> ## Documentation Index
> Fetch the complete documentation index at: https://docs.singapay.id/llms.txt
> Use this file to discover all available pages before exploring further.

# Create account

> Create a new sub account under the calling merchant. Use `account_type` to choose between an `owned` sub account (created active, no KYB) and a `managed` sub account (`personal_managed`/`business_managed`, created inactive and requiring BOSS KYB approval before it can transact). `invite_members` is optional but recommended — pass at least one member email to grant dashboard access. If omitted, no members are assigned.



## OpenAPI

````yaml https://payment-b2b.singapay.id/api/docs/merchant-api.json post /api/v1.0/accounts
openapi: 3.1.0
info:
  title: Singa Merchant API
  description: >-
    OpenAPI specification for the merchant/partner HTTP API. All routes below
    are additionally protected by `ip.whitelisted.merchant` — the caller IP must
    be registered for the credential or merchant. Obtain a JWT using `POST
    /api/v1.0/access-token/b2b` (Basic auth) or `POST
    /api/v1.1/access-token/b2b` (X-Signature) before calling secured endpoints.
  version: 1.0.0
servers:
  - url: https://sandbox-payment-b2b.singapay.id
    description: >-
      API host. Paths include `/api` prefix (see `RouteServiceProvider`).
      Replace scheme/host with your environment.
security: []
tags:
  - name: Security
    description: >-
      Merchant authentication (`OauthMerchantTokenController`). **v1.1** B2B
      token uses `X-CLIENT-ID`, `X-PARTNER-ID`, and `X-Signature` (no Basic
      auth). Secured routes also require the issued Bearer JWT plus
      `X-PARTNER-ID`.
  - name: Accounts
    description: >-
      Account management (`routes/merchantApiRoute.php`, `v1.0`). Path parameter
      `{id}` is always the account ULID.
  - name: Balance Inquiry
    description: >-
      Merchant and per-account balance inquiry (`BalanceController`, `v1.0`).
      Path `account_id` is the account ULID.
  - name: Statements
    description: >-
      Per-account statement list and detail
      (`AccountController::accountStatements`, `accountStatementDetail`, prefix
      `v1.0/statements`). Flugger responses; detail path param `{statement_id}`
      maps to `statements.transaction_id`.
  - name: Payment Link
    description: >-
      Payment link CRUD and payment-method catalog (`PaymentLinkApiController`,
      prefix `v1.0/payment-link-manage`). `account_id` is ULID;
      `payment_link_id` is numeric `payment_links.id`.
  - name: Payment Link History
    description: >-
      Payment link transaction/history listing and detail
      (`PaymentLinkApiController`, prefix `v1.0/payment-link-histories`).
      `history_id` is numeric `payment_link_histories.id`.
  - name: Virtual Account
    description: >-
      Native VA CRUD (`VirtualAccountController`, prefix
      `v1.0/virtual-accounts`). `account_id` and `virtual_account_id` are ULIDs.
  - name: VA Transaction
    description: >-
      VA money-in transaction listing and detail (`VirtualAccountController`,
      prefix `v1.0/va-transactions`).
  - name: QRIS (Money In)
    description: >-
      MPM dynamic QRIS list, show, and generate (`QrisMpmDynamicApiController`,
      prefix `v1.0/qris-dynamic`).
  - name: QRIS (Money Out)
    description: >-
      Issuer MPM decode/inquiry, payment credit (money out), and transaction
      status (`QrisIssuerMpmController`, `QrisApiV2Controller::checkStatus`,
      prefix `v2.0/qris`). Related list/detail: `GET
      /api/v2.0/qris/transaction/...`.
  - name: E-Wallet (Money In)
    description: >-
      E-Wallet Native checkout and transactions (`EwalletNativeApiController`,
      `EwalletNativeTransactionApiController`, `EwalletNativeV2ApiController`).
      Paths include `v1.0/ewallet-native`, `v1.0/ewallet-native-transactions`,
      and `v2.0/ewallet-native`.
