API Reference
Start typing to search…

Intro

US virtual Bank accounts

Issue virtual USD bank accounts to your users, enabling them to receive online payments from platforms like PayPal, Payoneer, and Upwork. These accounts are issued in the user’s name.

Step 1: Create a Customer
Before issuing a US account to your user, you must first create a customer using the Create a Customer endpoint.

Use our KYC link to redirect your user for verification. Once the KYC process is completed, we’ll notify you via webhook. After receiving the webhook.

Step 2: Create a US Account
Once the customer has completed KYC and you’ve received the webhook notification, you can create a US account for them using the Create a US Account endpoint.

How to use US Bank Webhook

Set up your webhook URL on the US Account Settings page. Please note that these webhook settings are separate from your standard payment webhook settings.

🚧

If you do not see this page on your dashboard, contact [email protected] — this feature is available upon request.

The webhook signature is used to verify that the request is genuinely from us.

Here's how to verify it:

Take the payload from the webhook request (usually the 'data' field).
Convert the payload to a JSON string without any formatting changes. Hash it using HMAC-SHA256 with your business's secret_key as the key. Compare the result with the signature sent in the webhook request.

$payload = json_encode($request['data']);
$expectedSignature = hash_hmac('sha256', $payload, $your_secret_key);

if ($expectedSignature === $request['signature']) {
// Valid webhook
}
❗️

Never trust the request without verifying the signature.

Webhook Data

KYC Updated

{
"event": "kyc_updated",
"data": {
"customer_id": "cus_123456",
"kyc_status": "approved",
"rejection_reason": null,
"timestamp": "2025-06-27T12:34:56Z"
},
"signature": "abc123hmacsignature..."
}

Virtual Account Activity


{
"event": "va_activity",
"data": {
"customer_id": "cus_123456",
"activity_type": "deposit",
"amount": 5000,
"currency": "USD",
"timestamp": "2025-06-27T14:15:22Z"
},
"signature": "xyz789hmacsignature..."
}

Every webhook contains a signature. You must verify it using HMAC-SHA256 before trusting the payload.