Outcome
An authenticated user has a new Endaoment fund. Your app stores the fundid for donations and grants.
When
After Authenticate. Trigger when the user opens their first fund or creates an additional one. The authenticated user becomes the fund manager. See the glossary for DAF terminology.Choose your route
Fund creation depends on how the caller authenticated:| Caller | Route | When to use |
|---|---|---|
OAuth access token from a registered client (token includes clientId) | POST /v1/funds/partner | Typical external OAuth integrators — POST /v1/funds returns 400 by design (IS-29676) |
Access token without clientId (first-party / direct session) | POST /v1/funds | Internal or first-party flows only |
GET /v1/auth/whoami if unsure: OIDC callers include clientId when issued through a registered OAuth client.
Proxy all calls from your backend. See Integration Patterns.
Option A: Registered OAuth client → POST /v1/funds/partner
Use this path for standard OAuth quickstart integrators.
Prerequisite: The acting user must have saved identity (PII) on Endaoment before this call. The partner route builds the fund advisor from stored identity — if none exists, the API returns 400: “User must be provisioned with PII before creating a partner fund.” Complete Authenticate with profile/address data, or Provision user on the partner track first.
Auth
Pick one acting-user path (see Partner auth options):| Path | Headers |
|---|---|
| Registered OAuth user token | Authorization: Bearer <access_token> only |
| API key + body user id | x-api-key + partnerUserIdentifier in body |
| API key + impersonation header | x-api-key + x-endaoment-user-id |
| Partner OIDC bearer | Authorization: Bearer <partner_oidc_token> |
x-api-key (see Partner Journey).
Required inputs
Flat body (PartnerCreateFundInputDto) — no fundInput wrapper:
| Field | Description |
|---|---|
name | Fund display name |
partnerAccountIdentifier | Partner-scoped idempotency key (16–64 printable ASCII characters) |
description | Optional fund description |
partnerUserIdentifier | Required when using API key + body user resolution (16–64 printable ASCII characters) |
Example request (registered OAuth user token)
Example request (API key + impersonation header)
Option B: First-party token → POST /v1/funds
Use only when the access token has no clientId (not a registered OAuth client token).
Auth
| Header | Value |
|---|---|
Authorization | Bearer <access_token> |
Required inputs
MinimumfundInput fields:
| Field | Description |
|---|---|
name | Fund display name |
description | Fund description |
advisor.firstName | Primary advisor first name |
advisor.lastName | Primary advisor last name |
advisor.email | Primary advisor email |
advisor.address.line1 | Street address |
advisor.address.city | City |
advisor.address.state | State |
advisor.address.zip | ZIP code |
Example request
Response you need
| Field | Use |
|---|---|
id | Fund ID for donations and grants |
usdcBalance | Current balance (microdollars) |
Common mistakes
- Calling
POST /v1/fundswith a registered OAuth client token (returns400— use/v1/funds/partner) - Creating a partner fund before the acting user has saved PII/identity on Endaoment
- Using
fundInput/advisor.*schema on the partner route (partner route expects a flat body) - Using partner identifiers shorter than 16 characters (validation rejects them)
- Omitting
partnerAccountIdentifieron the partner route - Calling the API from the browser with a Bearer token