Appearance

Account Management API

Resellers can manage their sub-accounts using the Accounts API. This lets you create accounts for your customers, assign services, and manage their API credentials.

Endpoints Overview

List Your Accounts

Get all the accounts you've created.

Request:

http
GET /api/accounts

Response:

http
HTTP/1.1 200 OK
Content-Type: application/json

[
  {
    "id": 2,
    "name": "PlaySafe Bingo",
    "enabledServices": [
      {
        "serviceId": 12,
        "checkType": "KYC",
        "provider": "Experian KYC"
      },
      {
        "serviceId": 14,
        "checkType": "Bank account verification",
        "provider": "Experian BAV"
      }
    ]
  },
  {
    "id": 3,
    "name": "SwiftCard Financial",
    "enabledServices": [
      {
        "serviceId": 12,
        "checkType": "KYC",
        "provider": "Experian KYC"
      }
    ]
  }
]

Get Available Services

Before creating or updating accounts, check which services you're allowed to assign.

Request:

http
GET /api/services/resellable

Response:

http
HTTP/1.1 200 OK
Content-Type: application/json

[
  {
    "serviceId": 12,
    "checkType": "KYC",
    "provider": "Experian KYC"
  },
  {
    "serviceId": 14,
    "checkType": "Bank account verification",
    "provider": "Experian BAV"
  },
  {
    "serviceId": 18,
    "checkType": "AML",
    "provider": "LexisNexis"
  }
]

Use the serviceId values when creating or updating accounts.

Create an Account

Create a new account for one of your customers. Each account receives API credentials that allow programmatic access to the EyeDP API on behalf of that account.

Request:

http
POST /api/accounts
Content-Type: application/json

{
  "name": "GlobalJet Bookings",
  "enabledServices": [12, 14],
  "externalReference": "customer-abc-123"
}

Response (created):

http
HTTP/1.1 201 Created
Location: /api/accounts/42
Content-Type: application/json

{
  "account": {
    "id": 42,
    "name": "GlobalJet Bookings",
    "enabledServices": [
      {
        "serviceId": 12,
        "checkType": "KYC",
        "provider": "Experian KYC"
      },
      {
        "serviceId": 14,
        "checkType": "Bank account verification",
        "provider": "Experian BAV"
      }
    ]
  },
  "credentials": {
    "clientId": "a3b2c1d4-5e6f-7g8h-9i0j-k1l2m3n4o5p6",
    "clientSecret": "8KqpuZipZvHcSnZUpxk0eoOweBSB1HcAP..."
  },
  "securityWarning": "IMPORTANT: The client secret is only shown once and cannot be retrieved later. Store it securely immediately."
}

⚠️ Critical: Store the Client Secret

The clientSecret is only shown once when you create the account. You cannot retrieve it again later. Make sure to:

  1. Store it securely in your system immediately
  2. Transmit it securely to your customer
  3. Never log or display it in plain text after initial creation

If the secret is lost, you'll need to use the reset credentials endpoint to generate a new one.

Idempotency

The externalReference field makes account creation idempotent - you can safely retry the same request without creating duplicates.

If you call the endpoint again with the same externalReference, you'll get the existing account back:

Request (retry with same externalReference):

http
POST /api/accounts
Content-Type: application/json

{
  "name": "GlobalJet Bookings",
  "enabledServices": [12, 14],
  "externalReference": "customer-abc-123"
}

Response (existing account returned):

http
HTTP/1.1 200 OK
Content-Type: application/json

{
  "account": {
    "id": 42,
    "name": "GlobalJet Bookings",
    "enabledServices": [
      {
        "serviceId": 12,
        "checkType": "KYC",
        "provider": "Experian KYC"
      },
      {
        "serviceId": 14,
        "checkType": "Bank account verification",
        "provider": "Experian BAV"
      }
    ]
  },
  "credentials": {
    "clientId": "a3b2c1d4-5e6f-7g8h-9i0j-k1l2m3n4o5p6",
    "clientSecret": "***REDACTED***"
  },
  "securityWarning": "This account already exists. The client secret cannot be retrieved. Use POST /api/accounts/42/reset-credentials to generate a new one."
}

Note the 200 OK instead of 201 Created - this tells you the account already existed. The clientSecret is masked because it can no longer be retrieved.

Request Fields

  • name (required) - A name for the account. Must be unique across all accounts in the system.
  • enabledServices (optional) - Array of service IDs to enable. Use the IDs from /api/services/resellable. If omitted or empty, the account is created with no services.
  • externalReference (optional) - Your own identifier for idempotency. Strongly recommended for production use.

