> ## Documentation Index
> Fetch the complete documentation index at: https://docs.antonpayments.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Upload a Batch

> Upload a batch file (CSV or XLSX) containing many payout rows. The file
is stored, hashed for duplicate detection, and queued for asynchronous
validation. The response returns the batch in `uploaded` status; the
status transitions to `validating`, then `validated` (or
`validation_failed`) via webhook.

After `validated`, review `GET /v1/batches/{id}` and the summary, then
call `POST /v1/batches/{id}/confirm` to actually create the payouts.
Confirmation expires — see `expires_at` on the batch record.

Maximum file size: 32 MB. Maximum rows per batch: check current limits
with support.




## OpenAPI

````yaml POST /v1/batches
openapi: 3.1.0
info:
  title: Anton Payments API
  version: 1.0.0
  summary: Cross-border payout infrastructure. Fiat, stablecoin, and crypto.
  description: >
    The Anton Payments merchant API. Versioned, idempotent, cursor-paginated.


    - **Authentication**: OAuth 2.0 client_credentials with DPoP
    proof-of-possession (RFC 6749 §4.4 + RFC 9449). Programmatic clients
    exchange `(client_id, client_secret)` for a short-lived access token at
    `POST /oauth/token`, then send each request with `Authorization: DPoP
    <access_token>` plus a per-request `DPoP: <proof>` header. Static API keys
    are not accepted on v1.

    - Base URLs: `https://api.antonpayments.com` (production),
    `https://api.antonpayments.dev` (sandbox).

    - Monetary amounts are decimal strings. Never floats.

    - Timestamps are RFC 3339 UTC.

    - All mutating endpoints support the `Idempotency-Key` header.

    - Anton's OAuth public signing key is published at `GET
    /.well-known/jwks.json` (5-minute cache; RFC 8615).


    See the Cross-Cutting section of the docs for idempotency, pagination, rate
    limits, errors, webhook events, and webhook signing.
  contact:
    name: Anton Payments Support
    url: https://help.antonpayments.com
  license:
    name: Proprietary
    url: https://www.antonpayments.com
servers:
  - url: https://api.antonpayments.com
    description: Production
  - url: https://api.antonpayments.dev
    description: Sandbox
security:
  - oauthDPoP: []
    dpopHeader: []
tags:
  - name: Authentication
    description: >-
      OAuth 2.0 token endpoint and JWKS publication. See the API description for
      the full DPoP-bound flow.
  - name: OAuth Clients
    description: >-
      Manage OAuth credentials (programmatic access). Portal-only — JWT auth
      required.
  - name: Reference Data
    description: Currencies, countries, and supported payment methods.
  - name: Beneficiaries
    description: Create and manage the people and businesses you pay.
  - name: Instruments
    description: >-
      Payment instruments attached to beneficiaries — bank accounts, wallets,
      cards.
  - name: Payouts
    description: Initiate and track payouts.
  - name: Batches
    description: CSV-driven bulk payout processing.
  - name: Balances
    description: Merchant balance by currency.
  - name: Accounts
    description: Virtual accounts for merchant funding.
  - name: Webhooks
    description: Subscribe to event notifications.
  - name: Documents
    description: Upload and manage KYB and supporting documents.
  - name: RFIs
    description: Respond to Requests for Information raised during review.
  - name: Pricing
    description: Read merchant pricing plans and quote fees.
  - name: FX
    description: Quote, lock, and execute currency exchanges between balances.
  - name: Corridors
    description: Active cross-border corridors for your merchant.
  - name: Balance Alerts
    description: >-
      Per-currency low-balance thresholds that drive the `balance.low` webhook
      event.
  - name: Sandbox
    description: Reset and seed your sandbox environment.
  - name: Merchant
    description: Merchant profile, branding, preferences, and security posture.
  - name: API Keys
    description: Issue, list, and revoke API keys.
  - name: Users
    description: Self-service profile, MFA, and team management.
  - name: Notifications
    description: Per-user notification channels and preferences.
  - name: Velocity
    description: Merchant-scoped risk rules and what-if simulation.
  - name: Engine
    description: Glass-box view of Anton's risk intelligence.
  - name: Onboarding
    description: Authenticated KYB onboarding draft and submission.
  - name: Public Onboarding
    description: >-
      Session-authenticated hosted onboarding flow. Not intended for SDK
      consumption.
paths:
  /v1/batches:
    post:
      tags:
        - Batches
      summary: Upload a batch
      description: |
        Upload a batch file (CSV or XLSX) containing many payout rows. The file
        is stored, hashed for duplicate detection, and queued for asynchronous
        validation. The response returns the batch in `uploaded` status; the
        status transitions to `validating`, then `validated` (or
        `validation_failed`) via webhook.

        After `validated`, review `GET /v1/batches/{id}` and the summary, then
        call `POST /v1/batches/{id}/confirm` to actually create the payouts.
        Confirmation expires — see `expires_at` on the batch record.

        Maximum file size: 32 MB. Maximum rows per batch: check current limits
        with support.
      operationId: uploadBatch
      requestBody:
        required: true
        content:
          multipart/form-data:
            schema:
              type: object
