> For the complete documentation index, see [llms.txt](https://docs.payments.thalescloud.io/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.payments.thalescloud.io/transaction-control/ja/integrate-the-d1-api/d1-api-reference/inbound-api-to-d1/card-api.md).
# カード API
## Create
> This request is used by the bank backend to request the creation of a card (virtual or physical) with the processor.
```json
{"openapi":"3.0.0","info":{"title":"D1 Inbound Card API","version":"2.0"},"tags":[{"name":"Card","description":"Card APIs."}],"servers":[{"url":"https://api.d1.thalescloud.io/banking","description":"Production server"},{"url":"https://api.d1-stg.thalescloud.io/banking","description":"Staging server"}],"security":[{"bearerAuth":[]}],"components":{"securitySchemes":{"bearerAuth":{"description":"A JWT generated by the [Get Authorization Token API](oauth2-api).
The server checks the validity of the provided token to control access to this protected resource. Please refer to [Get OAuth 2.0 access token](../../../integrate-the-d1-api/get-oauth-2.0-access-token) for more details on the flow and on how to get this JWT.","type":"http","scheme":"bearer","bearerFormat":"JWT"}},"schemas":{"consumerId":{"type":"string","description":"Unique identifier of the consumer. ","minLength":1,"maxLength":64,"pattern":"^[A-Za-z0-9_-]{1,64}$"},"cardProductId":{"type":"string","description":"Unique identifier of the type of card ( defined during the onboarding of D1)","minLength":1,"maxLength":48,"pattern":"^[A-Za-z0-9_-]{1,48}$"},"createState":{"description":"The state of the card
If not provided, the card is considered ACTIVE","type":"string","enum":["ACTIVE","INACTIVE"]},"AccountInformation":{"additionalProperties":false,"type":"object","required":["default","number","currencyCode"],"properties":{"default":{"type":"boolean","description":"true if the account is the default consumer account"},"type":{"type":"string","description":"Type of the Account. By default if not provided, it is a 'CHECKING' account.","enum":["CHECKING","SAVINGS"]},"number":{"type":"string","minLength":2,"maxLength":24,"pattern":"^[a-zA-Z0-9_]{2,24}$","description":"Account number used for posting to Core Banking System"},"currencyCode":{"$ref":"#/components/schemas/currencyCode"}}},"currencyCode":{"type":"string","pattern":"^[A-Z]{3}$","description":"Currency Code in ISO 4217 alpha code format"},"cardId":{"type":"string","description":"Unique identifier of the card.","minLength":1,"maxLength":48,"pattern":"^[A-Za-z0-9_-]{1,48}$"},"errorGeneric":{"additionalProperties":false,"type":"object","description":"Generic error returned by the APIs.","properties":{"errorCode":{"type":"string","description":"The type of the error"},"error":{"type":"string","description":"Provide more error details if possible.
For example name of the field with invalid format.
This field is for troubleshooting purposes only, it can change at any time so MUST NOT be parsed, and is not supposed to be human readable so CANNOT be displayed to end users."}}}},"responses":{"ServiceUnavailableError":{"description":"The service is temporarily unavailable. You may retry your request later."}}},"paths":{"/v2/issuers/{issuerId}/cards":{"post":{"description":"This request is used by the bank backend to request the creation of a card (virtual or physical) with the processor.","requestBody":{"content":{"application/json":{"schema":{"additionalProperties":false,"type":"object","properties":{"consumerId":{"$ref":"#/components/schemas/consumerId"},"cardProductId":{"$ref":"#/components/schemas/cardProductId"},"state":{"$ref":"#/components/schemas/createState"},"name":{"type":"string","minLength":0,"maxLength":26,"pattern":"^[a-zA-Z. -]{0,26}$","description":"Name of the card holder as it will be printed/embossed on the card.
For virtual card this value will be used exclusively for card display.
Empty string supported."},"secondName":{"type":"string","minLength":0,"maxLength":26,"pattern":"^[a-zA-Z. -]{0,26}$","description":"Optional second card holder name as it will be printed/embossed on the card under the first card holder name.
Not used in case of virtual card."},"statusReason":{"type":"string","minLength":0,"maxLength":2,"default":"IN","pattern":"^[a-zA-Z]{0,2}$","description":"This indicates the state of the card once it's created"},"accountList":{"type":"array","description":"This represent the list of account the card will be attached to.
This list is used for the posting","items":{"$ref":"#/components/schemas/AccountInformation"}}},"required":["consumerId","accountList","cardProductId","name"]}}}},"responses":{"201":{"description":"Successful card creation","content":{"application/json":{"schema":{"additionalProperties":false,"type":"object","description":"Information related to the created card.","required":["cardId"],"properties":{"cardId":{"$ref":"#/components/schemas/cardId"}}}}}},"400":{"description":"Bad Request, Invalid request URI, header, paramters. The below table defines the possible 'Bad request' error:\n| errorCode | error | Retryable | Comments |\n| -------------- | ------------| ----------| -----------------------------------|\n| - | - | no | No error details available |\n| FIELD_INVALID_FORMAT | Contains the field in error (first found) | no | JSON not well formatted or
One field is not expected format as defined in this documentation |\n| FIELD_INVALID_VALUE | Contains the field in error (first found) | no | One field value is not allowed for the given field |\n","content":{"application/json":{"schema":{"$ref":"#/components/schemas/errorGeneric"}}}},"401":{"description":"Unauthorized request, the provided Authorization header is missing or invalid. In the table below only the field \"error\" is provided.\n| errorCode | error | Retryable | Comments |\n| -------------- | ------------| ----------| -----------------------------------|\n| AUTHORIZER_UNAUTHORIZED | Unauthorized message | no | Access token not valid |\n","content":{"application/json":{"schema":{"$ref":"#/components/schemas/errorGeneric"}}}},"403":{"description":"Forbidden action detected by WAF or the application.
\nThe below table defines the possible error:\n| errorCode | error | Retryable | Comments |\n| -------------- | ------------| ----------| -----------------------------------|\n| - | - | no | No error details available |\n| AUTHORIZER_FORBIDDEN | not authorized error message | no | User is not authorized to access this resource |\n| CARD_CREATION_COUNT_EXCEEDED | - | no | The maximum number of cards for the consumer is reached. Creation of additional card is not possible. |\n | OPERATION_NOT_ALLOWED | Name of the operation/field that is not allowed in this operation | no | Card creation is not allowed for this card product |","content":{"application/json":{"schema":{"$ref":"#/components/schemas/errorGeneric"}}}},"404":{"description":"Ressource not found, Unknown issuerId or consumerId or card id'. The below table defines the possible error:\n| errorCode | error | Retryable | Comments |\n| -------------- | ------------| ----------| -----------------------------------|\n| - | - | no | No error details available |\n| UNKNOWN_CONSUMER | - | no | Consumer does not exist |\n","content":{"application/json":{"schema":{"$ref":"#/components/schemas/errorGeneric"}}}},"500":{"description":"Internal Server Error. The below table defines the possible error:\n|errorCode | error | Retryable | Comments |\n| -------------- | ------------| ----------| -----------------------------------|\n| - | - | yes | No error details available |\n| INTERNAL_ERROR | error details if any | no | The server has encountered an error when executing the request. |\n","content":{"application/json":{"schema":{"$ref":"#/components/schemas/errorGeneric"}}}},"503":{"$ref":"#/components/responses/ServiceUnavailableError"}},"summary":"Create","operationId":"createCard","tags":["Card"]}}}}
```
## Get card details
> This request is used by the bank backend to request card details.
```json
{"openapi":"3.0.0","info":{"title":"D1 Inbound Card API","version":"2.0"},"tags":[{"name":"Card","description":"Card APIs."}],"servers":[{"url":"https://api.d1.thalescloud.io/banking","description":"Production server"},{"url":"https://api.d1-stg.thalescloud.io/banking","description":"Staging server"}],"security":[{"bearerAuth":[]}],"components":{"securitySchemes":{"bearerAuth":{"description":"A JWT generated by the [Get Authorization Token API](oauth2-api).
The server checks the validity of the provided token to control access to this protected resource. Please refer to [Get OAuth 2.0 access token](../../../integrate-the-d1-api/get-oauth-2.0-access-token) for more details on the flow and on how to get this JWT.","type":"http","scheme":"bearer","bearerFormat":"JWT"}},"schemas":{"consumerId":{"type":"string","description":"Unique identifier of the consumer. ","minLength":1,"maxLength":64,"pattern":"^[A-Za-z0-9_-]{1,64}$"},"cardId":{"type":"string","description":"Unique identifier of the card.","minLength":1,"maxLength":48,"pattern":"^[A-Za-z0-9_-]{1,48}$"},"newCardId":{"type":"string","description":"Unique identifier of the new card. Provided in case the card is in REPLACED state.","minLength":1,"maxLength":48,"pattern":"^[A-Za-z0-9_-]{1,48}$"},"cardProductId":{"type":"string","description":"Unique identifier of the type of card ( defined during the onboarding of D1)","minLength":1,"maxLength":48,"pattern":"^[A-Za-z0-9_-]{1,48}$"},"threeDSsupport":{"type":"boolean","description":"Determines if the card supports EMV 3-D Secure (3DS) flows."},"scheme":{"description":"The card scheme","enum":["MASTERCARD","VISA","AMEX"],"type":"string"},"auxiliaryScheme":{"description":"The card auxiliary scheme","enum":["DANKORT"]},"cardLast4":{"type":"string","pattern":"^\\d{4}$","description":"Last 4 digits of the PAN"},"cardExpiryDate":{"type":"string","description":"Expiry date of the card in MMYY format","pattern":"^(0[1-9]|1[0-2])\\d{2}$"},"newCardExpiryDate":{"type":"string","description":"New Expiry date of the card in MMYY format. Provided in case of ongoing RENEWAL operation.","pattern":"^(0[1-9]|1[0-2])\\d{2}$"},"cardState":{"type":"string","description":"the state of the card","enum":["INACTIVE","ACTIVE","SUSPENDED","DELETED","REPLACED"]},"creationDate":{"type":"string","title":"Creation date","description":"The time the resource has been created.\nFormat ISO 8601 YYYY-MM-DDThh:mm:ssTZD","minLength":1,"maxLength":64,"pattern":"^[0-9]{4}-((0[13578]|1[02])-(0[1-9]|[12][0-9]|3[01])|(0[469]|11)-(0[1-9]|[12][0-9]|30)|02-(0[1-9]|[12][0-9]))T([0-1][0-9]|2[0-3]):[0-5][0-9]:[0-5][0-9](\\.[0-9]{3}Z|\\.[0-9]{2}([\\+\\-](0[1-9]|1[0-2])):00)$"},"lastUpdate":{"type":"string","title":"Last update date","description":"The time the resource has been last updated.\nFormat ISO 8601 YYYY-MM-DDThh:mm:ssTZD","minLength":1,"maxLength":64,"pattern":"^[0-9]{4}-((0[13578]|1[02])-(0[1-9]|[12][0-9]|3[01])|(0[469]|11)-(0[1-9]|[12][0-9]|30)|02-(0[1-9]|[12][0-9]))T([0-1][0-9]|2[0-3]):[0-5][0-9]:[0-5][0-9](\\.[0-9]{3}Z|\\.[0-9]{2}([\\+\\-](0[1-9]|1[0-2])):00)$"},"AccountInformation":{"additionalProperties":false,"type":"object","required":["default","number","currencyCode"],"properties":{"default":{"type":"boolean","description":"true if the account is the default consumer account"},"type":{"type":"string","description":"Type of the Account. By default if not provided, it is a 'CHECKING' account.","enum":["CHECKING","SAVINGS"]},"number":{"type":"string","minLength":2,"maxLength":24,"pattern":"^[a-zA-Z0-9_]{2,24}$","description":"Account number used for posting to Core Banking System"},"currencyCode":{"$ref":"#/components/schemas/currencyCode"}}},"currencyCode":{"type":"string","pattern":"^[A-Z]{3}$","description":"Currency Code in ISO 4217 alpha code format"},"digitalCardId":{"type":"string","description":"Unique identifier of the digital card.","minLength":1,"maxLength":64,"pattern":"^[A-Za-z0-9_-]{1,64}$"},"digitalCardState":{"type":"string","description":"the state of the digital card (token)","enum":["ACTIVE","INACTIVE","DELETED","DEPLOYMENT_ONGOING","PENDING_ACTIVATION"],"title":"digitalCardState"},"walletRecommendation":{"type":"string","description":"Wallet/Digital Card Requestor colour recommended during the card tokenization request\n\nPlease note that in certain situations a recommendation might be not provided by the wallet.","enum":["NOT_APPLICABLE","GREEN","YELLOW","ORANGE","RED"]},"errorGeneric":{"additionalProperties":false,"type":"object","description":"Generic error returned by the APIs.","properties":{"errorCode":{"type":"string","description":"The type of the error"},"error":{"type":"string","description":"Provide more error details if possible.