  - name: E-Wallet (Money Out)
    description: >-
      E-wallet disbursement / top-up to beneficiary wallets
      (`EWalletTopUpController`, prefix `v2.0/ewallet`). Responses use the
      custom **`MerchantV2ApiEnvelope`** with **`MerchantV2ResponseCode`**
      (SP000–SP020).
  - name: Card (Money In)
    description: >-
      One-time card payment, cancel, and inquiry
      (`CardPaymentMerchantApiController`, prefix `v2.0/card`).
  - name: Subscription (Recurring)
    description: >-
      Credit-card recurring subscription plans (`SubscriptionPlanApiController`,
      prefix `v2.0/recurring`). Plan `{id}` is UUID (`sub_plans.id`).
  - name: Direct Debit
    description: >-
      Direct Debit — bind a customer bank account once via hosted webview, then
      charge it host-to-host (`DirectDebitMerchantController`, prefix
      `v2.0/direct-debit`). Binding `{binding_id}` and transaction
      `{transaction_id}` are UUIDs. Responses use the
      **`MerchantV2ApiEnvelope`** with both standard SP000–SP020 codes and
      Direct-Debit-specific codes (`SP_DD_*`). The `/charge` endpoint is
      additionally protected by **`X-Signature`** + **`X-Timestamp`**
      (`verify.signature-internal`); see operation parameters for the signing
      scheme.
  - name: Account Transfer
    description: >-
      Move funds between sub-accounts within the same merchant
      (`AnotherAccountApiController`, prefix `v1.0/account-transfer`). The
      transfer endpoint requires request signature headers
      (`verify.signature-internal`). Both accounts must belong to the
      authenticated merchant and be accessible to the credential.
  - name: Disbursement (Money Out)
    description: >-
      Bank disbursement (`DisbursementController` **v1.0**,
      `DisbursementV2Controller` **v2.0**). **v1.0**
      list/show/fee/beneficiary/transfer use Flugg envelopes; v1 inquiry-status
      uses the **custom v2 envelope** (`MerchantV2ApiEnvelope`, codes
      **SP000–SP020**). **v2.0** check-beneficiary, transfer, and inquiry-status
      use the same custom envelope — see component schema
      **`MerchantV2ResponseCode`** for the full response code table.
  - name: Cardless Withdrawal
    description: >-
      Cardless withdrawal API for initiating ATM cash withdrawals without a
      physical card. Supports creating withdrawals with OTP generation, listing
      transaction history, viewing transaction details, canceling pending
      withdrawals, and deleting canceled records. All endpoints use the
      `v1.0/cardless-withdrawals` route prefix and the standard success/error
      response envelope. Path parameter `{id}` refers to the `transaction_id`
      (platform-assigned business identifier).
paths:
  /api/v1.0/accounts:
    post:
      tags:
        - Accounts
      summary: Create account
      description: >-
        Create a new sub account under the calling merchant. Use `account_type`
        to choose between an `owned` sub account (created active, no KYB) and a
        `managed` sub account (`personal_managed`/`business_managed`, created
        inactive and requiring BOSS KYB approval before it can transact).
        `invite_members` is optional but recommended — pass at least one member
        email to grant dashboard access. If omitted, no members are assigned.
      operationId: accountStore
      requestBody:
        required: true
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/CreateAccountRequest'
      responses:
        '200':
          description: Account created
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ResponderSuccessAccount'
        '401':
          description: Unauthorized
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ResponderErrorEnvelope401'
        '405':
          description: Method not allowed
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ResponderErrorEnvelope405'
        '422':
          description: Validation error
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ResponderErrorEnvelope422'
      security:
        - BearerAuth: []
          PartnerId: []
components:
  schemas:
    CreateAccountRequest:
      required:
        - name
      properties:
        name:
          type: string
          maxLength: 100
          minLength: 3
          example: John Doe
        account_type:
          description: >-
            Optional. Sub account type. `owned` creates the account `active`
            immediately (no KYB). `personal_managed`/`business_managed` create
            the account `inactive` and require BOSS KYB approval before the
            account can transact. Defaults to `owned`-style behavior when
            omitted.
