This Management API endpoint lets a program provision a new identity (a user) — and its application — in the program’s user pool. It’s the entry point for any flow where you create the user rather than the user signing up themselves, including issuing cards for your users.
Base URL: https://api-control.next.orenda.finance. Access is IP-allowlisted — contact Orenda support to add your IP or range before you start.

Authentication

Get an access token from Cognito, then send it as a bearer token on every call. Orenda supplies your USERNAME, PASSWORD, ClientId, and the secret used to compute SECRET_HASH.
POST https://cognito-idp.eu-west-1.amazonaws.com/
Content-Type: application/x-amz-json-1.1
X-Amz-Target: AWSCognitoIdentityProviderService.InitiateAuth
{
  "AuthFlow": "USER_PASSWORD_AUTH",
  "ClientId": "<supplied by Orenda>",
  "AuthParameters": {
    "USERNAME": "<supplied by Orenda>",
    "PASSWORD": "<supplied by Orenda>",
    "SECRET_HASH": "<base64 HMAC-SHA256 of (username + clientId)>"
  }
}
The response’s AuthenticationResult.AccessToken is your bearer token (valid ~1 hour; refresh with the returned RefreshToken).

Create an identity

POST https://api-control.next.orenda.finance/identity
Authorization: Bearer <AccessToken>
Content-Type: application/json
Creating an identity also creates the application for that user in one call — you get back an applicationId you can hand off to onboarding. Unknown fields are ignored.

Request body

FieldTypeRequiredNotes
emailstringyesThe identity’s email; the username for Cognito sign-in.
passwordstring (min 8)yesInitial password. Optional only on programs configured to bypass Cognito.
firstNamestringyes
lastNamestringyes
phonestringconditionalRequired when prepaidCardCustomer is true. Also required unless the program uses MFA tokens.
isCompanybooleannoDefaults to false. Must be enabled for your program.
companyNamestringconditionalRequired when isCompany is true.
prepaidCardCustomerbooleannoSelects the managed (program-funded) card flow — see below.
dateOfBirthstring YYYY-MM-DDconditionalRequired when prepaidCardCustomer is true.
addressobjectconditionalRequired when prepaidCardCustomer is true. Fields: country (3-letter ISO), postCode, province, street, town.
payInIBANstringconditionalRequired when prepaidCardCustomer is true and the program requires a pay-in IBAN.
clientReferencestring (≤36)noYour own reference. On bypass-Cognito programs it becomes the identity.
accountProviderHolderIdstringnoPre-existing provider holder id, if any.
{
  "email": "jane@example.com",
  "password": "YourPassword123!",
  "firstName": "Jane",
  "lastName": "Doe",
  "phone": "+31612345678",
  "prepaidCardCustomer": true,
  "dateOfBirth": "1990-01-01",
  "address": {
    "country": "NLD",
    "postCode": "1000AA",
    "province": "Noord Holland",
    "street": "Hoofdstraat",
    "town": "Amsterdam"
  }
}

Response

{
  "success": true,
  "applicationId": "85436be0-ba5d-4285-b518-d7ba0b3aed2d",
  "identity": "<username>",
  "clientReference": "<your reference, if sent>"
}
Errors return { "success": false, "error_code": "…" }: 422 for a missing body or validation failure (error_code is MISSING_BODY, VALIDATION_FAILED, or the specific field message); 400 / 401 / 500 carry CONTACT_SUPPORT.

Managed vs. default cards

The prepaidCardCustomer flag is the fork that decides how the user’s card is funded.
prepaidCardCustomer: trueManagedprepaidCardCustomer: false (or omitted) — Default
Use caseProgram funds the card on the user’s behalfUser funds their own card via IBAN
FundingProgram master account via Load / UnloadUser’s assigned IBAN
Extra required fieldsphone, dateOfBirth, address (+ payInIBAN on some programs)none beyond the base fields
OnboardingRisk is auto-completed; identity verification (Sumsub) still runs on most programsFull onboarding (KYC + Sumsub)
Program configuration varies (whether Cognito is bypassed, whether a pay-in IBAN is required, whether a Sumsub applicant is created for prepaid customers, individual vs. company sign-up). Confirm your program’s setup with Orenda.

What happens next

POST /identity only creates the user and application. The rest of the journey — sign-in, legal agreements, KYC, identity verification, and ordering the card — runs on the Customer API with the user’s token. See Issuing cards for your users for the end-to-end walkthrough.