Welcome to our new developer portal! Use the "Ask" button to chat with our AI Agent.
Ctrlk
For the complete documentation index, see llms.txt. This page is also available as Markdown.

Card API

Download D1-Public-IN-v2-Card.yaml

Create

post
/v2/issuers/{issuerId}/cards

This request is used by the bank backend to request the creation of a card (virtual or physical) with the processor.

Authorizations
AuthorizationstringRequired

A JWT generated by the Get Authorization Token API.
The server checks the validity of the provided token to control access to this protected resource. Please refer to Get OAuth 2.0 access token for more details on the flow and on how to get this JWT.

Path parameters
issuerIdstring · min: 10 · max: 10Required

The id of the issuer

Header parameters
x-correlation-idstringOptional

Random identifier which can be used to correlate the different API calls done as part of a single use-case. This identifier will be the one primarily used for troubleshooting.

Warning: This identifier should not be derived from sensitive personal data, as its value will be logged in clear.

There is no strong guarantee of the uniqueness of this identifier, so please refrain from using it for other purpose than logging and troubleshooting.

Pattern: ^[A-Za-z0-9_-]{1,64}$
x-user-idstringOptional

Identifier of the user that requests the operation on D1 API. This value is provided for information purpose, D1 doesn't do any verification based on this identifier.
D1 manages to propagate the information to a subsequent internal system for tracking purpose.
This identifier is not mandatory.

Pattern: ^[A-Za-z0-9_-]{1,15}$
Body
consumerIdstring · min: 1 · max: 64Required

Unique identifier of the consumer.

Pattern: ^[A-Za-z0-9_-]{1,64}$
cardProductIdstring · min: 1 · max: 48Required

Unique identifier of the type of card ( defined during the onboarding of D1)

Pattern: ^[A-Za-z0-9_-]{1,48}$
statestring · enumOptional

The state of the card
If not provided, the card is considered ACTIVE

Possible values:
namestring · max: 26Required

Name of the card holder as it will be printed/embossed on the card.
For virtual card this value will be used exclusively for card display.
Empty string supported.

Pattern: ^[a-zA-Z. -]{0,26}$
secondNamestring · max: 26Optional

Optional second card holder name as it will be printed/embossed on the card under the first card holder name.
Not used in case of virtual card.

Pattern: ^[a-zA-Z. -]{0,26}$
statusReasonstring · max: 2Optional

This indicates the state of the card once it's created

Default: INPattern: ^[a-zA-Z]{0,2}$
Responses
post
/v2/issuers/{issuerId}/cards

Register Card

put
/v2/issuers/{issuerId}/cards/{cardId}

This request is used to register a card with corresponding cards credentials. This operation is applicable for card product supporting:

  • No authorisation mode

  • Light authorisation mode

The cardId used to register the card shall be unique. A cardId can be reused to register another card (having a different PAN) under several conditions:

  • The cardId to be reused is linked with a DELETED or REPLACED card

  • The cardId to be reused is not associated to a card issued by D1 (a card created using the CREATE card API).

  • The cardId to be reused is not associated with a card product used for making transactions

  • In any case, it is not possible to register a card PAN already deleted or replaced. Even by reusing a cardId. Reusing a cardId for another consumer is not recommanded. Since the cardId will disappear from the previous consumer cards list.

Authorizations
AuthorizationstringRequired

A JWT generated by the Get Authorization Token API.
The server checks the validity of the provided token to control access to this protected resource. Please refer to Get OAuth 2.0 access token for more details on the flow and on how to get this JWT.

Path parameters
issuerIdstring · min: 10 · max: 10Required

The id of the issuer

cardIdstring · min: 1 · max: 48Required

Unique identifier of the card.

Pattern: ^[A-Za-z0-9_-]{1,48}$
Header parameters
x-correlation-idstringOptional

Random identifier which can be used to correlate the different API calls done as part of a single use-case. This identifier will be the one primarily used for troubleshooting.

Warning: This identifier should not be derived from sensitive personal data, as its value will be logged in clear.

There is no strong guarantee of the uniqueness of this identifier, so please refrain from using it for other purpose than logging and troubleshooting.

