B2C Subaccount Onboarding API

📘

This API is exclusively available for B2C clients

Partners whose end users are individuals or unregistered businesses (i.e., without a legal business entity). A Brick account can only be configured for either B2B or B2C mode, not both.

The B2C Subaccount Onboarding API enables Brick partners to programmatically create and manage sub-accounts for their end users. It's ideal for platforms serving creators, freelancers, or small business owners.

This API replaces manual onboarding flows and supports the full account provisioning lifecycle, including automated API key generation, secure credential management, and streamlined subaccount setup.

Key Features

  • Create sub-accounts programmatically via API
  • Automatically generate secure client_key and client_secret
  • Regenerate credentials if compromised or expired
  • Upload a public key for verifying client-signed requests
  • Bearer Token Authentication for all endpoints
  • Standardized error responses

API Endpoints

Before diving into the endpoints, ensure you review and understand how to generate the X-Signature used in the request header. You can read the guide here.

  • Setup your Public Key

    Uploads a public key used to verify encrypted or signed communications from the client to Brick.
    This step is required before creating subaccounts.
    📘 The uploaded public key must be in PEM format and must match the private key held by your system for signing payloads. See API Reference: Setup Public Key API
  • Create Subaccount

    Creates a new sub-account with a custom name, sub-account code, and optional logo. See the details on [B2C Client] Create Subaccount API reference.
  • Regenerate API Keys

    Use this endpoint to rotate API keys for a sub-account. See the details on [B2C Client] Regenerate API Key API reference.

⚠️ Error Handling

The API returns standardized error messages for easier troubleshooting:

Error Response

The API returns standardized error messages for easier troubleshooting

HTTP CodeMessageDescription
400Invalid RequestMissing required fields, malformed input
400Image Too LargeUploaded image exceeds the allowed size limit
401UnauthorizedInvalid token or missing Bearer token
404Subaccount Not FoundThe requested subaccount does not exist.
403ForbiddenAction not allowed for current account type or status
403Public Key Not FoundPublic Key has not been uploaded by the client
409ConflictDuplicate subaccount code
429Rate Limit ExceededToo many requests
500Internal Server ErrorSystem failure—retry later