🚀 VaultsPay API v1 is live. See what's new →
API Reference

API Reference

The VaultsPay API is organised around REST. All endpoints are rooted at:

https://api.vaultspay.ae/v1

Pick a section below to jump to the full reference.

Users
Create, update, list users and run KYC.Read docs
Accounts
Multi-currency accounts, balances, IBANs.Read docs
Payment Cards
Virtual & physical cards, controls, transactions.Read docs
Webhooks
Signed real-time event delivery.Read docs
Errors
Status codes, error shapes, retry strategy.Read docs

Global conventions

ItemDetails
ProtocolHTTPS only (TLS 1.2+). Plain HTTP is refused.
Request body formatapplication/json (UTF-8).
Response body formatapplication/json (UTF-8).
TimestampsISO 8601 UTC (2026-04-24T14:52:03Z).
Money amountsMinor units (e.g. 1050 = AED 10.50).
AuthenticationAuthorization: Bearer <api_key>.
IdempotencyOptional Idempotency-Key header on mutating requests.
VersioningPinned by VaultsPay-Version: YYYY-MM-DD (defaults to dashboard).
PaginationCursor-based on list endpoints, limit max 100.

Resource index

Users — /v1/users

  • POST /v1/users
  • GET /v1/users
  • GET /v1/users/{id}
  • PATCH /v1/users/{id}
  • DELETE /v1/users/{id}
  • POST /v1/users/{id}/kyc_sessions
  • GET /v1/users/{id}/kyc_sessions/{session_id}
  • POST /v1/users/{id}/documents

Accounts — /v1/accounts

  • POST /v1/accounts
  • GET /v1/accounts
  • GET /v1/accounts/{id}
  • GET /v1/accounts/{id}/balance
  • GET /v1/accounts/{id}/transactions
  • GET /v1/accounts/{id}/iban
  • POST /v1/accounts/{id}/close

Cards — /v1/cards

  • POST /v1/cards
  • GET /v1/cards
  • GET /v1/cards/{id}
  • PATCH /v1/cards/{id}
  • POST /v1/cards/{id}/convert_to_physical
  • POST /v1/cards/{id}/activate
  • POST /v1/cards/{id}/freeze
  • POST /v1/cards/{id}/unfreeze
  • POST /v1/cards/{id}/pin/tokens
  • POST /v1/cards/{id}/pin
  • POST /v1/cards/{id}/reveal
  • POST /v1/cards/{id}/terminate
  • GET /v1/cards/{id}/transactions

Webhooks — /v1/webhooks

  • POST /v1/webhooks/endpoints
  • GET /v1/webhooks/endpoints
  • GET /v1/webhooks/endpoints/{id}
  • PATCH /v1/webhooks/endpoints/{id}
  • POST /v1/webhooks/endpoints/{id}/rotate
  • POST /v1/webhooks/endpoints/{id}/test
  • GET /v1/webhooks/endpoints/{id}/deliveries
  • DELETE /v1/webhooks/endpoints/{id}
  • POST /v1/webhooks/events/{event_id}/redeliver

System

  • GET /v1/ping
ErrorsChangelog