CorebanqCorebanq Developer Docs
Preflightv1Product Rules

Get rule

GET/v1/products/rules/{id}

Authorization

BearerAuth
AuthorizationBearer <token>

HTTP bearer JWT from the Corebanq auth service.

Authorization is enforced with RBAC (record-level permissions), not ad-hoc OAuth-style scopes in this spec. See each tag description and operation summaries for which record grants apply.

In: header

Path Parameters

id*string

Response Body

application/json

application/json

application/json

application/json

curl -X GET "https://example.com/v1/products/rules/8f2a1c3d-4e5b-6f7a-8b9c-0d1e2f3a4b5c"
{
  "product_code": "OFR",
  "customer_type": "SMALL_BUSINESS",
  "source_account_type": "crypto",
  "source_currency": "USDT",
  "source_channel": "SEPA",
  "dest_account_type": "fiat",
  "dest_currency": null,
  "dest_channel": "SEPA",
  "dest_ownership": "own",
  "source_account_scope": null,
  "dest_account_scope": null,
  "amount_range_start": null,
  "amount_range_end": null,
  "amount_range_currency": "EUR",
  "allowed": true,
  "min_amount": null,
  "max_amount": null,
  "limit_currency": null,
  "priority": 170,
  "valid_from": null,
  "valid_to": null,
  "active": true,
  "comment": "OFR – Off-Ramp: crypto→fiat between own accounts (SMALL_BUSINESS)",
  "metadata": {},
  "id": "8f2a1c3d-4e5b-6f7a-8b9c-0d1e2f3a4b5c",
  "tenant_id": "8f2a1c3d-4e5b-6f7a-8b9c-0d1e2f3a4b5c",
  "created_at": "2019-08-24T14:15:22Z",
  "created_by": "8f2a1c3d-4e5b-6f7a-8b9c-0d1e2f3a4b5c",
  "modified_at": "2019-08-24T14:15:22Z",
  "modified_by": "8f2a1c3d-4e5b-6f7a-8b9c-0d1e2f3a4b5c"
}
{
  "code": "validation_error",
  "message": "At least one of product_ids, source_account_id, destination_account_id, or destination_counterparty_id is required.",
  "details": {}
}
{
  "code": "validation_error",
  "message": "At least one of product_ids, source_account_id, destination_account_id, or destination_counterparty_id is required.",
  "details": {}
}
{
  "code": "validation_error",
  "message": "At least one of product_ids, source_account_id, destination_account_id, or destination_counterparty_id is required.",
  "details": {}
}

POSTPre-flight check

Given a partial transfer context for a **target customer** (`customer_id`), returns eligible products, counterparty-shaped source rows, counterparty-shaped destination rows, viable routes, and optional limits/fees/FX. The target customer itself is represented as a counterparty row, matching the counterparties domain model. Selectable nested payment-source rows expose `cp_account_type` (`account`, `bank_account`, `crypto_wallet`), `cp_account_id` for exact pre-flight destination matching, `products_allowed`, and a `finalize_recipient` hint matching `CreatePaymentRequest.recipient`. When a product is pinned via a single effective `product_ids[]` selection and enough route context is provided, `transfer_params` includes the allow/deny verdict, normalized amount, calculated fees, advisory FX, velocity hints, and optional quote state. Requires JWT and **RBAC read** on that customer.

PATCHPartial update

Updates only the provided fields. Typical use cases: toggle `active`, adjust `priority`, extend `valid_to`, update `min_amount`/`max_amount`.