POST
/
v1
/
access-management
/
invite
/
customer
curl --request POST \
  --url https://api.next.orenda.finance/v1/access-management/invite/customer \
  --header 'Authorization: Bearer <token>' \
  --header 'Content-Type: application/json' \
  --header 'x-program-id: <api-key>' \
  --data '
{
  "email": "ada.lovelace@example.com",
  "firstName": "Ada",
  "lastName": "Lovelace",
  "dob": "1985-12-10",
  "nationality": "GB",
  "phone": "+447700900123",
  "address": {
    "addressLine1": "12 Analytical Way",
    "addressLine2": "Floor 2",
    "city": "London",
    "state": "Greater London",
    "country": "GBR",
    "postalCode": "EC1A 1BB"
  },
  "isPrepaidCardCustomer": true,
  "accountId": "8f1a2b3c-4d5e-4f6a-8b7c-9d0e1f2a3b4c",
  "confirmation": {
    "method": "passkey",
    "passkeySession": "AYABeJ...custom-auth-session",
    "assertion": "{\"id\":\"q1n...\",\"response\":{\"signature\":\"MEUCI...\"}}"
  }
}
'
{
  "success": true,
  "data": {
    "message": "Customer invitation processed successfully"
  }
}
{
"success": false,
"code": "<string>",
"message": "<string>"
}
{
"success": false,
"code": "<string>",
"message": "<string>"
}
{
"success": false,
"code": "<string>",
"message": "<string>"
}
{
"success": false,
"code": "<string>",
"message": "<string>"
}
{
"success": false,
"code": "<string>",
"message": "<string>"
}

Authorizations

Authorization
string
header
required

Bearer authentication header of the form Bearer <token>, where <token> is your auth token.

x-program-id
string
header
required

The program the request acts on.

Body

application/json

Sent by a signed-in customer inviting a sub-user. Exactly one application flag must be true (isPrepaidCardCustomer / isCardOnly / isSpouse / isChild) — the sub-roles are mutually exclusive, and consumers can only invite sub-role members, never a plain customer. Because a sub-role flag is always set, accountId is always required and must be one of the inviter's own accounts (ACTIVE, not a pseudo account). Must include a confirmation step-up object (passkey or TOTP).

email
string<email>
required
confirmation
Passkey · object
required

Discriminated step-up (SCA) credential. passkey and totp are accepted on this endpoint (a pin confirmation is rejected with 422 SCA_INVALID_METHOD).

firstName
string
lastName
string
dob
string

Date of birth, YYYY-MM-DD.

nationality
string

Alpha-2 country code, e.g. GB.

phone
string

E.164-style number.

address
object
accountId
string<uuid>

Funding parent account the invitee draws against. Required (a sub-role flag is always set on a consumer invite). Must be one of the inviter's own accounts, ACTIVE, and not a pseudo account.

isPrepaidCardCustomer
boolean
isCardOnly
boolean
isSpouse
boolean
isChild
boolean

Response

Invitation processed

success
boolean
Example:

true

data
object