POST
/
api
/
v1
/
loans
/
{loan_ref}
/
transfer-launch
Create transfer launch
curl --request POST \
  --url http://34.170.194.254:8000/api/v1/loans/{loan_ref}/transfer-launch \
  --header 'Authorization: Bearer <token>' \
  --header 'Content-Type: application/json' \
  --data '
{
  "asset_ref": "<string>",
  "quantity": 123,
  "custody_provider_code": "<string>",
  "return_url": "<string>",
  "lender_display_name": "<string>",
  "lender_logo_url": "<string>"
}
'
{
  "status": "<string>",
  "reason": "<string>",
  "embed_url": "<string>",
  "redirect_url": "<string>",
  "expires_at": "2023-11-07T05:31:56Z",
  "token": "<string>",
  "asset_transfer_instruction_id": "<string>",
  "poll_status_url": "<string>"
}

Authorizations

Authorization
string
header
required

Bearer authentication header of the form Bearer <token>, where <token> is your auth token.

Headers

origin
string | null

Allowed browser origin for the embed session

Idempotency-Key
string | null

Stable client-generated idempotency key for safe retries

Path Parameters

loan_ref
string
required

Loan reference

Body

application/json

Asset Transfer Launch Request schema.

asset_ref
string
required

External asset reference to transfer

quantity
required

Quantity of asset to transfer

custody_provider_code
string
required

Custody provider code for destination routing

return_url
string | null

Lender URL the borrower returns to after a hosted-mode flow completes or is cancelled. Used when Vault resolves to hosted delivery mode; ignored otherwise.

lender_display_name
string | null

Optional lender brand string rendered to the borrower on the Vault-hosted page (hosted mode only; ignored for embedded). When omitted, Vault falls back to the calling lender party's legal_name from entity_registry.

Maximum string length: 120
lender_logo_url
string | null

Optional URL of the lender's logo, rendered next to the lender name in the Vault-hosted page header (hosted mode only; ignored for embedded). Must be https in production (http permitted when the launch request itself is over http, e.g. local dev). data: and javascript: schemes are rejected.

Maximum string length: 2048

Response

Transfer launch response

Asset Transfer Launch Response schema.

status
string
required

Launch status

reason
string | null

Failure reason when launch is not successful

delivery_mode
enum<string> | null

Echoes the resolved delivery mode for the launch

Available options:
embedded,
hosted
embed_url
string | null

Embed URL for client transfer widget (delivery_mode='embedded')

redirect_url
string | null

Vault-hosted redirect URL (delivery_mode='hosted')

expires_at
string<date-time> | null

Launch/session expiration timestamp

token
string | null

Short-lived token used to resolve session

asset_transfer_instruction_id
string | null

Internal transfer instruction id

address_status
enum<string> | null

Custody-side wallet address lifecycle. ready (or omitted) means a usable address is in the response. pending means the custody provider is still generating the destination address; the client should poll poll_status_url until the status flips to ready before showing the embed_url/redirect_url.

Available options:
ready,
pending
poll_status_url
string | null

Vault status endpoint to poll when address_status='pending'. Returns the same launch payload with an updated address_status.