Cross River Wires API

Send domestic wire transfer payments, cancel wires, and handle drawdown requests and responses (request an inbound wire and respond to one). Part of the COS Payments module.

OpenAPI Specification

cross-river-openapi.yml Raw ↑
openapi: 3.0.3
info:
  title: Cross River Operating System (COS) API
  description: >-
    The Cross River Operating System (COS) is a collection of RESTful APIs from
    Cross River Bank (an FDIC-member bank) for embedded finance and
    Banking-as-a-Service - deposit accounts, ACH, wires, instant payments
    (RTP / FedNow / CRNow), card issuing and management, lending, and customer
    management (KYC / onboarding). COS is organized around REST with
    object-oriented URLs and JSON responses, and uses OAuth 2.0 (client
    credentials grant) to issue a signed JWT Bearer access token that must be
    sent on every request.

    ACCESS MODEL: Cross River is a regulated bank and COS access is
    partner/enterprise-gated. Programs are onboarded via Cross River sales and a
    relationship manager, who provision client_id / client_secret credentials
    for the sandbox (https://sandbox.crbcos.com) and, after go-live, for
    production. The public production base URL is not published in the open
    documentation.

    GROUNDING NOTE: The paths, methods, and module base URLs in this document
    are grounded in the public Cross River developer documentation at
    docs.crossriver.com (as of 2026-07-12). Because the live sandbox is
    credential-gated, request and response BODY SCHEMAS below are MODELED
    representative structures, not copied from the credential-gated OpenAPI /
    Postman collection Cross River shares with onboarded partners. Verify exact
    field names and required properties against the official reference and the
    partner-provided collection.
  version: '1.0'
  contact:
    name: Cross River
    url: https://www.crossriver.com/
  license:
    name: Proprietary
    url: https://www.crossriver.com/
servers:
  - url: https://sandbox.crbcos.com
    description: >-
      COS sandbox host for the core modules (Core, ACH, Wires, RTP, Cards, etc.).
      Requires partner-provisioned OAuth2 credentials. Production host is issued
      separately during go-live and is not publicly documented.
  - url: https://arixapisandbox.crbnj.net
    description: Lending / loan origination sandbox host (separate from the core COS host).
security:
  - oauth2ClientCredentials: []
tags:
  - name: Customer Management
    description: Customer records, KYC, and onboarding (COS Core module, /core/v1/cm).
  - name: Accounts
    description: Deposit accounts and subledgers (COS Core module, /core/v1/dda).
  - name: ACH
    description: ACH origination and receipt (COS Payments, /ach).
  - name: Wires
    description: Domestic wire transfers and drawdowns (COS Payments, /wires).
  - name: Instant Payments
    description: RTP, FedNow, and CRNow instant payments (COS Payments, /rtp).
  - name: Cards
    description: Debit card issuing and management (COS Card Management, /cardmanagement).
  - name: Lending
    description: Loan origination and servicing (separate lending host).
paths:
  /core/v1/cm/customers:
    post:
      operationId: createCustomer
      tags:
        - Customer Management
      summary: Create a customer
      description: >-
        Creates a personal or business customer record used for KYC / onboarding.
        A customer record is required before opening deposit accounts or issuing
        cards. MODELED request body.
      requestBody:
        required: true
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/CustomerInput'
      responses:
        '200':
          description: The created customer.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/Customer'
        '401':
          $ref: '#/components/responses/Unauthorized'
        '422':
          $ref: '#/components/responses/ValidationError'
  /core/v1/cm/customers/{id}:
    parameters:
      - $ref: '#/components/parameters/Id'
    get:
      operationId: getCustomer
      tags:
        - Customer Management
      summary: Retrieve a customer
      description: Retrieves a customer record by its ID.
      responses:
        '200':
          description: The requested customer.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/Customer'
        '401':
          $ref: '#/components/responses/Unauthorized'
        '404':
          $ref: '#/components/responses/NotFound'
    delete:
      operationId: deactivateCustomer
      tags:
        - Customer Management
      summary: Deactivate a customer
      description: Deactivates (soft-deletes) a customer record.
      responses:
        '200':
          description: Deactivation confirmation.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/StatusResponse'
        '401':
          $ref: '#/components/responses/Unauthorized'
        '404':
          $ref: '#/components/responses/NotFound'
  /core/v1/cm/customers/{customerId}/beneficial-owners:
    parameters:
      - $ref: '#/components/parameters/CustomerId'
    post:
      operationId: addBeneficialOwner
      tags:
        - Customer Management
      summary: Add a beneficial owner
      description: Adds a beneficial owner to a business customer. MODELED request body.
