An Organization is the business entity Tesouro maintains a banking relationship with — either directly, or indirectly through one of its banking partners. An Organization can be a bank, a platform partner contracted to a bank, a fintech partner contracted to that platform partner, or a business customer of the platform or fintech partner. Every bank account, user, transfer, and webhook in Embedded Banking is scoped to one Organization. Onboarding a business customer is KYB — the bank’s Know Your Business pipeline. It collects information on the business and the people behind it, runs identity and risk checks, and either opens a deposit account or doesn’t. These pages cover the concept. For the API shape of the application that drives KYB, see Bank account applications.Documentation Index
Fetch the complete documentation index at: https://docs.tesouro.com/llms.txt
Use this file to discover all available pages before exploring further.
Where Organizations sit
A Tesouro deployment is a hierarchy of Organizations. The bank sits at the top, and the business customer is the leaf. In between sit the platform partners and fintech partners integrating Embedded Banking.ExampleNorthfield Software, a fintech partner integrating Embedded Banking, has its own Organization and creates a child Organization for each business customer that signs up through Northfield’s product. Northfield’s backend acts on those child Organizations using its own credentials and the
X-Organization-ID header (see Creating an application).Cross-organization isolation
A user identity is bound to the OIDC application that introduced it, which is bound to a single Organization. User-scoped tokens cannot read or write data outside that Organization — even if the same identity exists in another.Prerequisites
| Prerequisite | Notes |
|---|---|
| Credentials | A client_credentials grant for your platform — see Authentication. |
| Sandbox access | A sandbox tenant from Tesouro before you touch production. Test data, test outcomes, no real KYB. |
| Auth scope | embedded:application:write to create and submit applications. Reading needs embedded:application:read. |
| Surface decision | Pick how the applicant will fill in their details — your own UI, the hosted app, or the onboarding component. |
DRAFT is valid; details get PATCHed in later, either by your backend or by the applicant in a browser.
Where to next
What KYB collects
The three entities — business, controller, beneficial owners — and what to pre-fill to reduce drop-off.
Onboarding outcomes
Instant approval, manual review, denied — what each one means and what your product should do.