Pattern: ^[A-Za-z0-9_-]{1,64}$
x-user-idstringOptional

Identifier of the user that requests the operation on D1 API. This value is provided for information purpose, D1 doesn't do any verification based on this identifier.
D1 manages to propagate the information to a subsequent internal system for tracking purpose.
This identifier is not mandatory.

Pattern: ^[A-Za-z0-9_-]{1,15}$
Body
consumerIdstring · min: 1 · max: 64Required

Unique identifier of the consumer.

Pattern: ^[A-Za-z0-9_-]{1,64}$
cardProductIdstring · min: 1 · max: 48Required

Unique identifier of the type of card ( defined during the onboarding of D1)

Pattern: ^[A-Za-z0-9_-]{1,48}$
statestring · enumOptional

The state of the card
If not provided, the card is considered ACTIVE

Possible values:
namestring · max: 26Required

Name of the card holder as it will be printed/embossed on the card.
For virtual card this value will be used exclusively for card display.
Empty string supported.

Pattern: ^[a-zA-Z. -]{0,26}$
secondNamestring · max: 26Optional

Optional second card holder name as it will be printed/embossed on the card under the first card holder name.
Not used in case of virtual card.

Pattern: ^[a-zA-Z. -]{0,26}$
encryptedDatastring · max: 8192Required

The encryptedData is the encrypted json (cf http://www.json.org/) representation of the Card information. This value is encrypted using the JWE encryption (please refer to the Encrypt sensitive data for more details)

Once deciphered, the plaintext contains a json structure with:

JSON field parameter namedescriptionMOCFormat
panThe funding pan value.Mstring - up to 19 digits
expThe expiry date of the card.Mstring - 4 digits, following the format MMYY
auxiliaryPanThe auxiliary funding pan value. It shall be provided when cobadge is supported and if the card has an auxiliary pan.Cstring - up to 19 digits
auxiliaryExpThe auxiliary expiry date of the card. It shall be provided when cobadge is supported and if the card has an auxiliary pan.Cstring - 4 digits, following the format MMYY

As D1 is able to compute the CVV2, the cvv parameter is not expected.

Pattern: ^(?:[\x20-\x2D\x2F-\x7F]*\.){4}(?:[\x20-\x2D\x2F-\x7F]*)$
Responses
put
/v2/issuers/{issuerId}/cards/{cardId}
No content

Delete

post
/v2/issuers/{issuerId}/cards/{cardId}/operations:delete

This request is used by the bank backend to request the deletion of a card.

For cards managed by D1 (in oposition to legacy cards that are managed by the issuer), D1 will propagate the deletion/revocation to the processor.

Note: The deletion of the card cannot be reverted. In case of card lost consider using the suspend operation first.

Authorizations
AuthorizationstringRequired

A JWT generated by the Get Authorization Token API.
The server checks the validity of the provided token to control access to this protected resource. Please refer to Get OAuth 2.0 access token for more details on the flow and on how to get this JWT.

Path parameters
issuerIdstring · min: 10 · max: 10Required

The id of the issuer

cardIdstring · min: 1 · max: 48Required

Unique identifier of the card.

Pattern: ^[A-Za-z0-9_-]{1,48}$
Header parameters
x-correlation-idstringOptional

Random identifier which can be used to correlate the different API calls done as part of a single use-case. This identifier will be the one primarily used for troubleshooting.

Warning: This identifier should not be derived from sensitive personal data, as its value will be logged in clear.

There is no strong guarantee of the uniqueness of this identifier, so please refrain from using it for other purpose than logging and troubleshooting.

Pattern: ^[A-Za-z0-9_-]{1,64}$
x-user-idstringOptional

Identifier of the user that requests the operation on D1 API. This value is provided for information purpose, D1 doesn't do any verification based on this identifier.
D1 manages to propagate the information to a subsequent internal system for tracking purpose.
This identifier is not mandatory.

Pattern: ^[A-Za-z0-9_-]{1,15}$
Body
reasonstringOptional

The reason why the action is performed.

This a free text field in case the bank wants to send details, that will be returned in the operations list.

Example: customer was contacted on June 28Pattern: ^[a-zA-Z0-9 ]{1,64}$
stateReasonstring · enumOptional

The reason why the action has been performed. If not provided, default reason code is ISSUER_DECISION.

