Cross River Wires API
Send domestic wire transfer payments, cancel wires, and handle drawdown requests and responses (request an inbound wire and respond to one). Part of the COS Payments module.
Send domestic wire transfer payments, cancel wires, and handle drawdown requests and responses (request an inbound wire and respond to one). Part of the COS Payments module.
openapi: 3.0.3
info:
title: Cross River Operating System (COS) API
description: >-
The Cross River Operating System (COS) is a collection of RESTful APIs from
Cross River Bank (an FDIC-member bank) for embedded finance and
Banking-as-a-Service - deposit accounts, ACH, wires, instant payments
(RTP / FedNow / CRNow), card issuing and management, lending, and customer
management (KYC / onboarding). COS is organized around REST with
object-oriented URLs and JSON responses, and uses OAuth 2.0 (client
credentials grant) to issue a signed JWT Bearer access token that must be
sent on every request.
ACCESS MODEL: Cross River is a regulated bank and COS access is
partner/enterprise-gated. Programs are onboarded via Cross River sales and a
relationship manager, who provision client_id / client_secret credentials
for the sandbox (https://sandbox.crbcos.com) and, after go-live, for
production. The public production base URL is not published in the open
documentation.
GROUNDING NOTE: The paths, methods, and module base URLs in this document
are grounded in the public Cross River developer documentation at
docs.crossriver.com (as of 2026-07-12). Because the live sandbox is
credential-gated, request and response BODY SCHEMAS below are MODELED
representative structures, not copied from the credential-gated OpenAPI /
Postman collection Cross River shares with onboarded partners. Verify exact
field names and required properties against the official reference and the
partner-provided collection.
version: '1.0'
contact:
name: Cross River
url: https://www.crossriver.com/
license:
name: Proprietary
url: https://www.crossriver.com/
servers:
- url: https://sandbox.crbcos.com
description: >-
COS sandbox host for the core modules (Core, ACH, Wires, RTP, Cards, etc.).
Requires partner-provisioned OAuth2 credentials. Production host is issued
separately during go-live and is not publicly documented.
- url: https://arixapisandbox.crbnj.net
description: Lending / loan origination sandbox host (separate from the core COS host).
security:
- oauth2ClientCredentials: []
tags:
- name: Customer Management
description: Customer records, KYC, and onboarding (COS Core module, /core/v1/cm).
- name: Accounts
description: Deposit accounts and subledgers (COS Core module, /core/v1/dda).
- name: ACH
description: ACH origination and receipt (COS Payments, /ach).
- name: Wires
description: Domestic wire transfers and drawdowns (COS Payments, /wires).
- name: Instant Payments
description: RTP, FedNow, and CRNow instant payments (COS Payments, /rtp).
- name: Cards
description: Debit card issuing and management (COS Card Management, /cardmanagement).
- name: Lending
description: Loan origination and servicing (separate lending host).
paths:
/core/v1/cm/customers:
post:
operationId: createCustomer
tags:
- Customer Management
summary: Create a customer
description: >-
Creates a personal or business customer record used for KYC / onboarding.
A customer record is required before opening deposit accounts or issuing
cards. MODELED request body.
requestBody:
required: true
content:
application/json:
schema:
$ref: '#/components/schemas/CustomerInput'
responses:
'200':
description: The created customer.
content:
application/json:
schema:
$ref: '#/components/schemas/Customer'
'401':
$ref: '#/components/responses/Unauthorized'
'422':
$ref: '#/components/responses/ValidationError'
/core/v1/cm/customers/{id}:
parameters:
- $ref: '#/components/parameters/Id'
get:
operationId: getCustomer
tags:
- Customer Management
summary: Retrieve a customer
description: Retrieves a customer record by its ID.
responses:
'200':
description: The requested customer.
content:
application/json:
schema:
$ref: '#/components/schemas/Customer'
'401':
$ref: '#/components/responses/Unauthorized'
'404':
$ref: '#/components/responses/NotFound'
delete:
operationId: deactivateCustomer
tags:
- Customer Management
summary: Deactivate a customer
description: Deactivates (soft-deletes) a customer record.
responses:
'200':
description: Deactivation confirmation.
content:
application/json:
schema:
$ref: '#/components/schemas/StatusResponse'
'401':
$ref: '#/components/responses/Unauthorized'
'404':
$ref: '#/components/responses/NotFound'
/core/v1/cm/customers/{customerId}/beneficial-owners:
parameters:
- $ref: '#/components/parameters/CustomerId'
post:
operationId: addBeneficialOwner
tags:
- Customer Management
summary: Add a beneficial owner
description: Adds a beneficial owner to a business customer. MODELED request body.