For example name of the field with invalid format.
This field is for troubleshooting purposes only, it can change at any time so MUST NOT be parsed, and is not supposed to be human readable so CANNOT be displayed to end users."}}}},"responses":{"ServiceUnavailableError":{"description":"The service is temporarily unavailable. You may retry your request later."}}},"paths":{"/v2/issuers/{issuerId}/cards/{cardId}":{"get":{"description":"This request is used by the bank backend to request card details.","responses":{"200":{"description":"Successful get card details","content":{"application/json":{"schema":{"additionalProperties":false,"type":"object","required":["consumerId","cardId","cardProductId","scheme","panSuffix","exp","state","ongoingOperation","creationTime"],"properties":{"consumerId":{"$ref":"#/components/schemas/consumerId"},"cardId":{"$ref":"#/components/schemas/cardId"},"newCardId":{"$ref":"#/components/schemas/newCardId"},"cardProductId":{"$ref":"#/components/schemas/cardProductId"},"threeDSsupport":{"$ref":"#/components/schemas/threeDSsupport"},"scheme":{"$ref":"#/components/schemas/scheme"},"auxiliaryScheme":{"$ref":"#/components/schemas/auxiliaryScheme"},"panSuffix":{"$ref":"#/components/schemas/cardLast4"},"exp":{"$ref":"#/components/schemas/cardExpiryDate"},"newExp":{"$ref":"#/components/schemas/newCardExpiryDate"},"state":{"$ref":"#/components/schemas/cardState"},"stateReason":{"description":"reason associated to the state","type":"string","enum":["CLOSED_ACCOUNT","CLOSED_CARD","CARD_LOST","CARD_FOUND","CARD_STOLEN","CARD_BROKEN","CARD_NOT_RECEIVED","FRAUD","USER_DECISION","ISSUER_DECISION","CVV2_LOCKED","EXPIRY_DATE_LOCKED","PIN_LOCKED"]},"ongoingOperation":{"type":"string","enum":["NONE","RENEWAL"]},"creationTime":{"$ref":"#/components/schemas/creationDate"},"lastUpdateTime":{"$ref":"#/components/schemas/lastUpdate"},"accountList":{"type":"array","description":"This represent the list of account the card will be attached to.
This list is used for the posting","items":{"$ref":"#/components/schemas/AccountInformation"}},"digitalCards":{"type":"array","description":"List of digital cards associated to the card.","items":{"additionalProperties":false,"type":"object","properties":{"id":{"$ref":"#/components/schemas/digitalCardId"},"state":{"$ref":"#/components/schemas/digitalCardState"},"recommendation":{"$ref":"#/components/schemas/walletRecommendation"}}}}}}}}},"400":{"description":"Bad Request, Invalid request URI, header, paramters. The below table defines the possible 'Bad request' error:\n| errorCode | error | Retryable | Comments |\n| -------------- | ------------| ----------| -----------------------------------|\n| - | - | yes | No error details available |\n| FIELD_INVALID_FORMAT | Contains the field in error (first found) | no | One field is not expected format as defined in this documentation |\n","content":{"application/json":{"schema":{"$ref":"#/components/schemas/errorGeneric"}}}},"401":{"description":"Unauthorized request, the provided Authorization header is missing or invalid. In the table below only the field \"error\" is provided.\n| errorCode | error | Retryable | Comments |\n| -------------- | ------------| ----------| -----------------------------------|\n| AUTHORIZER_UNAUTHORIZED | Unauthorized message | no | Access token not valid |\n","content":{"application/json":{"schema":{"$ref":"#/components/schemas/errorGeneric"}}}},"403":{"description":"Forbidden action detected by WAF or the application.
\nThe below table defines the possible error:\n| errorCode | error | Retryable | Comments |\n| -------------- | ------------| ----------| -----------------------------------|\n| - | - | no | No error details available |\n| AUTHORIZER_FORBIDDEN | not authorized error message | no | User is not authorized to access this resource |\n","content":{"application/json":{"schema":{"$ref":"#/components/schemas/errorGeneric"}}}},"404":{"description":"Ressource not found, Unknown issuerId or consumerId or card id'. The below table defines the possible error:\n| errorCode | error | Retryable | Comments |\n| -------------- | ------------| ----------| -----------------------------------|\n| - | - | no | No error details available |\n| UNKNOWN_CARD | - | no | Unknown cardId |\n","content":{"application/json":{"schema":{"$ref":"#/components/schemas/errorGeneric"}}}},"500":{"description":"Internal Server Error. The below table defines the possible error:\n|errorCode | error | Retryable | Comments |\n| -------------- | ------------| ----------| -----------------------------------|\n| - | - | yes | No error details available |\n| INTERNAL_ERROR | error details if any | no | The server has encountered an error when executing the request. |\n","content":{"application/json":{"schema":{"$ref":"#/components/schemas/errorGeneric"}}}},"503":{"$ref":"#/components/responses/ServiceUnavailableError"}},"summary":"Get card details","operationId":"getCardDetails","tags":["Card"]}}}}
```
## Register Card
> This request is used to register a card with corresponding cards credentials.\
> This operation is applicable for card product supporting:\
> \- No authorisation mode\
> \- Light authorisation mode\
> \
> The cardId used to register the card shall be unique. A cardId can be reused to register another card (having a different PAN) under several conditions:\
> \- The cardId to be reused is linked with a DELETED or REPLACED card\
> \- The cardId to be reused is not associated to a card issued by D1 (a card created using the CREATE card API).\
> \- The cardId to be reused is not associated with a card product used for making transactions\
> \- In any case, it is not possible to register a card PAN already deleted or replaced. Even by reusing a cardId.\
> Reusing a cardId for another consumer is not recommanded. Since the cardId will disappear from the previous consumer cards list.
```json
{"openapi":"3.0.0","info":{"title":"D1 Inbound Card API","version":"2.0"},"tags":[{"name":"Card","description":"Card APIs."}],"servers":[{"url":"https://api.d1.thalescloud.io/banking","description":"Production server"},{"url":"https://api.d1-stg.thalescloud.io/banking","description":"Staging server"}],"security":[{"bearerAuth":[]}],"components":{"securitySchemes":{"bearerAuth":{"description":"A JWT generated by the [Get Authorization Token API](oauth2-api).
The server checks the validity of the provided token to control access to this protected resource. Please refer to [Get OAuth 2.0 access token](../../../integrate-the-d1-api/get-oauth-2.0-access-token) for more details on the flow and on how to get this JWT.","type":"http","scheme":"bearer","bearerFormat":"JWT"}},"schemas":{"consumerId":{"type":"string","description":"Unique identifier of the consumer. ","minLength":1,"maxLength":64,"pattern":"^[A-Za-z0-9_-]{1,64}$"},"cardProductId":{"type":"string","description":"Unique identifier of the type of card ( defined during the onboarding of D1)","minLength":1,"maxLength":48,"pattern":"^[A-Za-z0-9_-]{1,48}$"},"state":{"description":"The state of the card
If not provided, the card is considered ACTIVE","type":"string","enum":["ACTIVE","SUSPENDED"]},"errorGeneric":{"additionalProperties":false,"type":"object","description":"Generic error returned by the APIs.","properties":{"errorCode":{"type":"string","description":"The type of the error"},"error":{"type":"string","description":"Provide more error details if possible.
For example name of the field with invalid format.
This field is for troubleshooting purposes only, it can change at any time so MUST NOT be parsed, and is not supposed to be human readable so CANNOT be displayed to end users."}}}},"responses":{"ServiceUnavailableError":{"description":"The service is temporarily unavailable. You may retry your request later."}}},"paths":{"/v2/issuers/{issuerId}/cards/{cardId}":{"put":{"description":"This request is used to register a card with corresponding cards credentials.\nThis operation is applicable for card product supporting:\n - No authorisation mode\n - Light authorisation mode\n\nThe cardId used to register the card shall be unique. A cardId can be reused to register another card (having a different PAN) under several conditions:\n - The cardId to be reused is linked with a DELETED or REPLACED card\n - The cardId to be reused is not associated to a card issued by D1 (a card created using the CREATE card API).\n - The cardId to be reused is not associated with a card product used for making transactions\n - In any case, it is not possible to register a card PAN already deleted or replaced. Even by reusing a cardId.\nReusing a cardId for another consumer is not recommanded. Since the cardId will disappear from the previous consumer cards list.\n","requestBody":{"content":{"application/json":{"schema":{"additionalProperties":false,"type":"object","properties":{"consumerId":{"$ref":"#/components/schemas/consumerId"},"cardProductId":{"$ref":"#/components/schemas/cardProductId"},"state":{"$ref":"#/components/schemas/state"},"name":{"type":"string","minLength":0,"maxLength":26,"pattern":"^[a-zA-Z. -]{0,26}$","description":"Name of the card holder as it will be printed/embossed on the card.
