Authorities

A custodian authority is the consent record that connects a depository to a live data feed at a custodian. The authority carries its own lifecycle — opened, documented, signed, activated, and eventually revoked — and the ingestion pipeline only runs against authorities in the active state. Each authority is scoped to one legal entity and one custodian.

Lifecycle

Name
pending
Type
initial
Description
Authority created. Waiting for required documents and signed consent before submission.
Name
submitted
Type
in flight
Description
Documents and consent uploaded. Aleta is processing the grant with the custodian.
Name
active
Type
live
Description
Custodian has accepted the grant. Holdings and transactions for the linked accounts are flowing in.
Name
revoked
Type
terminal
Description
Authority withdrawn — by the user, by Aleta after upstream failures, or by the custodian. No further data flows under this authority; create a new one to resume ingestion.

Data model

JSON:API resource type: custodian-authority.

Name
id
Type
string
Description
Stable identifier for the authority.
Name
status
Type
enum
Description
One of pending, submitted, active, revoked. See lifecycle above.

Relationships

Name
legalEntity
Type
legal-entity
Description
The legal entity granting the authority.
Name
custodian
Type
custodian
Description
The custodian receiving the grant. Embedded in the response — no standalone custodian endpoint.
Name
authFlow
Type
custodian-auth-flow
Description
The procedure being followed to complete the grant.
Name
linkedAccounts
Type
array of account
Description
Accounts the authority covers. Populated as accounts are linked on the custodian side.

GET/api/v3/custodian-authorities/{id}

Retrieve an authority

Single-authority lookup. The status field reflects the live lifecycle state — poll this endpoint while a flow is in progress to drive an onboarding UI.

Request