API DescriptionSettingsFAQ
API Reference

/submit-onboarding-data

post https://api.mercury.com/api/v1/submit-onboarding-data

Onboarding API partners should submit the data to this endpoint for applicants they refer.

When the applicant uses the returned signup link to apply for a Mercury account, they will find all of the fields submitted via the Onboarding API pre-filled in the application questionnaire, and Mercury will know by whom the applicant was referred.

Note that legalPhysicalAddress does not support International Addresses, mail center, or PO Box addresses.

Note that businessPhysicalAddress now supports international addresses and does not support Registered Agent or PO Box addresses. If you submit a third party Registered Agent or PO Box address, applicants will be met with an error when they visit the Mercury application to finish and submit it.

Note that the address within beneficialOwners is expected to be the owner's residence. If you submit an office, agent, or industrial address, applicants will be met with an error.

Receiving Webhooks

Mercury will send events to your provided webhookURL when an applicant's status with Mercury changes.

The following webhooks are available.

Submitted

Mercury sends this webhook when an applicant submits their application.

{
  "event": "application_submitted",
  "onboardingDataId": "9e1618ca-fd68-11ec-9855-132369fb0225"
}

InformationRequested

Mercury sends this webhook if we request additional information from the applicant not present in their original application submission.

{
  "event": "information_requested",
  "onboardingDataId": "9e1618ca-fd68-11ec-9855-132369fb0225"
}

Approved

{
  "event": "approved",
  "onboardingDataId": "9e1618ca-fd68-11ec-9855-132369fb0225",
  "accountStatus": "approved",
  "accountNumber": "182812818",
  "routingNumber": "021000021"
}

Rejected

{
  "onboardingDataId": "9e1618ca-fd68-11ec-9855-132369fb0225",
  "accountStatus": "rejected"
}

Verifying Webhooks

Mercury signs its webhooks in an HTTP header, which looks like this:

Mercury-Signature: t=12091212890,v1=e090407758ae880ec00d65c8826c6dabf1b8652a1f2967279caeb4a6619cd3b7

The signature is a base-16 encoded HMAC 256 of the following: <the timestamp as a string>.<request body> (not including the < or >), using the Onboarding API partner's secret.

Language