For virtual card this value will be used exclusively for card display.
Empty string supported."},"secondName":{"type":"string","minLength":0,"maxLength":26,"pattern":"^[a-zA-Z. -]{0,26}$","description":"Optional second card holder name as it will be printed/embossed on the card under the first card holder name.
Not used in case of virtual card."},"encryptedData":{"type":"string","title":"encryptedData","maxLength":8192,"pattern":"^(?:[\\x20-\\x2D\\x2F-\\x7F]*\\.){4}(?:[\\x20-\\x2D\\x2F-\\x7F]*)$","description":"The encryptedData is the encrypted json (cf http://www.json.org/) representation of the Card information.\nThis value is encrypted using the JWE encryption (please refer to the **[Encrypt sensitive data](../../../integrate-the-d1-api/encrypt-sensitive-data)** for more details)\n
Once deciphered, the plaintext contains a json structure with:\n|JSON field parameter name|description|MOC|Format|\n|-------|-------|-------|-------|\n|pan|The funding pan value.|M|string - up to 19 digits|\n|exp|The expiry date of the card.|M|string - 4 digits, following the format MMYY|\n|auxiliaryPan|The auxiliary funding pan value. It shall be provided when cobadge is supported and if the card has an auxiliary pan.|C|string - up to 19 digits|\n|auxiliaryExp|The auxiliary expiry date of the card. It shall be provided when cobadge is supported and if the card has an auxiliary pan.|C|string - 4 digits, following the format MMYY|\n\nAs D1 is able to compute the CVV2, the cvv parameter is not expected. \n
\n
\n"}},"required":["consumerId","cardProductId","name","encryptedData"]}}}},"responses":{"204":{"description":"Successful card registration"},"400":{"description":"Bad Request, Invalid request URI, header, paramters. The below table defines the possible 'Bad request' error:\n| errorCode | error | Retryable | Comments |\n| -------------- | ------------| ----------| -----------------------------------|\n| - | - | no | No error details available |\n| FIELD_INVALID_FORMAT | Contains the field in error (first found) | no | One field is not expected format as defined in this documentation |\n| CRYPTO_ERROR | - | no | Not possible to decrypt the provided encrypted data |\n| FIELD_INVALID_VALUE | - | no | One field value is not allowed for the given field |\n| INVALID_PAN | - | no | PAN is invalid |\n| INVALID_EXPIRY_DATE | Expiry date is invalid |\n","content":{"application/json":{"schema":{"$ref":"#/components/schemas/errorGeneric"}}}},"401":{"description":"Unauthorized request, the provided Authorization header is missing or invalid. In the table below only the field \"error\" is provided.\n| errorCode | error | Retryable | Comments |\n| -------------- | ------------| ----------| -----------------------------------|\n| AUTHORIZER_UNAUTHORIZED | Unauthorized message | no | Access token not valid |\n","content":{"application/json":{"schema":{"$ref":"#/components/schemas/errorGeneric"}}}},"403":{"description":"Forbidden action detected by WAF or the application.\nThe below table defines the possible error:\n | errorCode | error | Retryable | Comments |\n | -------------- | ------------| ----------| -----------------------------------|\n | - | - | no | No error details available |\n | AUTHORIZER_FORBIDDEN | not\\_authorized error message | no | User\\_is\\_not\\_authorized\\_to\\_access\\_this\\_resource |\n | CARD_ALREADY_EXISTS | - | no | CardId already registered in the solution |\n | CARD_INVALID_STATE | - | no | CardId already registered in the solution and has an invalid card state (REPLACED or DELETED) |\n | CONSUMER_INVALID_STATE| - | no | Consumer exists with an invalid consumer state (DELETED) |\n | OPERATION_NOT_ALLOWED | Name of the operation/field that is not allowed in this operation | no | Register is not allowed for this card product |\n","content":{"application/json":{"schema":{"$ref":"#/components/schemas/errorGeneric"}}}},"404":{"description":"Ressource not found, Unknown issuerId\n","content":{"application/json":{"schema":{"$ref":"#/components/schemas/errorGeneric"}}}},"500":{"description":"Internal Server Error. The below table defines the possible error:\n|errorCode | error | Retryable | Comments |\n| -------------- | ------------| ----------| -----------------------------------|\n| - | - | yes | No error details available |\n| INTERNAL_ERROR | error details if any | no | The server has encountered an error when executing the request. |\n","content":{"application/json":{"schema":{"$ref":"#/components/schemas/errorGeneric"}}}},"503":{"$ref":"#/components/responses/ServiceUnavailableError"}},"summary":"Register Card","operationId":"registerCard","tags":["Card"]}}}}
```
## Get Card Credentials
> This request is used by the bank backend to retrieve the card credentials.\
\
> If the card supports Dynamic CVV2 (DCVV2), a new DCVV2 is generated at each request and is provided in the encrypted card credentials using cvv parameter value.\
\
> The Dynamic CVV2 support is defined in card product definition during onboarding.
```json
{"openapi":"3.0.0","info":{"title":"D1 Inbound Card API","version":"2.0"},"tags":[{"name":"Card Credentials","description":"API to get and verify card credentials."}],"servers":[{"url":"https://api.d1.thalescloud.io/banking","description":"Production server"},{"url":"https://api.d1-stg.thalescloud.io/banking","description":"Staging server"}],"security":[{"bearerAuth":[]}],"components":{"securitySchemes":{"bearerAuth":{"description":"A JWT generated by the [Get Authorization Token API](oauth2-api).
The server checks the validity of the provided token to control access to this protected resource. Please refer to [Get OAuth 2.0 access token](../../../integrate-the-d1-api/get-oauth-2.0-access-token) for more details on the flow and on how to get this JWT.","type":"http","scheme":"bearer","bearerFormat":"JWT"}},"schemas":{"errorGeneric":{"additionalProperties":false,"type":"object","description":"Generic error returned by the APIs.","properties":{"errorCode":{"type":"string","description":"The type of the error"},"error":{"type":"string","description":"Provide more error details if possible.
For example name of the field with invalid format.
This field is for troubleshooting purposes only, it can change at any time so MUST NOT be parsed, and is not supposed to be human readable so CANNOT be displayed to end users."}}}},"responses":{"ServiceUnavailableError":{"description":"The service is temporarily unavailable. You may retry your request later."}}},"paths":{"/v2/issuers/{issuerId}/cards/{cardId}/credentials":{"get":{"description":"This request is used by the bank backend to retrieve the card credentials.
\nIf the card supports Dynamic CVV2 (DCVV2), a new DCVV2 is generated at each request and is provided in the encrypted card credentials using cvv parameter value.
\nThe Dynamic CVV2 support is defined in card product definition during onboarding.","responses":{"200":{"description":"Successful get card credentials","content":{"application/json":{"schema":{"additionalProperties":false,"type":"object","required":["encryptedData"],"properties":{"encryptedData":{"type":"string","maxLength":8192,"pattern":"^(?:[\\x20-\\x2D\\x2F-\\x7F]*\\.){4}(?:[\\x20-\\x2D\\x2F-\\x7F]*)$","description":"The encryptedData is the encrypted json (cf http://www.json.org/) representation of the Card information.\nThis value is encrypted using the JWE encryption (please refer to the **[Encrypt sensitive data](../../../integrate-the-d1-api/encrypt-sensitive-data)** for more details)\n
Content\n
Once deciphered, the plaintext contains a json structure with:\n|JSON field parameter name|description|MOC|Format|\n|-------|-------|-------|-------|\n|pan|The pan value.|M|string - up to 19 digits|\n|exp|The expiry date of the card.|M|string - 4 digits, following the format MMYY|\n|name|The card holder name.|O|string - up to 26 characters |\n|cvv|The CVV2 or DCVV2 value of the card
|M|string - 3 or 4 digits|"}}}}}},"400":{"description":"Bad Request, Invalid request URI, header, paramters. The below table defines the possible 'Bad request' error:\n| errorCode | error | Retryable | Comments |\n| -------------- | ------------| ----------| -----------------------------------|\n| - | - | no | No error details available |\n| FIELD_INVALID_FORMAT | Contains the field in error (first found) | no | One field is not expected format as defined in this documentation |","content":{"application/json":{"schema":{"$ref":"#/components/schemas/errorGeneric"}}}},"401":{"description":"Unauthorized request, the provided Authorization header is missing or invalid. \nIn the table below only the field \\\"error\\\" is provided.
\n| errorCode | error | Retryable | Comments |\n| -------------- | ------------| ----------| -------------------------------------|\n| AUTHORIZER_UNAUTHORIZED | Unauthorized_message | no | Access token not valid |","content":{"application/json":{"schema":{"$ref":"#/components/schemas/errorGeneric"}}}},"403":{"description":"Forbidden action detected by WAF or the application.
\nThe below table defines the possible error:\n | errorCode | error | Retryable | Comments |\n | -------------- | ------------| ----------| -----------------------------------|\n | - | - | no | No error details available |\n | AUTHORIZER_FORBIDDEN | not_authorized error message | no | User is not authorized to access this resource |\n | CARD_INVALID_STATE | - | no | Impossible to get card credentials as the card is DELETED, SUSPENDED or REPLACED. |","content":{"application/json":{"schema":{"$ref":"#/components/schemas/errorGeneric"}}}},"404":{"description":"Ressource not found, Unknown issuerId or consumerId or card id'. The below table defines the possible error:\n| errorCode | error | Retryable | Comments |\n| -------------- | ------------| ----------| -----------------------------------|\n| - | - | no | No error details available |\n| UNKNOWN_CARD | - | no | Unknown cardId |\n","content":{"application/json":{"schema":{"$ref":"#/components/schemas/errorGeneric"}}}},"500":{"description":"Internal Server Error. The below table defines the possible error:\n|errorCode | error | Retryable | Comments |\n| -------------- | ------------| ----------| -----------------------------------|\n| - | - | yes | No error details available |\n| INTERNAL_ERROR | error details if any | no | The server has encountered an error when executing the request. |\n| WRONG_CONFIGURATION | Missing key configuration for encryption | The server is not configured to performe the encryption of card information | \n","content":{"application/json":{"schema":{"$ref":"#/components/schemas/errorGeneric"}}}},"503":{"$ref":"#/components/responses/ServiceUnavailableError"}},"summary":"Get Card Credentials","operationId":"getCardCredentials","tags":["Card Credentials"]}}}}
```
## Verify Card Credentials
> This request is used by the bank backend to verify the card credentials.\
> \
\
> The request is successful if all parameters from encrypted card details (pan, expiry date or cvv) are valid.\
> \
\
> If the cardId is provided, then D1 will first retreive the card credentials using the cardId and then compare with provided card credentials.\
> \
\
> If the card supports Dynamic CVV2 (DCVV2), the cvv parameter value from encrypted card credentials must equal an actvive DCVV2.\
\
> A DCVV2 is active when a DCVV2 has been generated, not expired and not used for any type of transaction.\
\
> The Dynamic CVV2 support is defined in the card product definition during onboarding.
