Welcome to our new developer portal! Use the "Ask" button to chat with our AI Agent.
Ctrlk

API de tarjetas

Descargar D1-Public-IN-v2-Card.yaml

Create

post
/v2/issuers/{issuerId}/cards

This request is used by the bank backend to request the creation of a card (virtual or physical) with the processor.

Autorizaciones
AuthorizationstringRequerido

A JWT generated by the Get Authorization Token API.
The server checks the validity of the provided token to control access to this protected resource. Please refer to Get OAuth 2.0 access token for more details on the flow and on how to get this JWT.

Parámetros de ruta
issuerIdstring · mín: 10 · máx: 10Requerido

The id of the issuer

Parámetros de encabezado
x-correlation-idstringOpcional

Random identifier which can be used to correlate the different API calls done as part of a single use-case. This identifier will be the one primarily used for troubleshooting.

Warning: This identifier should not be derived from sensitive personal data, as its value will be logged in clear.

There is no strong guarantee of the uniqueness of this identifier, so please refrain from using it for other purpose than logging and troubleshooting.

Pattern: ^[A-Za-z0-9_-]{1,64}$
x-user-idstringOpcional

Identifier of the user that requests the operation on D1 API. This value is provided for information purpose, D1 doesn't do any verification based on this identifier.
D1 manages to propagate the information to a subsequent internal system for tracking purpose.
This identifier is not mandatory.

Pattern: ^[A-Za-z0-9_-]{1,15}$
Cuerpo
consumerIdstring · mín: 1 · máx: 64Requerido

Unique identifier of the consumer.

Pattern: ^[A-Za-z0-9_-]{1,64}$
cardProductIdstring · mín: 1 · máx: 48Requerido

Unique identifier of the type of card ( defined during the onboarding of D1)

Pattern: ^[A-Za-z0-9_-]{1,48}$
statestring · enumOpcional

The state of the card
If not provided, the card is considered ACTIVE

Valores posibles:
namestring · máx: 26Requerido

Name of the card holder as it will be printed/embossed on the card.
For virtual card this value will be used exclusively for card display.
Empty string supported.

Pattern: ^[a-zA-Z. -]{0,26}$
secondNamestring · máx: 26Opcional

Optional second card holder name as it will be printed/embossed on the card under the first card holder name.
Not used in case of virtual card.

Pattern: ^[a-zA-Z. -]{0,26}$
statusReasonstring · máx: 2Opcional

This indicates the state of the card once it's created

Default: INPattern: ^[a-zA-Z]{0,2}$
Respuestas
post
/v2/issuers/{issuerId}/cards

Register Card

put
/v2/issuers/{issuerId}/cards/{cardId}

This request is used to register a card with corresponding cards credentials. This operation is applicable for card product supporting:

  • No authorisation mode

  • Light authorisation mode

The cardId used to register the card shall be unique. A cardId can be reused to register another card (having a different PAN) under several conditions:

  • The cardId to be reused is linked with a DELETED or REPLACED card

  • The cardId to be reused is not associated to a card issued by D1 (a card created using the CREATE card API).

  • The cardId to be reused is not associated with a card product used for making transactions

  • In any case, it is not possible to register a card PAN already deleted or replaced. Even by reusing a cardId. Reusing a cardId for another consumer is not recommanded. Since the cardId will disappear from the previous consumer cards list.

Autorizaciones
AuthorizationstringRequerido

A JWT generated by the Get Authorization Token API.
The server checks the validity of the provided token to control access to this protected resource. Please refer to Get OAuth 2.0 access token for more details on the flow and on how to get this JWT.

Parámetros de ruta
issuerIdstring · mín: 10 · máx: 10Requerido

The id of the issuer

cardIdstring · mín: 1 · máx: 48Requerido

Unique identifier of the card.

Pattern: ^[A-Za-z0-9_-]{1,48}$
Parámetros de encabezado
x-correlation-idstringOpcional

Random identifier which can be used to correlate the different API calls done as part of a single use-case. This identifier will be the one primarily used for troubleshooting.

Warning: This identifier should not be derived from sensitive personal data, as its value will be logged in clear.

There is no strong guarantee of the uniqueness of this identifier, so please refrain from using it for other purpose than logging and troubleshooting.

