr.Error.t()}
Creates spend rules for a managed card. POST /managed_cards/{id}/spend_rules.
@spec get_access_token(Weavr.Config.t(), map()) :: {:ok, map()} | {:error, Weavr.Error.t()}
Acquires a back-office Access Token for performing operations on behalf of an identity without requiring the user to be logged in.
POST /access_token — authenticated with api-key only.
Key fields in attrs:
"identityId"— the identity (Corporate or Consumer) to act on behalf of
@spec get_bulk(Weavr.Config.t(), String.t(), keyword()) :: {:ok, map()} | {:error, Weavr.Error.t()}
Fetches a bulk process via the back-office API. GET /bulks/{id}.
@spec get_delegated_access_token(Weavr.Config.t(), map()) :: {:ok, map()} | {:error, Weavr.Error.t()}
Acquires a Delegated Access Token for performing delegated-access operations on behalf of an identity.
POST /delegated_access_token — authenticated with api-key only.
The returned token must be used in Authorization: Bearer <token> for all
Delegated Access operation endpoints.
@spec get_managed_account(Weavr.Config.t(), String.t(), keyword()) :: {:ok, map()} | {:error, Weavr.Error.t()}
Fetches a managed account via the back-office API.
GET /managed_accounts/{id}
Confirmed curl: curl -X GET /multi/backoffice/managed_accounts/:id -H 'Authorization: Bearer ...'
@spec get_managed_account_statement(Weavr.Config.t(), String.t(), keyword()) :: {:ok, map()} | {:error, Weavr.Error.t()}
Fetches a managed account's statement via the back-office API. GET /managed_accounts/{id}/statement.
@spec get_managed_card(Weavr.Config.t(), String.t(), keyword()) :: {:ok, map()} | {:error, Weavr.Error.t()}
Fetches a managed card via the back-office API. GET /managed_cards/{id}.
@spec get_managed_card_spend_rules(Weavr.Config.t(), String.t(), keyword()) :: {:ok, map()} | {:error, Weavr.Error.t()}
Gets spend rules for a managed card. GET /managed_cards/{id}/spend_rules.
@spec get_transfer(Weavr.Config.t(), String.t(), keyword()) :: {:ok, map()} | {:error, Weavr.Error.t()}
Fetches a transfer via the back-office API. GET /transfers/{id}.
@spec invite_user(Weavr.Config.t(), String.t(), keyword()) :: :ok | {:error, Weavr.Error.t()}
Invites an authorised user via the back-office API.
POST /users/{user_id}/invite
Confirmed curl: curl -X POST /multi/backoffice/users/:user_id/invite -H 'Authorization: Bearer ...' -H 'api-key: ...'
@spec pause_bulk(Weavr.Config.t(), String.t(), keyword()) :: :ok | {:error, Weavr.Error.t()}
Pauses a RUNNING bulk process via the back-office API.
POST /bulks/{id}/pause
Confirmed curl: curl -X POST /multi/backoffice/bulks/:bulk_id/pause -H 'Authorization: Bearer ...'
@spec resume_bulk(Weavr.Config.t(), String.t(), keyword()) :: :ok | {:error, Weavr.Error.t()}
Resumes a PAUSED bulk process via the back-office API. POST /bulks/{id}/resume.
@spec update_managed_card_spend_rules(Weavr.Config.t(), String.t(), map(), keyword()) :: :ok | {:error, Weavr.Error.t()}
Updates spend rules for a managed card. PUT /managed_cards/{id}/spend_rules.