Possible values:
Responses
200

Card was deleted Successfully

application/json
operationIdstring · min: 1 · max: 64Optional

Unique identifier of the operation

Pattern: ^[A-Za-z0-9_-]{1,64}$
post
/v2/issuers/{issuerId}/cards/{cardId}/operations:delete

Resume

post
/v2/issuers/{issuerId}/cards/{cardId}/operations:resume

This request is used by the bank backend to request the reactivation of a card that has been suspended. The card could have been suspended

  • by the bank's backend

  • by customer agent

  • by end user using the mobile banking application

  • or automatically by authorisation system when a payment validation failure retry counter has been exceeded (PIN locked, CVV2 locked or expiry date locked)

If the card is locked (PIN locked, CVV2 locked or expiry date), D1 will unlock the card whatever the reason.

Note: It cannot be used to activate a physical card for the really first time. Please refer to activatePhysicalCard

Authorizations
AuthorizationstringRequired

A JWT generated by the Get Authorization Token API.
The server checks the validity of the provided token to control access to this protected resource. Please refer to Get OAuth 2.0 access token for more details on the flow and on how to get this JWT.

Path parameters
issuerIdstring · min: 10 · max: 10Required

The id of the issuer

cardIdstring · min: 1 · max: 48Required

Unique identifier of the card.

Pattern: ^[A-Za-z0-9_-]{1,48}$
Header parameters
x-correlation-idstringOptional

Random identifier which can be used to correlate the different API calls done as part of a single use-case. This identifier will be the one primarily used for troubleshooting.

Warning: This identifier should not be derived from sensitive personal data, as its value will be logged in clear.

There is no strong guarantee of the uniqueness of this identifier, so please refrain from using it for other purpose than logging and troubleshooting.

Pattern: ^[A-Za-z0-9_-]{1,64}$
x-user-idstringOptional

Identifier of the user that requests the operation on D1 API. This value is provided for information purpose, D1 doesn't do any verification based on this identifier.
D1 manages to propagate the information to a subsequent internal system for tracking purpose.
This identifier is not mandatory.

Pattern: ^[A-Za-z0-9_-]{1,15}$
Body
reasonstringOptional

The reason why the action is performed.

This a free text field in case the bank wants to send details, that will be returned in the operations list.

Example: customer was contacted on June 28Pattern: ^[a-zA-Z0-9 ]{1,64}$
stateReasonstring · enumOptional

The reason why the action has been performed. If not provided, default reason code is ISSUER_DECISION.

Possible values:
Responses
200

Card resumed Successfully

application/json
operationIdstring · min: 1 · max: 64Optional

Unique identifier of the operation

Pattern: ^[A-Za-z0-9_-]{1,64}$
post
/v2/issuers/{issuerId}/cards/{cardId}/operations:resume

Suspend

post
/v2/issuers/{issuerId}/cards/{cardId}/operations:suspend

This request is used by the bank backend to request the suspention of a card. When a card is suspended:

  • authorization will be declined by the system.

  • end user will not be alble to digitize the card.

  • But authorization with digital card will be still approved by the system.

Authorizations
AuthorizationstringRequired

A JWT generated by the Get Authorization Token API.
The server checks the validity of the provided token to control access to this protected resource. Please refer to Get OAuth 2.0 access token for more details on the flow and on how to get this JWT.

Path parameters
issuerIdstring · min: 10 · max: 10Required

The id of the issuer

cardIdstring · min: 1 · max: 48Required

Unique identifier of the card.

Pattern: ^[A-Za-z0-9_-]{1,48}$
Header parameters
x-correlation-idstringOptional

Random identifier which can be used to correlate the different API calls done as part of a single use-case. This identifier will be the one primarily used for troubleshooting.

Warning: This identifier should not be derived from sensitive personal data, as its value will be logged in clear.

There is no strong guarantee of the uniqueness of this identifier, so please refrain from using it for other purpose than logging and troubleshooting.

Pattern: ^[A-Za-z0-9_-]{1,64}$
x-user-idstringOptional

Identifier of the user that requests the operation on D1 API. This value is provided for information purpose, D1 doesn't do any verification based on this identifier.
D1 manages to propagate the information to a subsequent internal system for tracking purpose.
This identifier is not mandatory.