      requestBody:
        required: true
        content:
          application/json:
            schema:
              type: object
              additionalProperties: true
      responses:
        '200':
          description: The updated customer.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/Customer'
        '401':
          $ref: '#/components/responses/Unauthorized'
  /core/v1/cm/customers/{customerId}/identifications:
    parameters:
      - $ref: '#/components/parameters/CustomerId'
    post:
      operationId: addIdentification
      tags:
        - Customer Management
      summary: Add an identification
      description: Adds an identification document (e.g. SSN, passport) to a customer. MODELED request body.
      requestBody:
        required: true
        content:
          application/json:
            schema:
              type: object
              additionalProperties: true
      responses:
        '200':
          description: The updated customer.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/Customer'
        '401':
          $ref: '#/components/responses/Unauthorized'
  /core/v1/dda/accounts:
    post:
      operationId: createAccount
      tags:
        - Accounts
      summary: Open a deposit account
      description: Creates a deposit account (DDA) based on a product ID for a customer. MODELED request body.
      requestBody:
        required: true
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/AccountInput'
      responses:
        '200':
          description: The created account.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/Account'
        '401':
          $ref: '#/components/responses/Unauthorized'
        '422':
          $ref: '#/components/responses/ValidationError'
  /core/v1/dda/accounts/{accountNumber}/restrictions:
    parameters:
      - $ref: '#/components/parameters/AccountNumber'
    post:
      operationId: addAccountRestriction
      tags:
        - Accounts
      summary: Restrict an account
      description: Applies a restriction (e.g. hold, freeze) to a deposit account. MODELED request body.
      requestBody:
        required: true
        content:
          application/json:
            schema:
              type: object
              additionalProperties: true
      responses:
        '200':
          description: Restriction confirmation.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/StatusResponse'
        '401':
          $ref: '#/components/responses/Unauthorized'
  /core/v1/dda/accounts/{accountNumber}/statements:
    parameters:
      - $ref: '#/components/parameters/AccountNumber'
    get:
      operationId: listAccountStatements
      tags:
        - Accounts
      summary: List account statements
      description: Retrieves statement information for a deposit account.
      responses:
        '200':
          description: A list of statements.
          content:
            application/json:
              schema:
                type: object
                properties:
                  data:
                    type: array
                    items:
                      type: object
                      additionalProperties: true
        '401':
          $ref: '#/components/responses/Unauthorized'
  /ach/v1/payments:
    post:
      operationId: sendAchPayment
      tags:
        - ACH
      summary: Send an ACH payment
      description: >-
        Originates a single ACH payment over the Federal Reserve ACH network.
        Supports standard and same-day ACH. An idempotency-key header is
        recommended to safely retry. MODELED request body.
      parameters:
        - $ref: '#/components/parameters/IdempotencyKey'
      requestBody:
        required: true
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/AchPaymentInput'
      responses:
        '200':
          description: The created ACH payment.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/Payment'
        '401':
          $ref: '#/components/responses/Unauthorized'
        '422':
          $ref: '#/components/responses/ValidationError'
  /wires/v1/payments:
    post:
      operationId: sendWirePayment
      tags:
        - Wires
      summary: Send a wire transfer
      description: Sends a single domestic wire transfer payment. MODELED request body.
      parameters:
        - $ref: '#/components/parameters/IdempotencyKey'
      requestBody:
        required: true
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/WirePaymentInput'
      responses:
        '200':
          description: The created wire payment.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/Payment'
        '401':
          $ref: '#/components/responses/Unauthorized'
        '422':
          $ref: '#/components/responses/ValidationError'
  /wires/v1/payments/{id}/cancel:
    parameters:
      - $ref: '#/components/parameters/Id'
    post:
      operationId: cancelWirePayment
      tags:
        - Wires
      summary: Cancel a wire transfer
      description: Cancels a wire transfer payment by ID.
      responses:
        '200':
          description: Cancellation confirmation.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/StatusResponse'
        '401':
          $ref: '#/components/responses/Unauthorized'
        '404':
          $ref: '#/components/responses/NotFound'
  /rtp/v1/payments:
    post:
      operationId: sendInstantPayment
      tags:
        - Instant Payments
      summary: Send an instant payment
      description: >-
        Initiates a single instant payment (credit transfer) over CRNow, RTP
        (The Clearing House), or FedNow, depending on the receiving bank's
        supported networks. MODELED request body.
      parameters:
        - $ref: '#/components/parameters/IdempotencyKey'
      requestBody:
        required: true
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/InstantPaymentInput'
      responses:
        '200':
          description: The created instant payment.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/Payment'
        '401':
          $ref: '#/components/responses/Unauthorized'
        '422':
          $ref: '#/components/responses/ValidationError'
  /rtp/v1/directory:
    get:
      operationId: getInstantPaymentDirectory
      tags:
        - Instant Payments
      summary: Get supported instant-payment services
      description: >-
        Retrieves a list of instant-payment-related services supported by a
        specific financial institution (routing number), used to check whether a
        receiving bank supports RTP and/or FedNow before sending.