Pattern: ^[A-Za-z0-9_-]{1,64}$
x-user-idstringOpcional

Identifier of the user that requests the operation on D1 API. This value is provided for information purpose, D1 doesn't do any verification based on this identifier.
D1 manages to propagate the information to a subsequent internal system for tracking purpose.
This identifier is not mandatory.

Pattern: ^[A-Za-z0-9_-]{1,15}$
Cuerpo
consumerIdstring · mín: 1 · máx: 64Requerido

Unique identifier of the consumer.

Pattern: ^[A-Za-z0-9_-]{1,64}$
cardProductIdstring · mín: 1 · máx: 48Requerido

Unique identifier of the type of card ( defined during the onboarding of D1)

Pattern: ^[A-Za-z0-9_-]{1,48}$
statestring · enumOpcional

The state of the card
If not provided, the card is considered ACTIVE

Valores posibles:
namestring · máx: 26Requerido

Name of the card holder as it will be printed/embossed on the card.
For virtual card this value will be used exclusively for card display.
Empty string supported.

Pattern: ^[a-zA-Z. -]{0,26}$
secondNamestring · máx: 26Opcional

Optional second card holder name as it will be printed/embossed on the card under the first card holder name.
Not used in case of virtual card.

Pattern: ^[a-zA-Z. -]{0,26}$
encryptedDatastring · máx: 8192Requerido

The encryptedData is the encrypted json (cf http://www.json.org/) representation of the Card information. This value is encrypted using the JWE encryption (please refer to the Encrypt sensitive data for more details)

Once deciphered, the plaintext contains a json structure with:

JSON field parameter namedescriptionMOCFormat
panThe funding pan value.Mstring - up to 19 digits
expThe expiry date of the card.Mstring - 4 digits, following the format MMYY
auxiliaryPanThe auxiliary funding pan value. It shall be provided when cobadge is supported and if the card has an auxiliary pan.Cstring - up to 19 digits
auxiliaryExpThe auxiliary expiry date of the card. It shall be provided when cobadge is supported and if the card has an auxiliary pan.Cstring - 4 digits, following the format MMYY

As D1 is able to compute the CVV2, the cvv parameter is not expected.

Pattern: ^(?:[\x20-\x2D\x2F-\x7F]*\.){4}(?:[\x20-\x2D\x2F-\x7F]*)$
Respuestas
put
/v2/issuers/{issuerId}/cards/{cardId}
Sin contenido

Delete

post
/v2/issuers/{issuerId}/cards/{cardId}/operations:delete

This request is used by the bank backend to request the deletion of a card.

For cards managed by D1 (in oposition to legacy cards that are managed by the issuer), D1 will propagate the deletion/revocation to the processor.

Note: The deletion of the card cannot be reverted. In case of card lost consider using the suspend operation first.

Autorizaciones
AuthorizationstringRequerido

A JWT generated by the Get Authorization Token API.
The server checks the validity of the provided token to control access to this protected resource. Please refer to Get OAuth 2.0 access token for more details on the flow and on how to get this JWT.

Parámetros de ruta
issuerIdstring · mín: 10 · máx: 10Requerido

The id of the issuer

cardIdstring · mín: 1 · máx: 48Requerido

Unique identifier of the card.

Pattern: ^[A-Za-z0-9_-]{1,48}$
Parámetros de encabezado
x-correlation-idstringOpcional

Random identifier which can be used to correlate the different API calls done as part of a single use-case. This identifier will be the one primarily used for troubleshooting.

Warning: This identifier should not be derived from sensitive personal data, as its value will be logged in clear.

There is no strong guarantee of the uniqueness of this identifier, so please refrain from using it for other purpose than logging and troubleshooting.

Pattern: ^[A-Za-z0-9_-]{1,64}$
x-user-idstringOpcional

Identifier of the user that requests the operation on D1 API. This value is provided for information purpose, D1 doesn't do any verification based on this identifier.
D1 manages to propagate the information to a subsequent internal system for tracking purpose.
This identifier is not mandatory.

Pattern: ^[A-Za-z0-9_-]{1,15}$
Cuerpo
reasonstringOpcional

The reason why the action is performed.

This a free text field in case the bank wants to send details, that will be returned in the operations list.

Example: customer was contacted on June 28Pattern: ^[a-zA-Z0-9 ]{1,64}$
stateReasonstring · enumOpcional

The reason why the action has been performed. If not provided, default reason code is ISSUER_DECISION.