```json
{"openapi":"3.0.0","info":{"title":"D1 Inbound Card API","version":"2.0"},"tags":[{"name":"Card Credentials","description":"API to get and verify card credentials."}],"servers":[{"url":"https://api.d1.thalescloud.io/banking","description":"Production server"},{"url":"https://api.d1-stg.thalescloud.io/banking","description":"Staging server"}],"security":[{"bearerAuth":[]}],"components":{"securitySchemes":{"bearerAuth":{"description":"A JWT generated by the [Get Authorization Token API](oauth2-api).
The server checks the validity of the provided token to control access to this protected resource. Please refer to [Get OAuth 2.0 access token](../../../integrate-the-d1-api/get-oauth-2.0-access-token) for more details on the flow and on how to get this JWT.","type":"http","scheme":"bearer","bearerFormat":"JWT"}},"schemas":{"cardId":{"type":"string","description":"Unique identifier of the card.","minLength":1,"maxLength":48,"pattern":"^[A-Za-z0-9_-]{1,48}$"},"errorGeneric":{"additionalProperties":false,"type":"object","description":"Generic error returned by the APIs.","properties":{"errorCode":{"type":"string","description":"The type of the error"},"error":{"type":"string","description":"Provide more error details if possible.
For example name of the field with invalid format.
This field is for troubleshooting purposes only, it can change at any time so MUST NOT be parsed, and is not supposed to be human readable so CANNOT be displayed to end users."}}}},"responses":{"ServiceUnavailableError":{"description":"The service is temporarily unavailable. You may retry your request later."}}},"paths":{"/v2/issuers/{issuerId}/cards/credentials":{"post":{"description":"This request is used by the bank backend to verify the card credentials.\n
\nThe request is successful if all parameters from encrypted card details (pan, expiry date or cvv) are valid.\n
\nIf the cardId is provided, then D1 will first retreive the card credentials using the cardId and then compare with provided card credentials.\n
\nIf the card supports Dynamic CVV2 (DCVV2), the cvv parameter value from encrypted card credentials must equal an actvive DCVV2.
\nA DCVV2 is active when a DCVV2 has been generated, not expired and not used for any type of transaction.
\nThe Dynamic CVV2 support is defined in the card product definition during onboarding.\n","requestBody":{"content":{"application/json":{"schema":{"type":"object","properties":{"cardId":{"$ref":"#/components/schemas/cardId"},"encryptedData":{"type":"string","title":"encryptedData","maxLength":8192,"pattern":"^(?:[\\x20-\\x2D\\x2F-\\x7F]*\\.){4}(?:[\\x20-\\x2D\\x2F-\\x7F]*)$","description":"The encryptedData is the encrypted json (cf http://www.json.org/) representation of the Card information.\nThis value is encrypted using the JWE encryption (please refer to the **[Encrypt sensitive data](../../../integrate-the-d1-api/encrypt-sensitive-data)** for more details)\n
Content\n
Once deciphered, the plaintext contains a json structure with:\n|JSON field parameter name|description|MOC|Format|\n|-------|-------|-------|-------|\n|pan|The pan value.|M|string - up to 19 digits|\n|exp|The expiry date of the card.|M|string - 4 digits, following the format MMYY|\n|cvv|The CVV2 or DCVV2 of the card.|M|string - 3 or 4 digits|\n"}},"required":["encryptedData"]}}}},"responses":{"200":{"description":"Successful card verification.","content":{"application/json":{"schema":{"additionalProperties":false,"description":"The cardId of the card that has been successfully verified.","type":"object","required":["cardId"],"properties":{"cardId":{"$ref":"#/components/schemas/cardId"}}}}}},"400":{"description":"Bad Request, Invalid request URI, header, paramters. The below table defines the possible 'Bad request' error:\n| errorCode | error | Retryable | Comments |\n| -------------- | ------------| ----------| -----------------------------------|\n| - | - | no | No error details available |\n| FIELD_INVALID_FORMAT | Contains the field in error (first found) | no | One field is not expected format as defined in this documentation |\n| CRYPTO_ERROR | - | no | Not possible to decrypt the provided encrypted data |\n| INVALID_PAN | pan value is not verified | no | The pan from encrypted card information is not matching the referenced card pan |\n| INVALID_EXPIRY_DATE | exp value is not verified | no | The exp from encrypted card information is not matching the referenced card expiry date |\n| INVALID_CVV2 | cvv2 value is not verified | no | The cvv from encrypted card information is not matching the referenced card CVV2 or active DCVV2 |\n| NO_ACTIVE_DCVV2 | cvv2/dcvv2 not provided from referenced card | no | The cvv from referenced card CVV2 or active DCVV2 is empty |\n","content":{"application/json":{"schema":{"$ref":"#/components/schemas/errorGeneric"}}}},"401":{"description":"Unauthorized request, the provided Authorization header is missing or invalid. \nIn the table below only the field \\\"error\\\" is provided.
\n| errorCode | error | Retryable | Comments |\n| -------------- | ------------| ----------| -------------------------------------|\n| AUTHORIZER_UNAUTHORIZED | Unauthorized_message | no | Access token not valid |","content":{"application/json":{"schema":{"$ref":"#/components/schemas/errorGeneric"}}}},"403":{"description":"Forbidden action detected by WAF or the application.
\nThe below table defines the possible error:\n | errorCode | error | Retryable | Comments |\n | -------------- | ------------| ----------| -----------------------------------|\n | - | - | no | No error details available |\n | AUTHORIZER_FORBIDDEN | not_authorized error message | no | User is not authorized to access this resource |\n | CARD_INVALID_STATE | - | no | Impossible to get card credentials as the card is DELETED, SUSPENDED or REPLACED. |","content":{"application/json":{"schema":{"$ref":"#/components/schemas/errorGeneric"}}}},"404":{"description":"Ressource not found, Unknown issuerId or consumerId or card id'. The below table defines the possible error:\n| errorCode | error | Retryable | Comments |\n| -------------- | ------------| ----------| -----------------------------------|\n| - | - | no | No error details available |\n| UNKNOWN_CARD | - | no | Unknown cardId |\n","content":{"application/json":{"schema":{"$ref":"#/components/schemas/errorGeneric"}}}},"500":{"description":"Internal Server Error. The below table defines the possible error:\n|errorCode | error | Retryable | Comments |\n| -------------- | ------------| ----------| -----------------------------------|\n| - | - | yes | No error details available |\n| INTERNAL_ERROR | error details if any | no | The server has encountered an error when executing the request. |\n","content":{"application/json":{"schema":{"$ref":"#/components/schemas/errorGeneric"}}}},"503":{"$ref":"#/components/responses/ServiceUnavailableError"}},"summary":"Verify Card Credentials","operationId":"verifyCardCredentials","tags":["Card Credentials"]}}}}
```
## Get Card Settings
> This request is used by the bank backend to retrieve card settings.
```json
{"openapi":"3.0.0","info":{"title":"D1 Inbound Card API","version":"2.0"},"tags":[{"name":"Card Settings","description":"API to get and update card settings."}],"servers":[{"url":"https://api.d1.thalescloud.io/banking","description":"Production server"},{"url":"https://api.d1-stg.thalescloud.io/banking","description":"Staging server"}],"security":[{"bearerAuth":[]}],"components":{"securitySchemes":{"bearerAuth":{"description":"A JWT generated by the [Get Authorization Token API](oauth2-api).
The server checks the validity of the provided token to control access to this protected resource. Please refer to [Get OAuth 2.0 access token](../../../integrate-the-d1-api/get-oauth-2.0-access-token) for more details on the flow and on how to get this JWT.","type":"http","scheme":"bearer","bearerFormat":"JWT"}},"schemas":{"cardControls":{"additionalProperties":false,"description":"Container to hold the domain controls available.","type":"object","required":["onlinePayment","abroadPayment","deniedCurrencies","geography","merchants"],"properties":{"onlinePayment":{"description":"Is online payment (eCommerce) enabled or not for this card.","type":"boolean"},"contactless":{"description":"Is contactless payment enabled or not for the card.
Not provided if control is not available (card product definition)","type":"boolean"},"magstripe":{"description":"Is magstripe payment enabled or not for the card.
Not provided if control is not available (card product definition)","type":"boolean"},"withdrawal":{"description":"Is ATM withdrawal enabled or not for the card.
Not provided if control is not available (card product definition)","type":"boolean"},"abroadPayment":{"description":"Is payment abroad enabled or not for the card","type":"boolean"},"deniedCurrencies":{"description":"List of currencies that will be declined for authorization in ISO 4217 alpha code format","type":"array","items":{"$ref":"#/components/schemas/currencyCode"}},"geography":{"additionalProperties":false,"description":"Contains the list of countries and regions that the card is allowed to use.
if georgraphy is not defined then no geography control is performed; the card can be used all around the world","type":"object","required":["regions","countries"],"properties":{"regions":{"type":"array","description":"List of included Region purchase/withdrawal is allowed","items":{"$ref":"#/components/schemas/Regions"}},"countries":{"type":"array","description":"List of included Country code in ISO 3166-1 alpha-2 format purchase/withdrawal is allowed","items":{"$ref":"#/components/schemas/countryCode"}}}},"merchants":{"additionalProperties":false,"description":"Set of controls applied on merchant category","type":"object","required":["gambling","adult","risky"],"properties":{"gambling":{"description":"If payment is enabled with merchant that has gambling activities","type":"boolean"},"adult":{"description":"If payment is enabled with merchant that has adult activities","type":"boolean"},"risky":{"description":"If payment is enabled with merchant that has been categorised as risky by the scheme","type":"boolean"}}}}},"currencyCode":{"type":"string","pattern":"^[A-Z]{3}$","description":"Currency Code in ISO 4217 alpha code format"},"Regions":{"type":"string","enum":["SCHENGEN_AREA","EASTERN_EUROPE","WESTERN_EUROPE","NORTHERN_EUROPE","SOUTHERN_EUROPE","MIDDLE_EAST","NORTH_AFRICA","EAST_AFRICA","CENTRAL_AFRICA","SOUTHERN_AFRICA","WEST_AFRICA","CENTRAL_ASIA","EAST_ASIA","WEST_ASIA","SOUTH_ASIA","SOUTHEAST_ASIA","OCEANIA","CARIBBEAN","CENTRAL_AMERICA","NORTH_AMERICA","SOUTH_AMERICA"]},"countryCode":{"type":"string","description":"Country code in ISO 3166-1 alpha-2 format","minLength":2,"maxLength":2,"pattern":"^[A-Z]{2}$"},"cardLimits":{"additionalProperties":false,"description":"Container to hold all available limits defined at card product.
