> ## Documentation Index
> Fetch the complete documentation index at: https://docs.lerian.studio/llms.txt
> Use this file to discover all available pages before exploring further.

# Create outbound transfer

> Creates a new outbound transfer in StateProtocolGenerated.
The worker will pick it up asynchronously and stream the
referenced bucket object to BACEN STA. Emits the audit
event sta.transfer.status.{sourceProduct} on success.



## OpenAPI

````yaml en/openapi/v3-current/sta.yaml post /v1/transfers
openapi: 3.0.3
info:
  title: Lerian STA API
  description: >-
    API for Lerian STA — the participant-side rail that connects the institution
    to Banco Central do Brasil's STA (Sistema de Transferencia de Arquivos)
    file-exchange system. It covers outbound and inbound file transfers, BACEN
    credential management, inbound source polling configuration, and the tenant
    trust-store for message-signing certificates.
  version: v1.0.0
servers:
  - url: https://sta.sandbox.lerian.net
security:
  - BearerAuth: []
tags:
  - name: transfers
    description: >-
      Outbound and inbound STA file transfers — creation, listing, read,
      cancellation, retry, and urgent-processing marking.
  - name: trust-store
    description: >-
      Tenant trust-store X.509 certificate lifecycle: listing, upload, deletion,
      and status summary.
  - name: credentials
    description: >-
      BACEN STA credential management: creation, read, update, rotation,
      revocation, and connectivity testing.
  - name: inbound-source-configs
    description: >-
      Inbound source polling configuration: creation, read, update, deletion,
      manual poll triggering, and discovery reserve usage.
  - name: health
    description: Service health and readiness reporting.
paths:
  /v1/transfers:
    post:
      tags:
        - transfers
      summary: Create outbound transfer
      description: |-
        Creates a new outbound transfer in StateProtocolGenerated.
        The worker will pick it up asynchronously and stream the
        referenced bucket object to BACEN STA. Emits the audit
        event sta.transfer.status.{sourceProduct} on success.
      parameters:
        - description: >-
            Idempotency key. A repeated request carrying the same key within the
            dedup window replays the original 201 outcome; an identical request
            still in-flight returns 409.
          in: header
          name: X-Idempotency
          schema:
            type: string
      requestBody:
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/http.CreateTransferRequest'
        description: create transfer payload
        required: true
      responses:
        '201':
          description: >-
            Created. On a replayed request the X-Idempotency-Replayed response
            header is set to true.
          headers:
            X-Idempotency-Replayed:
              description: >-
                true when the 201 body is a replay of a prior request served
                from the idempotency store
              schema:
                type: string
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/http.TransferView'
        '400':
          description: Bad Request
          content:
            application/json:
              schema:
                additionalProperties: true
                type: object
        '401':
          description: Unauthorized
          content:
            application/json:
              schema:
                additionalProperties: true
                type: object
        '403':
          description: Forbidden
          content:
            application/json:
              schema:
                additionalProperties: true
                type: object
        '404':
          description: Not Found
          content:
            application/json:
              schema:
                additionalProperties: true
                type: object
        '409':
          description: Conflict
          content:
            application/json:
              schema:
                additionalProperties: true
                type: object
        '413':
          description: Request Entity Too Large
          content:
            application/json:
              schema:
                additionalProperties: true
                type: object
        '422':
          description: Unprocessable Entity
          content:
            application/json:
              schema:
                additionalProperties: true
                type: object
        '503':
          description: Service Unavailable
          content:
            application/json:
              schema:
                additionalProperties: true
                type: object
components:
  schemas:
    http.CreateTransferRequest:
      properties:
        credentialId:
          type: string
        documentType:
          type: string
        fileName:
          type: string
        fileRef:
          type: string
        sourceProduct:
          type: string
      required:
        - credentialId
        - documentType
        - fileName
        - fileRef
        - sourceProduct
      type: object
    http.TransferView:
      properties:
        bytesDownloaded:
          type: integer
        bytesUploaded:
          type: integer
        createdAt:
          type: string
        credentialId:
          type: string
        currentState:
          type: string
        currentStateCode:
          type: integer
        direction:
          type: string
        documentType:
          type: string
        downloadAttempts:
          description: |-
            DownloadAttempts is the legacy aggregate counter; for inbound
            transfers, see hashMismatchAttempts + transmissionAttempts.
          type: integer
        errorCode:
          type: string
        expired:
          type: boolean
        expiresAt:
          description: >-
            ExpiresAt / SecondsRemaining / Expired project the 44h BACEN
            protocol

            TTL directly onto the read view (the dedicated GET /:id/expiry
            endpoint

            was folded in here). ExpiresAt is nil — and SecondsRemaining 0,

            Expired false — until the transfer is assigned a protocol number

            (ProtocolGeneratedAt nil). Once assigned, ExpiresAt is

            ProtocolGeneratedAt + TTL; SecondsRemaining counts down to it at the

            handler clock and clamps to 0, at which point Expired flips true.
          type: string
        fileName:
          type: string
        fileRef:
          type: string
        fileSizeBytes:
          type: integer
        hashMismatchAttempts:
          description: |-
            HashMismatchAttempts is the inbound-only counter that drives the
            StateInconsistent terminal budget (HASH_MISMATCH). Always 0 for
            outbound transfers.
          type: integer
        id:
          type: string
        lastTransitError:
          type: string
        protocolGeneratedAt:
          type: string
        protocolNumber:
          type: string
        secondsRemaining:
          type: integer
        sourceProduct:
          type: string
        transmissionAttempts:
          description: |-
            TransmissionAttempts is the inbound-only counter that drives the
            StateCanceled / DOWNLOAD_FAILED terminal budget. Always 0 for
            outbound transfers.
          type: integer
        updatedAt:
          type: string
        uploadAttempts:
          type: integer
        urgentRequestedAt:
          description: |-
            UrgentRequestedAt is the UTC timestamp at which an operator flagged
            this inbound transfer for urgent processing (mark-urgent). Nil (and
            omitted) for transfers that were never marked urgent.
          type: string
      type: object
  securitySchemes:
    BearerAuth:
      description: 'Bearer token authentication (format: "Bearer {token}")'
      in: header
      name: Authorization
      type: apiKey

````