Valores posibles:
Respuestas
200

Card was deleted Successfully

application/json
operationIdstring · mín: 1 · máx: 64Opcional

Unique identifier of the operation

Pattern: ^[A-Za-z0-9_-]{1,64}$
post
/v2/issuers/{issuerId}/cards/{cardId}/operations:delete

Resume

post
/v2/issuers/{issuerId}/cards/{cardId}/operations:resume

This request is used by the bank backend to request the reactivation of a card that has been suspended. The card could have been suspended

  • by the bank's backend

  • by customer agent

  • by end user using the mobile banking application

  • or automatically by authorisation system when a payment validation failure retry counter has been exceeded (PIN locked, CVV2 locked or expiry date locked)

If the card is locked (PIN locked, CVV2 locked or expiry date), D1 will unlock the card whatever the reason.

Note: It cannot be used to activate a physical card for the really first time. Please refer to activatePhysicalCard

Autorizaciones
AuthorizationstringRequerido

A JWT generated by the Get Authorization Token API.
The server checks the validity of the provided token to control access to this protected resource. Please refer to Get OAuth 2.0 access token for more details on the flow and on how to get this JWT.

Parámetros de ruta
issuerIdstring · mín: 10 · máx: 10Requerido

The id of the issuer

cardIdstring · mín: 1 · máx: 48Requerido

Unique identifier of the card.

Pattern: ^[A-Za-z0-9_-]{1,48}$
Parámetros de encabezado
x-correlation-idstringOpcional

Random identifier which can be used to correlate the different API calls done as part of a single use-case. This identifier will be the one primarily used for troubleshooting.

Warning: This identifier should not be derived from sensitive personal data, as its value will be logged in clear.

There is no strong guarantee of the uniqueness of this identifier, so please refrain from using it for other purpose than logging and troubleshooting.

Pattern: ^[A-Za-z0-9_-]{1,64}$
x-user-idstringOpcional

Identifier of the user that requests the operation on D1 API. This value is provided for information purpose, D1 doesn't do any verification based on this identifier.
D1 manages to propagate the information to a subsequent internal system for tracking purpose.
This identifier is not mandatory.

Pattern: ^[A-Za-z0-9_-]{1,15}$
Cuerpo
reasonstringOpcional

The reason why the action is performed.

This a free text field in case the bank wants to send details, that will be returned in the operations list.

Example: customer was contacted on June 28Pattern: ^[a-zA-Z0-9 ]{1,64}$
stateReasonstring · enumOpcional

The reason why the action has been performed. If not provided, default reason code is ISSUER_DECISION.

Valores posibles:
Respuestas
200

Card resumed Successfully

application/json
operationIdstring · mín: 1 · máx: 64Opcional

Unique identifier of the operation

Pattern: ^[A-Za-z0-9_-]{1,64}$
post
/v2/issuers/{issuerId}/cards/{cardId}/operations:resume

Suspend

post
/v2/issuers/{issuerId}/cards/{cardId}/operations:suspend

This request is used by the bank backend to request the suspention of a card. When a card is suspended:

  • authorization will be declined by the system.

  • end user will not be alble to digitize the card.

  • But authorization with digital card will be still approved by the system.

Autorizaciones
AuthorizationstringRequerido

A JWT generated by the Get Authorization Token API.
The server checks the validity of the provided token to control access to this protected resource. Please refer to Get OAuth 2.0 access token for more details on the flow and on how to get this JWT.

Parámetros de ruta
issuerIdstring · mín: 10 · máx: 10Requerido

The id of the issuer

cardIdstring · mín: 1 · máx: 48Requerido

Unique identifier of the card.

Pattern: ^[A-Za-z0-9_-]{1,48}$
Parámetros de encabezado
x-correlation-idstringOpcional

Random identifier which can be used to correlate the different API calls done as part of a single use-case. This identifier will be the one primarily used for troubleshooting.

Warning: This identifier should not be derived from sensitive personal data, as its value will be logged in clear.

There is no strong guarantee of the uniqueness of this identifier, so please refrain from using it for other purpose than logging and troubleshooting.

Pattern: ^[A-Za-z0-9_-]{1,64}$
x-user-idstringOpcional

Identifier of the user that requests the operation on D1 API. This value is provided for information purpose, D1 doesn't do any verification based on this identifier.
D1 manages to propagate the information to a subsequent internal system for tracking purpose.
This identifier is not mandatory.

