◆ For Issuers & Partners

Your Rewards Programme.
Your Members' Wealth.

If you're a merchant — an airline, retailer, hotel chain, or any business with a loyalty programme — or an issuer of credit or debit cards with an associated points or rewards programme, we'd love to talk.

PointsVest helps your members turn the everyday points and rewards they earn into long-term invested wealth — with no disruption to your existing platform, no change to how members earn, and no impact on your programme economics.

Airlines, Hotels & Retailers
Any merchant with a loyalty or points programme can offer members a compelling new reason to earn and stay engaged.
Card Issuers & Banks
Reduce points liability, deepen member engagement, and evolve your loyalty platform into a financial wellness ecosystem.
Zero Disruption
Members continue earning exactly as they do today. PointsVest works alongside your existing platform — no replatforming required.

Start a Conversation
with Our Team

Whether you're a card issuer, airline, hotel programme, or financial institution — we'd love to understand your loyalty ecosystem and explore how PointsVest can create value for your members and your business.

Reduce points liability

Convert unredeemed rewards into invested assets — shifting liability while adding member value.

Deeper member engagement

Members who invest with their rewards check their portfolio — and your programme — far more frequently.

Low integration effort

REST APIs, sandbox environment, and a dedicated integration team. Most partners go live in weeks.

BIAN-aligned & compliant

API framework aligned to BIAN v12. Designed to meet compliance and procurement requirements.

Get in Touch
Tell us about your organisation and we'll be in touch within one business day.
Something went wrong sending your message. Please try again or email us directly at tusharpuranik@pointsvest.com.
0 / 1000
Your information is kept private and used only to respond to your inquiry.

Thanks — we'll be in touch!

Your inquiry has been sent to the PointsVest partnerships team. We aim to respond within one business day.

API & Integration Reference

The PointsVest Partner API lets you connect your rewards programme so your members' points are automatically converted and invested. Below is everything your engineering team needs to integrate.

Secure by default
OAuth 2.0, TLS 1.3, HMAC-signed webhooks, mTLS for value-moving ops.
Idempotent
Every mutating call accepts an Idempotency-Key. Safe to retry.
Sandbox first
Full test environment — validate every flow before going live.
BIAN v12 aligned
Service domains mapped for compliance & procurement sign-off.
Production https://api.pointsvest.com | Sandbox https://sandbox.api.pointsvest.com
Authentication

All API calls use OAuth 2.0 Client Credentials. Exchange your credentials for an access token and include it as a Bearer token on every request.

Token Request
POST https://auth.pointsvest.com/oauth/token
Content-Type: application/x-www-form-urlencoded

grant_type=client_credentials
&client_id=ci_xxxxxxxxxxx
&client_secret=cs_xxxxxxxxxxx
&scope=rewards:read rewards:debit account:link
HeaderRequiredDescription
AuthorizationAlwaysBearer {access_token}
Idempotency-KeyMutating callsUUID v4 — unique per operation, safe to reuse on retry
X-PV-Partner-IDAlwaysYour partner ID from registration
X-PV-SignatureMutating callsHMAC-SHA256 of request body, hex-encoded
X-PV-TimestampMutating callsUnix epoch seconds — rejected if >300s clock skew
Partner Registration
◆ BIAN: Product Directory

Register your organisation and manage your partner configuration.

POST /v1/partner-registry Register a new partner

Register your organisation. Returns OAuth client credentials and a sandbox URL. Status starts as pending_verification until compliance review and mTLS certificate upload are complete.