requestBody:
required: true
content:
application/json:
schema:
type: object
additionalProperties: true
responses:
'200':
description: The updated customer.
content:
application/json:
schema:
$ref: '#/components/schemas/Customer'
'401':
$ref: '#/components/responses/Unauthorized'
/core/v1/cm/customers/{customerId}/identifications:
parameters:
- $ref: '#/components/parameters/CustomerId'
post:
operationId: addIdentification
tags:
- Customer Management
summary: Add an identification
description: Adds an identification document (e.g. SSN, passport) to a customer. MODELED request body.
requestBody:
required: true
content:
application/json:
schema:
type: object
additionalProperties: true
responses:
'200':
description: The updated customer.
content:
application/json:
schema:
$ref: '#/components/schemas/Customer'
'401':
$ref: '#/components/responses/Unauthorized'
/core/v1/dda/accounts:
post:
operationId: createAccount
tags:
- Accounts
summary: Open a deposit account
description: Creates a deposit account (DDA) based on a product ID for a customer. MODELED request body.
requestBody:
required: true
content:
application/json:
schema:
$ref: '#/components/schemas/AccountInput'
responses:
'200':
description: The created account.
content:
application/json:
schema:
$ref: '#/components/schemas/Account'
'401':
$ref: '#/components/responses/Unauthorized'
'422':
$ref: '#/components/responses/ValidationError'
/core/v1/dda/accounts/{accountNumber}/restrictions:
parameters:
- $ref: '#/components/parameters/AccountNumber'
post:
operationId: addAccountRestriction
tags:
- Accounts
summary: Restrict an account
description: Applies a restriction (e.g. hold, freeze) to a deposit account. MODELED request body.
requestBody:
required: true
content:
application/json:
schema:
type: object
additionalProperties: true
responses:
'200':
description: Restriction confirmation.
content:
application/json:
schema:
$ref: '#/components/schemas/StatusResponse'
'401':
$ref: '#/components/responses/Unauthorized'
/core/v1/dda/accounts/{accountNumber}/statements:
parameters:
- $ref: '#/components/parameters/AccountNumber'
get:
operationId: listAccountStatements
tags:
- Accounts
summary: List account statements
description: Retrieves statement information for a deposit account.
responses:
'200':
description: A list of statements.
content:
application/json:
schema:
type: object
properties:
data:
type: array
items:
type: object
additionalProperties: true
'401':
$ref: '#/components/responses/Unauthorized'
/ach/v1/payments:
post:
operationId: sendAchPayment
tags:
- ACH
summary: Send an ACH payment
description: >-
Originates a single ACH payment over the Federal Reserve ACH network.
Supports standard and same-day ACH. An idempotency-key header is
recommended to safely retry. MODELED request body.
parameters:
- $ref: '#/components/parameters/IdempotencyKey'
requestBody:
required: true
content:
application/json:
schema:
$ref: '#/components/schemas/AchPaymentInput'
responses:
'200':
description: The created ACH payment.
content:
application/json:
schema:
$ref: '#/components/schemas/Payment'
'401':
$ref: '#/components/responses/Unauthorized'
'422':
$ref: '#/components/responses/ValidationError'
/wires/v1/payments:
post:
operationId: sendWirePayment
tags:
- Wires
summary: Send a wire transfer
description: Sends a single domestic wire transfer payment. MODELED request body.
parameters:
- $ref: '#/components/parameters/IdempotencyKey'
requestBody:
required: true
content:
application/json:
schema:
$ref: '#/components/schemas/WirePaymentInput'
responses:
'200':
description: The created wire payment.
content:
application/json:
schema:
$ref: '#/components/schemas/Payment'
'401':
$ref: '#/components/responses/Unauthorized'
'422':
$ref: '#/components/responses/ValidationError'
/wires/v1/payments/{id}/cancel:
parameters:
- $ref: '#/components/parameters/Id'
post:
operationId: cancelWirePayment
tags:
- Wires
summary: Cancel a wire transfer
description: Cancels a wire transfer payment by ID.
responses:
'200':
description: Cancellation confirmation.
content:
application/json:
schema:
$ref: '#/components/schemas/StatusResponse'
'401':
$ref: '#/components/responses/Unauthorized'
'404':
$ref: '#/components/responses/NotFound'
/rtp/v1/payments:
post:
operationId: sendInstantPayment
tags:
- Instant Payments
summary: Send an instant payment
description: >-
Initiates a single instant payment (credit transfer) over CRNow, RTP
(The Clearing House), or FedNow, depending on the receiving bank's
supported networks. MODELED request body.
parameters:
- $ref: '#/components/parameters/IdempotencyKey'
requestBody:
required: true
content:
application/json:
schema:
$ref: '#/components/schemas/InstantPaymentInput'
responses:
'200':
description: The created instant payment.