      parameters:
        - name: routingNumber
          in: query
          required: false
          description: ABA routing number of the financial institution to query.
          schema:
            type: string
      responses:
        '200':
          description: Supported services for the institution.
          content:
            application/json:
              schema:
                type: object
                additionalProperties: true
        '401':
          $ref: '#/components/responses/Unauthorized'
  /cardmanagement/v1/cards:
    get:
      operationId: listCards
      tags:
        - Cards
      summary: List cards
      description: Returns details about cards matching the supplied filters.
      responses:
        '200':
          description: A list of cards.
          content:
            application/json:
              schema:
                type: object
                properties:
                  data:
                    type: array
                    items:
                      $ref: '#/components/schemas/Card'
        '401':
          $ref: '#/components/responses/Unauthorized'
    post:
      operationId: createCard
      tags:
        - Cards
      summary: Create a card
      description: Requests creation of a new debit card for a customer/account. MODELED request body.
      requestBody:
        required: true
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/CardInput'
      responses:
        '200':
          description: The created card.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/Card'
        '401':
          $ref: '#/components/responses/Unauthorized'
        '422':
          $ref: '#/components/responses/ValidationError'
  /cardmanagement/v1/cards/{id}:
    parameters:
      - $ref: '#/components/parameters/Id'
    get:
      operationId: getCard
      tags:
        - Cards
      summary: Get a card
      description: Returns the details of a specific debit card by its ID.
      responses:
        '200':
          description: The requested card.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/Card'
        '401':
          $ref: '#/components/responses/Unauthorized'
        '404':
          $ref: '#/components/responses/NotFound'
  /cardmanagement/v1/cards/{id}/activate:
    parameters:
      - $ref: '#/components/parameters/Id'
    post:
      operationId: activateCard
      tags:
        - Cards
      summary: Activate a card
      description: Activates a card for a customer (the preferred way to activate a card).
      responses:
        '200':
          description: Activation confirmation.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/Card'
        '401':
          $ref: '#/components/responses/Unauthorized'
        '404':
          $ref: '#/components/responses/NotFound'
  /cardmanagement/v1/cards/{id}/suspend:
    parameters:
      - $ref: '#/components/parameters/Id'
    post:
      operationId: suspendCard
      tags:
        - Cards
      summary: Suspend a card
      description: Suspends a card by ID.
      responses:
        '200':
          description: Suspend confirmation.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/Card'
        '401':
          $ref: '#/components/responses/Unauthorized'
        '404':
          $ref: '#/components/responses/NotFound'
  /cardmanagement/v1/cards/{id}/close:
    parameters:
      - $ref: '#/components/parameters/Id'
    post:
      operationId: closeCard
      tags:
        - Cards
      summary: Close a card
      description: Permanently deactivates a card. Closed cards cannot be reactivated.
      responses:
        '200':
          description: Close confirmation.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/Card'
        '401':
          $ref: '#/components/responses/Unauthorized'
        '404':
          $ref: '#/components/responses/NotFound'
  /loan:
    post:
      operationId: addLoan
      tags:
        - Lending
      summary: Add a loan
      description: >-
        Creates a loan record in the lending system. Served from the separate
        lending host (arixapisandbox.crbnj.net in sandbox) with its own OAuth
        server. MODELED request body.
      requestBody:
        required: true
        content:
          application/json:
            schema:
              type: object
              additionalProperties: true
      responses:
        '200':
          description: The created loan.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/Loan'
        '401':
          $ref: '#/components/responses/Unauthorized'
  /loandetail/{id}:
    parameters:
      - $ref: '#/components/parameters/Id'
    get:
      operationId: getLoanDetail
      tags:
        - Lending
      summary: Get loan details
      description: Retrieves the details of a loan by its ID.
      responses:
        '200':
          description: The requested loan.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/Loan'
        '401':
          $ref: '#/components/responses/Unauthorized'
        '404':
          $ref: '#/components/responses/NotFound'
  /loan/{id}/fundinginfo:
    parameters:
      - $ref: '#/components/parameters/Id'
    put:
      operationId: requestLoanFundingRails
      tags:
        - Lending
      summary: Request loan funding rails
      description: Requests new payment rails for funding a loan. MODELED request body.