Pattern: ^[A-Za-z0-9_-]{1,15}$
Cuerpo
reasonstringOpcional

The reason why the action is performed.

This a free text field in case the bank wants to send details, that will be returned in the operations list.

Example: customer was contacted on June 28Pattern: ^[a-zA-Z0-9 ]{1,64}$
stateReasonstring · enumOpcional

The reason why the action has been performed. If not provided, default reason code is ISSUER_DECISION.

Valores posibles:
Respuestas
200

Card was suspended Successfully

application/json
operationIdstring · mín: 1 · máx: 64Opcional

Unique identifier of the operation

Pattern: ^[A-Za-z0-9_-]{1,64}$
post
/v2/issuers/{issuerId}/cards/{cardId}/operations:suspend

Replace

post
/v2/issuers/{issuerId}/cards/{cardId}/operations:replace

End user can request the bank a replacement of an existing card because the card has been lost or damaged. The replaced card is blocked until the new card is activated. The new card has a new cardId and a new card credentials (PAN and expiry date). In the particular case of Virtual Card, the new Virtual Card is automaticaly activated.

D1 manages to re-link automatically digital card from the old card to the new card upon activation.

For card registered in D1, the bank backend shall provide new cardId and new card credentials when calling the API. The new cardId used to replace the card shall be unique. The new cardId can be reused from another card (having a different PAN) under several conditions :

  • The cardId to be reused is linked with a DELETED or REPLACED card (thus it's not possible to use the current cardId as newCardID when doing a replace)

  • The cardId to be reused is not associated to a card issued by D1 (a card created using the CREATE card API).

  • The cardId to be reused is not associated with a card product used for making transactions

  • In any case, it is not possible to use a card PAN already deleted or replaced. Even by reusing a cardId. Reusing a cardId for another consumer is not recommanded. Since the cardId will disappear from the previous consumer cards list.

For card created by D1, D1 will generate a new cardId and new card credentials. Thus the newCardId shall not be provided by the issuer when calling this API.

Autorizaciones
AuthorizationstringRequerido

A JWT generated by the Get Authorization Token API.
The server checks the validity of the provided token to control access to this protected resource. Please refer to Get OAuth 2.0 access token for more details on the flow and on how to get this JWT.

Parámetros de ruta
issuerIdstring · mín: 10 · máx: 10Requerido

The id of the issuer

cardIdstring · mín: 1 · máx: 48Requerido

Unique identifier of the card.

Pattern: ^[A-Za-z0-9_-]{1,48}$
Parámetros de encabezado
x-correlation-idstringOpcional

Random identifier which can be used to correlate the different API calls done as part of a single use-case. This identifier will be the one primarily used for troubleshooting.

Warning: This identifier should not be derived from sensitive personal data, as its value will be logged in clear.

There is no strong guarantee of the uniqueness of this identifier, so please refrain from using it for other purpose than logging and troubleshooting.

Pattern: ^[A-Za-z0-9_-]{1,64}$
x-user-idstringOpcional

Identifier of the user that requests the operation on D1 API. This value is provided for information purpose, D1 doesn't do any verification based on this identifier.
D1 manages to propagate the information to a subsequent internal system for tracking purpose.
This identifier is not mandatory.

Pattern: ^[A-Za-z0-9_-]{1,15}$
Cuerpo
newCardIdstring · mín: 1 · máx: 48Opcional

Unique identifier of the new card. Provided in case the card is in REPLACED state.

Pattern: ^[A-Za-z0-9_-]{1,48}$
encryptedDatastring · máx: 8192Opcional

The encryptedData has to be provided in case of card registered in D1. It is not needed for card created by D1.
The encryptedData is the encrypted json (cf http://www.json.org/) representation of the Card information. This value is encrypted using the JWE encryption (please refer to the Encrypt sensitive data for more details)

Once deciphered, the plaintext contains a json structure with:

JSON field parameter namedescriptionMOCFormat
panThe funding pan value.Mstring - up to 19 digits
expThe expiry date of the card.Mstring - 4 digits, following the format MMYY
auxiliaryPanThe auxiliary funding pan value. It shall be provided when cobadge is supported and if the card has an auxiliary pan.Cstring - up to 19 digits
auxiliaryExpThe auxiliary expiry date of the card. It shall be provided when cobadge is supported and if the card has an auxiliary pan.Cstring - 4 digits, following the format MMYY


Pattern: ^(?:[\x20-\x2D\x2F-\x7F]*\.){4}(?:[\x20-\x2D\x2F-\x7F]*)$
reasonstringRequerido

The reason why the action is performed.