content:
application/json:
schema:
$ref: '#/components/schemas/Payment'
'401':
$ref: '#/components/responses/Unauthorized'
'422':
$ref: '#/components/responses/ValidationError'
/rtp/v1/directory:
get:
operationId: getInstantPaymentDirectory
tags:
- Instant Payments
summary: Get supported instant-payment services
description: >-
Retrieves a list of instant-payment-related services supported by a
specific financial institution (routing number), used to check whether a
receiving bank supports RTP and/or FedNow before sending.
parameters:
- name: routingNumber
in: query
required: false
description: ABA routing number of the financial institution to query.
schema:
type: string
responses:
'200':
description: Supported services for the institution.
content:
application/json:
schema:
type: object
additionalProperties: true
'401':
$ref: '#/components/responses/Unauthorized'
/cardmanagement/v1/cards:
get:
operationId: listCards
tags:
- Cards
summary: List cards
description: Returns details about cards matching the supplied filters.
responses:
'200':
description: A list of cards.
content:
application/json:
schema:
type: object
properties:
data:
type: array
items:
$ref: '#/components/schemas/Card'
'401':
$ref: '#/components/responses/Unauthorized'
post:
operationId: createCard
tags:
- Cards
summary: Create a card
description: Requests creation of a new debit card for a customer/account. MODELED request body.
requestBody:
required: true
content:
application/json:
schema:
$ref: '#/components/schemas/CardInput'
responses:
'200':
description: The created card.
content:
application/json:
schema:
$ref: '#/components/schemas/Card'
'401':
$ref: '#/components/responses/Unauthorized'
'422':
$ref: '#/components/responses/ValidationError'
/cardmanagement/v1/cards/{id}:
parameters:
- $ref: '#/components/parameters/Id'
get:
operationId: getCard
tags:
- Cards
summary: Get a card
description: Returns the details of a specific debit card by its ID.
responses:
'200':
description: The requested card.
content:
application/json:
schema:
$ref: '#/components/schemas/Card'
'401':
$ref: '#/components/responses/Unauthorized'
'404':
$ref: '#/components/responses/NotFound'
/cardmanagement/v1/cards/{id}/activate:
parameters:
- $ref: '#/components/parameters/Id'
post:
operationId: activateCard
tags:
- Cards
summary: Activate a card
description: Activates a card for a customer (the preferred way to activate a card).
responses:
'200':
description: Activation confirmation.
content:
application/json:
schema:
$ref: '#/components/schemas/Card'
'401':
$ref: '#/components/responses/Unauthorized'
'404':
$ref: '#/components/responses/NotFound'
/cardmanagement/v1/cards/{id}/suspend:
parameters:
- $ref: '#/components/parameters/Id'
post:
operationId: suspendCard
tags:
- Cards
summary: Suspend a card
description: Suspends a card by ID.
responses:
'200':
description: Suspend confirmation.
content:
application/json:
schema:
$ref: '#/components/schemas/Card'
'401':
$ref: '#/components/responses/Unauthorized'
'404':
$ref: '#/components/responses/NotFound'
/cardmanagement/v1/cards/{id}/close:
parameters:
- $ref: '#/components/parameters/Id'
post:
operationId: closeCard
tags:
- Cards
summary: Close a card
description: Permanently deactivates a card. Closed cards cannot be reactivated.
responses:
'200':
description: Close confirmation.
content:
application/json:
schema:
$ref: '#/components/schemas/Card'
'401':
$ref: '#/components/responses/Unauthorized'
'404':
$ref: '#/components/responses/NotFound'
/loan:
post:
operationId: addLoan
tags:
- Lending
summary: Add a loan
description: >-
Creates a loan record in the lending system. Served from the separate
lending host (arixapisandbox.crbnj.net in sandbox) with its own OAuth
server. MODELED request body.
requestBody:
required: true
content:
application/json:
schema:
type: object
additionalProperties: true
responses:
'200':
description: The created loan.
content:
application/json:
schema:
$ref: '#/components/schemas/Loan'
'401':
$ref: '#/components/responses/Unauthorized'
/loandetail/{id}:
parameters:
- $ref: '#/components/parameters/Id'
get:
operationId: getLoanDetail
tags:
- Lending
summary: Get loan details
description: Retrieves the details of a loan by its ID.
responses:
'200':
description: The requested loan.
content:
application/json:
schema:
$ref: '#/components/schemas/Loan'
'401':
$ref: '#/components/responses/Unauthorized'
'404':
$ref: '#/components/responses/NotFound'
/loan/{id}/fundinginfo:
parameters:
- $ref: '#/components/parameters/Id'
put:
operationId: requestLoanFundingRails
tags:
- Lending
summary: Request loan funding rails
description: Requests new payment rails for funding a loan. MODELED request body.
