Attestyx API

The integrity layer for any payment.

One endpoint covers the validation flow. Auxiliary endpoints cover funding, audit, registry, and webhooks. Free to integrate. Free unlimited sandbox. Production access gated on KYB pass, typically completed in under 24 hours.

Quick start

Sign up, copy your sandbox key, run your first validation.

# 1. Sign up at https://attestyx.com/portal/auth/signup
# 2. Copy your sandbox API key from the portal
# 3. Run your first validation

curl https://api.attestyx.com/v1/validate \
  -H "Authorization: Bearer $ATTESTYX_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "recipient": {
      "legal_name": "Acme Vendor Inc",
      "registration_id": "00-0000000",
      "jurisdiction": "US",
      "bank_account": { "routing": "...", "account": "..." }
    },
    "payment": {
      "amount": "10000.00",
      "currency": "USD",
      "rail": "ach"
    },
    "tiers": ["t1"],
    "mode": "authorize_then_execute"
  }'

Response

{
  "validation_id": "vp_01J4Y2B8XK3M9N7P5Q6R8T2W4V",
  "verdict": "CONFIRMED",
  "tier_results": {
    "t1": {
      "checks_run": 39,
      "checks_passed": 39,
      "checks_warned": 0,
      "checks_blocked": 0,
      "category_breakdown": { "...": "see Tier 1 catalog" }
    }
  },
  "charges": {
    "t1": { "amount": "5.00", "currency": "USD", "basis": "5bps_of_value" },
    "total": { "amount": "5.00", "currency": "USD" }
  },
  "billing_state": "POSTED_TO_INVOICE",
  "balance_remaining": null,
  "authorization": {
    "payload_b64": "eyJhbGciOiJFZERTQSIsImtpZCI6...",
    "signatures": {
      "ed25519": "fbd8...44a2",
      "dilithium3": "9e2c...7715"
    },
    "expires_at": "2026-05-05T15:00:00Z"
  },
  "receipt": {
    "receipt_id": "rcp_01J4Y2B8XK3M9N7P5Q6R8T2W4V",
    "issued_at": "2026-05-05T14:32:08Z",
    "courtchain_anchor": "0x9f3b...c8e1",
    "block_height": 1487732,
    "signatures": { "ed25519": "...", "dilithium3": "..." }
  }
}

Authentication

Bearer token. Sandbox + production keys.

Bearer token via standardAuthorizationheader. Sandbox keys beginsk_sb_, production keys beginsk_pr_. Keys are scoped to a single tenant. Rotate in the portal. Production access is gated on KYB pass.

Resources

The API surface.

Resource	Endpoint	Purpose
Validation	`/v1/validate`	The primary endpoint. Run the parametized tier validation.
Recipients	`/v1/recipients`	Persisted recipient profiles. Reuse a Tier 2 verification across many calls.
Disbursements	`/v1/disbursements`	Settle a Mode A authorization or attest a Mode B payment.
Receipts	`/v1/receipts/{id}`	Retrieve any receipt by ID.
CREB bundles	`/v1/disbursements/{id}/creb`	Retrieve a Tier 2 CREB bundle.
Monitoring	`/v1/monitoring`	Manage active-recipient lifecycle monitoring.
Recovery (Tier 3)	`/v1/recovery`	Submit and track Tier 3 engagements.
Registry	`/v1/registry`	Read the cross-network bad-actor registry.
Sanctions	`/v1/sanctions`	Direct sanctions lookup (free).
Balance	`/v1/balance`	Read your prepaid balance, configure auto-reload.
Funding	`/v1/funding`	Get funding instructions for USDC and USD prepaid.
Invoices	`/v1/invoices`	Postpaid invoice management.
Webhooks	`/v1/webhooks`	Configure webhook endpoints.
Audit	`/v1/audit`	Read your audit log.

The validation endpoint

POST /v1/validate

The shape of a request:

{
  "recipient": {
    "legal_name": "...",
    "registration_id": "...",
    "jurisdiction": "...",
    "address": { ... },
    "bank_account": { ... },
    "wallet_address": "...",
    "beneficial_owners": [ ... ]
  },
  "payment": {
    "amount": "...",
    "currency": "...",
    "rail": "ach|wire|swift|rtp|fednow|sepa|usdc|btc|...",
    "rail_reference": "...",
    "settled_at": "...",
    "metadata": { ... }
  },
  "tiers": ["t1"] | ["t1", "t2"] | ["t1", "t2", "t3"],
  "mode": "authorize_then_execute" | "pay_then_attest",
  "options": {
    "policy_overrides": { ... },
    "supporting_documents": [ ... ],
    "monitoring_enabled": true,
    "tier3_engagement_id": "..."
  }
}

Thetiers array is the parametization. Minimum is ["t1"]. Adding"t2"triggers the deeper verification and produces a CREB bundle. Adding"t3"requires a pre-arranged Tier 3 engagement.

Billing state values

DEDUCTED_FROM_PREPAID- USDC or USD prepaid balance debited
POSTED_TO_INVOICE- added to current postpaid invoice
CHARGED_TO_CARD- card-on-file fallback fired
BILLING_FAILED - no funding source available; call still validated, charge held in suspense, customer notified

Two payment-attestation modes

The mode parameter controls the operational pattern.

