Card details
Card API have different endpoints for creating, editing and updating a card via different methods.
Below in the picture is the basic flow of a card lifecycle. Note we don’t restrict changes, so it is possible although not advisable e.g. to change card status from Card Lost to Card OK.
Below is a short summary of each status:
| Status name | Description | Authorisations rejected | Clearing transactions posting blocked |
|---|---|---|---|
| Card OK | Card is open and in normal status. Card has to be in this status in order for it to be renewed. | No | No |
| Card Blocked | Temporary block on the card that will prevent approval of authorisations. Can be used instead of account level temporary block if target is to block only a specific card. | Yes | No |
| Suspected Fraud | Temporary block on the card that will prevent approval of authorisations. Functionality the same as for “Card blocked”, the different code allows to differentiate between the blocks. | Yes | No |
| Card No Renewal | Status set to prevent following card renewal. Does not affect card functionality in any way, only renewal. | No | No |
| Card Closed Due To Fraud | Used to close a card due to known fraud. | Yes | No |
| Card Lost | Used to close a card because it is lost. | Yes | No |
| Card Stolen | Used to close a card because it is stolen. | Yes | No |
| Card Closed | Used to close card by request from customer or bank, reason for closure is set with status update reason. Allows still clearing transaction posting. | Yes | No |
Encrypted payload for Create card or Get card with a full card number
The payload field encryptedData in create card requests is encrypted with JWE (JSON Web Encryption). The field value must be presented using compact serialization scheme, i.e. Base64URL-encoded elements separated by a ”.“.
JWE should use RSA-OAEP-256 algorithm for encrypting the random symmetric key and A256GCM algorithm for encrypting the payload. Public keys used for encryption are provided in certificates below. JWE header must also contain parameter “x5t#S256” with SHA256 fingerprint of the certificate used. See RFC7516 section 4.1.10.
The payload to be encrypted must be in JSON-format and contain field “cardNumber”. For example:
Certificate for test environments (jwe-test-20240530.pem):
Certificate for production environments (jwe-20240530.pem):
For any questions, contact us: