Cross River ACH Payments API
Originate and receive ACH payments over the Federal Reserve ACH network - single payments, client batches, same-day ACH, reversals, and returns, with utilization monitoring. Part of the COS Payments module.
Originate and receive ACH payments over the Federal Reserve ACH network - single payments, client batches, same-day ACH, reversals, and returns, with utilization monitoring. Part of the COS Payments module.
openapi: 3.0.3
info:
title: Cross River Operating System (COS) API
description: >-
The Cross River Operating System (COS) is a collection of RESTful APIs from
Cross River Bank (an FDIC-member bank) for embedded finance and
Banking-as-a-Service - deposit accounts, ACH, wires, instant payments
(RTP / FedNow / CRNow), card issuing and management, lending, and customer
management (KYC / onboarding). COS is organized around REST with
object-oriented URLs and JSON responses, and uses OAuth 2.0 (client
credentials grant) to issue a signed JWT Bearer access token that must be
sent on every request.
ACCESS MODEL: Cross River is a regulated bank and COS access is
partner/enterprise-gated. Programs are onboarded via Cross River sales and a
relationship manager, who provision client_id / client_secret credentials
for the sandbox (https://sandbox.crbcos.com) and, after go-live, for
production. The public production base URL is not published in the open
documentation.
GROUNDING NOTE: The paths, methods, and module base URLs in this document
are grounded in the public Cross River developer documentation at
docs.crossriver.com (as of 2026-07-12). Because the live sandbox is
credential-gated, request and response BODY SCHEMAS below are MODELED
representative structures, not copied from the credential-gated OpenAPI /
Postman collection Cross River shares with onboarded partners. Verify exact
field names and required properties against the official reference and the
partner-provided collection.
version: '1.0'
contact:
name: Cross River
url: https://www.crossriver.com/
license:
name: Proprietary
url: https://www.crossriver.com/
servers:
- url: https://sandbox.crbcos.com
description: >-
COS sandbox host for the core modules (Core, ACH, Wires, RTP, Cards, etc.).
Requires partner-provisioned OAuth2 credentials. Production host is issued
separately during go-live and is not publicly documented.
- url: https://arixapisandbox.crbnj.net
description: Lending / loan origination sandbox host (separate from the core COS host).
security:
- oauth2ClientCredentials: []
tags:
- name: Customer Management
description: Customer records, KYC, and onboarding (COS Core module, /core/v1/cm).
- name: Accounts
description: Deposit accounts and subledgers (COS Core module, /core/v1/dda).
- name: ACH
description: ACH origination and receipt (COS Payments, /ach).
- name: Wires
description: Domestic wire transfers and drawdowns (COS Payments, /wires).
- name: Instant Payments
description: RTP, FedNow, and CRNow instant payments (COS Payments, /rtp).
- name: Cards
description: Debit card issuing and management (COS Card Management, /cardmanagement).
- name: Lending
description: Loan origination and servicing (separate lending host).
paths:
/core/v1/cm/customers:
post:
operationId: createCustomer
tags:
- Customer Management
summary: Create a customer
description: >-
Creates a personal or business customer record used for KYC / onboarding.
A customer record is required before opening deposit accounts or issuing
cards. MODELED request body.
requestBody:
required: true
content:
application/json:
schema:
$ref: '#/components/schemas/CustomerInput'
responses:
'200':
description: The created customer.
content:
application/json:
schema:
$ref: '#/components/schemas/Customer'
'401':
$ref: '#/components/responses/Unauthorized'
'422':
$ref: '#/components/responses/ValidationError'
/core/v1/cm/customers/{id}:
parameters:
- $ref: '#/components/parameters/Id'
get:
operationId: getCustomer
tags:
- Customer Management
summary: Retrieve a customer
description: Retrieves a customer record by its ID.
responses:
'200':
description: The requested customer.
content:
application/json:
schema:
$ref: '#/components/schemas/Customer'
'401':
$ref: '#/components/responses/Unauthorized'
'404':
$ref: '#/components/responses/NotFound'
delete:
operationId: deactivateCustomer
tags:
- Customer Management
summary: Deactivate a customer
description: Deactivates (soft-deletes) a customer record.
responses:
'200':
description: Deactivation confirmation.
content:
application/json:
schema:
$ref: '#/components/schemas/StatusResponse'
'401':
$ref: '#/components/responses/Unauthorized'
'404':
$ref: '#/components/responses/NotFound'
/core/v1/cm/customers/{customerId}/beneficial-owners:
parameters:
- $ref: '#/components/parameters/CustomerId'
post:
operationId: addBeneficialOwner
tags:
- Customer Management
summary: Add a beneficial owner
description: Adds a beneficial owner to a business customer. MODELED request body.
