POST
/
v1
/
access-management
/
invite
/
customer
curl --request POST \
  --url https://api.next.orenda.finance/v1/access-management/invite/customer \
  --header 'Authorization: Bearer <token>' \
  --header 'Content-Type: application/json' \
  --header 'x-program-id: <api-key>' \
  --data '
{
  "email": "ada.lovelace@example.com",
  "firstName": "Ada",
  "lastName": "Lovelace",
  "dob": "1985-12-10",
  "nationality": "GB",
  "phone": "+447700900123",
  "address": {
    "addressLine1": "12 Analytical Way",
    "addressLine2": "Floor 2",
    "city": "London",
    "state": "Greater London",
    "country": "GBR",
    "postalCode": "EC1A 1BB"
  },
  "isPrepaidCardCustomer": true,
  "accountId": "8f1a2b3c-4d5e-4f6a-8b7c-9d0e1f2a3b4c",
  "confirmation": {
    "method": "passkey",
    "passkeySession": "AYABeJ...custom-auth-session",
    "assertion": "{\"id\":\"q1n...\",\"response\":{\"signature\":\"MEUCI...\"}}"
  }
}
'
{
  "success": true,
  "data": {
    "message": "Customer invitation processed successfully"
  }
}
{
"success": false,
"code": "<string>",
"message": "<string>"
}
{
"success": false,
"code": "<string>",
"message": "<string>"
}
{
"success": false,
"code": "<string>",
"message": "<string>"
}
{
"success": false,
"code": "<string>",
"message": "<string>"
}
{
"success": false,
"code": "<string>",
"message": "<string>"
}
Invites a sub-user under your account — a prepaid-card member, child, spouse, or card-only member. Send Authorization: Bearer <access_token> and x-program-id, the invitee’s details, exactly the sub-role you want, the funding accountId, and a step-up confirmation.
Consumers can only invite sub-role members, never a plain customer — at least one sub-role flag must be set. Each sub-user is a pseudo account funded from one of your own accounts.
Self-service invites aren’t available on programs that authenticate via an external identity provider; those invites are created by your operator instead. Such a request returns 400 "This program does not support consumer self-service invites".

Sub-role flags

Set exactly one of these to choose the member type — the roles are mutually exclusive, so setting zero or more than one returns 400:
FlagMember type
isPrepaidCardCustomerPrepaid-card customer drawing on your prepaid master account
isCardOnlyCard-only member
isSpouseSpouse member
isChildChild member

Member details

Which of the invitee’s details you must supply depends on the member type: some members need only email + accountId, some need the member’s identity (firstName, lastName, dob, nationality), and some need a full profile including address. Send what you have — if a field is required for that member the API responds 400 naming it. (address and phone may be inherited from your own account; see Inherited fields.)

Funding account

accountId (a UUID) is required and must be one of your own accountsACTIVE and not itself a pseudo account. It’s validated before the sub-user is created; if it’s missing you get 400 accountId is required when inviting a sub-role, and if it isn’t a valid, eligible account of yours you get 400 account not found or not eligible.
{
  "email": "ada.lovelace@example.com",
  "firstName": "Ada",
  "lastName": "Lovelace",
  "dob": "1985-12-10",
  "nationality": "GB",
  "phone": "+447700900123",
  "address": {
    "addressLine1": "12 Analytical Way",
    "city": "London",
    "state": "Greater London",
    "country": "GB",
    "postalCode": "EC1A 1BB"
  },
  "isPrepaidCardCustomer": true,
  "accountId": "8f1a2b3c-4d5e-4f6a-8b7c-9d0e1f2a3b4c",
  "confirmation": {
    "method": "passkey",
    "passkeySession": "AYABeJ…",
    "assertion": "{\"id\":\"q1n…\",\"response\":{…}}"
  }
}

Inherited fields

Depending on the program’s onboarding configuration for the chosen role, some of the sub-user’s details (such as address and phone) are inherited from your own application rather than the request body — for example a child typically inherits the parent’s address. When inheritance is enabled for a field, you can omit it from the request.

Step-up authentication

Every invite requires a step-up confirmationeither passkey or TOTP.
Start a challenge via POST /v1/auth/passkey/challenge, complete it on the device, then send:
"confirmation": {
  "method": "passkey",
  "passkeySession": "c14102b0-…",
  "assertion": "{\"id\":\"\",\"response\":{…}}"
}
Missing confirmation returns 422 SCA_MISSING and no user is created; an incomplete pair (e.g. totp without accessToken) returns 400; a pin confirmation is rejected with 422 SCA_INVALID_METHOD. For TOTP, the access token must belong to you, else 401.

Authorizations

Authorization
string
header
required

Bearer authentication header of the form Bearer <token>, where <token> is your auth token.

x-program-id
string
header
required

The program the request acts on.

Body

application/json

Sent by a signed-in customer inviting a sub-user. Exactly one application flag must be true (isPrepaidCardCustomer / isCardOnly / isSpouse / isChild) — the sub-roles are mutually exclusive, and consumers can only invite sub-role members, never a plain customer. Because a sub-role flag is always set, accountId is always required and must be one of the inviter's own accounts (ACTIVE, not a pseudo account). Must include a confirmation step-up object (passkey or TOTP).

email
string<email>
required
confirmation
Passkey · object
required

Discriminated step-up (SCA) credential. passkey and totp are accepted on this endpoint (a pin confirmation is rejected with 422 SCA_INVALID_METHOD).

firstName
string
lastName
string
dob
string

Date of birth, YYYY-MM-DD.

nationality
string

Alpha-2 country code, e.g. GB.

phone
string

E.164-style number.

address
object
accountId
string<uuid>

Funding parent account the invitee draws against. Required (a sub-role flag is always set on a consumer invite). Must be one of the inviter's own accounts, ACTIVE, and not a pseudo account.

isPrepaidCardCustomer
boolean
isCardOnly
boolean
isSpouse
boolean
isChild
boolean

Response

Invitation processed

success
boolean
Example:

true

data
object