Welcome to our new developer portal! Use the "Ask" button to chat with our AI Agent.
Ctrlk
For the complete documentation index, see llms.txt. This page is also available as Markdown.

Card order

Request physical card production and shipment using D1.

D1 lets your issuer backend request physical card production. You can ship cards to the end user. You can also ship in bulk to branches or hubs.

Use this section to choose personalization and shipping options. Then call the Physical Issuance API to submit the order.

Before you begin

  • Complete D1 onboarding and get D1 API credentials.

  • Configure card products, personalization profiles, and letter templates.

  • Load stock items and product variants for your program/BIN.

  • Configure return address and shipping methods.

  • Define allowed destination countries per program.

Flow

End-to-end flow from issuer backend request to a Thales personalization center.

How it works

1

Choose order options

Select:

2

Submit the order

Call the Card order API to order a physical card.

Make requests idempotent. Reuse a stable key from your issuer backend (for example, issuerRequestId) so retries do not create duplicates.

3

Track production and shipment

Use the status endpoint and notifications to keep your system in sync.

See Card order tracking.

Required APIs

API
Inbound/Outbound
Description

Get authorization token

Issuer -> Thales D1

Get an OAuth 2.0 access token to call the D1 backend.

Card order

Issuer -> Thales D1

Order a physical card

Notifications

Issuer <- Thales D1

Receive notifications with card order status for the operation PRODUCE

API Inputs

Required D1 API inputs:

  • issuerId: Unique identifier of the issuer

  • cardId: Unique identifier of the card.

  • consumerId: Unique identifier of the consumer.

Conditional D1 API inputs:

  • issuerRequestId: Unique identifier provided by issuer to identify the card production request. Used to correlate order with notifications.

Other D1 API inputs, see the different sections describing the required inputs:

Deprecated D1 API inputs:

  • state: The state of the card. If not provided, the card is considered ACTIVE.

  • oldCardId: Unique identifier of the previous card. Provided in case the card is replacing another card.

Error handling and retries

Handle errors at two layers:

  • Synchronous API errors (HTTP 4xx/5xx). Validate payloads. Retry safely with idempotency for transient failures.

  • Asynchronous production errors (for example, out of stock or template issues). Track the latest operation status in your issuer backend.

Security and data handling

Treat PAN, magnetic stripe track values, and the card security code (CSC) as sensitive data.

  • Do not log sensitive fields.

  • Encrypt sensitive fields when required by the endpoint. See Encrypt sensitive data.

PreviousImplement Central IssuanceNextSelect card order services

Last updated

Was this helpful?