Skip to main content
POST
Create an instrument for a beneficiary

Authorizations

Authorization
string
header
required

OAuth 2.0 client_credentials grant (RFC 6749 §4.4) bound to a DPoP keypair (RFC 9449).

Flow (every authenticated /v1 call requires both an access token AND a fresh per-request DPoP proof):

  1. Register a credential via the merchant portal. Anton issues a client_id (ant_oc_<env>_<32hex>) and a client_secret (ant_ocs_<env>_<48hex>, shown ONCE). The portal generates an ES256 or Ed25519 DPoP keypair in your browser; you store the private half.
  2. Mint an access token: POST /oauth/token with Authorization: Basic <client_id:client_secret> and Content-Type: application/x-www-form-urlencoded. Body: grant_type=client_credentials. A DPoP header carrying a proof signed for the token endpoint is required (no ath claim on this proof).
  3. Use the token: send Authorization: DPoP <access_token> plus a fresh DPoP: <proof> header on every /v1 request. The proof JWT MUST carry htm (request method), htu (request URL, no query/fragment), iat (within ±60s), jti (unique within 5 min), and ath (SHA-256 of the access token, base64url).

Tokens expire in 1 hour in production / staging and 8 hours in sandbox. There are no refresh tokens — call /oauth/token again with your secret. Anton's public signing key is published at /.well-known/jwks.json.

OpenAPI 3.0 has no native DPoP scheme; this declaration plus dpopHeader together convey both the access-token Authorization and the per-request proof header.

DPoP
string
header
required

Per-request DPoP proof JWT (RFC 9449). MUST accompany the Authorization: DPoP <access_token> header on every protected operation. The proof is signed by the merchant's private DPoP key and carries htm, htu, iat, jti, and ath claims.

Headers

Idempotency-Key
string
required

Unique key identifying this operation. Sending the same key twice returns the original response instead of creating a duplicate. Keys are retained for 24 hours.

Maximum string length: 255

Path Parameters

id
string
required
Pattern: ^ben_[a-zA-Z0-9]+$

Body

application/json

Create an instrument attached to a beneficiary.

The credentials object shape varies by method. A few common shapes:

  • iban: { "iban": "GB82WEST12345698765432", "bic": "WESTGB22" } (BIC optional)
  • uk_bank: { "account_number": "12345678", "sort_code": "123456" }
  • us_bank: { "routing_number": "026073150", "account_number": "...", "account_type": "checking" }
  • crypto: { "wallet_address": "0x...", "network": "ethereum", "token_symbol": "USDC" }
  • card: { "pan": "...", "expiry_month": 12, "expiry_year": 2028 } (routed through PCI vault)

Call GET /v1/payment-methods?country=XX for the complete per-country catalog with the exact credential schema required.

method
enum<string>
required

Credential format of a payment instrument — named by what data is stored, not by the rail that delivers the funds. One credential type can route to multiple rails (e.g. an IBAN can go via SEPA, SEPA Instant, TARGET2, SWIFT, or CHAPS — the rail is selected at payout time).

Query GET /v1/payment-methods for the full country-specific catalog including per-method credential schemas.

Available options:
iban,
uk_bank,
us_bank,
ca_bank,
au_bank,
nz_bank,
jp_bank,
in_bank,
za_bank,
ng_bank,
ph_bank,
cl_bank,
co_bank,
swift,
clabe,
cbu,
cci,
pix,
upi,
interac,
paynow,
fps_hk,
promptpay,
card,
crypto,
mobile_money
currency
string

ISO 4217 three-letter currency code.

Pattern: ^[A-Z]{3}$
Example:

"USD"

country
string

ISO 3166-1 alpha-2 country code.

Pattern: ^[A-Z]{2}$
Example:

"US"

label
string

Merchant-visible label for this instrument (e.g. "Payroll - primary account").

Maximum string length: 255
credentials
object

Method-specific credential fields. Tokenized on receipt.

is_default
boolean
default:false

Make this the default instrument for the beneficiary. The previous default (if any) is unflagged.

end_user_ip
string

Response

Instrument created.

A payment destination attached to a beneficiary. Credentials (account numbers, wallet addresses, card PANs) are tokenized in Basis Theory and never returned by the API. Only masked display fields and method metadata are exposed.

id
string
required
Pattern: ^ins_[a-zA-Z0-9]+$
Example:

"ins_01HX8Z9K0M2N3P4Q5R6S7T8UA2"

beneficiary_id
string
required
Pattern: ^ben_[a-zA-Z0-9]+$
merchant_id
string
required
Pattern: ^mer_[a-zA-Z0-9]+$
method
enum<string>
required

Credential format of a payment instrument — named by what data is stored, not by the rail that delivers the funds. One credential type can route to multiple rails (e.g. an IBAN can go via SEPA, SEPA Instant, TARGET2, SWIFT, or CHAPS — the rail is selected at payout time).

Query GET /v1/payment-methods for the full country-specific catalog including per-method credential schemas.

Available options:
iban,
uk_bank,
us_bank,
ca_bank,
au_bank,
nz_bank,
jp_bank,
in_bank,
za_bank,
ng_bank,
ph_bank,
cl_bank,
co_bank,
swift,
clabe,
cbu,
cci,
pix,
upi,
interac,
paynow,
fps_hk,
promptpay,
card,
crypto,
mobile_money
status
enum<string>
required
Available options:
active,
disabled
is_default
boolean
required

Whether this is the beneficiary's default instrument for payouts.

created_at
string<date-time>
required

RFC 3339 / ISO 8601 timestamp in UTC.

Example:

"2026-04-15T14:30:00Z"

updated_at
string<date-time>
required

RFC 3339 / ISO 8601 timestamp in UTC.

Example:

"2026-04-15T14:30:00Z"

currency
string

ISO 4217 three-letter currency code.

Pattern: ^[A-Z]{3}$
Example:

"USD"

country
string

ISO 3166-1 alpha-2 country code.

Pattern: ^[A-Z]{2}$
Example:

"US"

label
string

Merchant-visible label.

display_last4
string

Last 4 characters of the primary credential (account number / PAN / wallet address), for display.

display_bank
string

Bank name derived from routing details, for display.

display_network
string

Card network or chain, for display (e.g. visa, ethereum).

masked_account
string

Fully masked credential for list views.

Example:

"****5432"