ExternalBankAccountResponse with an updated verificationStatus. Trusted callers can collapse this to a single connect call — see Manual verification below.
1. Connect the external bank account
Request
Response (201 Created)
type is CHECKING or SAVINGS. The response’s accountNumber is masked from this point on — capture the id to address the external bank account in later calls. The connection is recorded but no money has moved yet; verificationStatus is UNVERIFIED.
2. Initiate micro-deposit verification
verificationStatus to VERIFICATION_SENT on the response. The credits land within standard ACH timing — typically one to two business days, depending on the receiving bank.
Response (200 OK)
3. Validate the deposit amounts
The user checks their outside bank, finds the two Tesouro credits, and submits the amounts. Both are passed in minor units (cents).Request
verificationStatus flips to VERIFIED and the external bank account is immediately usable as a counterparty in ACH transfers. If they don’t match, the call returns a 400 and the external bank account stays in VERIFICATION_SENT for the user to retry. After enough failures the service moves it to FAILED; see Troubleshooting.
Most integrations let users drive this themselves through the linked accounts component instead of building the UI from scratch. The endpoints above are what the component calls under the hood — use them directly when you need a custom flow or a fully white-label experience.
Verification statuses
Manual verification (trusted callers)
Some callers already have an out-of-band way of confirming control over the external bank account and don’t need Tesouro’s micro-deposit round trip — typically a platform sitting higher in the hierarchy that has already verified the underlying account with its own business customers. Those callers can pass averification block on the connect call and the external bank account is created with verificationStatus: VERIFIED immediately. No /link or /validate calls are needed.
Request
verificationStatus: VERIFIED straight away. The record retains the verification method (MANUAL) and a timestamp so the bypass is auditable.
This path is gated by the embedded:externalbankaccount:set-verification scope, and the calling organization must have accepted the relevant disclosures. Callers without the scope that send a verification block get back a 403. verification.method: "MICRO_DEPOSIT" is rejected at connect time on every caller — that’s what the three-call flow above is for. If your integration needs the manual path, the scope has to be granted by Tesouro; the default is the micro-deposit flow.