requestBody:
required: true
content:
application/json:
schema:
type: object
additionalProperties: true
responses:
'200':
description: The updated loan funding info.
content:
application/json:
schema:
$ref: '#/components/schemas/Loan'
'401':
$ref: '#/components/responses/Unauthorized'
'404':
$ref: '#/components/responses/NotFound'
components:
securitySchemes:
oauth2ClientCredentials:
type: oauth2
description: >-
OAuth 2.0 client credentials grant. POST client_id, client_secret and
grant_type=client_credentials to the COS identity provider token
endpoint (sandbox: https://idptest.crbcos.com/connect/token; lending
uses https://oauthtest.crbnj.net/connect/token). The response is a signed
JWT that must be sent as `Authorization: Bearer <token>` on every request.
flows:
clientCredentials:
tokenUrl: https://idptest.crbcos.com/connect/token
scopes: {}
parameters:
Id:
name: id
in: path
required: true
description: The unique identifier of the resource.
schema:
type: string
CustomerId:
name: customerId
in: path
required: true
description: The unique identifier of the customer.
schema:
type: string
AccountNumber:
name: accountNumber
in: path
required: true
description: The deposit account number.
schema:
type: string
IdempotencyKey:
name: idempotency-key
in: header
required: false
description: A client-generated UUID used to safely retry a request without duplicating it.
schema:
type: string
format: uuid
responses:
Unauthorized:
description: Missing or invalid Bearer token.
content:
application/json:
schema:
$ref: '#/components/schemas/Error'
NotFound:
description: The requested resource was not found.
content:
application/json:
schema:
$ref: '#/components/schemas/Error'
ValidationError:
description: The request payload failed validation.
content:
application/json:
schema:
$ref: '#/components/schemas/Error'
schemas:
Error:
type: object
properties:
error:
type: object
properties:
code:
type: string
message:
type: string
details:
type: object
additionalProperties: true
StatusResponse:
type: object
properties:
id:
type: string
status:
type: string
CustomerInput:
type: object
description: MODELED. Verify required fields against the official reference.
required:
- type
properties:
type:
type: string
enum:
- personal
- business
firstName:
type: string
lastName:
type: string
legalName:
type: string
description: Legal name for a business customer.
email:
type: string
format: email
Customer:
allOf:
- $ref: '#/components/schemas/CustomerInput'
- type: object
properties:
id:
type: string
status:
type: string
AccountInput:
type: object
description: MODELED. Verify required fields against the official reference.
required:
- productId
- customerId
properties:
productId:
type: string
description: The deposit product to open the account under.
customerId:
type: string
currency:
type: string
default: USD
Account:
allOf:
- $ref: '#/components/schemas/AccountInput'
- type: object
properties:
accountNumber:
type: string
status:
type: string
availableBalance:
type: number
AchPaymentInput:
type: object
description: MODELED. Verify required fields against the official reference.
required:
- amount
- accountNumber
properties:
amount:
type: number
currency:
type: string
default: USD
accountNumber:
type: string
description: The funding account number.
counterparty:
type: object
additionalProperties: true
sameDay:
type: boolean
secCode:
type: string
description: Standard Entry Class code (e.g. PPD, CCD, WEB).
WirePaymentInput:
type: object
description: MODELED. Verify required fields against the official reference.
required:
- amount
- accountNumber
properties:
amount:
type: number
currency:
type: string
default: USD
accountNumber:
type: string
beneficiary:
type: object
additionalProperties: true
InstantPaymentInput:
type: object
description: MODELED. Verify required fields against the official reference.
required:
- amount
- accountNumber
properties:
amount:
type: number
currency:
type: string
default: USD
accountNumber:
type: string
description: The funding account number.
creditorAccountNumber:
type: string
creditorRoutingNumber:
type: string
network:
type: string
enum:
- CRNow
- RTP
- FedNow
Payment:
type: object
properties:
id:
type: string
status:
type: string
amount:
type: number
currency:
type: string
createdAt:
type: string
format: date-time
CardInput:
type: object
description: MODELED. Verify required fields against the official reference.
required:
- customerId
- accountNumber
properties:
customerId:
type: string
accountNumber:
type: string
cardType:
type: string
enum:
- physical
- virtual
Card:
allOf:
- $ref: '#/components/schemas/CardInput'
- type: object
properties:
id:
type: string
status:
type: string
last4:
type: string
Loan:
type: object
properties:
id:
type: string
status:
type: string
amount:
type: number
currency:
type: string