Organization-Level Access Controls

Canopy has introduced organization-level access controls across Canopy OS, APIs, reporting, and notifications to enable secure multi-institutional lending. This change ensures that lenders, partner banks, and loan buyers only see accounts and loans they are authorized to view, with all UI views, API responses, and reports automatically scoped by organizational ownership.

When creating a new account for a borrower via API, you can specify the owning organization. Ownership transfers between organizations are supported via a dedicated API, and webhook notifications are sent to all impacted parties when a transfer occurs.

No action is required for existing customers of Canopy - all existing accounts have been associated with your organization. If you need to add new organizations (e.g. for new bank partners), please contact Canopy and the team can create them for you.

For full details on how organization-level access controls work, click here.