Create an application document upload session

curl --request POST \
  --url https://api.platform.dakota.xyz/applications/{application_id}/document-uploads \
  --header 'Content-Type: application/json' \
  --header 'X-Application-Token: <api-key>' \
  --header 'x-idempotency-key: <x-idempotency-key>' \
  --data '
{
  "document_type": "articles_of_incorporation",
  "file_type": "pdf",
  "country": "US",
  "id_number": "string",
  "filename": "source_of_wealth.pdf"
}
'

{
  "upload_url": "https://storage.googleapis.com/bucket/path?...",
  "upload_id": "2hCjxJzUAW6JVRkZqaF9E0KpM3a",
  "object_path": "applications/business/2hCjxJzUAW6JVRkZqaF9E0KpM3a/business-documents/2hDeFgHiJkLmNoPqRsTuVwXyZ",
  "expires_at": "2025-01-15T18:30:00Z"
}

Onboarding

Create an application document upload session

Creates a presigned upload session for application documents. Supported categories are business and EDD documents. Use the returned upload URL to upload file content directly to cloud storage, then create a verification resource for the upload.

Authentication: Accepts Application Token (X-Application-Token header).

Individual PoA & transaction limits

Individual customers may onboard without a Proof of Address. Dakota enforces a $3,000 USD-equivalent rolling 7-day transaction limit on individuals without PoA on file. If a customer’s volume crosses this threshold, the customer is frozen and inbound transactions paused until a Proof of Address is submitted and approved. Clients are expected to implement their own volume tracking and limits on their customers — Dakota’s enforcement is a backstop, not the only line of defense.

Post-decision PoA upload

Uploading a PoA-equivalent document (proof_of_address, bank_statement, or utility_bill) on an already-decided individual application (status approved or completed) automatically transitions the application to compliance_review and sets poa_status to submitted_pending_review. The applicant can use the same onboarding link to upload their document after the initial decision.

POST

applications

{application_id}

document-uploads

Create an application document upload session

curl --request POST \
  --url https://api.platform.dakota.xyz/applications/{application_id}/document-uploads \
  --header 'Content-Type: application/json' \
  --header 'X-Application-Token: <api-key>' \
  --header 'x-idempotency-key: <x-idempotency-key>' \
  --data '
{
  "document_type": "articles_of_incorporation",
  "file_type": "pdf",
  "country": "US",
  "id_number": "string",
  "filename": "source_of_wealth.pdf"
}
'

{
  "upload_url": "https://storage.googleapis.com/bucket/path?...",
  "upload_id": "2hCjxJzUAW6JVRkZqaF9E0KpM3a",
  "object_path": "applications/business/2hCjxJzUAW6JVRkZqaF9E0KpM3a/business-documents/2hDeFgHiJkLmNoPqRsTuVwXyZ",
  "expires_at": "2025-01-15T18:30:00Z"
}

Authorizations

X-Application-Token

string

header

required

Application-specific token for public URL access. Generated when a customer is created. Provides access to a single application without requiring an API key. Token is valid for 30 days and rate-limited to 100 requests per hour.

Headers

x-idempotency-key

string<uuid>

required

Unique key to ensure request idempotency. If the same key is used within a certain time window, the original response will be returned instead of executing the request again.

Path Parameters

application_id

string

required

The unique identifier for the application KSUID is a 27-character globally unique ID that combines a timestamp with a random component. Used for all entity identifiers in the Dakota platform.

Required string length: 27

Pattern: ^[0-9A-Za-z]{27}$

Example:

"1NFHrqBHb3cTfLVkFSGmHZqdDPi"

Body

application/json

Request to create a presigned upload session for an application-level document

document_type

enum<string>

required

Type of application-level document (business or EDD)

Available options:

certificate_of_incorporation,

articles_of_incorporation,

certificate_of_good_standing,

corporate_registry_extract,

shareholder_registry,

bank_reference_letter,

operating_agreement,

memorandum,

articles_of_association,

proof_of_address,

bank_statement,

utility_bill,

source_of_funds,

crypto_statement,

investment_statement,

subscription_agreement,

safe_agreement,

convertible_note,

loan_agreement,

promissory_note,

pitch_deck,

marketing_material,

business_plan,

regulatory_license,

payslip,

employment_contract,

shareholders_agreement,

income_verification_letter,

savings_statement

Example:

"articles_of_incorporation"

file_type

enum<string>

required

Supported file type

Available options:

pdf,

jpeg,

png

Example:

"pdf"

country

string

required

ISO 3166-1 alpha-2 country code for the document

Required string length: 2

Example:

"US"

id_number

string

Optional ID/registration number. Required for formation documents.

Required string length: 3 - 50

filename

string

Optional original filename. Will be sanitized for safe storage and display.

Maximum string length: 100

Example:

"source_of_wealth.pdf"

Response

Presigned URL generated successfully

Response containing a presigned URL for document upload

upload_url

string<uri>

required

Presigned URL to upload the document to. Use PUT method with the file content.

Example:

"https://storage.googleapis.com/bucket/path?..."

upload_id

string

required

Unique identifier for this upload. Use this when calling the verify endpoint.

Example:

"2hCjxJzUAW6JVRkZqaF9E0KpM3a"

object_path

string

required

The GCS object path where the document will be stored. Pass this to the verify endpoint.

Example:

"applications/business/2hCjxJzUAW6JVRkZqaF9E0KpM3a/business-documents/2hDeFgHiJkLmNoPqRsTuVwXyZ"

expires_at

string<date-time>

required

ISO 8601 timestamp when the presigned URL expires

Example:

"2025-01-15T18:30:00Z"

Submit an attestation for an application Add associated individual to business application

⌘I