The CrowdPay API is a REST-based interface to our CrowdPay Escrow services. Before making API calls, you will need to contact GoldStar Trust to receive credentials and get your server IP addresses whitelisted.


The URL schema for the API is:

Version 1


Click HERE for Api Documentation Version 1

Version 2 (and Beyond)


The meaning of each token is:

Token Description
{domain} You will receive the domain name at the time you receive your credentials.
{version} The version you want to communicate with (ex. v1 or v2).
{resource} The resource you want to perform operations on.

The Endpoint POST with the investor model posted will create an investor resource.

Request Headers

All CrowdPay api calls must have the following request headers with the provided Api key and Portal / Escrow key.

Header Description
X-ApiKey You will receive your api key from Goldstar Trust. All api calls will require this header.
X-PortalKey You will receive your portal key from Goldstar Trust. All api calls will require this header. – This identifies the escrow (offering).
X-ByPassValidation Set to True or False. Only functional in QA (sandbox). It will be ignored in Production. This header is used to bypass production validation that would normally prevent transactional processing.
  1. Allows you to execute FundEscrow transactions regardless of account available balance. In production and when value is set to False or header is not passed in, FundEscrow transaction will be rejected if amount is greater than available balance. Normal workflow is:
    • FundAccount transaction is initiated
    • After 3 work days, the account’s available balance reflects the amount of the FundAccount transaction.
    • The FundEscrow calls will now accept transactions less than or equal to account’s available balance.
  2. Returns status of “Processed” for transactions when querying transactions. Normally, the status would be “Pending” until the transactions were posted by GoldStar.


We require all calls to be made securely with HTTP over SSL. All API calls with require the HTTP header X-ApiKey  and X--PortalKey listed above.


We like using Postman when working with the API.