          type:
            - string
            - 'null'
          enum:
            - owned
            - personal_managed
            - business_managed
          example: owned
        invite_members:
          description: >-
            Optional but recommended. Array of merchant member email addresses
            to grant access to this account. All emails must belong to
            registered members of the merchant. If omitted, no members are
            assigned.
          type:
            - array
            - 'null'
          items:
            type: string
            format: email
            example: john@example.com
          maxItems: 50
          example:
            - john@example.com
      type: object
    ResponderSuccessAccount:
      required:
        - status
        - success
        - data
      properties:
        status:
          type: integer
          example: 200
        success:
          type: boolean
          example: true
        data:
          $ref: '#/components/schemas/Account'
      type: object
    ResponderErrorEnvelope401:
      required:
        - status
        - success
        - error
      properties:
        status:
          type: integer
          example: 401
        success:
          type: boolean
          example: false
        error:
          $ref: '#/components/schemas/ResponderErrorBody401'
      type: object
    ResponderErrorEnvelope405:
      required:
        - status
        - success
        - error
      properties:
        status:
          type: integer
          example: 405
        success:
          type: boolean
          example: false
        error:
          $ref: '#/components/schemas/ResponderErrorBody405'
      type: object
    ResponderErrorEnvelope422:
      required:
        - status
        - success
        - error
      properties:
        status:
          type: integer
          example: 422
        success:
          type: boolean
          example: false
        error:
          $ref: '#/components/schemas/ResponderErrorBody422'
        data:
          type: object
          example:
            errors:
              field:
                - error message
          additionalProperties: true
      type: object
    Account:
      required:
        - id
        - name
        - status
      properties:
        id:
          description: Account ULID
          type: string
          example: 01K946KF851RK7FX075GJHBVKF
        account_number:
          type:
            - string
            - 'null'
          example: '000000000123'
        name:
          type: string
          example: John Doe
        status:
          description: >-
            Account status. `active` accounts can transact. `owned` accounts are
            created `active`; `managed` accounts are created `inactive` and only
            become `active` after BOSS KYB approval.
          type: string
          example: active
        account_type:
          description: >-
            Sub account type. `owned` = fully owned by the parent merchant (no
            KYB, active immediately). `personal_managed`/`business_managed` =
            third-party business managed by the parent merchant (requires BOSS
            KYB approval before it can transact). `null` for legacy accounts
            created before this field existed.
          type:
            - string
            - 'null'
          enum:
            - owned
            - personal_managed
            - business_managed
          example: owned
        kyb_status:
          description: >-
            KYB status for managed sub accounts only. `kyb_in_review` = pending
            or revision needed. `kyb_verified` = approved, account can transact.
            `null` for owned/legacy accounts.
          type:
            - string
            - 'null'
          enum:
            - kyb_in_review
            - kyb_verified
          example: kyb_in_review
        invite_members:
          description: >-
            List of email addresses of dashboard members who have access to this
            account.
          type: array
          items:
            type: string
            format: email
            example: john@example.com
          example:
            - john@example.com
      type: object
    ResponderErrorBody401:
      properties:
        code:
          type: integer
          example: 401
        message:
          type: string
          example: Unauthorized merchant, please sign in
      type: object
    ResponderErrorBody405:
      properties:
        code:
          type: integer
          example: 4059901
        message:
          type: string
          example: >-
            The PATCH method is not supported for this route. Supported methods:
            GET, HEAD, POST.
      type: object
    ResponderErrorBody422:
      properties:
        code:
          type: integer
          example: 422
        message:
          type: string
          example: Validation error.
        errors:
          type: object
          example:
            field:
              - error message
      type: object
  securitySchemes:
    BearerAuth:
      type: http
      description: >-
        JWT issued by `POST /api/v1.1/access-token/b2b`. Send `Authorization:
        Bearer <token>`.
      bearerFormat: JWT
      scheme: bearer
    PartnerId:
      type: apiKey
      description: Merchant API key (`Credential.api_key`). Required on every request.
      name: X-PARTNER-ID
      in: header

````