JSON
{
  "partner": {
    "legal_name": "Chase Bank, N.A.",
    "brand_name": "Chase",
    "partner_type": "card_issuer",
    "regulatory_id": "RSSD-852218",
    "contact": {
      "technical_email": "api-ops@yourbank.com",
      "compliance_email": "compliance@yourbank.com"
    },
    "program_metadata": {
      "program_name": "Ultimate Rewards",
      "currency_label": "points",
      "base_cpp": 0.01
    },
    "webhook_endpoint": "https://api.yourbank.com/pv/events"
  }
}
201 Created
JSON
{
  "partner_id": "ptnr_xxxxx",
  "client_id": "ci_xxxxxxxxxxx",
  "client_secret": "cs_xxxxxxxxxxx",
  "status": "pending_verification",
  "sandbox_base_url": "https://sandbox.api.pointsvest.com/v1"
}
GET /v1/partner-registry/{partner_id} Retrieve partner profile
Response 200
{
  "partner_id": "ptnr_xxxxx",
  "status": "active",
  "capabilities": ["rewards_credit", "rewards_debit", "balance_inquiry"],
  "activated_at": "2025-01-20T09:00:00Z"
}
PUT /v1/partner-registry/{partner_id} Update partner config

Update webhook URL, rotate public key, or update your base CPP rate. Partial updates accepted.

JSON
{
  "webhook_endpoint": "https://api.yourbank.com/pv/events-v2",
  "program_metadata": { "base_cpp": 0.012 }
}
Account Linking
◆ BIAN: Customer Offer  ·  Party Reference Data Management

Link and manage your members' rewards accounts. Bank accounts are linked via Plaid — see the full internal spec for details.

POST /v1/reward-point-account/{pv_account_id}:link Link a rewards account

Link a member's rewards account after consent is granted. The :link suffix indicates this is a command, not a resource creation.

JSON
{
  "partner_id": "ptnr_xxxxx",
  "partner_account_id": "your_acct_9872341",
  "pv_customer_id": "cust_pv_78123",
  "customer_pii_hash": "sha256:a3f9c2...",
  "program_code": "CHASE_UR",
  "consent": {
    "consent_id": "cns_98712",
    "granted_at": "2025-01-15T10:05:00Z",
    "scopes": ["balance_read", "rewards_debit"],
    "expiry": "2026-01-15T10:05:00Z"
  },
  "initial_balance": {
    "units": 72540, "currency": "points"
  }
}
201 Created
JSON
{
  "pv_account_id": "pvacc_xxxxx",
  "status": "active",
  "linked_at": "2025-01-15T10:05:30Z",
  "estimated_value_usd": 725.40
}
FieldTypeDescription
partner_account_idrequiredstringYour internal ID for this member account
pv_customer_idrequiredstringMember's PointsVest ID from onboarding
customer_pii_hashrequiredstringSHA-256 of name + DOB — for identity matching without raw PII
consent.scopesrequiredstring[]Scopes the member granted — see Consent Scopes
initial_balance.unitsoptionalintegerCurrent balance at linking time
POST /v1/reward-point-account/{pv_account_id}:unlink Unlink an account

Unlink a member's account. Triggers a sweep of any invested balance back to your programme. Note: uses POST :unlink rather than DELETE so the request body (reason, disposition) remains valid per HTTP spec.

JSON
{
  "reason": "customer_requested",
  "effective_date": "2025-02-01T00:00:00Z",
  "pending_balance_disposition": "return_to_issuer"
}
POST /v1/reward-point-account/{pv_account_id}/customer:update Update customer details

Notify PointsVest of a PII change. PV stores a hash only — you remain the source of truth for all member data.

JSON
{
  "update_type": "name_change",
  "customer_pii_hash": "sha256:b7d2e1...",
  "effective_date": "2025-02-01"
}
Rewards
◆ BIAN: Reward Points Account

Credit rewards to PointsVest for investment, and check the invested balance at any time.

POST /v1/reward-point-account/{pv_account_id}/rewards:credit Credit rewards

Credit points or miles to PointsVest for conversion and investment. Use your transaction ID as the idempotency_key to safely retry on network failure.

