DAFpayOAuth Integration (for DAFs)

API Endpoints

The resource APIs Chariot calls — authorized by the donor’s access token — to power the donation flow.

Capabilities, not contracts

Chariot does not require you to implement an exact API specification. What Chariot requires is a set of capabilities — the data and operations the donation flow depends on. The endpoint paths, names, and field shapes on this page are recommended shapes: if you have existing APIs with different paths or field names, share your documentation and Chariot will adapt during the integration build.

CapabilityRequirement
Get Current DonorRequired
List Funds with grantable balancesRequired
Search OrganizationsOnly if your grant API can’t accept an EIN directly
Create Grant with idempotencyRequired
Get Grant StatusRequired

Conventions

  • All endpoints are served over TLS 1.2+ and authorized by Bearer access tokens issued by your authorization server — see Security Best Practices.
  • All requests and responses are application/json.
  • All monetary amounts are integer cents in USD (e.g., 25000 = $250.00) unless we agree otherwise during onboarding.
  • Error responses should use conventional HTTP status codes (401 invalid/expired token, 403 insufficient scope, 404 not found, 422 validation, 429 rate limited). RFC 7807 Problem Details bodies are recommended but not required.

1. Get Current Donor

Returns the authenticated donor’s profile. Chariot displays this in the grant review pane and uses it to populate the donor’s DAFpay profile.

GET /customers/current
Authorization: Bearer {access_token}
1{
2  "id": "usr_8f2k1",
3  "first_name": "Dana",
4  "last_name": "Levy",
5  "email": "dana@example.com",
6  "phone": "+12125550123",
7  "address": {
8    "line1": "350 5th Ave",
9    "line2": "Suite 7200",
10    "city": "New York",
11    "state": "NY",
12    "zip": "10118"
13  }
14}

id should equal (or be deterministically linked to) the sub claim in your ID Token.

2. List Funds

Returns the giving funds the donor is authorized to grant from. If the donor has advisory privileges on multiple funds, return all of them — DAFpay lets the donor choose.

GET /funds
Authorization: Bearer {access_token}
1{
2  "funds": [
3    {
4      "id": "fund_a91x",
5      "name": "The Levy Family Charitable Fund",
6      "grantable_balance": 18250000,
7      "currency": "USD"
8    }
9  ]
10}

grantable_balance is the amount available to grant right now — net of pending grants and any holds — not the total fund value. This is what DAFpay displays to the donor and uses to prevent over-balance grant submissions.

3. Search Organizations

Only required if your systems don’t uniquely identify nonprofits by EIN. Chariot identifies every nonprofit by its EIN. If your Create Grant endpoint can accept an EIN directly, skip this endpoint — Chariot will supply the EIN in the grant request. Otherwise, expose a lookup that resolves an EIN to your internal organization ID:

GET /organizations?ein=133441466
Authorization: Bearer {access_token}
1{
2  "organizations": [
3    {
4      "id": "org_77fq",
5      "ein": "13-3441466",
6      "name": "Example Charity Inc.",
7      "address": {
8        "line1": "123 Main St",
9        "city": "Brooklyn",
10        "state": "NY",
11        "zip": "11201"
12      }
13    }
14  ]
15}

If the organization is not yet in your system, either return an empty list (Chariot will surface a fallback to the donor) or — preferably — support on-demand creation from IRS records, which maximizes donation completion.

4. Create Grant

Creates a grant recommendation on the donor’s behalf. The grant enters your normal review and disbursement pipeline — Chariot does not bypass your compliance process.

POST /grants
Authorization: Bearer {access_token}
Idempotency-Key: {chariot_grant_request_id}
Content-Type: application/json
1{
2  "fund_id": "fund_a91x",
3  "organization_id": "org_77fq",
4  "amount": 25000,
5  "purpose": "Wherever needed most",
6  "note": "DAFpay Grant Request: grant_req_01jpjenf5q6cawy43yxfcrxhct",
7  "anonymous": false
8}
1{
2  "id": "grant_3kd02",
3  "status": "pending",
4  "created_at": "2026-06-10T14:30:00Z"
5}

If you don’t implement Search Organizations, accept an ein field here in place of organization_id.

Idempotency is required

Create Grant must be idempotent. Honor the Idempotency-Key header: a retried request with the same key must return the original grant, never create a second one. Chariot retries on network failures and timeouts, and a duplicate grant means a donor gives twice — this is the single most important behavior on this page.

Additional requirements:

  • Chariot ID on the grant letter. The Chariot Grant Request ID passed in note must appear on the grant letter / remittance advice sent to the nonprofit. This is how nonprofits and Chariot reconcile incoming grants — it is essential to the DAFpay experience.
  • anonymous: true means the donor’s name and contact details are withheld from the nonprofit, per your standard anonymity handling.

5. Get Grant Status

Chariot polls this endpoint to keep donors and nonprofits informed of grant progress.

GET /grants/{grant_id}
Authorization: Bearer {access_token}
1{
2  "id": "grant_3kd02",
3  "status": "approved",
4  "status_description": null,
5  "created_at": "2026-06-10T14:30:00Z",
6  "updated_at": "2026-06-11T09:12:00Z"
7}

Status values

Map your internal statuses onto this set:

StatusMeaning
pendingReceived, awaiting review
approvedApproved, payment not yet sent
paidPayment sent to the nonprofit
rejectedDeclined — include a donor-safe reason in status_description
canceledCanceled by the donor or by you before payment

Performance and availability

  • Target 99.9% availability on these endpoints (99.5% minimum), measured monthly and excluding maintenance windows announced to Chariot in advance. An outage during a donation attempt means an abandoned gift.
  • Keep response times under ~3.5 seconds (ideally P95 under 2 seconds) — donors are waiting on these calls inside the checkout flow.
  • Support at least 10 requests/second from Chariot per environment, or share your limits so we can configure client-side throttling.
  • Chariot’s calls originate from a static IP range (provided during onboarding) if you require allowlisting — see Security Best Practices.