API integration flows

This section provides guidance on VASP-to-VASP and self-hosted wallet integration flows. Please note that these are example flows provided for reference—you may adapt them as needed to align with your specific business processes and regulatory requirements.

• VASP-to-VASP Withdrawal

• VASP-to-VASP Deposit

• Self-Hosted Wallet Withdrawal

• Self-Hosted Wallet Deposit

VASP-to-VASP Withdrawal

This flow outlines the process for initiating a Travel Rule crypto asset transfer from Virtual Asset Service Provider (VASP) A to VASP B. It includes the key steps required to collect and transmit originator and beneficiary information in line with applicable regulatory expectations.

• Step 1: The user initiates a withdrawal request .

• Step 2: The originating VASP A starts a Travel Rule transfer. If any of the records involved in the transfer do not exist, details such as the originator, beneficiary, and wallet addresses are submitted via the Ospree API.

• Step 3: Create an account for the originator if it does not already exist.

• Step 4: Associate the wallet address with the originator account if it was not associated previously.

• Step 5: Create an account for the beneficiary if it does not already exist.

• Step 6: Associate the wallet address with the beneficiary account if it was not associated previously.

• Step 7: VASP A initiates the Travel Rule transfer via Ospree platform.

• Step 8: Beneficiary VASP B validates the transfer details.

• Step 9: Beneficiary VASP B responds to the transfer inquiry with either an approval or rejection.

• Step 10: Ospree notifies VASP A of VASP B’s decision.

• Step 11: If the transfer is approved by Beneficiary VASP B, Originating VASP A executes the crypto asset transaction to the beneficiary address.

• Step 12: Originating VASP A updates the transfer record with the transaction hash.

VASP-to-VASP Deposit

This flow outlines the steps involved when a VASP receives a crypto asset transfer initiated by another VASP. It includes how incoming transactions are detected, evaluated against compliance thresholds, and verified in accordance with Travel Rule requirements.

• Step 1: VASP B initiates a Travel Rule transfer request to VASP A.

• Step 2: When an incoming transfer is detected, Ospree’s webhook sends a notification to VASP A.

• Step 3: VASP A inspects the transfer details and compares the transaction amount against a pre-set threshold rule based on local regulations.

  • (1) If the transaction exceeds the threshold: Verify whether Travel Rule data from the counterparty entity is included before processing the transfer.

    • If Travel Rule data is missing or does not match VASP A’s records, flag or block the incoming deposit.

    • If Travel Rule data is complete, proceed to the next standard compliance verification step, as defined in internal policies.

  • (2) If the transaction is within the allowed limit: The transfer proceeds without additional Travel Rule-related checks and moves to the next standard compliance verification step, as defined in internal policies.

• Step 4: VASP A approves or reject the transfer.

• Step 5: Ospree notifies VASP B of VASP A’s decision.

• Step 6: If the transfer is approved by VASP A (the beneficiary), VASP B (the originator) executes the crypto asset transaction to the beneficiary address.

Self-Hosted Wallet Withdrawal

This flow outlines the process for managing crypto asset withdrawals to self-hosted wallets owned by VASP A’s customers. It includes steps for collecting user attestations and gathering relevant information to support internal compliance processes, including Travel Rule data collection when applicable.

• Step 1: The user initiates a withdrawal request and inputs an address, indicating that it is a self-hosted wallet.

• Step 2: The VASP requests an ownership attestation from the user.

• Step 3: The user signs the attestation requested by the VASP.

• Step 4: VASP A initiates a Travel Rule transfer to the self-hosted address.

  • Originating and Beneficiary are the same VASP

  • Originating and Beneficiary accounts are the same

  • Originating and beneficiary addresses are different.

  • Only beneficiary address is self-hosted.

• Step 5: Ospree confirms the Travel Rule transfer record.

• Step 6: VASP A sends the crypto funds to the self-hosted address.

• Step 7: VASP A updates transaction hash record.

Self-Hosted Wallet Deposit

This flow outlines the process for handling incoming crypto asset deposits from a customer’s self-hosted wallet. It includes steps for collecting user attestations, verifying whether the wallet has already been labeled as self-hosted, and gathering the necessary data to support the creation of a Travel Rule transfer record, when applicable.

• Step 1: The user declares a self-hosted wallet address from which they plan to send funds to the VASP.

• Step 2: The VASP requests an ownership attestation from the user.

• Step 3: The user signs the attestation as requested by the VASP.

• Step 4: The user sends the funds from the declared self-hosted wallet address to the VASP.

• Step 5: The VASP recognizes the previously declared self-hosted wallet address and initiates a Travel Rule transfer from that address back to itself for record-keeping purposes.

  • Originating and Beneficiary are the same VASP

  • Originating and Beneficiary accounts are the same

  • Originating and beneficiary addresses are different.

  • Only originating address is self-hosted.