Managed Custody Mode

In Managed Custody Mode, the partner backend is the single orchestrator for all user banking actions. UR manages a fiat account per user (tokenized deposits, IBAN, card). The user's crypto can be held in the same UR-managed account, or in a separate non-UR wallet (partner-side or the user's own) — UR supports both. The user never interacts with a wallet for fiat actions.

This mode is designed for consumer fintechs, exchanges, and neobanks that want to offer banking features behind their own UX without exposing blockchain mechanics to end users.

Architecture

In Managed Custody Mode the user's fiat account is always UR-managed. The user's crypto can sit in that same UR-managed account, or in a separate non-UR wallet:

The partner backend calls the UR API for all fiat actions (pay-in, payout, FX, on-ramp, card). The user only signs when a crypto action must be authorized on a non-UR wallet they control (e.g., off-ramp from the user's own wallet); when the crypto sits in the UR-managed account, the partner backend signs instead.

Who signs what

User onboarding

• The user's URID is minted into a UR-managed wallet during account creation.

• KYC has two supported paths. Pick one based on whether your platform already runs a Sumsub tenant.

  • Sumsub reuse. Your platform completes KYC in your own Sumsub tenant and shares the approved applicant with UR. See API reference: Managed Custody Mode.

  • Sumsub SDK on user device. Your backend requests a UR-issued Sumsub access token and the Sumsub SDK on the user device drives KYC against UR's Sumsub tenant. See API reference: Managed Custody SDK KYC.

• No delegation step is required. The partner backend is authorized to act on the user's fiat account directly via API authentication.

• Once KYC reaches Live status, all banking functions are unlocked.

Core banking functions

Pay-in

The user sends a bank transfer (SEPA or SWIFT) from their external bank to their UR IBAN. The partner fetches the user's deposit details via the Profile API, displays them, and UR credits the fiat balance when the wire settles. UR notifies the partner via webhook.

Payout

The partner submits a payout request on behalf of the user. UR debits the fiat balance and dispatches the bank transfer. The user does not sign; the partner backend authorizes the action.

Off-ramp (crypto to fiat)

The user initiates an off-ramp from the partner UI. The partner fetches a quote from UR, then the crypto is submitted to the UR off-ramp contract from whichever wallet holds it — the UR-managed account itself, or a separate non-UR wallet (partner-side or the user's own). Fiat is credited to the user's UR Account. The off-ramp contract is agnostic to the source wallet; the _targetAccount parameter names the UR Account that receives the fiat (see API reference §7.2). UR notifies the partner via webhook.

On-ramp (fiat to crypto)

The partner fetches a quote and the user confirms. The partner submits the on-ramp request; UR debits the user's fiat balance. Crypto is credited to the user's crypto wallet — the UR-managed account or a separate non-UR wallet. The user does not sign for the fiat debit.

FX (fiat to fiat)

The partner fetches a quote, the user confirms, and the partner submits the swap. UR executes the conversion atomically (burn one tokenized deposit, mint another). The user does not sign.

Card

The partner requests card issuance via API. UR issues the card; the card number and CVV are revealed only inside a secure UR-hosted view. Card spend behavior is governed by Card Mode (Fiat Only or Crypto Backed), which is chosen independently of the integration mode.

API reference

See API reference: Managed Custody Mode for endpoints, request/response formats, and webhook definitions.