User Guides
FAQ

Scoped Sub-Account Actions

Understand when to use scoped sub-account authentication, how customer-specific sessions work, and where to continue into the recipe and supporting guides.

Login as a Sub-Account and Run a Scoped Action

Use this flow when you need a customer-specific session that is limited to one downstream sub-account, such as an embedded dashboard, a customer portal, or any operation that should not accidentally affect another customer context.

✅ Before you start

Complete these steps before you use scoped sub-account authentication:

  1. Create the sub-account and store its ID.
  2. Authenticate successfully with your master credentials.
  3. Decide whether you need a scoped token or whether master auth plus X-Sub-Account-Id is sufficient.
  4. Prepare to store and label scoped tokens separately from master tokens.

📚 Use this page with the recipe

This guide explains when to use scoped sub-account authentication and the minimum sequence. For the step-by-step implementation, use the recipe:

Login as a Sub-Account and Run a Scoped Action Recipe →

The scoped sub-account auth workflow

This use case follows a simple sequence:

  1. Choose scoped auth for a customer-specific session.
  2. Request a scoped token using the subAccountId during login.
  3. Call customer-specific endpoints with the scoped token.
  4. Keep scoped tokens separate from master orchestration credentials.

What makes this use case different?

Unlike master auth plus X-Sub-Account-Id, this pattern is specifically for cases where:

  • one session should only ever operate on one downstream customer
  • you want to reduce the risk of acting on the wrong sub-account by mistake
  • your UI or backend session should be limited to customer-scoped balances, wallets, or activity

Where to go deeper

Use the product guides when you need implementation detail for a specific step:

Success indicators

SignalWhat it means
Scoped token returnedThe login response is limited to the requested sub-account context.
Customer-specific request succeedsThe scoped token can access only the expected downstream resources.
No cross-customer leakageThe session does not accidentally expose another sub-account’s balances or actions.

Troubleshooting

IssueWhat to check
Scoped login failsConfirm the subAccountId exists and belongs to the correct platform context.
Wrong customer data appearsVerify you are using the intended scoped token and not a master token or another customer’s token.
Scoped requests cannot find wallets or balancesConfirm the sub-account is active and already has the resources your UI or service expects.

Next steps

Global Collection to Payout →
See the advanced downstream flow for collecting funds and sending them onward from the same customer context.		Retry a Timed-Out Payout Safely →
Learn how to recover safely when a payout request returns an uncertain result.

Updated 3 days ago

Privacy policy Terms of service

VertoFX Ltd (No. 10973066) designs and operates the VertoFX website and app. VertoFX is authorised by the Financial Conduct Authority under the Electronic Money Regulations 2011, Firm Reference 901073, for the issuing of electronic money. Database rights protect data on VertoFX website(s) (including pricing data).

Please Note: we do NOT and WILL not deal with unregulated exchanges or affiliates as this currently falls outside of our risk appetite.

© Verto 2026

All rights reserved Registered Office: 20-22 Wenlock Road, London, England, N1 7GU