      requestBody:
        required: true
        content:
          application/json:
            schema:
              type: object
              additionalProperties: true
      responses:
        '200':
          description: The updated loan funding info.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/Loan'
        '401':
          $ref: '#/components/responses/Unauthorized'
        '404':
          $ref: '#/components/responses/NotFound'
components:
  securitySchemes:
    oauth2ClientCredentials:
      type: oauth2
      description: >-
        OAuth 2.0 client credentials grant. POST client_id, client_secret and
        grant_type=client_credentials to the COS identity provider token
        endpoint (sandbox: https://idptest.crbcos.com/connect/token; lending
        uses https://oauthtest.crbnj.net/connect/token). The response is a signed
        JWT that must be sent as `Authorization: Bearer <token>` on every request.
      flows:
        clientCredentials:
          tokenUrl: https://idptest.crbcos.com/connect/token
          scopes: {}
  parameters:
    Id:
      name: id
      in: path
      required: true
      description: The unique identifier of the resource.
      schema:
        type: string
    CustomerId:
      name: customerId
      in: path
      required: true
      description: The unique identifier of the customer.
      schema:
        type: string
    AccountNumber:
      name: accountNumber
      in: path
      required: true
      description: The deposit account number.
      schema:
        type: string
    IdempotencyKey:
      name: idempotency-key
      in: header
      required: false
      description: A client-generated UUID used to safely retry a request without duplicating it.
      schema:
        type: string
        format: uuid
  responses:
    Unauthorized:
      description: Missing or invalid Bearer token.
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/Error'
    NotFound:
      description: The requested resource was not found.
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/Error'
    ValidationError:
      description: The request payload failed validation.
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/Error'
  schemas:
    Error:
      type: object
      properties:
        error:
          type: object
          properties:
            code:
              type: string
            message:
              type: string
            details:
              type: object
              additionalProperties: true
    StatusResponse:
      type: object
      properties:
        id:
          type: string
        status:
          type: string
    CustomerInput:
      type: object
      description: MODELED. Verify required fields against the official reference.
      required:
        - type
      properties:
        type:
          type: string
          enum:
            - personal
            - business
        firstName:
          type: string
        lastName:
          type: string
        legalName:
          type: string
          description: Legal name for a business customer.
        email:
          type: string
          format: email
    Customer:
      allOf:
        - $ref: '#/components/schemas/CustomerInput'
        - type: object
          properties:
            id:
              type: string
            status:
              type: string
    AccountInput:
      type: object
      description: MODELED. Verify required fields against the official reference.
      required:
        - productId
        - customerId
      properties:
        productId:
          type: string
          description: The deposit product to open the account under.
        customerId:
          type: string
        currency:
          type: string
          default: USD
    Account:
      allOf:
        - $ref: '#/components/schemas/AccountInput'
        - type: object
          properties:
            accountNumber:
              type: string
            status:
              type: string
            availableBalance:
              type: number
    AchPaymentInput:
      type: object
      description: MODELED. Verify required fields against the official reference.
      required:
        - amount
        - accountNumber
      properties:
        amount:
          type: number
        currency:
          type: string
          default: USD
        accountNumber:
          type: string
          description: The funding account number.
        counterparty:
          type: object
          additionalProperties: true
        sameDay:
          type: boolean
        secCode:
          type: string
          description: Standard Entry Class code (e.g. PPD, CCD, WEB).
    WirePaymentInput:
      type: object
      description: MODELED. Verify required fields against the official reference.
      required:
        - amount
        - accountNumber
      properties:
        amount:
          type: number
        currency:
          type: string
          default: USD
        accountNumber:
          type: string
        beneficiary:
          type: object
          additionalProperties: true
    InstantPaymentInput:
      type: object
      description: MODELED. Verify required fields against the official reference.
      required:
        - amount
        - accountNumber
      properties:
        amount:
          type: number
        currency:
          type: string
          default: USD
        accountNumber:
          type: string
          description: The funding account number.
        creditorAccountNumber:
          type: string
        creditorRoutingNumber:
          type: string
        network:
          type: string
          enum:
            - CRNow
            - RTP
            - FedNow
    Payment:
      type: object
      properties:
        id:
          type: string
        status:
          type: string
        amount:
          type: number
        currency:
          type: string
        createdAt:
          type: string
          format: date-time
    CardInput:
      type: object
      description: MODELED. Verify required fields against the official reference.
      required:
        - customerId
        - accountNumber
      properties:
        customerId:
          type: string
        accountNumber:
          type: string
        cardType:
          type: string
          enum:
            - physical
            - virtual
    Card:
      allOf:
        - $ref: '#/components/schemas/CardInput'
        - type: object
          properties:
            id:
              type: string
            status:
              type: string
            last4:
              type: string
    Loan:
      type: object
      properties:
        id:
          type: string
        status:
          type: string
        amount:
          type: number
        currency:
          type: string