This a free text field in case the bank wants to send details, that will be returned in the operations list.

Example: customer was contacted on June 28Pattern: ^[a-zA-Z0-9 ]{1,64}$
stateReasonstring · enumRequerido

The reason why the action has been performed. If not provided, default reason code is ISSUER_DECISION.

Valores posibles:
Respuestas
200

Card was replaced Successfully

application/json
operationIdstring · mín: 1 · máx: 64Opcional

Unique identifier of the operation

Pattern: ^[A-Za-z0-9_-]{1,64}$
newCardIdstring · mín: 1 · máx: 48Requerido

Unique identifier of the card.

Pattern: ^[A-Za-z0-9_-]{1,48}$
post
/v2/issuers/{issuerId}/cards/{cardId}/operations:replace

Renew

post
/v2/issuers/{issuerId}/cards/{cardId}/operations:renew

Card renewal is the process where a new card is provided to end-user. The new card has new expiry date, but cardId and PAN are remaining the same.

For card registered in D1, this request is used by the bank backend to inform that card has been renewed. In such case the new expiry date shall be provided. Moreover, the auxiliary expiry date of the card shall also be provided for cobadged cards that have an auxiliary pan.

For card created by D1, this request is used by the bank backend to manualy request the renewal of an existing card (a new expiry date will be generated by D1).

In the particular case of the Virtual Card, the Virtual Card is automaticaly activated. For Physical Card, the renewed card will remain active until:

  • an explicit activation perfomed using the activation operation using the same cardId as the renew card

  • an implicit activation following a valid card present transaction (if card product is configured as such)

Autorizaciones
AuthorizationstringRequerido

A JWT generated by the Get Authorization Token API.
The server checks the validity of the provided token to control access to this protected resource. Please refer to Get OAuth 2.0 access token for more details on the flow and on how to get this JWT.

Parámetros de ruta
issuerIdstring · mín: 10 · máx: 10Requerido

The id of the issuer

cardIdstring · mín: 1 · máx: 48Requerido

Unique identifier of the card.

Pattern: ^[A-Za-z0-9_-]{1,48}$
Parámetros de encabezado
x-correlation-idstringOpcional

Random identifier which can be used to correlate the different API calls done as part of a single use-case. This identifier will be the one primarily used for troubleshooting.

Warning: This identifier should not be derived from sensitive personal data, as its value will be logged in clear.

There is no strong guarantee of the uniqueness of this identifier, so please refrain from using it for other purpose than logging and troubleshooting.

Pattern: ^[A-Za-z0-9_-]{1,64}$
x-user-idstringOpcional

Identifier of the user that requests the operation on D1 API. This value is provided for information purpose, D1 doesn't do any verification based on this identifier.
D1 manages to propagate the information to a subsequent internal system for tracking purpose.
This identifier is not mandatory.

Pattern: ^[A-Za-z0-9_-]{1,15}$
Cuerpo
newExpstringOpcional

Expiry date of the card in MMYY format

Example: 1024Pattern: ^(0[1-9]|1[0-2])\d{2}$
newAuxiliaryExpstringOpcional

Expiry date of the card in MMYY format

Example: 1024Pattern: ^(0[1-9]|1[0-2])\d{2}$
reasonstringOpcional

The reason why the action is performed.

This a free text field in case the bank wants to send details, that will be returned in the operations list.

Example: customer was contacted on June 28Pattern: ^[a-zA-Z0-9 ]{1,64}$
stateReasonstring · enumOpcional

The reason why the action has been performed. If not provided, default reason code is ISSUER_DECISION.

Valores posibles:
Respuestas
200

Card was renewed Successfully

application/json
operationIdstring · mín: 1 · máx: 64Opcional

Unique identifier of the operation

Pattern: ^[A-Za-z0-9_-]{1,64}$
post
/v2/issuers/{issuerId}/cards/{cardId}/operations:renew
AnteriorAPI del consumidorSiguienteAPI saliente (desde D1)

Última actualización

¿Te fue útil?