Endpoint permissions & availability
All endpoints in the API reference are available to end users and integrators by default. We do however recommend testing each endpoint you intend to use against your own API user before relying on it in production — a quick call against the sandbox will confirm access.
Entity-level permissions
Within any endpoint family that takes an entityCode, access is granted per-entity. A user might have full read+write on one entity (for example, TEST0001) and read-only on another (TEST0002) depending on how the underlying client set up their entities.
API permissions are user-scoped. If new permissions need to be added (a new entity, a wider scope on an existing entity), please contact your TreasurySpring account manager.
Once new permissions are added to your user, you need to regenerate your API credentials (portal → Developer Settings) and start using the new client_id / client_secret. Tokens minted from the old credentials will not pick up the updated permissions.
Webhook availability
The webhook registration endpoints are available, but no events are delivered to registered URLs today. For any push-style reconciliation, we'd suggest the cursor-paginated event stream or a checkpoint.
If push-based delivery to a registered URL is something you'd need, please let us know.