Mode A. Authorize-then-execute

Use when the validation must gate the payment.

POST /v1/validatewithmode: "authorize_then_execute".
Verdict comes back with a signed authorization payload.
Your banking partner executes against the authorization.
Banking partner posts settlement back via webhook, or you callPOST /v1/disbursements/{id}/settlement.
Receipt is finalized. CREB bundle generated if Tier 2 was requested.

The signed authorization payload is presentable to programmatic banking partners (Modern Treasury, Column, Increase, Mercury, Brex Treasury), Stripe Treasury / Issuing, issuer-processors (Marqeta, Galileo, Lithic, Highnote), sponsor banks (Cross River, Sutton, Pathward), direct ODFI relationships for ACH, SWIFT correspondents, and USDC custody partners.

Mode B. Pay-then-attest

Use for high-volume async traffic, retroactive attestation, or any rail where pre-authorization is not required.

You pay through your own rails.
POST /v1/validatewithmode: "pay_then_attest", includingpayment.rail_referenceandpayment.settled_at.
Verdict comes back. Receipt generated. CREB bundle if Tier 2.

Mode B can backfill historical payments.

Choosing modes

Question	Mode A	Mode B
Does the validation need to gate the payment?	Yes	No
Are you using a programmatic banking partner today?	Yes	Optional
High-volume async rail (issuer push, marketplace payouts)?	Optional	Yes, default
Backfill historical payments?	Not possible	Yes
CREB attestation?	Yes (Tier 2 add)	Yes (Tier 2 add)

You can mix modes within a single tenant.

KYB at signup

Self-serve onboarding includes mandatory KYB before production access.

The KYB run uses our own engine on the customer entity. Most legitimate entities clear in under 24 hours.

KYB requires

Legal entity name, jurisdiction, registration ID
Beneficial-ownership disclosure (UBO and control percentages)
Authorized representative identity verification
Stated intended use of the API (payment categories, geographic scope, expected volume)
Acknowledgment of acceptable use policy

Failed KYB is appealable. Suspicious activity post-onboarding triggers automatic suspension and review. Appeals: [email protected].

Funding your account

POST /v1/funding returns funding instructions.

USDC prepaid

{
  "funding_method": "usdc",
  "default_chain": "jil",
  "instructions": {
    "jil": { "contract_address": "0x...", "memo": "ACCT-01J4Y2..." },
    "ethereum": { "contract_address": "0x...", "memo": "ACCT-01J4Y2..." },
    "base": { ... },
    "solana": { ... }
  },
  "auto_reload": { "enabled": false, "threshold": null, "reload_amount": null },
  "current_balance_usd": "0.00",
  "withdrawal_endpoint": "/v1/balance/withdraw"
}

USDC balances are held in customer-segregated smart contracts. Withdrawal-on-demand.

USD prepaid

{
  "funding_method": "usd_prepaid",
  "instructions": {
    "wire": { "bank_name": "[banking partner]", "routing": "...", "account": "...", "memo_required": "ACCT-01J4Y2..." },
    "ach": { ... }
  },
  "minimum_funding": "500.00",
  "current_balance_usd": "0.00"
}

USD balances are held in customer-segregated FBO accounts at our banking partner. Withdrawal-on-demand.

Postpaid invoice

{
  "funding_method": "postpaid",
  "credit_limit_usd": "...",
  "billing_cycle": "monthly",
  "net_terms": 15,
  "settlement_methods": ["ach", "wire", "usdc"],
  "card_on_file": { "configured": false, "fallback_only": true }
}

Available after KYB plus 30 days of clean prepaid usage.

Webhooks

Configure endpoints in the portal or via POST /v1/webhooks.

Events

validation.completed
validation.flagged
disbursement.authorized
disbursement.settled
disbursement.attested
receipt.ready
creb.ready
monitoring.signal
recovery.update
registry.match
balance.low
balance.depleted
invoice.issued
invoice.paid
kyb.status_changed

All deliveries signed with HMAC-SHA256. Exponential backoff retry, 24-hour total window. Replay window 5 minutes.

Rate limits

Tier	Sustained rate
Free Forever	100 requests per minute
Pay-as-you-go	1,000 requests per minute
Volume customers (10M+ Tier 1 monthly)	Negotiated, default 10,000+
Sandbox	10,000 per minute

Burst headroom 2x sustained for 60 seconds. 429 response includesRetry-After.

SDKs

Open source under Apache 2.0.

Python:pip install attestyx
Node:npm install @attestyx/sdk
Go:go get github.com/attestyx/attestyx-go
Java: Mavencom.attestyx:sdk:1.0.0
Ruby (community)
PHP (community)

Sandbox

Unlimited, free, no time limit.

Sandbox keys issued at signup. Test fixtures cover all Tier 1 outcomes (CONFIRMED, WARN, BLOCK), both modes, all major rails, and all funding methods. Sandbox traffic does not contribute to the production cross-network registry.

Versioning + errors + support

Versioning.Semantic versioning. Breaking changes only on major versions. 12-month deprecation window.
Errors.Standard HTTP status codes. JSON error body withcode, message, request_id, anddocumentation_url.
Support.Free Forever: docs, sandbox, community. Pay-as-you-go: email support, 24-hour SLA. Volume / partner: dedicated technical contact, optional Slack channel.