Error Responses

Invalid service ID:

http
HTTP/1.1 400 Bad Request

"Invalid service ID"

Name already in use:

http
HTTP/1.1 409 Conflict

"Name is in use by another account"

Not authorized (only resellers can create accounts):

http
HTTP/1.1 403 Forbidden

{
  "type": "https://tools.ietf.org/html/rfc7231#section-6.5.3",
  "title": "Insufficient Permissions",
  "status": 403,
  "detail": "Only resellers can create accounts"
}

Get a Specific Account

Retrieve details for one account, including its Client ID (but not the secret).

Request:

http
GET /api/accounts/42

Response:

http
HTTP/1.1 200 OK
Content-Type: application/json

{
  "account": {
    "id": 42,
    "name": "GlobalJet Bookings",
    "enabledServices": [
      {
        "serviceId": 12,
        "checkType": "KYC",
        "provider": "Experian KYC"
      }
    ]
  },
  "credentials": {
    "clientId": "a3b2c1d4-5e6f-7g8h-9i0j-k1l2m3n4o5p6",
    "clientSecret": "***REDACTED***"
  },
  "securityWarning": "The client secret is no longer viewable. Use POST /api/accounts/42/reset-credentials to generate a new one."
}

Not found:

http
HTTP/1.1 404 Not Found

Reset API Credentials

If your customer loses their client secret, or you need to rotate credentials for security, you can reset them. This generates a new clientSecret while keeping the same clientId.

Request:

http
POST /api/accounts/42/reset-credentials

Response:

http
HTTP/1.1 200 OK
Content-Type: application/json

{
  "clientId": "a3b2c1d4-5e6f-7g8h-9i0j-k1l2m3n4o5p6",
  "clientSecret": "new-secret-KqpuZipZvHcSnZUpxk0eoOweBSB1...",
  "securityWarning": "IMPORTANT: Client secret has been reset. The new secret is only shown once and cannot be retrieved later. Store it securely immediately."
}

Important Notes

  • The clientId stays the same - only the secret changes
  • The new secret is only shown once - store it immediately
  • The old secret stops working immediately
  • Your customer will need to update their integration with the new secret

Not found:

http
HTTP/1.1 404 Not Found

Update an Account

Change an account's name and/or services. Both fields are optional - only include what you want to change.

Update name only

Request:

http
PATCH /api/accounts/42
Content-Type: application/json

{
  "name": "GlobalJet Travel Services"
}

Response:

http
HTTP/1.1 204 No Content

Update services only

Request:

http
PATCH /api/accounts/42
Content-Type: application/json

{
  "enabledServices": [12, 14, 18]
}

Response:

http
HTTP/1.1 204 No Content

Disable all services

Pass an empty array to disable all services:

Request:

http
PATCH /api/accounts/42
Content-Type: application/json

{
  "enabledServices": []
}

Response:

http
HTTP/1.1 204 No Content

Update both name and services

Request:

http
PATCH /api/accounts/42
Content-Type: application/json

{
  "name": "GlobalJet Travel Services",
  "enabledServices": [12, 18]
}

Response:

http
HTTP/1.1 204 No Content

Request Fields

  • name (optional) - New name for the account. If null, the name won't be changed.
  • enabledServices (optional) - New list of service IDs. This replaces the entire list - it doesn't add/remove individual services. If null, services won't be changed. If empty array, all services are disabled.

Error Responses

Invalid service ID:

http
HTTP/1.1 400 Bad Request

"Invalid service ID"

Account not found:

http
HTTP/1.1 404 Not Found

Common Workflows

Creating an account with services

  1. Call GET /api/services/resellable to see available services
  2. Choose the service IDs you want to enable
  3. Call POST /api/accounts with the name and service IDs
  4. Store the returned clientSecret securely immediately
  5. Provide both clientId and clientSecret to your customer

Adding services to an existing account

  1. Call GET /api/services/resellable to see available services
  2. Call GET /api/accounts/{id} to see current services
  3. Call PATCH /api/accounts/{id} with the complete list of services you want enabled

Safe account creation with retries

Include an externalReference to ensure safety for account creation in production:

http
POST /api/accounts
Content-Type: application/json

{
  "name": "Customer Name",
  "externalReference": "your-customer-id-123",
  "enabledServices": [12]
}

If your request times out or fails, you can retry with the same externalReference. If the account was created, you'll get it back (with the secret masked). If not, it will be created (with the secret visible).

Rotating credentials for security

  1. Call POST /api/accounts/{id}/reset-credentials
  2. Store the new clientSecret immediately
  3. Provide the new secret to your customer
  4. Customer updates their integration
  5. Old secret stops working immediately

Security Best Practices

For Resellers

  • Never log client secrets in plain text
  • Store secrets encrypted in your database
  • Transmit secrets to customers over secure channels only
  • Use externalReference for all production account creation
  • Implement credential rotation policies

For Your Customers

  • Store the clientId and clientSecret securely (environment variables, secrets manager)
  • Never commit credentials to source control
  • Rotate credentials periodically or if compromised
  • Implement token caching to avoid unnecessary authentication calls
  • Monitor for 401 errors indicating token expiration