Skip to main content
Before a user can cash out, you save their bank account as a payment method. Saved payment methods are reusable across Crossmint products, so a user enters their details once.

How tokenization works

Sensitive fields (the account number) are sent to the vault host, vault.crossmint.com, which tokenizes them before the request reaches Crossmint. You store only the returned paymentMethodId and the masked accountSuffix; raw account numbers never touch your servers or Crossmint’s.

Save a US bank account

curl -X POST 'https://vault.staging.crossmint.com/api/unstable/payment-methods' \
  -H 'X-API-KEY: <YOUR_SERVER_API_KEY>' \
  -H 'Content-Type: application/json' \
  -d '{
    "type": "bank-account-us",
    "userLocator": "userId:<USER_ID>",
    "bankAccount": {
      "accountNumber": "6349881141",
      "routingNumber": "026009593",
      "accountType": "checking",
      "bankName": "Chase",
      "bankAddress": { "line1": "420 Montgomery St", "city": "San Francisco", "stateOrRegion": "CA", "postalCode": "94104", "country": "US" },
      "currency": "usd",
      "country": "US",
      "entityType": "individual",
      "billing": { "name": "Alice Smith", "phone": "+13055551234", "address": { "line1": "701 S Miami Ave", "city": "Miami", "stateOrRegion": "FL", "postalCode": "33156", "country": "US" } }
    }
  }'
The response returns the saved payment method, including its paymentMethodId, the resolved bankName, and a masked accountSuffix (banks use accountSuffix, not last4). Pass the paymentMethodId as the recipient when you create an order. 
{
  "paymentMethodId": "d5e5c48a-7dec-44b1-8cf4-4615bf00c8fc",
  "default": false,
  "displayName": "Chase ••1141",
  "createdAt": "2026-06-17T21:25:56.542Z",
  "updatedAt": "2026-06-17T21:25:56.542Z",
  "type": "bank-account-us",
  "bankAccount": {
    "billing": {
      "name": "Alice Smith",
      "phone": "+13055551234",
      "address": { "line1": "701 S Miami Ave", "city": "Miami", "stateOrRegion": "FL", "postalCode": "33156", "country": "US" }
    },
    "bankName": "Chase",
    "accountSuffix": "1141",
    "currency": "usd",
    "country": "US",
    "entityType": "individual",
    "bankAddress": { "line1": "420 Montgomery St", "city": "San Francisco", "stateOrRegion": "CA", "postalCode": "94104", "country": "US" },
    "routingNumber": "026009593",
    "accountType": "checking"
  }
}
Saving an account does not require the user to be verified yet, but creating an order does. Before you offramp with this account, verify the user and link the wallet they will pay from. See the Quickstart.

Field reference (US)

FieldDescription
accountNumberThe account number (tokenized at the vault).
routingNumberNine-digit ABA routing number.
accountTypechecking or savings.
billing.nameAccount holder name. Must match the verified user.
currency / countryusd / US.
entityTypeindividual or business.

List, update, and remove

Reads and non-sensitive updates go through the standard API (not the vault host). Use it to list a user’s payment methods, fetch one, update billing details, or remove an account.

Next steps

Quickstart

Use a saved account in an offramp

KYC & Compliance

Verification requirements