Skip to main content
POST
/
v1
/
transfers
/
signing
/
prepare
Prepare Transfer Signing Payload
curl --request POST \
  --url https://plugin-br-bank-transfer.sandbox.lerian.net/v1/transfers/signing/prepare \
  --header 'Authorization: Bearer <token>' \
  --header 'Content-Type: application/json' \
  --header 'X-Idempotency: <x-idempotency>' \
  --header 'X-Organization-Id: <x-organization-id>' \
  --data '
{
  "initiationId": "019c96a0-aa10-7abc-d1e2-8c9d0e1f2a3b"
}
'
{
  "signingArtifactId": "019c96a0-bb10-7def-a1b2-3c4d5e6f7a8b",
  "transferId": "019c96a0-ab10-7cde-f1a2-0e1f2a3b4c5d",
  "controlNumber": "202602010001",
  "algorithm": "RSA_PKCS1_V15_SHA256",
  "payload": "<STR0008>...</STR0008>",
  "payloadHash": "8f0c7f5c1c7b4d9f2f5c7d1a0d4c9a2b9c0d1e2f3a4b5c6d7e8f9a0b1c2d3e4f",
  "expiresAt": "2026-02-02T15:30:00-03:00"
}

Documentation Index

Fetch the complete documentation index at: https://docs.lerian.studio/llms.txt

Use this file to discover all available pages before exploring further.

Authorizations

Authorization
string
header
required

JWT Bearer token authentication. The token must include a tenantId claim that matches the X-Organization-Id header.

Headers

X-Organization-Id
string<uuid>
required

Organization ID used as the tenant identifier. All data is scoped to this organization. Must match the JWT tenantId claim when authentication is enabled.

X-Idempotency
string
required

Required idempotency key for safe retries. Use a UUID v4 or unique business identifier. If the same key is sent again and the original request was already processed, the cached response is returned.

See Retries and idempotency for details.

Maximum string length: 255

Body

application/json
initiationId
string<uuid>
required

The initiation ID returned by the Initiate Transfer endpoint.

Example:

"019c96a0-aa10-7abc-d1e2-8c9d0e1f2a3b"

Response

Indicates that the canonical payload was generated and is ready to be signed.

signingArtifactId
string<uuid>
required

Identifier of the frozen signing artifact. Pass this value to Process Transfer along with the signature.

Example:

"019c96a0-bb10-7def-a1b2-3c4d5e6f7a8b"

transferId
string<uuid>
required

The transfer ID reserved for the eventual TED OUT. Not queryable until Process Transfer succeeds.

Example:

"019c96a0-ab10-7cde-f1a2-0e1f2a3b4c5d"

controlNumber
string
required

The JD SPB control number reserved for this transfer.

Maximum string length: 20
Example:

"202602010001"

algorithm
enum<string>
required

The signing algorithm. Pinned per JD SPB contract; any other value is rejected at Process Transfer.

Available options:
RSA_PKCS1_V15_SHA256
Example:

"RSA_PKCS1_V15_SHA256"

payload
string
required

The canonical STR0008 payload, exactly as it will be submitted to JD SPB.

Example:

"<STR0008>...</STR0008>"

payloadHash
string
required

Hex-encoded SHA-256 digest of the payload. Echo this value at Process Transfer for integrity validation.

Example:

"8f0c7f5c1c7b4d9f2f5c7d1a0d4c9a2b9c0d1e2f3a4b5c6d7e8f9a0b1c2d3e4f"

expiresAt
string<date-time>
required

The time when the signing artifact expires. Process Transfer must be called before this timestamp.

Example:

"2026-02-02T15:30:00-03:00"

signableContent
string

The ConteudoAssinado extraction for external signers. Present only when an external signing builder is configured.

Example:

"<ConteudoAssinado>...</ConteudoAssinado>"