requestBody:
required: true
content:
application/json:
schema:
type: object
additionalProperties: true
responses:
'200':
description: The updated customer.
content:
application/json:
schema:
$ref: '#/components/schemas/Customer'
'401':
$ref: '#/components/responses/Unauthorized'
/core/v1/cm/customers/{customerId}/identifications:
parameters:
- $ref: '#/components/parameters/CustomerId'
post:
operationId: addIdentification
tags:
- Customer Management
summary: Add an identification
description: Adds an identification document (e.g. SSN, passport) to a customer. MODELED request body.
requestBody:
required: true
content:
application/json:
schema:
type: object
additionalProperties: true
responses:
'200':
description: The updated customer.
content:
application/json:
schema:
$ref: '#/components/schemas/Customer'
'401':
$ref: '#/components/responses/Unauthorized'
/core/v1/dda/accounts:
post:
operationId: createAccount
tags:
- Accounts
summary: Open a deposit account
description: Creates a deposit account (DDA) based on a product ID for a customer. MODELED request body.
requestBody:
required: true
content:
application/json:
schema:
$ref: '#/components/schemas/AccountInput'
responses:
'200':
description: The created account.
content:
application/json:
schema:
$ref: '#/components/schemas/Account'
'401':
$ref: '#/components/responses/Unauthorized'
'422':
$ref: '#/components/responses/ValidationError'
/core/v1/dda/accounts/{accountNumber}/restrictions:
parameters:
- $ref: '#/components/parameters/AccountNumber'
post:
operationId: addAccountRestriction
tags:
- Accounts
summary: Restrict an account
description: Applies a restriction (e.g. hold, freeze) to a deposit account. MODELED request body.
requestBody:
required: true
content:
application/json:
schema:
type: object
additionalProperties: true
responses:
'200':
description: Restriction confirmation.
content:
application/json:
schema:
$ref: '#/components/schemas/StatusResponse'
'401':
$ref: '#/components/responses/Unauthorized'
/core/v1/dda/accounts/{accountNumber}/statements:
parameters:
- $ref: '#/components/parameters/AccountNumber'
get:
operationId: listAccountStatements
tags:
- Accounts
summary: List account statements
description: Retrieves statement information for a deposit account.
responses:
'200':
description: A list of statements.
content:
application/json:
schema:
type: object
properties:
data:
type: array
items:
type: object
additionalProperties: true
'401':
$ref: '#/components/responses/Unauthorized'
/ach/v1/payments:
post:
operationId: sendAchPayment
tags:
- ACH
summary: Send an ACH payment
description: >-
Originates a single ACH payment over the Federal Reserve ACH network.
Supports standard and same-day ACH. An idempotency-key header is
recommended to safely retry. MODELED request body.
parameters:
- $ref: '#/components/parameters/IdempotencyKey'
requestBody:
required: true
content:
application/json:
schema:
$ref: '#/components/schemas/AchPaymentInput'
responses:
'200':
description: The created ACH payment.
content:
application/json:
schema:
$ref: '#/components/schemas/Payment'
'401':
$ref: '#/components/responses/Unauthorized'
'422':
$ref: '#/components/responses/ValidationError'
/wires/v1/payments:
post:
operationId: sendWirePayment
tags:
- Wires
summary: Send a wire transfer
description: Sends a single domestic wire transfer payment. MODELED request body.
parameters:
- $ref: '#/components/parameters/IdempotencyKey'
requestBody:
required: true
content:
application/json:
schema:
$ref: '#/components/schemas/WirePaymentInput'
responses:
'200':
description: The created wire payment.
content:
application/json:
schema:
$ref: '#/components/schemas/Payment'
'401':
$ref: '#/components/responses/Unauthorized'
'422':
$ref: '#/components/responses/ValidationError'
/wires/v1/payments/{id}/cancel:
parameters:
- $ref: '#/components/parameters/Id'
post:
operationId: cancelWirePayment
tags:
- Wires
summary: Cancel a wire transfer
description: Cancels a wire transfer payment by ID.
responses:
'200':
description: Cancellation confirmation.
content:
application/json:
schema:
$ref: '#/components/schemas/StatusResponse'
'401':
$ref: '#/components/responses/Unauthorized'
'404':
$ref: '#/components/responses/NotFound'
/rtp/v1/payments:
post:
operationId: sendInstantPayment
tags:
- Instant Payments
summary: Send an instant payment
description: >-
Initiates a single instant payment (credit transfer) over CRNow, RTP
(The Clearing House), or FedNow, depending on the receiving bank's
supported networks. MODELED request body.
