Skip to main content
Cards endpoints require a valid JWT: 
Authorization: Bearer <token>
The primary card is identified automatically from the authenticated token. You do not need to send the card ID in most requests.

Endpoints

MethodEndpointDescription
GET/api/v1/cards/statusReturn the current card status
GET/api/v1/cards/detailsReturn masked details for the primary card
POST/api/v1/cards/lockTemporarily block the primary card
POST/api/v1/cards/unlockReactivate a previously locked card
PATCH/api/v1/cards/limitUpdate the primary card spending limit
GET/api/v1/cards/balanceReturn the current balance by currency
GET/api/v1/cards/transactionsReturn transaction history

Important notes

  • x-idempotency-key is required for lock, unlock, and limit
  • Use a unique UUID per operation to prevent duplicate processing
  • A card with status canceled cannot be reactivated
  • If a card is locked, secret endpoints such as PAN and CVC do not return data

Common errors

HTTP statusCause
401Invalid or expired token
404The authenticated user does not have a registered card
409Duplicate idempotency key