Not provided if no limits defined.","type":"object","properties":{"currencyCode":{"$ref":"#/components/schemas/currencyCode"},"purchase":{"$ref":"#/components/schemas/cardLimitPurchases"},"withdrawal":{"$ref":"#/components/schemas/cardLimitWithdrawal"}}},"cardLimitPurchases":{"additionalProperties":false,"description":"Container to hold all available purchases limits defined at card product.
Not provided if no purchase limits defined.","type":"object","properties":{"daily":{"$ref":"#/components/schemas/cardLimit"},"weekly":{"$ref":"#/components/schemas/cardLimitByPeriod"},"monthly":{"$ref":"#/components/schemas/cardLimitByPeriod"},"yearly":{"$ref":"#/components/schemas/cardLimitByPeriod"}}},"cardLimit":{"type":"object","required":["limit","maxLimit","currentAmount"],"properties":{"limit":{"type":"integer","description":"Current limit set by the user/issuer on the card. Limit the end-user can update and could not exceed the max limit set by issuer.","minimum":0,"maximum":999999999999},"maxLimit":{"type":"integer","description":"Max limit set by the issuer, it represent the maximum limit the end-user can set for its own card limit.","minimum":0,"maximum":999999999999},"currentAmount":{"type":"number","description":"Current amount of money already spent in this limit (amount with digits after decimal point is possible).","minimum":0,"maximum":999999999999}}},"cardLimitByPeriod":{"allOf":[{"type":"object","required":["periodType"],"properties":{"periodType":{"type":"string","enum":["fixed","rolling"]},"periodIndex":{"type":"integer","description":"Only provided in case of Weekly, Monthly or Yearly Fixed period.
- For weekly fixed period, the allowed values are 1 to 7 and it represents the start day of the week (1 for Monday, 2 for tuesday, etc..)
- For monthly fixed period, the allowed values are 1 to 31 and it represents the start day of the monthly period
- For yearly fixed period, allowed values are 1 to 12 and it represents the start month of yearly period.","minimum":1,"maximum":31}}},{"$ref":"#/components/schemas/cardLimit"}]},"cardLimitWithdrawal":{"additionalProperties":false,"description":"Container to hold all available withdrawal limits defined at card product.
Not provided if no withdraw limits defined.","type":"object","properties":{"daily":{"$ref":"#/components/schemas/cardLimit"},"weekly":{"$ref":"#/components/schemas/cardLimitByPeriod"},"monthly":{"$ref":"#/components/schemas/cardLimitByPeriod"},"yearly":{"$ref":"#/components/schemas/cardLimitByPeriod"}}},"errorGeneric":{"additionalProperties":false,"type":"object","description":"Generic error returned by the APIs.","properties":{"errorCode":{"type":"string","description":"The type of the error"},"error":{"type":"string","description":"Provide more error details if possible.
For example name of the field with invalid format.
This field is for troubleshooting purposes only, it can change at any time so MUST NOT be parsed, and is not supposed to be human readable so CANNOT be displayed to end users."}}}},"responses":{"ServiceUnavailableError":{"description":"The service is temporarily unavailable. You may retry your request later."}}},"paths":{"/v2/issuers/{issuerId}/cards/{cardId}/settings":{"get":{"description":"This request is used by the bank backend to retrieve card settings.","responses":{"200":{"description":"Successful get card settings","content":{"application/json":{"schema":{"additionalProperties":false,"type":"object","required":["controls","limits"],"properties":{"controls":{"$ref":"#/components/schemas/cardControls"},"limits":{"$ref":"#/components/schemas/cardLimits"}}}}}},"400":{"description":"Bad Request, Invalid request URI, header, paramters. The below table defines the possible 'Bad request' error:\n| errorCode | error | Retryable | Comments |\n| -------------- | ------------| ----------| -----------------------------------|\n| - | - | no | No error details available |\n| FIELD_INVALID_FORMAT | Contains the field in error (first found) | no | One field is not expected format as defined in this documentation |\n","content":{"application/json":{"schema":{"$ref":"#/components/schemas/errorGeneric"}}}},"401":{"description":"Unauthorized request, the provided Authorization header is missing or invalid. In the table below only the field \"error\" is provided.\n| errorCode | error | Retryable | Comments |\n| -------------- | ------------| ----------| -----------------------------------|\n| AUTHORIZER_UNAUTHORIZED | Unauthorized message | no | Access token not valid |\n","content":{"application/json":{"schema":{"$ref":"#/components/schemas/errorGeneric"}}}},"403":{"description":"Forbidden action detected by WAF or the application.
\nThe below table defines the possible error:\n| errorCode | error | Retryable | Comments |\n| -------------- | ------------| ----------| -----------------------------------|\n| - | - | no | No error details available |\n| AUTHORIZER_FORBIDDEN | not authorized error message | no | User is not authorized to access this resource |\n| CARD_INVALID_STATE | - | no | Impossible to get card settings as the card is DELETED. |\n","content":{"application/json":{"schema":{"$ref":"#/components/schemas/errorGeneric"}}}},"404":{"description":"Ressource not found, Unknown issuerId or consumerId or card id'. The below table defines the possible error:\n| errorCode | error | Retryable | Comments |\n| -------------- | ------------| ----------| -----------------------------------|\n| - | - | yes | No error details available |\n| UNKNOWN_CARD | - | no | Unknown cardId |\n","content":{"application/json":{"schema":{"$ref":"#/components/schemas/errorGeneric"}}}},"500":{"description":"Internal Server Error. The below table defines the possible error:\n|errorCode | error | Retryable | Comments |\n| -------------- | ------------| ----------| -----------------------------------|\n| - | - | no | No error details available |\n| INTERNAL_ERROR | error details if any | no | The server has encountered an error when executing the request. |\n","content":{"application/json":{"schema":{"$ref":"#/components/schemas/errorGeneric"}}}},"503":{"$ref":"#/components/responses/ServiceUnavailableError"}},"summary":"Get Card Settings","operationId":"getCardSettings","tags":["Card Settings"]}}}}
```
## Update Card Controls
> This request is used by the bank backend to update card domain controls.
```json
{"openapi":"3.0.0","info":{"title":"D1 Inbound Card API","version":"2.0"},"tags":[{"name":"Card Settings","description":"API to get and update card settings."}],"servers":[{"url":"https://api.d1.thalescloud.io/banking","description":"Production server"},{"url":"https://api.d1-stg.thalescloud.io/banking","description":"Staging server"}],"security":[{"bearerAuth":[]}],"components":{"securitySchemes":{"bearerAuth":{"description":"A JWT generated by the [Get Authorization Token API](oauth2-api).
The server checks the validity of the provided token to control access to this protected resource. Please refer to [Get OAuth 2.0 access token](../../../integrate-the-d1-api/get-oauth-2.0-access-token) for more details on the flow and on how to get this JWT.","type":"http","scheme":"bearer","bearerFormat":"JWT"}},"schemas":{"cardControlsUpdate":{"additionalProperties":false,"type":"object","properties":{"onlinePayment":{"description":"Set online payment (eCommerce) enabled or not for this card.","type":"boolean"},"contactless":{"description":"Set contactless payment enabled or not for the card.
To not provide if this control is not available (card product definition)","type":"boolean"},"magstripe":{"description":"Set magstripe payment enabled or not for the card.
To not provide if this control is not available (card product definition)","type":"boolean"},"withdrawal":{"description":"Set ATM withdraw enabled or not for the card.
To not provide if this control is not available (card product definition)","type":"boolean"},"abroadPayment":{"description":"Set payment abroad enabled or not for the card","type":"boolean"},"deniedCurrencies":{"description":"Define the list of currencies that will be declined for authorization in ISO 4217 alpha code format","type":"array","items":{"$ref":"#/components/schemas/currencyCode"}},"geography":{"additionalProperties":false,"description":"Define the list of countries and regions where the card is allowed to be used
If geography is not defined, no geography controls are applied, and the card can be used worldwide
Geography controls are applicable only when abroad payment is set to true","type":"object","required":["regions","countries"],"properties":{"regions":{"type":"array","description":"List of included Region purchase/withdrawal is allowed","items":{"$ref":"#/components/schemas/Regions"}},"countries":{"type":"array","description":"List of included Country code in ISO 3166-1 alpha-2 format payment/withdraw is allowed","items":{"$ref":"#/components/schemas/countryCode"}}}},"merchants":{"additionalProperties":false,"description":"set of control applied on merchant category","type":"object","required":["gambling","adult","risky"],"properties":{"gambling":{"description":"If payment is enabled with merchant that has gambling activities","type":"boolean"},"adult":{"description":"If payment is enabled with merchant that has adult activities","type":"boolean"},"risky":{"description":"If payment is enabled with merchant that has been categorised as risky by the scheme","type":"boolean"}}}}},"currencyCode":{"type":"string","pattern":"^[A-Z]{3}$","description":"Currency Code in ISO 4217 alpha code format"},"Regions":{"type":"string","enum":["SCHENGEN_AREA","EASTERN_EUROPE","WESTERN_EUROPE","NORTHERN_EUROPE","SOUTHERN_EUROPE","MIDDLE_EAST","NORTH_AFRICA","EAST_AFRICA","CENTRAL_AFRICA","SOUTHERN_AFRICA","WEST_AFRICA","CENTRAL_ASIA","EAST_ASIA","WEST_ASIA","SOUTH_ASIA","SOUTHEAST_ASIA","OCEANIA","CARIBBEAN","CENTRAL_AMERICA","NORTH_AMERICA","SOUTH_AMERICA"]},"countryCode":{"type":"string","description":"Country code in ISO 3166-1 alpha-2 format","minLength":2,"maxLength":2,"pattern":"^[A-Z]{2}$"},"errorGeneric":{"additionalProperties":false,"type":"object","description":"Generic error returned by the APIs.","properties":{"errorCode":{"type":"string","description":"The type of the error"},"error":{"type":"string","description":"Provide more error details if possible.
For example name of the field with invalid format.
