Skip to main content
Below in the picture is the basic flow of a card lifecycle. Note we don’t restrict changes, so it is possible although not advisable e.g. to change card status from Card Lost to Card OK.
Card lifecycle
Below is a short summary of each status:

Encrypted payload for Create card or Get card with a full card number

The payload field encryptedData in create card requests is encrypted with JWE (JSON Web Encryption). The field value must be presented using compact serialization scheme, i.e. Base64URL-encoded elements separated by a ”.”. JWE should use RSA-OAEP-256 algorithm for encrypting the random symmetric key and A256GCM algorithm for encrypting the payload. Public keys used for encryption are provided in certificates below. JWE header must also contain parameter “x5t#S256” with SHA256 fingerprint of the certificate used. See RFC7516 section 4.1.10. The payload to be encrypted must be in JSON-format and contain field “cardNumber”. For example:
Certificate for test environments (jwe-test-20260422.pem):
Certificate for production environments (jwe-20260422.pem):

Download OpenAPI specification

For any questions, contact us:

Create Card

Update Card

Get Application

Update Application

Get Card

Get Plastic

Get EMV Scripts

Update Plastic