parameters:
- $ref: '#/components/parameters/IdempotencyKey'
requestBody:
required: true
content:
application/json:
schema:
$ref: '#/components/schemas/InstantPaymentInput'
responses:
'200':
description: The created instant payment.
content:
application/json:
schema:
$ref: '#/components/schemas/Payment'
'401':
$ref: '#/components/responses/Unauthorized'
'422':
$ref: '#/components/responses/ValidationError'
/rtp/v1/directory:
get:
operationId: getInstantPaymentDirectory
tags:
- Instant Payments
summary: Get supported instant-payment services
description: >-
Retrieves a list of instant-payment-related services supported by a
specific financial institution (routing number), used to check whether a
receiving bank supports RTP and/or FedNow before sending.
parameters:
- name: routingNumber
in: query
required: false
description: ABA routing number of the financial institution to query.
schema:
type: string
responses:
'200':
description: Supported services for the institution.
content:
application/json:
schema:
type: object
additionalProperties: true
'401':
$ref: '#/components/responses/Unauthorized'
/cardmanagement/v1/cards:
get:
operationId: listCards
tags:
- Cards
summary: List cards
description: Returns details about cards matching the supplied filters.
responses:
'200':
description: A list of cards.
content:
application/json:
schema:
type: object
properties:
data:
type: array
items:
$ref: '#/components/schemas/Card'
'401':
$ref: '#/components/responses/Unauthorized'
post:
operationId: createCard
tags:
- Cards
summary: Create a card
description: Requests creation of a new debit card for a customer/account. MODELED request body.
requestBody:
required: true
content:
application/json:
schema:
$ref: '#/components/schemas/CardInput'
responses:
'200':
description: The created card.
content:
application/json:
schema:
$ref: '#/components/schemas/Card'
'401':
$ref: '#/components/responses/Unauthorized'
'422':
$ref: '#/components/responses/ValidationError'
/cardmanagement/v1/cards/{id}:
parameters:
- $ref: '#/components/parameters/Id'
get:
operationId: getCard
tags:
- Cards
summary: Get a card
description: Returns the details of a specific debit card by its ID.
responses:
'200':
description: The requested card.
content:
application/json:
schema:
$ref: '#/components/schemas/Card'
'401':
$ref: '#/components/responses/Unauthorized'
'404':
$ref: '#/components/responses/NotFound'
/cardmanagement/v1/cards/{id}/activate:
parameters:
- $ref: '#/components/parameters/Id'
post:
operationId: activateCard
tags:
- Cards
summary: Activate a card
description: Activates a card for a customer (the preferred way to activate a card).
responses:
'200':
description: Activation confirmation.
content:
application/json:
schema:
$ref: '#/components/schemas/Card'
'401':
$ref: '#/components/responses/Unauthorized'
'404':
$ref: '#/components/responses/NotFound'
/cardmanagement/v1/cards/{id}/suspend:
parameters:
- $ref: '#/components/parameters/Id'
post:
operationId: suspendCard
tags:
- Cards
summary: Suspend a card
description: Suspends a card by ID.
responses:
'200':
description: Suspend confirmation.
content:
application/json:
schema:
$ref: '#/components/schemas/Card'
'401':
$ref: '#/components/responses/Unauthorized'
'404':
$ref: '#/components/responses/NotFound'
/cardmanagement/v1/cards/{id}/close:
parameters:
- $ref: '#/components/parameters/Id'
post:
operationId: closeCard
tags:
- Cards
summary: Close a card
description: Permanently deactivates a card. Closed cards cannot be reactivated.
responses:
'200':
description: Close confirmation.
content:
application/json:
schema:
$ref: '#/components/schemas/Card'
'401':
$ref: '#/components/responses/Unauthorized'
'404':
$ref: '#/components/responses/NotFound'
/loan:
post:
operationId: addLoan
tags:
- Lending
summary: Add a loan
description: >-
Creates a loan record in the lending system. Served from the separate
lending host (arixapisandbox.crbnj.net in sandbox) with its own OAuth
server. MODELED request body.
requestBody:
required: true
content:
application/json:
schema:
type: object
additionalProperties: true
responses:
'200':
description: The created loan.
content:
application/json:
schema:
$ref: '#/components/schemas/Loan'
'401':
$ref: '#/components/responses/Unauthorized'
/loandetail/{id}:
parameters:
- $ref: '#/components/parameters/Id'
get:
operationId: getLoanDetail
tags:
- Lending
summary: Get loan details
description: Retrieves the details of a loan by its ID.
responses:
'200':
description: The requested loan.
content:
application/json:
schema:
$ref: '#/components/schemas/Loan'
'401':
$ref: '#/components/responses/Unauthorized'
'404':
$ref: '#/components/responses/NotFound'
/loan/{id}/fundinginfo:
parameters:
- $ref: '#/components/parameters/Id'
put:
operationId: requestLoanFundingRails
tags:
- Lending
summary: Request loan funding rails
description: Requests new payment rails for funding a loan. MODELED request body.