This field is for troubleshooting purposes only, it can change at any time so MUST NOT be parsed, and is not supposed to be human readable so CANNOT be displayed to end users."}}}},"responses":{"ServiceUnavailableError":{"description":"The service is temporarily unavailable. You may retry your request later."}}},"paths":{"/v2/issuers/{issuerId}/cards/{cardId}/controls":{"patch":{"description":"This request is used by the bank backend to update card domain controls.","requestBody":{"content":{"application/json":{"schema":{"additionalProperties":false,"type":"object","required":["controls"],"properties":{"controls":{"$ref":"#/components/schemas/cardControlsUpdate"}}}}}},"responses":{"200":{"description":"Successful card setting update"},"400":{"description":"Bad Request, Invalid request URI, header, paramters. The below table defines the possible 'Bad request' error:\n| errorCode | error | Retryable | Comments |\n| -------------- | ------------| ----------| -----------------------------------|\n| - | - | no | No error details available |\n| FIELD_INVALID_FORMAT | Contains the field in error (first found) | no | JSON not well formatted or
One field is not expected format as defined in this documentation |\n| FIELD_INVALID_VALUE | Contains the field in error (first found) | no | One field value is not allowed for the given field |\n","content":{"application/json":{"schema":{"$ref":"#/components/schemas/errorGeneric"}}}},"401":{"description":"Unauthorized request, the provided Authorization header is missing or invalid. In the table below only the field \"error\" is provided.\n| errorCode | error | Retryable | Comments |\n| -------------- | ------------| ----------| -----------------------------------|\n| AUTHORIZER_UNAUTHORIZED | Unauthorized message | no | Access token not valid |\n","content":{"application/json":{"schema":{"$ref":"#/components/schemas/errorGeneric"}}}},"403":{"description":"Forbidden action detected by WAF or the application.\nThe below table defines the possible error:\n | errorCode | error | Retryable | Comments |\n | -------------- | ------------| ----------| -----------------------------------|\n | - | - | no | No error details available |\n | AUTHORIZER_FORBIDDEN | not\\_authorized error message | no | User\\_is\\_not\\_authorized\\_to\\_access\\_this\\_resource |\n | CARD_INVALID_STATE | - | no | CardId already registered in the solution and has an invalid card state (REPLACED or DELETED) |\n | OPERATION_NOT_ALLOWED | Name of the operation/field that is not allowed in this operation | no | Try to update a control not defined at card product |\n","content":{"application/json":{"schema":{"$ref":"#/components/schemas/errorGeneric"}}}},"404":{"description":"Ressource not found, Unknown issuerId or consumerId or card id'. The below table defines the possible error:\n| errorCode | error | Retryable | Comments |\n| -------------- | ------------| ----------| -----------------------------------|\n| - | - | no | No error details available |\n| UNKNOWN_CARD | - | no | Unknown cardId |\n","content":{"application/json":{"schema":{"$ref":"#/components/schemas/errorGeneric"}}}},"500":{"description":"Internal Server Error. The below table defines the possible error:\n|errorCode | error | Retryable | Comments |\n| -------------- | ------------| ----------| -----------------------------------|\n| - | - | yes | No error details available |\n| INTERNAL_ERROR | error details if any | no | The server has encountered an error when executing the request. |\n"},"503":{"$ref":"#/components/responses/ServiceUnavailableError"}},"summary":"Update Card Controls","operationId":"updateCardControls","tags":["Card Settings"]}}}}
```
## Update Card Limits
> This request is used by the bank backend to update card settings.
```json
{"openapi":"3.0.0","info":{"title":"D1 Inbound Card API","version":"2.0"},"tags":[{"name":"Card Settings","description":"API to get and update card settings."}],"servers":[{"url":"https://api.d1.thalescloud.io/banking","description":"Production server"},{"url":"https://api.d1-stg.thalescloud.io/banking","description":"Staging server"}],"security":[{"bearerAuth":[]}],"components":{"securitySchemes":{"bearerAuth":{"description":"A JWT generated by the [Get Authorization Token API](oauth2-api).
The server checks the validity of the provided token to control access to this protected resource. Please refer to [Get OAuth 2.0 access token](../../../integrate-the-d1-api/get-oauth-2.0-access-token) for more details on the flow and on how to get this JWT.","type":"http","scheme":"bearer","bearerFormat":"JWT"}},"schemas":{"cardLimitsUpdate":{"additionalProperties":false,"type":"object","properties":{"purchase":{"$ref":"#/components/schemas/CardLimitPurchasesUpdate"},"withdrawal":{"$ref":"#/components/schemas/CardLimitWithdrawalUpdate"}}},"CardLimitPurchasesUpdate":{"additionalProperties":false,"description":"Provide this container to update one or several purchase limits
Only available purchase limits defined at card product are updatable.","type":"object","properties":{"daily":{"$ref":"#/components/schemas/cardLimitUpdate"},"weekly":{"$ref":"#/components/schemas/cardLimitUpdate"},"monthly":{"$ref":"#/components/schemas/cardLimitUpdate"},"yearly":{"$ref":"#/components/schemas/cardLimitUpdate"}}},"cardLimitUpdate":{"additionalProperties":false,"description":"Allow to update the limits (if available limits).","type":"object","properties":{"limit":{"type":"integer","description":"Current limit set by the user/issuer on the card. Limit the end-user can update and could not exceed the max limit set by issuer.","minimum":0,"maximum":999999999999},"maxLimit":{"type":"integer","description":"Max limit set by the issuer, it represent the maximum limit the user can set for its own card limit.","minimum":0,"maximum":999999999999}}},"CardLimitWithdrawalUpdate":{"additionalProperties":false,"type":"object","description":"Provide this container to update one or several purchase limits
Only available withdrawal limits defined at card product are updatable.","properties":{"daily":{"$ref":"#/components/schemas/cardLimitUpdate"},"weekly":{"$ref":"#/components/schemas/cardLimitUpdate"},"monthly":{"$ref":"#/components/schemas/cardLimitUpdate"},"yearly":{"$ref":"#/components/schemas/cardLimitUpdate"}}},"errorGeneric":{"additionalProperties":false,"type":"object","description":"Generic error returned by the APIs.","properties":{"errorCode":{"type":"string","description":"The type of the error"},"error":{"type":"string","description":"Provide more error details if possible.
For example name of the field with invalid format.
This field is for troubleshooting purposes only, it can change at any time so MUST NOT be parsed, and is not supposed to be human readable so CANNOT be displayed to end users."}}}},"responses":{"ServiceUnavailableError":{"description":"The service is temporarily unavailable. You may retry your request later."}}},"paths":{"/v2/issuers/{issuerId}/cards/{cardId}/limits":{"patch":{"description":"This request is used by the bank backend to update card settings.","requestBody":{"content":{"application/json":{"schema":{"additionalProperties":false,"type":"object","required":["limits"],"properties":{"limits":{"$ref":"#/components/schemas/cardLimitsUpdate"}}}}}},"responses":{"200":{"description":"Successful card setting update"},"400":{"description":"Bad Request, Invalid request URI, header, paramters. The below table defines the possible 'Bad request' error:\n| errorCode | error | Retryable | Comments |\n| -------------- | ------------| ----------| -----------------------------------|\n| - | - | no | No error details available |\n| FIELD_INVALID_FORMAT | Contains the field in error (first found) | no | JSON not well formatted or
One field is not expected format as defined in this documentation |\n| FIELD_INVALID_VALUE | Contains the field in error (first found) | no | One field value is not allowed for the given field |\n","content":{"application/json":{"schema":{"$ref":"#/components/schemas/errorGeneric"}}}},"401":{"description":"Unauthorized request, the provided Authorization header is missing or invalid. In the table below only the field \"error\" is provided.\n| errorCode | error | Retryable | Comments |\n| -------------- | ------------| ----------| -----------------------------------|\n| AUTHORIZER_UNAUTHORIZED | Unauthorized message | no | Access token not valid |\n","content":{"application/json":{"schema":{"$ref":"#/components/schemas/errorGeneric"}}}},"403":{"description":"Forbidden action detected by WAF or the application.\nThe below table defines the possible error:\n | errorCode | error | Retryable | Comments |\n | -------------- | ------------| ----------| -----------------------------------|\n | - | - | no | No error details available |\n | AUTHORIZER_FORBIDDEN | not\\_authorized error message | no | User\\_is\\_not\\_authorized\\_to\\_access\\_this\\_resource |\n | CARD_INVALID_STATE | - | no | CardId already registered in the solution and has an invalid card state (REPLACED or DELETED) |\n | OPERATION_NOT_ALLOWED | Name of the operation/field that is not allowed in this operation | no | Try to update a control not defined at card product |\n"},"404":{"description":"Ressource not found, Unknown issuerId or consumerId or card id'. The below table defines the possible error:\n| errorCode | error | Retryable | Comments |\n| -------------- | ------------| ----------| -----------------------------------|\n| - | - | no | No error details available |\n| UNKNOWN_CARD | - | no | Unknown cardId |\n","content":{"application/json":{"schema":{"$ref":"#/components/schemas/errorGeneric"}}}},"500":{"description":"Internal Server Error. The below table defines the possible error:\n|errorCode | error | Retryable | Comments |\n| -------------- | ------------| ----------| -----------------------------------|\n| - | - | yes | No error details available |\n| INTERNAL_ERROR | error details if any | no | The server has encountered an error when executing the request. |\n"},"503":{"$ref":"#/components/responses/ServiceUnavailableError"}},"summary":"Update Card Limits","operationId":"updateCardLimits","tags":["Card Settings"]}}}}
```
## Resume
> This request is used by the bank backend to request the reactivation of a card that has been suspended.\
> The card could have been suspended\
> \- by the bank's backend\
> \- by customer agent\
> \- by end user using the mobile banking application\
> \- or automatically by authorisation system when a payment validation failure retry counter has been exceeded (PIN locked, CVV2 locked or expiry date locked)\
> \
> If the card is locked (PIN locked, CVV2 locked or expiry date), D1 will unlock the card whatever the reason.\
> \
> \*\*Note:\*\* It cannot be used to activate a physical card for the really first time. \
> Please refer to \[activatePhysicalCard]\()
```json
{"openapi":"3.0.0","info":{"title":"D1 Inbound Card API","version":"2.0"},"tags":[{"name":"Card Operations","description":"Different operations that can be done on a card."}],"servers":[{"url":"https://api.d1.thalescloud.io/banking","description":"Production server"},{"url":"https://api.d1-stg.thalescloud.io/banking","description":"Staging server"}],"security":[{"bearerAuth":[]}],"components":{"securitySchemes":{"bearerAuth":{"description":"A JWT generated by the [Get Authorization Token API](oauth2-api).
The server checks the validity of the provided token to control access to this protected resource. Please refer to [Get OAuth 2.0 access token](../../../integrate-the-d1-api/get-oauth-2.0-access-token) for more details on the flow and on how to get this JWT.","type":"http","scheme":"bearer","bearerFormat":"JWT"}},"parameters":{"issuer-id-path":{"description":"The id of the issuer","in":"path","name":"issuerId","required":true,"schema":{"$ref":"#/components/schemas/issuerId"}},"card-id-path":{"description":"The id of the card","in":"path","name":"cardId","required":true,"schema":{"$ref":"#/components/schemas/cardId"}}},"schemas":{"issuerId":{"maxLength":10,"minLength":10,"type":"string"},"cardId":{"type":"string","description":"Unique identifier of the card.","minLength":1,"maxLength":48,"pattern":"^[A-Za-z0-9_-]{1,48}$"},"reason":{"type":"string","title":"reason","pattern":"^[a-zA-Z0-9 ]{1,64}$","description":"The reason why the action is performed. \n\nThis a free text field in case the bank wants to send details, that will be returned in the operations list. "},"operationId":{"type":"string","description":"Unique identifier of the operation","minLength":1,"maxLength":64,"pattern":"^[A-Za-z0-9_-]{1,64}$"},"errorGeneric":{"additionalProperties":false,"type":"object","description":"Generic error returned by the APIs.","properties":{"errorCode":{"type":"string","description":"The type of the error"},"error":{"type":"string","description":"Provide more error details if possible.