Pattern: ^[A-Za-z0-9_-]{1,15}$
Body
reasonstringOptional

The reason why the action is performed.

This a free text field in case the bank wants to send details, that will be returned in the operations list.

Example: customer was contacted on June 28Pattern: ^[a-zA-Z0-9 ]{1,64}$
stateReasonstring · enumOptional

The reason why the action has been performed. If not provided, default reason code is ISSUER_DECISION.

Possible values:
Responses
200

Card was suspended Successfully

application/json
operationIdstring · min: 1 · max: 64Optional

Unique identifier of the operation

Pattern: ^[A-Za-z0-9_-]{1,64}$
post
/v2/issuers/{issuerId}/cards/{cardId}/operations:suspend

Replace

post
/v2/issuers/{issuerId}/cards/{cardId}/operations:replace

End user can request the bank a replacement of an existing card because the card has been lost or damaged. The replaced card is blocked until the new card is activated. The new card has a new cardId and a new card credentials (PAN and expiry date). In the particular case of Virtual Card, the new Virtual Card is automaticaly activated.

D1 manages to re-link automatically digital card from the old card to the new card upon activation.

For card registered in D1, the bank backend shall provide new cardId and new card credentials when calling the API. The new cardId used to replace the card shall be unique. The new cardId can be reused from another card (having a different PAN) under several conditions :

  • The cardId to be reused is linked with a DELETED or REPLACED card (thus it's not possible to use the current cardId as newCardID when doing a replace)

  • The cardId to be reused is not associated to a card issued by D1 (a card created using the CREATE card API).

  • The cardId to be reused is not associated with a card product used for making transactions

  • In any case, it is not possible to use a card PAN already deleted or replaced. Even by reusing a cardId. Reusing a cardId for another consumer is not recommanded. Since the cardId will disappear from the previous consumer cards list.

For card created by D1, D1 will generate a new cardId and new card credentials. Thus the newCardId shall not be provided by the issuer when calling this API.

Authorizations
AuthorizationstringRequired

A JWT generated by the Get Authorization Token API.
The server checks the validity of the provided token to control access to this protected resource. Please refer to Get OAuth 2.0 access token for more details on the flow and on how to get this JWT.

Path parameters
issuerIdstring · min: 10 · max: 10Required

The id of the issuer

cardIdstring · min: 1 · max: 48Required

Unique identifier of the card.

Pattern: ^[A-Za-z0-9_-]{1,48}$
Header parameters
x-correlation-idstringOptional

Random identifier which can be used to correlate the different API calls done as part of a single use-case. This identifier will be the one primarily used for troubleshooting.

Warning: This identifier should not be derived from sensitive personal data, as its value will be logged in clear.

There is no strong guarantee of the uniqueness of this identifier, so please refrain from using it for other purpose than logging and troubleshooting.

Pattern: ^[A-Za-z0-9_-]{1,64}$
x-user-idstringOptional

Identifier of the user that requests the operation on D1 API. This value is provided for information purpose, D1 doesn't do any verification based on this identifier.
D1 manages to propagate the information to a subsequent internal system for tracking purpose.
This identifier is not mandatory.

Pattern: ^[A-Za-z0-9_-]{1,15}$
Body
newCardIdstring · min: 1 · max: 48Optional

Unique identifier of the new card. Provided in case the card is in REPLACED state.

Pattern: ^[A-Za-z0-9_-]{1,48}$
encryptedDatastring · max: 8192Optional

The encryptedData has to be provided in case of card registered in D1. It is not needed for card created by D1.
The encryptedData is the encrypted json (cf http://www.json.org/) representation of the Card information. This value is encrypted using the JWE encryption (please refer to the Encrypt sensitive data for more details)

Once deciphered, the plaintext contains a json structure with:

JSON field parameter namedescriptionMOCFormat
panThe funding pan value.Mstring - up to 19 digits
expThe expiry date of the card.Mstring - 4 digits, following the format MMYY
auxiliaryPanThe auxiliary funding pan value. It shall be provided when cobadge is supported and if the card has an auxiliary pan.Cstring - up to 19 digits
auxiliaryExpThe auxiliary expiry date of the card. It shall be provided when cobadge is supported and if the card has an auxiliary pan.Cstring - 4 digits, following the format MMYY


Pattern: ^(?:[\x20-\x2D\x2F-\x7F]*\.){4}(?:[\x20-\x2D\x2F-\x7F]*)$
reasonstringRequired

The reason why the action is performed.

