API Reference
Full endpoint catalog across Identity, Notifications, and Primary Issuance services.
Endpoint catalog across Rialto services relevant to integrators.
| Service | Prefix |
|---|
| Identity | /identity |
| Notifications | /notifications |
| Primary Issuance | /issuance |
| Route Type | Auth Method |
|---|
Token exchange (/identity/auth/exchange) | X-API-Key header |
| KYC verification routes | Authorization: Bearer <rialto_access_token> |
| User and accreditation routes | Authorization: Bearer <rialto_access_token> |
Success:
{ "success": true, "data": { ... } }
Error:
{ "success": false, "error": { "message": "...", "code": "..." } }
Token exchange errors use OAuth2 format:
{ "error": "error_code", "error_description": "..." }
| Pattern | Detail |
|---|
| Pagination (Identity) | ?limit=<n>&offset=<n> |
| Pagination (Issuance) | ?page=<n>&limit=<n> (page-based, max 100) |
| IDs | UUID v4 format |
| Timestamps | ISO 8601 with timezone (UTC) |
| Request bodies | camelCase field names |
| Response bodies | snake_case field names |
| Method | Path | Auth | Description |
|---|
POST | /identity/auth/exchange | API Key | Exchange IdP token for Rialto tokens |
| Method | Path | Auth | Description |
|---|
GET | /identity/users/:userId | Bearer | Get user by ID |
PATCH | /identity/users/:userId | Bearer | Update user |
DELETE | /identity/users/:userId | Bearer | Delete user (cascades to PII) |
| Method | Path | Auth | Description |
|---|
POST | /identity/kyc-verifications | Bearer JWT | Submit PII and create a KYC verification for the authenticated user |
GET | /identity/kyc-verifications | Bearer JWT | List visible sanitized verifications (self for users, org for org_admin) |
GET | /identity/kyc-verifications/:verificationId | Bearer JWT | Get sanitized verification status |
GET | /identity/kyc | Bearer JWT | Get latest effective KYC status |
| Method | Path | Auth | Description |
|---|
GET | /identity/accreditations | Bearer | Get current accreditation (auto-creates baseline pending record) |
PUT | /identity/accreditations | Bearer | Submit / upsert self-certified accreditation |
POST | /identity/accreditations/documents | Bearer | Request presigned S3 upload URL for a proof document |
POST | /identity/accreditations/documents/:documentId/upload | Bearer | Finalize document upload (HEAD-checks S3 object) |
| Method | Path | Auth | Description |
|---|
POST | /identity/user-pii | Bearer | Create encrypted PII record |
GET | /identity/user-pii/:userId | Bearer | Get decrypted PII (SSN masked) |
PATCH | /identity/user-pii/:userId | Bearer | Update PII fields |
DELETE | /identity/user-pii/:userId | Bearer | Delete PII record |
| Method | Path | Auth | Description |
|---|
GET | /identity/ | None | Service info |
GET | /identity/health | None | Health check |
| Method | Path | Auth | Description |
|---|
POST | /notifications/webhook-endpoints | Bearer | Create webhook endpoint |
GET | /notifications/webhook-endpoints | Bearer | List endpoints |
GET | /notifications/webhook-endpoints/:id | Bearer | Get endpoint details |
PATCH | /notifications/webhook-endpoints/:id | Bearer | Update endpoint |
DELETE | /notifications/webhook-endpoints/:id | Bearer | Delete endpoint |
POST | /notifications/webhook-endpoints/:id/rotate-secret | Bearer | Rotate signing secret |
POST | /notifications/webhook-endpoints/:id/test | Bearer | Send test event |
PUT | /notifications/webhook-endpoints/:id/subscriptions | Bearer | Set event subscriptions |
GET | /notifications/webhook-endpoints/:id/subscriptions | Bearer | Get subscriptions |
| Method | Path | Auth | Description |
|---|
GET | /notifications/webhook-deliveries | Bearer | List deliveries (filterable) |
GET | /notifications/webhook-deliveries/:id | Bearer | Get delivery with attempts |
POST | /notifications/webhook-deliveries/:id/retry | Bearer | Retry failed delivery |
| Method | Path | Auth | Description |
|---|
GET | /notifications/event-types | Bearer | List available event types |
| Method | Path | Auth | Description |
|---|
GET | /issuance/offerings | Bearer or API Key | List offerings (filterable by status, exemption type) |
GET | /issuance/offerings/:id | Bearer or API Key | Get offering details |
GET | /issuance/offerings/:id/documents | Bearer | List offering documents |
GET | /issuance/offerings/:id/securities | Bearer or API Key | List securities for offering |
| Method | Path | Auth | Description |
|---|
GET | /issuance/securities | Bearer or API Key | List securities (filterable) |
GET | /issuance/securities/:id | Bearer or API Key | Get security details |
| Method | Path | Auth | Description |
|---|
POST | /issuance/offerings/:offeringId/subscriptions | Bearer | Create subscription |
GET | /issuance/subscriptions | Bearer | List user's subscriptions |
GET | /issuance/subscriptions/:id | Bearer | Get subscription |
POST | /issuance/subscriptions/:id/sign-agreement | Bearer | Sign subscription agreement |
POST | /issuance/subscriptions/:id/create-checkout-session | Bearer | Create Stripe payment session |
DELETE | /issuance/subscriptions/:id | Bearer | Cancel subscription |
| Method | Path | Auth | Description |
|---|
GET | /issuance/shares | Bearer | List user's shares (filterable) |
GET | /issuance/shares/:id | Bearer | Get share details |