Where Organizations sit
A Tesouro deployment is a hierarchy of Organizations. The bank sits at the top, and the business customer is the leaf. In between sit the platform partners and fintech partners integrating Embedded Banking. A partner tier can be skipped — a fintech partner can sit under a platform partner or directly under the bank — but the business customer is always the leaf.ExampleNorthfield Software, a platform partner integrating Embedded Banking, has its own Organization and creates a child Organization for each business customer that signs up through Northfield’s product. Northfield’s backend acts on those child Organizations using its own credentials and the
X-Organization-ID header (see Creating an application).Cross-organization isolation
A user identity is bound to the OIDC application that introduced it, which is bound to a single Organization. User-scoped tokens cannot read or write data outside that Organization — even if the same identity exists in another.Prerequisites
You don’t need anything from the business customer before creating the application. An empty
DRAFT is valid; details get PATCHed in later, either by your backend or by the applicant in a browser.
Where to next
What KYB collects
The three entities — business, controller, beneficial owners — and what to pre-fill to reduce drop-off.
Onboarding outcomes
Instant approval, manual review, denied — what each one means and what your product should do.