This a free text field in case the bank wants to send details, that will be returned in the operations list.

Example: customer was contacted on June 28Pattern: ^[a-zA-Z0-9 ]{1,64}$
stateReasonstring · enumRequired

The reason why the action has been performed. If not provided, default reason code is ISSUER_DECISION.

Possible values:
Responses
200

Card was replaced Successfully

application/json
operationIdstring · min: 1 · max: 64Optional

Unique identifier of the operation

Pattern: ^[A-Za-z0-9_-]{1,64}$
newCardIdstring · min: 1 · max: 48Required

Unique identifier of the card.

Pattern: ^[A-Za-z0-9_-]{1,48}$
post
/v2/issuers/{issuerId}/cards/{cardId}/operations:replace

Renew

post
/v2/issuers/{issuerId}/cards/{cardId}/operations:renew

Card renewal is the process where a new card is provided to end-user. The new card has new expiry date, but cardId and PAN are remaining the same.

For card registered in D1, this request is used by the bank backend to inform that card has been renewed. In such case the new expiry date shall be provided. Moreover, the auxiliary expiry date of the card shall also be provided for cobadged cards that have an auxiliary pan.

For card created by D1, this request is used by the bank backend to manualy request the renewal of an existing card (a new expiry date will be generated by D1).

In the particular case of the Virtual Card, the Virtual Card is automaticaly activated. For Physical Card, the renewed card will remain active until:

  • an explicit activation perfomed using the activation operation using the same cardId as the renew card

  • an implicit activation following a valid card present transaction (if card product is configured as such)

Authorizations
AuthorizationstringRequired

A JWT generated by the Get Authorization Token API.
The server checks the validity of the provided token to control access to this protected resource. Please refer to Get OAuth 2.0 access token for more details on the flow and on how to get this JWT.

Path parameters
issuerIdstring · min: 10 · max: 10Required

The id of the issuer

cardIdstring · min: 1 · max: 48Required

Unique identifier of the card.

Pattern: ^[A-Za-z0-9_-]{1,48}$
Header parameters
x-correlation-idstringOptional

Random identifier which can be used to correlate the different API calls done as part of a single use-case. This identifier will be the one primarily used for troubleshooting.

Warning: This identifier should not be derived from sensitive personal data, as its value will be logged in clear.

There is no strong guarantee of the uniqueness of this identifier, so please refrain from using it for other purpose than logging and troubleshooting.

Pattern: ^[A-Za-z0-9_-]{1,64}$
x-user-idstringOptional

Identifier of the user that requests the operation on D1 API. This value is provided for information purpose, D1 doesn't do any verification based on this identifier.
D1 manages to propagate the information to a subsequent internal system for tracking purpose.
This identifier is not mandatory.

Pattern: ^[A-Za-z0-9_-]{1,15}$
Body
newExpstringOptional

Expiry date of the card in MMYY format

Example: 1024Pattern: ^(0[1-9]|1[0-2])\d{2}$
newAuxiliaryExpstringOptional

Expiry date of the card in MMYY format

Example: 1024Pattern: ^(0[1-9]|1[0-2])\d{2}$
reasonstringOptional

The reason why the action is performed.

This a free text field in case the bank wants to send details, that will be returned in the operations list.

Example: customer was contacted on June 28Pattern: ^[a-zA-Z0-9 ]{1,64}$
stateReasonstring · enumOptional

The reason why the action has been performed. If not provided, default reason code is ISSUER_DECISION.

Possible values:
Responses
200

Card was renewed Successfully

application/json
operationIdstring · min: 1 · max: 64Optional

Unique identifier of the operation

Pattern: ^[A-Za-z0-9_-]{1,64}$
post
/v2/issuers/{issuerId}/cards/{cardId}/operations:renew
PreviousConsumer APINextOutbound API (from D1)

Last updated

Was this helpful?