              required:
                - file
              properties:
                file:
                  type: string
                  format: binary
                  description: CSV or XLSX file. Filename is preserved.
      responses:
        '201':
          description: Batch accepted and queued for validation.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/Batch'
        '400':
          description: >
            Malformed upload. One of:

            - `invalid_multipart_form` — request body is not valid
            multipart/form-data.

            - `invalid_file` — the `file` form field was missing or unreadable.

            - `invalid_file_format` — unsupported extension (only `.csv` and
            `.xlsx` are accepted).

            - `file_hash_mismatch` — the optional `file_hash` form value did not
            match the server-computed SHA-256.

            - `file_too_large` — file exceeds the 32 MB limit. (Also surfaced as
            413; see below.)
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ErrorEnvelope'
        '401':
          $ref: '#/components/responses/Unauthorized'
        '409':
          description: >-
            `duplicate_file` — a batch with this exact file hash is still being
            processed (non-terminal).
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ErrorEnvelope'
        '413':
          description: '`file_too_large` — file exceeds the 32 MB limit.'
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ErrorEnvelope'
        '422':
          description: >-
            `batch_upload_failed` — the batch could not be persisted after
            upload; safe to retry with a fresh idempotency key.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ErrorEnvelope'
        '429':
          $ref: '#/components/responses/RateLimited'
components:
  schemas:
    Batch:
      type: object
      description: |
        A batch upload. Moves through `uploaded -> validating -> validated ->
        confirmed -> processing -> completed | partial | failed`. Can be
        cancelled from any pre-processing state.
      required:
        - id
        - merchant_id
        - uploaded_by
        - status
        - file_name
        - file_format
        - file_size
        - created_at
        - updated_at
      properties:
        id:
          type: string
          pattern: ^bat_[a-zA-Z0-9]+$
          example: bat_01HX8Z9K0M2N3P4Q5R6S7T8UBT
        merchant_id:
          type: string
          pattern: ^mer_[a-zA-Z0-9]+$
        uploaded_by:
          type: string
          description: User ID of the operator who uploaded this batch.
        status:
          $ref: '#/components/schemas/BatchStatus'
        file_name:
          type: string
          example: payroll_2026_04_15.csv
        file_format:
          type: string
          enum:
            - csv
            - xlsx
        file_size:
          type: integer
          description: Bytes.
        total_rows:
          type: integer
        valid_rows:
          type: integer
        invalid_rows:
          type: integer
        warning_rows:
          type: integer
        skipped_rows:
          type: integer
        processed_rows:
          type: integer
        summary:
          $ref: '#/components/schemas/BatchSummary'
        source_currency:
          $ref: '#/components/schemas/CurrencyCode'
          description: >-
            Default funding currency used for rows that don't specify their own.
            Set at confirmation.
        total_amount:
          type: string
          description: |
            Aggregate destination-side amount across every valid row, populated
            during validation when all rows share a single destination currency.
            Absent for mixed-currency batches and legacy batches uploaded before
            the aggregate was materialized — callers should fall back to the
            per-currency breakdown in `summary.estimated_debits`.
          example: '12345.67'
        total_currency:
          $ref: '#/components/schemas/CurrencyCode'
          description: Currency of `total_amount`. Absent for mixed-currency batches.
        current_row_index:
          type: integer
          description: Resumability checkpoint — highest row index successfully processed.
        expires_at:
          $ref: '#/components/schemas/Timestamp'
          description: Deadline for confirming a `validated` batch.
        confirmed_at:
          $ref: '#/components/schemas/Timestamp'
        confirmed_by:
          type: string
        cancelled_at:
          $ref: '#/components/schemas/Timestamp'
        cancelled_by:
          type: string
        processing_started_at:
          $ref: '#/components/schemas/Timestamp'
        completed_at:
          $ref: '#/components/schemas/Timestamp'
        created_at:
          $ref: '#/components/schemas/Timestamp'
        updated_at:
          $ref: '#/components/schemas/Timestamp'
    ErrorEnvelope:
      type: object
      required:
        - error
      properties:
        error:
          type: object
          required:
            - message
          properties:
            message:
              type: string
              description: Human-readable description of what went wrong.
            code:
              type: string
              description: Machine-readable error code. Branch on this, not on `message`.
              example: insufficient_balance
      example:
        error:
          message: insufficient funds for this payout
          code: insufficient_balance
    BatchStatus:
