System Overview
The Core Loop
1) Delegated user is created in the bank
1) Delegated user is created in the bank
Your customer creates a dedicated user inside their bank portal for Waycore. Permissions are scoped explicitly:
- Read-only access (balances, transactions)
- Transfer initiation
- Approval rights (if required)
2) Waycore verifies access
2) Waycore verifies access
Waycore verifies that:
- The delegated user is active
- The required permissions exist
- The portal flow is operational
3) API call to execute
3) API call to execute
Your platform calls the Waycore API. Example:
POST /transfersBefore execution:- Policy rules are evaluated
- Limits are enforced
- Approval requirements are checked
4) Portal execution
4) Portal execution
Waycore:
- Navigates the bank portal
- Handles MFA prompts
- Submits transfer details
- Confirms bank acknowledgement
5) Webhooks + audit
5) Webhooks + audit
Every transfer moves through defined states:
- CREATED
- POLICY_VALIDATED
- QUEUED
- EXECUTING
- MFA_REQUIRED (if applicable)
- COMPLETED
- FAILED
What Happens When MFA Appears?
When a bank requires MFA, Waycore moves the execution into an MFA_REQUIRED state. Depending on your configuration, Waycore can: 1) request an end-user prompt, or 2) escalate to human-in-the-loop operations to complete the step under audit controls.
Guarantees
- Policy is evaluated before execution.
- Every state change is observable.
- Delegated access preserves bank-native permissions.
- No money movement occurs without explicit API initiation.
Non-Guarantees
- Banks may change portal flows.
- MFA requirements vary by institution.
- Execution latency depends on bank behavior.