Appearance
Account Management
With a CRM token (Onboarding) your service account creates and administers customer accounts. The id returned at creation is the key you pass to every CRM call that targets that user.
All calls on this page send Authorization: Bearer {crm_token}.
Create an account
http
POST /api/v1/account
Authorization: Bearer {crm_token}
Content-Type: application/json
X-API-Version: 2026-06-12
{
"ssn": "19900101-1234",
"first_name": "John",
"last_name": "Doe",
"email": "john.doe@example.com",
"country_code": "SE",
"lang_code": "SV",
"plan_id": 1,
"type": "SINGLE"
}Response (201): the created account under data. Persist data.id as your {account_id}.
SSN cannot be set or changed through CRM after creation
On the CRM (service-account) surface, ssn can only be provided in this POST /api/v1/account call (and the equivalent business/family create calls). Every CRM update path — PUT/PATCH /api/v1/account/{account_id}, PUT /api/v2/account/{account_id}, and the targeted update routes — ignores ssn, so your backend cannot add or change it later with a CRM token. The SSN-monitoring routes below only toggle monitoring of an SSN that is already on the account; they do not add one.
If you do not provide the ssn at account creation, the only way to get it onto the account afterwards is to trigger the end-user electronic ID (eID) flow. The user authenticates with a trusted eID (BankID / MitID / FTN) and the verified SSN is written to their account. That flow uses the app token, not a CRM token — see Add an SSN via electronic ID. There is no CRM/service-account route to backfill an SSN.
Required and conditional fields
| Field | Rule |
|---|---|
first_name, last_name | Required on create |
ssn | Deployment-dependent. Required when your gateway runs with SSN_REQUIRED enabled (the default); on tenants where SSN collection is optional it may be omitted and backfilled later via the end-user eID flow. Confirm with your account manager. |
email | Required when phone is omitted |
phone | Required when email is omitted |
plan_id | Required when your client uses plan-based billing — confirm with your account manager |
SSN requirement varies by tenant
The API reference renders ssn as optional so both configurations validate, but most deployments require it at creation. Treat it as required unless your account manager confirms your tenant accepts accounts without an SSN.
Check uniqueness first
If you sync external identities, verify before creating to avoid duplicates:
http
POST /api/v1/account/check-attribute-for-uniqueness
Authorization: Bearer {crm_token}
{ "attribute": "email", "value": "john.doe@example.com" }Business accounts
http
POST /api/v1/account/business
Authorization: Bearer {crm_token}Family / multi-member plans add members and invite them:
http
POST /api/v1/account/{account_id}/member
POST /api/v1/account/{account_id}/invite
GET /api/v1/account/{account_id}/membersLook up accounts
http
GET /api/v1/accounts
GET /api/v1/account/{account_id}
GET /api/v1/account/external-id/{externalId}
GET /api/v1/account/get-id-by-ssn/{ssn}Update an account
http
PUT /api/v1/account/{account_id}
PATCH /api/v1/account/{account_id}ssn cannot be updated
These update calls silently ignore an ssn field. The SSN is fixed at creation time — see SSN can only be set at creation.
Targeted changes have dedicated routes:
http
POST /api/v1/account/{account_id}/change-email
PATCH /api/v1/account/{account_id}/delete-email
POST /api/v1/account/{account_id}/change-supervisor
POST /api/v1/account/{account_id}/password
POST /api/v1/account/{account_id}/resend-confirm-emailActivation
http
GET /api/v1/account/{account_id}/activation-status
POST /api/v1/account/{account_id}/activate
POST /api/v1/account/{account_id}/deactivatePlan changes
http
POST /api/v1/account/upgrade
POST /api/v1/account/downgradeSSN monitoring
Enable or disable national-ID monitoring when the customer's plan includes it:
http
PATCH /api/v1/account/{account_id}/ssn-monitoring/activate
PATCH /api/v1/account/{account_id}/ssn-monitoring/deactivateThese routes only switch monitoring on or off for an SSN that was supplied when the account was created. They do not add an SSN to an account that doesn't have one.
Delete an account
http
DELETE /api/v1/account/{account_id}v2 account operations
The v2 surface adds a refreshed update and member flow:
http
PUT /api/v2/account/{account_id}
POST /api/v2/account/deactivate
POST /api/v2/account/member
POST /api/v2/account/member/{memberId}/invite
POST /api/v2/account/password
GET /api/v2/accountsNext step
Enrol monitored items for the account.