curl --request POST \
--url https://api.next.orenda.finance/v1/access-management/invite/customer \
--header 'Authorization: Bearer <token>' \
--header 'Content-Type: application/json' \
--header 'x-program-id: <api-key>' \
--data '
{
"email": "ada.lovelace@example.com",
"firstName": "Ada",
"lastName": "Lovelace",
"dob": "1985-12-10",
"nationality": "GB",
"phone": "+447700900123",
"address": {
"addressLine1": "12 Analytical Way",
"addressLine2": "Floor 2",
"city": "London",
"state": "Greater London",
"country": "GBR",
"postalCode": "EC1A 1BB"
},
"isPrepaidCardCustomer": true,
"accountId": "8f1a2b3c-4d5e-4f6a-8b7c-9d0e1f2a3b4c",
"confirmation": {
"method": "passkey",
"passkeySession": "AYABeJ...custom-auth-session",
"assertion": "{\"id\":\"q1n...\",\"response\":{\"signature\":\"MEUCI...\"}}"
}
}
'{
"success": true,
"data": {
"message": "Customer invitation processed successfully"
}
}{
"success": false,
"code": "<string>",
"message": "<string>"
}{
"success": false,
"code": "<string>",
"message": "<string>"
}{
"success": false,
"code": "<string>",
"message": "<string>"
}{
"success": false,
"code": "<string>",
"message": "<string>"
}{
"success": false,
"code": "<string>",
"message": "<string>"
}Invite a sub-user
Invites a sub-user under the signed-in customer’s account. The invitee is always a sub-role member — set exactly one of isPrepaidCardCustomer / isCardOnly / isSpouse / isChild (the sub-roles are mutually exclusive; zero or more than one returns 400). Consumers cannot invite a plain customer.
Funding account: the sub-user is onboarded as a pseudo account funded from one of your own accounts, named by the required accountId. It is validated before the user is created (must be one of your accounts, ACTIVE, and not a pseudo account); failures return 400 — Invalid request body when accountId is missing, or VALIDATION_ERROR when the account is not found / inactive / pseudo / not yours.
Inherited fields: depending on the program’s onboarding role config, the sub-user’s address and phone may be inherited from your application instead of the request body.
Step-up authentication: include a confirmation object — either { method: "passkey", passkeySession, assertion } or { method: "totp", totp, accessToken }. Missing confirmation → 422 SCA_MISSING; an incomplete pair → 400; an unsupported method (e.g. pin) → 422 SCA_INVALID_METHOD. For TOTP, the access token must belong to you, else 401.
curl --request POST \
--url https://api.next.orenda.finance/v1/access-management/invite/customer \
--header 'Authorization: Bearer <token>' \
--header 'Content-Type: application/json' \
--header 'x-program-id: <api-key>' \
--data '
{
"email": "ada.lovelace@example.com",
"firstName": "Ada",
"lastName": "Lovelace",
"dob": "1985-12-10",
"nationality": "GB",
"phone": "+447700900123",
"address": {
"addressLine1": "12 Analytical Way",
"addressLine2": "Floor 2",
"city": "London",
"state": "Greater London",
"country": "GBR",
"postalCode": "EC1A 1BB"
},
"isPrepaidCardCustomer": true,
"accountId": "8f1a2b3c-4d5e-4f6a-8b7c-9d0e1f2a3b4c",
"confirmation": {
"method": "passkey",
"passkeySession": "AYABeJ...custom-auth-session",
"assertion": "{\"id\":\"q1n...\",\"response\":{\"signature\":\"MEUCI...\"}}"
}
}
'{
"success": true,
"data": {
"message": "Customer invitation processed successfully"
}
}{
"success": false,
"code": "<string>",
"message": "<string>"
}{
"success": false,
"code": "<string>",
"message": "<string>"
}{
"success": false,
"code": "<string>",
"message": "<string>"
}{
"success": false,
"code": "<string>",
"message": "<string>"
}{
"success": false,
"code": "<string>",
"message": "<string>"
}Authorizations
Bearer authentication header of the form Bearer <token>, where <token> is your auth token.
The program the request acts on.
Body
Sent by a signed-in customer inviting a sub-user. Exactly one application flag must be true (isPrepaidCardCustomer / isCardOnly / isSpouse / isChild) — the sub-roles are mutually exclusive, and consumers can only invite sub-role members, never a plain customer. Because a sub-role flag is always set, accountId is always required and must be one of the inviter's own accounts (ACTIVE, not a pseudo account). Must include a confirmation step-up object (passkey or TOTP).
Discriminated step-up (SCA) credential. passkey and totp are accepted on this endpoint (a pin confirmation is rejected with 422 SCA_INVALID_METHOD).
- Passkey
- TOTP
Show child attributes
Show child attributes
Date of birth, YYYY-MM-DD.
Alpha-2 country code, e.g. GB.
E.164-style number.
Show child attributes
Show child attributes
Funding parent account the invitee draws against. Required (a sub-role flag is always set on a consumer invite). Must be one of the inviter's own accounts, ACTIVE, and not a pseudo account.