For example name of the field with invalid format.
This field is for troubleshooting purposes only, it can change at any time so MUST NOT be parsed, and is not supposed to be human readable so CANNOT be displayed to end users."}}}},"responses":{"ServiceUnavailableError":{"description":"The service is temporarily unavailable. You may retry your request later."}}},"paths":{"/v2/issuers/{issuerId}/cards/{cardId}/operations:resume":{"post":{"description":"This request is used by the bank backend to request the reactivation of a card that has been suspended.\nThe card could have been suspended\n- by the bank's backend\n- by customer agent\n- by end user using the mobile banking application\n- or automatically by authorisation system when a payment validation failure retry counter has been exceeded (PIN locked, CVV2 locked or expiry date locked)\n\nIf the card is locked (PIN locked, CVV2 locked or expiry date), D1 will unlock the card whatever the reason.\n\n**Note:** It cannot be used to activate a physical card for the really first time. \nPlease refer to [activatePhysicalCard](https://thales-dis-dbp.stoplight.io/docs/d1-developer-portal/a2ebfce648687-card-activation)","parameters":[{"$ref":"#/components/parameters/issuer-id-path"},{"$ref":"#/components/parameters/card-id-path"},{"$ref":"#/components/parameters/x-correlation-id"},{"$ref":"#/components/parameters/x-user-id"}],"requestBody":{"content":{"application/json":{"schema":{"additionalProperties":false,"type":"object","properties":{"reason":{"$ref":"#/components/schemas/reason"},"stateReason":{"type":"string","description":"The reason why the action has been performed. If not provided, default reason code is ISSUER_DECISION.","enum":["ISSUER_DECISION","USER_DECISION","CARD_FOUND"]}}}}}},"responses":{"200":{"description":"Card resumed Successfully","content":{"application/json":{"schema":{"additionalProperties":false,"type":"object","properties":{"operationId":{"$ref":"#/components/schemas/operationId"}}}}}},"400":{"description":"Bad Request, Invalid request URI, header, paramters. The below table defines the possible 'Bad request' error:\n| errorCode | error | Retryable | Comments |\n| -------------- | ------------| ----------| -----------------------------------|\n| - | - | no | No error details available |\n| FIELD_INVALID_FORMAT | Contains the field in error (first found) | no | JSON not well formatted or
One field is not expected format as defined in this documentation |\n","content":{"application/json":{"schema":{"$ref":"#/components/schemas/errorGeneric"}}}},"401":{"description":"Unauthorized request, the provided Authorization header is missing or invalid. In the table below only the field \"error\" is provided.\n| errorCode | error | Retryable | Comments |\n| -------------- | ------------| ----------| -----------------------------------|\n| AUTHORIZER_UNAUTHORIZED | Unauthorized message | no | Access token not valid |\n","content":{"application/json":{"schema":{"$ref":"#/components/schemas/errorGeneric"}}}},"403":{"description":"Forbidden action detected by WAF or the application.
\nThe below table defines the possible error:\n| errorCode | error | Retryable | Comments |\n| -------------- | ------------| ----------| -----------------------------------|\n| - | - | no | No error details available |\n| AUTHORIZER_FORBIDDEN | not authorized error message | no | User is not authorized to access this resource |\n| CARD_INVALID_STATE | - | no | Resume with this state reason is not allowed |\n"},"404":{"description":"Ressource not found, Unknown issuerId or consumerId or card id'. The below table defines the possible error:\n| errorCode | error | Retryable | Comments |\n| -------------- | ------------| ----------| -----------------------------------|\n| - | - | no | No error details available |\n| UNKNOWN_CARD | - | no | Unknown cardId |\n","content":{"application/json":{"schema":{"$ref":"#/components/schemas/errorGeneric"}}}},"500":{"description":"Internal Server Error. The below table defines the possible error:\n|errorCode | error | Retryable | Comments |\n| -------------- | ------------| ----------| -----------------------------------|\n| - | - | yes | No error details available |\n| INTERNAL_ERROR | error details if any | no | The server has encountered an error when executing the request. |\n","content":{"application/json":{"schema":{"$ref":"#/components/schemas/errorGeneric"}}}},"503":{"$ref":"#/components/responses/ServiceUnavailableError"}},"summary":"Resume","tags":["Card Operations"],"operationId":"resumeCard"}}}}
```
## Suspend
> This request is used by the bank backend to request the suspention of a card.\
\
> When a card is suspended:\
> \+ authorization will be declined by the system.\
> \+ end user will not be alble to digitize the card.\
> \+ But authorization with digital card will be still approved by the system.
```json
{"openapi":"3.0.0","info":{"title":"D1 Inbound Card API","version":"2.0"},"tags":[{"name":"Card Operations","description":"Different operations that can be done on a card."}],"servers":[{"url":"https://api.d1.thalescloud.io/banking","description":"Production server"},{"url":"https://api.d1-stg.thalescloud.io/banking","description":"Staging server"}],"security":[{"bearerAuth":[]}],"components":{"securitySchemes":{"bearerAuth":{"description":"A JWT generated by the [Get Authorization Token API](oauth2-api).
The server checks the validity of the provided token to control access to this protected resource. Please refer to [Get OAuth 2.0 access token](../../../integrate-the-d1-api/get-oauth-2.0-access-token) for more details on the flow and on how to get this JWT.","type":"http","scheme":"bearer","bearerFormat":"JWT"}},"parameters":{"issuer-id-path":{"description":"The id of the issuer","in":"path","name":"issuerId","required":true,"schema":{"$ref":"#/components/schemas/issuerId"}},"card-id-path":{"description":"The id of the card","in":"path","name":"cardId","required":true,"schema":{"$ref":"#/components/schemas/cardId"}}},"schemas":{"issuerId":{"maxLength":10,"minLength":10,"type":"string"},"cardId":{"type":"string","description":"Unique identifier of the card.","minLength":1,"maxLength":48,"pattern":"^[A-Za-z0-9_-]{1,48}$"},"reason":{"type":"string","title":"reason","pattern":"^[a-zA-Z0-9 ]{1,64}$","description":"The reason why the action is performed. \n\nThis a free text field in case the bank wants to send details, that will be returned in the operations list. "},"operationId":{"type":"string","description":"Unique identifier of the operation","minLength":1,"maxLength":64,"pattern":"^[A-Za-z0-9_-]{1,64}$"},"errorGeneric":{"additionalProperties":false,"type":"object","description":"Generic error returned by the APIs.","properties":{"errorCode":{"type":"string","description":"The type of the error"},"error":{"type":"string","description":"Provide more error details if possible.
For example name of the field with invalid format.
This field is for troubleshooting purposes only, it can change at any time so MUST NOT be parsed, and is not supposed to be human readable so CANNOT be displayed to end users."}}}},"responses":{"ServiceUnavailableError":{"description":"The service is temporarily unavailable. You may retry your request later."}}},"paths":{"/v2/issuers/{issuerId}/cards/{cardId}/operations:suspend":{"post":{"description":"This request is used by the bank backend to request the suspention of a card.
\nWhen a card is suspended:\n + authorization will be declined by the system.\n + end user will not be alble to digitize the card.\n + But authorization with digital card will be still approved by the system.\n","parameters":[{"$ref":"#/components/parameters/issuer-id-path"},{"$ref":"#/components/parameters/card-id-path"},{"$ref":"#/components/parameters/x-correlation-id"},{"$ref":"#/components/parameters/x-user-id"}],"requestBody":{"content":{"application/json":{"schema":{"additionalProperties":false,"type":"object","properties":{"reason":{"$ref":"#/components/schemas/reason"},"stateReason":{"type":"string","description":"The reason why the action has been performed. If not provided, default reason code is ISSUER_DECISION.","enum":["CARD_LOST","CARD_STOLEN","CARD_BROKEN","FRAUD","USER_DECISION","ISSUER_DECISION"]}}}}}},"responses":{"200":{"description":"Card was suspended Successfully","content":{"application/json":{"schema":{"additionalProperties":false,"type":"object","properties":{"operationId":{"$ref":"#/components/schemas/operationId"}}}}}},"400":{"description":"Bad Request, Invalid request URI, header, paramters. The below table defines the possible 'Bad request' error:\n| errorCode | error | Retryable | Comments |\n| -------------- | ------------| ----------| -----------------------------------|\n| - | - | no | No error details available |\n| FIELD_INVALID_FORMAT | Contains the field in error (first found) | no | JSON not well formatted or
One field is not expected format as defined in this documentation |\n","content":{"application/json":{"schema":{"$ref":"#/components/schemas/errorGeneric"}}}},"401":{"description":"Unauthorized request, the provided Authorization header is missing or invalid. In the table below only the field \"error\" is provided.\n| errorCode | error | Retryable | Comments |\n| -------------- | ------------| ----------| -----------------------------------|\n| AUTHORIZER_UNAUTHORIZED | Unauthorized message | no | Access token not valid |\n","content":{"application/json":{"schema":{"$ref":"#/components/schemas/errorGeneric"}}}},"403":{"description":"Forbidden action detected by WAF or the application. The below table defines the possible error:\n| errorCode | error | Retryable | Comments |\n| -------------- | ------------| ----------| -----------------------------------|\n| - | - | no | No error details available |\n| AUTHORIZER_FORBIDDEN | not authorized error message | no | User is not authorized to access this resource \n| CARD_INVALID_STATE | - | no | Suspension with this state reason is not allowed |\n","content":{"application/json":{"schema":{"$ref":"#/components/schemas/errorGeneric"}}}},"404":{"description":"Ressource not found, Unknown issuerId or consumerId or card id'. The below table defines the possible error:\n| errorCode | error | Retryable | Comments |\n| -------------- | ------------| ----------| -----------------------------------|\n| - | - | no | No error details available |\n| UNKNOWN_CARD | - | no | Unknown cardId |\n","content":{"application/json":{"schema":{"$ref":"#/components/schemas/errorGeneric"}}}},"500":{"description":"Internal Server Error. The below table defines the possible error:\n|errorCode | error | Retryable | Comments |\n| -------------- | ------------| ----------| -----------------------------------|\n| - | - | yes | No error details available |\n| INTERNAL_ERROR | error details if any | no | The server has encountered an error when executing the request. |\n","content":{"application/json":{"schema":{"$ref":"#/components/schemas/errorGeneric"}}}},"503":{"$ref":"#/components/responses/ServiceUnavailableError"}},"summary":"Suspend","tags":["Card Operations"],"operationId":"suspendCard"}}}}
```
## Delete
> This request is used by the bank backend to request the deletion of a card. \
> \
> For cards managed by D1 (in oposition to legacy cards that are managed by the issuer), D1 will propagate the deletion/revocation to the processor.\
> \
> \Note:\ The deletion of the card cannot be reverted. In case of card lost consider using the suspend operation first.