      type: string
      enum:
        - uploaded
        - validating
        - validated
        - validation_failed
        - confirmed
        - processing
        - completed
        - partial
        - failed
        - cancelled
    BatchSummary:
      type: object
      description: Validation summary the merchant reviews before confirming.
      properties:
        new_beneficiaries:
          type: integer
          description: Beneficiaries that would be created from the file.
        matched_beneficiaries:
          type: integer
          description: Rows that matched an existing beneficiary.
        existing_beneficiaries:
          type: integer
          description: Distinct existing beneficiaries referenced.
        methods:
          type: object
          description: Count of rows by payment method.
          additionalProperties:
            type: integer
        estimated_debits:
          type: array
          items:
            type: object
            properties:
              currency:
                $ref: '#/components/schemas/CurrencyCode'
              amount:
                $ref: '#/components/schemas/Money'
              fx_rows:
                type: integer
              same_currency_rows:
                type: integer
              rate_timestamp:
                $ref: '#/components/schemas/Timestamp'
        fx_markup_bps:
          type: integer
          description: FX markup applied to cross-currency rows, in basis points.
        balance_check:
          type: object
          description: Balance sufficiency per funding currency.
          additionalProperties:
            type: object
            properties:
              available:
                $ref: '#/components/schemas/Money'
              estimated_debit:
                $ref: '#/components/schemas/Money'
              sufficient:
                type: boolean
    CurrencyCode:
      type: string
      description: ISO 4217 three-letter currency code.
      pattern: ^[A-Z]{3}$
      example: USD
    Timestamp:
      type: string
      format: date-time
      description: RFC 3339 / ISO 8601 timestamp in UTC.
      example: '2026-04-15T14:30:00Z'
    Money:
      type: string
      description: Decimal amount as a string, never a float. Up to 12 whole digits.
      pattern: ^-?\d{1,12}(\.\d+)?$
      example: '1234.56'
  responses:
    Unauthorized:
      description: Missing or invalid API key, or key used against the wrong environment.
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/ErrorEnvelope'
          examples:
            missing_key:
              summary: Missing bearer token
              value:
                error:
                  code: unauthorized
                  message: missing or invalid credentials
            wrong_environment:
              summary: Test key used against production
              value:
                error:
                  code: key_environment_mismatch
                  message: this API key is not valid for this environment
    RateLimited:
      description: Rate limit exceeded. See `Retry-After`.
      headers:
        Retry-After:
          $ref: '#/components/headers/Retry-After'
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/ErrorEnvelope'
  headers:
    Retry-After:
      description: Seconds to wait before retrying. Included on 429 responses.
      schema:
        type: integer
  securitySchemes:
    oauthDPoP:
      type: oauth2
      description: >
        OAuth 2.0 client_credentials grant (RFC 6749 §4.4) bound to a DPoP
        keypair (RFC 9449).


        **Flow** (every authenticated `/v1` call requires both an access token
        AND a fresh per-request DPoP proof):


        1. Register a credential via the merchant portal. Anton issues a
        `client_id` (`ant_oc_<env>_<32hex>`) and a `client_secret`
        (`ant_ocs_<env>_<48hex>`, shown ONCE). The portal generates an ES256 or
        Ed25519 DPoP keypair in your browser; you store the private half.

        2. Mint an access token: `POST /oauth/token` with `Authorization: Basic
        <client_id:client_secret>` and `Content-Type:
        application/x-www-form-urlencoded`. Body:
        `grant_type=client_credentials`. A `DPoP` header carrying a proof signed
        for the token endpoint is required (no `ath` claim on this proof).

        3. Use the token: send `Authorization: DPoP <access_token>` plus a fresh
        `DPoP: <proof>` header on every `/v1` request. The proof JWT MUST carry
        `htm` (request method), `htu` (request URL, no query/fragment), `iat`
        (within ±60s), `jti` (unique within 5 min), and `ath` (SHA-256 of the
        access token, base64url).


        Tokens expire in **1 hour** in production / staging and **8 hours** in
        sandbox. There are no refresh tokens — call `/oauth/token` again with
        your secret. Anton's public signing key is published at
        `/.well-known/jwks.json`.


        OpenAPI 3.0 has no native DPoP scheme; this declaration plus
        `dpopHeader` together convey both the access-token Authorization and the
        per-request proof header.
      flows:
        clientCredentials:
          tokenUrl: /oauth/token
          scopes: {}
    dpopHeader:
      type: apiKey
      in: header
      name: DPoP
      description: >
        Per-request DPoP proof JWT (RFC 9449). MUST accompany the
        `Authorization: DPoP <access_token>` header on every protected
        operation. The proof is signed by the merchant's private DPoP key and
        carries `htm`, `htu`, `iat`, `jti`, and `ath` claims.

````