Registering and Managing Tenants

Register sub-clients and receive generated client API keys.

Resell partners can register VASPs as CryptoSwift tenants. CryptoSwift creates the tenant record, links it to the partner, and returns a generated tenant-specific apiKey that can be used for regular Client API calls.

Register a VASP

POST /partners/tenants creates a new tenant under the authenticated partner.

Required parameters:

Field	Type	Description
`name`	string	Tenant service name.
`email`	string	Tenant main contact email.

Optional parameters:

Field	Type	Description
`legalName`	string	Tenant registered legal entity name.
`webhookUrl`	string	Tenant webhook URL for Travel Rule message notifications.
`country`	string	Tenant country.
`webpage`	string	Tenant webpage.
`townName`	string	Tenant town name.
`mfaPolicy`	string	Tenant MFA policy: `optional` or `required`. Defaults to `optional`.
`isWalletVerificationRiskScoringEnabled`	boolean	Enables wallet verification risk scoring for the tenant.

curl --location --request POST 'https://api-dev.cryptoswift.eu/partners/tenants' \
  --header 'X-Partner-Api-Key: <partner-api-key>' \
  --header 'Content-Type: application/json' \
  --data-raw '{
    "name": "Acme Exchange",
    "legalName": "Acme Digital Assets LLC",
    "email": "ops@acme.exchange",
    "webhookUrl": "https://acme.exchange/webhooks/travel-rule",
    "country": "US",
    "webpage": "https://acme.exchange",
    "townName": "New York",
    "mfaPolicy": "required",
    "isWalletVerificationRiskScoringEnabled": true
  }'

Successful response:

{
  "id": 42,
  "name": "Acme Exchange",
  "legalName": "Acme Digital Assets LLC",
  "email": "ops@acme.exchange",
  "isVerified": true,
  "webhookUrl": "https://acme.exchange/webhooks/travel-rule",
  "webhookSecret": "s3cr3t-signing-token",
  "apiKey": "ae6fb520-05b5-4a7a-9b25-8486d9a402d7",
  "country": "US",
  "webpage": "https://acme.exchange",
  "townName": "New York",
  "mfaPolicy": "required",
  "isWalletVerificationRiskScoringEnabled": true
}

CryptoSwift generates the client API key automatically. Store this value on the partner side if you plan to proxy API calls for the client.

Error Responses

{
  "statusCode": 400,
  "message": "Required data not provided. Please make sure to provide the Tenant name, email and API key.",
  "error": "Bad Request"
}

CryptoSwift returns 400 Bad Request when name or email is blank or missing.

{
  "statusCode": 401,
  "message": "Unauthorized"
}

CryptoSwift returns 401 Unauthorized when the X-Partner-Api-Key header is missing or invalid.

{
  "statusCode": 409,
  "message": "A verified user with the given name already exist.",
  "error": "Conflict"
}

CryptoSwift returns 409 Conflict when a verified tenant with the given name already exists.

List Tenants

Use GET /partners/tenants to retrieve existing partner tenants and their API keys.

curl --location 'https://api-dev.cryptoswift.eu/partners/tenants' \
  --header 'X-Partner-Api-Key: <partner-api-key>'

[
  {
    "id": 42,
    "name": "Acme Exchange",
    "legalName": "Acme Digital Assets LLC",
    "email": "ops@acme.exchange",
    "isVerified": true,
    "webhookUrl": "https://acme.exchange/webhooks/travel-rule",
    "webhookSecret": "s3cr3t-signing-token",
    "apiKey": "ae6fb520-05b5-4a7a-9b25-8486d9a402d7",
    "country": "US"
  }
]