Create counterparty.
Create an external party that can send or receive payments. Counterparties are identity shells — they hold a name, entity type, and optional contact details. Rail-specific delivery details (bank accounts, crypto wallets) are managed separately as payment methods.
Next steps after creation:
- Add payment methods →
POST /counterparties/{id}/payment-methods - Validate payment methods →
POST .../payment-methods/{id}/validate - Reference the counterparty and payment method when creating payments
Authorizations
API key issued at onboarding. Passed as a Bearer token in the Authorization header: Authorization: Bearer <api-key>. Identifies the caller and determines organization scope. Invalid or revoked keys return 401 with error type authentication_error.
Ed25519 or RSA-SHA256 asymmetric signature over the request payload (ADR-0015). Provides request integrity and non-repudiation. The signature covers the HTTP method, path, query string, request body, and timestamp. Invalid signatures return 401 with error type authentication_error.
Unix timestamp (seconds) of when the request was signed. Server rejects requests where the timestamp drifts beyond +/-60 seconds from server time to prevent replay attacks. Must match the timestamp used in the signature computation.
Headers
Idempotency key for this request. UUID v4 recommended. Max 128 characters. 24-hour retention. Same key + same body replays original response with Idempotency-Replayed: true. Same key + different body returns 409 (code: duplicate_idempotency_key). Same key while the original request is still processing returns 409 with a Retry-After header (code: idempotency_key_in_flight).
128"550e8400-e29b-41d4-a716-446655440000"
Body
Customer resource identifier.
^cus_[A-Za-z0-9]+$"cus_01953e1a5f4b7000"
Whether the counterparty is an individual or business.
individual, business Email address per RFC 5322.
"user@example.com"
Physical or mailing address. Used on Entity and Counterparty.
Consumer-defined key-value store. Available on all primary resources. Max 50 keys. Keys must match ^[a-zA-Z0-9_]{1,40}$. Values are strings (max 500 chars) or null.
Response
Counterparty created.
External party that can send or receive payments. No inline rail details — those live on PaymentMethod sub-resources.
Counterparty resource identifier.
^cpt_[A-Za-z0-9]+$"cpt_01953e1a5f4b7004"
Customer resource identifier.
^cus_[A-Za-z0-9]+$"cus_01953e1a5f4b7000"
Whether the counterparty is an individual or business.
individual, business Full name of the counterparty.
"Globex Corporation"
Status of a counterparty.
active, archived UTC timestamp in RFC 3339 / ISO 8601 format.
"2026-02-23T12:00:00Z"
UTC timestamp in RFC 3339 / ISO 8601 format.
"2026-02-23T12:00:00Z"
Email address per RFC 5322.
"user@example.com"
Physical or mailing address. Used on Entity and Counterparty.
Read-only compliance metadata on payments and counterparties.
Consumer-defined key-value store. Available on all primary resources. Max 50 keys. Keys must match ^[a-zA-Z0-9_]{1,40}$. Values are strings (max 500 chars) or null.