requestBody:
required: true
content:
application/json:
schema:
type: object
additionalProperties: true
responses:
'200':
description: The updated loan funding info.
content:
application/json:
schema:
$ref: '#/components/schemas/Loan'
'401':
$ref: '#/components/responses/Unauthorized'
'404':
$ref: '#/components/responses/NotFound'
components:
securitySchemes:
oauth2ClientCredentials:
type: oauth2
description: >-
OAuth 2.0 client credentials grant. POST client_id, client_secret and
grant_type=client_credentials to the COS identity provider token
endpoint (sandbox: https://idptest.crbcos.com/connect/token; lending
uses https://oauthtest.crbnj.net/connect/token). The response is a signed
JWT that must be sent as `Authorization: Bearer <token>` on every request.
flows:
clientCredentials:
tokenUrl: https://idptest.crbcos.com/connect/token
scopes: {}
parameters:
Id:
name: id
in: path
required: true
description: The unique identifier of the resource.
schema:
type: string
CustomerId:
name: customerId
in: path
required: true
description: The unique identifier of the customer.
schema:
type: string
AccountNumber:
name: accountNumber
in: path
required: true
description: The deposit account number.
schema:
type: string
IdempotencyKey:
name: idempotency-key
in: header
required: false
description: A client-generated UUID used to safely retry a request without duplicating it.
schema:
type: string
format: uuid
responses:
Unauthorized:
description: Missing or invalid Bearer token.
content:
application/json:
schema:
$ref: '#/components/schemas/Error'
NotFound:
description: The requested resource was not found.
content:
application/json:
schema:
$ref: '#/components/schemas/Error'
ValidationError:
description: The request payload failed validation.
content:
application/json:
schema:
$ref: '#/components/schemas/Error'
schemas:
Error:
type: object
properties:
error:
type: object
properties:
code:
type: string
message:
type: string
details:
type: object
additionalProperties: true
StatusResponse:
type: object
properties:
id:
type: string
status:
type: string
CustomerInput:
type: object
description: MODELED. Verify required fields against the official reference.
required:
- type
properties:
type:
type: string
enum:
- personal
- business
firstName:
type: string
lastName:
type: string
legalName:
type: string
description: Legal name for a business customer.
email:
type: string
format: email
Customer:
allOf:
- $ref: '#/components/schemas/CustomerInput'
- type: object
properties:
id:
type: string
status:
type: string
AccountInput:
type: object
description: MODELED. Verify required fields against the official reference.
required:
- productId
- customerId
properties:
productId:
type: string
description: The deposit product to open the account under.
customerId:
type: string
currency:
type: string
default: USD
Account:
allOf:
- $ref: '#/components/schemas/AccountInput'
- type: object
properties:
accountNumber:
type: string
status:
type: string
availableBalance:
type: number
AchPaymentInput:
type: object
description: MODELED. Verify required fields against the official reference.
required:
- amount
- accountNumber
properties:
amount:
type: number
currency:
type: string
default: USD
accountNumber:
type: string
description: The funding account number.
counterparty:
type: object
additionalProperties: true
sameDay:
type: boolean
secCode:
type: string
description: Standard Entry Class code (e.g. PPD, CCD, WEB).
WirePaymentInput:
type: object
description: MODELED. Verify required fields against the official reference.
required:
- amount
- accountNumber
properties:
amount:
type: number
currency:
type: string
default: USD
accountNumber:
type: string
beneficiary:
type: object
additionalProperties: true
InstantPaymentInput:
type: object
description: MODELED. Verify required fields against the official reference.
required:
- amount
- accountNumber
properties:
amount:
type: number
currency:
type: string
default: USD
accountNumber:
type: string
description: The funding account number.
creditorAccountNumber:
type: string
creditorRoutingNumber:
type: string
network:
type: string
enum:
- CRNow
- RTP
- FedNow
Payment:
type: object
properties:
id:
type: string
status:
type: string
amount:
type: number
currency:
type: string
createdAt:
type: string
format: date-time
CardInput:
type: object
description: MODELED. Verify required fields against the official reference.
required:
- customerId
- accountNumber
properties:
customerId:
type: string
accountNumber:
type: string
cardType:
type: string
enum:
- physical
- virtual
Card:
allOf:
- $ref: '#/components/schemas/CardInput'
- type: object
properties:
id:
type: string
status:
type: string
last4:
type: string
Loan:
type: object
properties:
id:
type: string
status:
type: string
amount:
type: number
currency:
type: string