JSON
{
  "idempotency_key": "idem_yourtxn_20250115_001",
  "transaction": {
    "partner_transaction_id": "your_txn_445521",
    "credit_units": 2400,
    "currency": "points",
    "transaction_type": "earn",
    "earn_category": "dining",
    "transaction_date": "2025-01-15T18:32:00Z"
  },
  "valuation": {
    "cpp_at_time": 0.01,
    "usd_equivalent": 24.00
  }
}
200 OK
JSON
{
  "pv_transaction_id": "pvtxn_00912344",
  "status": "credited",
  "pv_account_balance": 74940,
  "invested_amount_usd": 24.00,
  "auto_invest_triggered": true,
  "credited_at": "2025-01-15T18:32:05Z"
}
FieldTypeDescription
idempotency_keyrequiredstringUse your transaction ID — safe to retry with same key
transaction.credit_unitsrequiredintegerWhole number of points or miles — no fractional units
transaction.currencyrequiredenumpoints or miles
valuation.cpp_at_timerequireddecimalYour programme's cents-per-point at time of transaction
transaction.earn_categoryoptionalstringCategory for member reporting (dining, travel, grocery…)
GET /v1/reward-point-account/{pv_account_id}/rewards/balance Get invested balance
Response 200
{
  "balance": {
    "invested_units": 72540,
    "invested_usd_value": 2050.30,
    "last_credited_at": "2025-01-14T22:00:00Z"
  },
  "as_of": "2025-01-15T10:00:00Z"
}
Webhooks
◆ BIAN: Notification

Subscribe to platform events. Eliminates the need to poll — you'll be notified the moment something changes for your members.

Every webhook includes an X-PV-Signature header (HMAC-SHA256 of the raw body, signed with your signing_secret). Always verify this before processing.
POST /v1/notifications:subscribe Subscribe to events
JSON
{
  "partner_id": "ptnr_xxxxx",
  "endpoint_url": "https://api.yourbank.com/pv/events",
  "events": [
    "account.linked", "account.unlinked",
    "rewards.invested", "rewards.redeemed",
    "rewards.credit_failed", "customer.consent_revoked"
  ],
  "signing_secret": "whsec_xxxxxxxxx"
}
rewards.invested event
{
  "event_id": "evt_00112233",
  "event_type": "rewards.invested",
  "partner_id": "ptnr_xxxxx",
  "pv_account_id": "pvacc_xxxxx",
  "data": {
    "units_invested": 2400,
    "usd_value": 24.00,
    "goal": "aggressive_growth"
  },
  "timestamp": "2025-01-15T18:33:01Z",
  "signature": "sha256=xxxxxxxxxxx"
}
EventTriggered when
account.linkedMember successfully links their account
account.unlinkedAccount unlinked — by customer or system
rewards.investedPoints converted and invested into portfolio
rewards.redeemedMember redeems value (cashout or return to programme)
rewards.credit_failedCredit operation failed — retry with same idempotency key
customer.consent_revokedMember revoked access — account will be unlinked
Consent Scopes

Only call operations covered by the scopes the member has granted. Attempting an out-of-scope operation returns 403 FORBIDDEN.

ScopeRequired forRevocable
balance_readAll features — minimum viable consentNo — base scope
rewards_debitPointsVest debiting points for investmentYes
transaction_readRoundVest round-up calculationYes
cash_debitFloatVest cash sweep from linked bank accountYes
Error Codes

All errors use a consistent envelope. The code field is machine-readable and stable across API versions.

Error envelope
{
  "error": {
    "code": "INSUFFICIENT_BALANCE",
    "message": "Account has 3,000 points but 5,000 were requested.",
    "request_id": "req_xxxxxxxxx",
    "retry_after": null
  }
}
HTTPCodeMeaningRetry?
400INVALID_REQUESTMalformed body or missing fieldNo — fix request
401UNAUTHORIZEDInvalid or expired tokenYes — refresh token
403FORBIDDENScope not granted or consent revokedNo — re-authorise
404NOT_FOUNDAccount or resource not foundNo
409IDEMPOTENCY_CONFLICTSame key, different payloadNo — investigate
422INSUFFICIENT_BALANCENot enough pointsNo
429RATE_LIMITEDToo many requests — check Retry-AfterYes — after delay
500INTERNAL_ERRORPlatform errorYes — backoff
503SERVICE_UNAVAILABLEMaintenance windowYes — check status