```json
{"openapi":"3.0.0","info":{"title":"D1 Inbound Card API","version":"2.0"},"tags":[{"name":"Card Operations","description":"Different operations that can be done on a card."}],"servers":[{"url":"https://api.d1.thalescloud.io/banking","description":"Production server"},{"url":"https://api.d1-stg.thalescloud.io/banking","description":"Staging server"}],"security":[{"bearerAuth":[]}],"components":{"securitySchemes":{"bearerAuth":{"description":"A JWT generated by the [Get Authorization Token API](oauth2-api).
The server checks the validity of the provided token to control access to this protected resource. Please refer to [Get OAuth 2.0 access token](../../../integrate-the-d1-api/get-oauth-2.0-access-token) for more details on the flow and on how to get this JWT.","type":"http","scheme":"bearer","bearerFormat":"JWT"}},"parameters":{"issuer-id-path":{"description":"The id of the issuer","in":"path","name":"issuerId","required":true,"schema":{"$ref":"#/components/schemas/issuerId"}},"card-id-path":{"description":"The id of the card","in":"path","name":"cardId","required":true,"schema":{"$ref":"#/components/schemas/cardId"}}},"schemas":{"issuerId":{"maxLength":10,"minLength":10,"type":"string"},"cardId":{"type":"string","description":"Unique identifier of the card.","minLength":1,"maxLength":48,"pattern":"^[A-Za-z0-9_-]{1,48}$"},"reason":{"type":"string","title":"reason","pattern":"^[a-zA-Z0-9 ]{1,64}$","description":"The reason why the action is performed. \n\nThis a free text field in case the bank wants to send details, that will be returned in the operations list. "},"operationId":{"type":"string","description":"Unique identifier of the operation","minLength":1,"maxLength":64,"pattern":"^[A-Za-z0-9_-]{1,64}$"},"errorGeneric":{"additionalProperties":false,"type":"object","description":"Generic error returned by the APIs.","properties":{"errorCode":{"type":"string","description":"The type of the error"},"error":{"type":"string","description":"Provide more error details if possible.
For example name of the field with invalid format.
This field is for troubleshooting purposes only, it can change at any time so MUST NOT be parsed, and is not supposed to be human readable so CANNOT be displayed to end users."}}}},"responses":{"ServiceUnavailableError":{"description":"The service is temporarily unavailable. You may retry your request later."}}},"paths":{"/v2/issuers/{issuerId}/cards/{cardId}/operations:delete":{"post":{"description":"This request is used by the bank backend to request the deletion of a card. \n\nFor cards managed by D1 (in oposition to legacy cards that are managed by the issuer), D1 will propagate the deletion/revocation to the processor.\n\nNote: The deletion of the card cannot be reverted. In case of card lost consider using the suspend operation first.","parameters":[{"$ref":"#/components/parameters/issuer-id-path"},{"$ref":"#/components/parameters/card-id-path"},{"$ref":"#/components/parameters/x-correlation-id"},{"$ref":"#/components/parameters/x-user-id"}],"requestBody":{"content":{"application/json":{"schema":{"additionalProperties":false,"type":"object","properties":{"reason":{"$ref":"#/components/schemas/reason"},"stateReason":{"type":"string","description":"The reason why the action has been performed. If not provided, default reason code is ISSUER_DECISION.","enum":["CLOSED_ACCOUNT","CLOSED_CARD","CARD_LOST","CARD_STOLEN","CARD_BROKEN","CARD_NOT_RECEIVED","FRAUD","ISSUER_DECISION"]}}}}}},"responses":{"200":{"description":"Card was deleted Successfully","content":{"application/json":{"schema":{"additionalProperties":false,"type":"object","properties":{"operationId":{"$ref":"#/components/schemas/operationId"}}}}}},"400":{"description":"Bad Request, Invalid request URI, header, paramters. The below table defines the possible 'Bad request' error:\n| errorCode | error | Retryable | Comments |\n| -------------- | ------------| ----------| -----------------------------------|\n| - | - | no | No error details available |\n| FIELD_INVALID_FORMAT | Contains the field in error (first found) | no | JSON not well formatted or
One field is not expected format as defined in this documentation |\n","content":{"application/json":{"schema":{"$ref":"#/components/schemas/errorGeneric"}}}},"401":{"description":"Unauthorized request, the provided Authorization header is missing or invalid. In the table below only the field \"error\" is provided.\n| errorCode | error | Retryable | Comments |\n| -------------- | ------------| ----------| -----------------------------------|\n| AUTHORIZER_UNAUTHORIZED | Unauthorized message | no | Access token not valid |\n","content":{"application/json":{"schema":{"$ref":"#/components/schemas/errorGeneric"}}}},"403":{"description":"Forbidden action detected by WAF or the application.
\nThe below table defines the possible error:\n| errorCode | error | Retryable | Comments |\n| -------------- | ------------| ----------| -----------------------------------|\n| - | - | no | No error details available |\n| AUTHORIZER_FORBIDDEN | not authorized error message | no | User is not authorized to access this resource |\n| CARD_INVALID_STATE | - | no | Possible error is card already deleted with an other reason |\n"},"404":{"description":"Ressource not found, Unknown issuerId or consumerId or card id'. The below table defines the possible error:\n| errorCode | error | Retryable | Comments |\n| -------------- | ------------| ----------| -----------------------------------|\n| - | - | no | No error details available |\n| UNKNOWN_CARD | - | no | Unknown cardId |\n","content":{"application/json":{"schema":{"$ref":"#/components/schemas/errorGeneric"}}}},"500":{"description":"Internal Server Error. The below table defines the possible error:\n|errorCode | error | Retryable | Comments |\n| -------------- | ------------| ----------| -----------------------------------|\n| - | - | yes | No error details available |\n| INTERNAL_ERROR | error details if any | no | The server has encountered an error when executing the request. |\n","content":{"application/json":{"schema":{"$ref":"#/components/schemas/errorGeneric"}}}},"503":{"$ref":"#/components/responses/ServiceUnavailableError"}},"summary":"Delete","tags":["Card Operations"],"operationId":"deleteCard-v2"}}}}
```
## Replace
> End user can request the bank a replacement of an existing card because the card has been lost or damaged.\
\
> The replaced card is blocked until the new card is activated.\
\
> The new card has a new cardId and a new card credentials (PAN and expiry date).\
\
> In the particular case of Virtual Card, the new Virtual Card is automaticaly activated.\
> \
> \
> D1 manages to re-link automatically digital card from the old card to the new card upon activation.\
> \
> For card registered in D1, the bank backend shall provide new cardId and new card credentials when calling the API.\
> The new cardId used to replace the card shall be unique. The new cardId can be reused from another card (having a different PAN) under several conditions :\
> \- The cardId to be reused is linked with a DELETED or REPLACED card (thus it's not possible to use the current cardId as newCardID when doing a replace)\
> \- The cardId to be reused is not associated to a card issued by D1 (a card created using the CREATE card API).\
> \- The cardId to be reused is not associated with a card product used for making transactions\
> \- In any case, it is not possible to use a card PAN already deleted or replaced. Even by reusing a cardId.\
> Reusing a cardId for another consumer is not recommanded. Since the cardId will disappear from the previous consumer cards list. \
> \
> \
> For card created by D1, D1 will generate a new cardId and new card credentials. Thus the newCardId shall not be provided by the issuer when calling this API.
```json
{"openapi":"3.0.0","info":{"title":"D1 Inbound Card API","version":"2.0"},"tags":[{"name":"Card Operations","description":"Different operations that can be done on a card."}],"servers":[{"url":"https://api.d1.thalescloud.io/banking","description":"Production server"},{"url":"https://api.d1-stg.thalescloud.io/banking","description":"Staging server"}],"security":[{"bearerAuth":[]}],"components":{"securitySchemes":{"bearerAuth":{"description":"A JWT generated by the [Get Authorization Token API](oauth2-api).
The server checks the validity of the provided token to control access to this protected resource. Please refer to [Get OAuth 2.0 access token](../../../integrate-the-d1-api/get-oauth-2.0-access-token) for more details on the flow and on how to get this JWT.","type":"http","scheme":"bearer","bearerFormat":"JWT"}},"parameters":{"issuer-id-path":{"description":"The id of the issuer","in":"path","name":"issuerId","required":true,"schema":{"$ref":"#/components/schemas/issuerId"}},"card-id-path":{"description":"The id of the card","in":"path","name":"cardId","required":true,"schema":{"$ref":"#/components/schemas/cardId"}}},"schemas":{"issuerId":{"maxLength":10,"minLength":10,"type":"string"},"cardId":{"type":"string","description":"Unique identifier of the card.","minLength":1,"maxLength":48,"pattern":"^[A-Za-z0-9_-]{1,48}$"},"newCardId":{"type":"string","description":"Unique identifier of the new card. Provided in case the card is in REPLACED state.","minLength":1,"maxLength":48,"pattern":"^[A-Za-z0-9_-]{1,48}$"},"reason":{"type":"string","title":"reason","pattern":"^[a-zA-Z0-9 ]{1,64}$","description":"The reason why the action is performed. \n\nThis a free text field in case the bank wants to send details, that will be returned in the operations list. "},"operationId":{"type":"string","description":"Unique identifier of the operation","minLength":1,"maxLength":64,"pattern":"^[A-Za-z0-9_-]{1,64}$"},"errorGeneric":{"additionalProperties":false,"type":"object","description":"Generic error returned by the APIs.","properties":{"errorCode":{"type":"string","description":"The type of the error"},"error":{"type":"string","description":"Provide more error details if possible.
For example name of the field with invalid format.
This field is for troubleshooting purposes only, it can change at any time so MUST NOT be parsed, and is not supposed to be human readable so CANNOT be displayed to end users."}}}},"responses":{"ServiceUnavailableError":{"description":"The service is temporarily unavailable. You may retry your request later."}}},"paths":{"/v2/issuers/{issuerId}/cards/{cardId}/operations:replace":{"post":{"description":"End user can request the bank a replacement of an existing card because the card has been lost or damaged.
\nThe replaced card is blocked until the new card is activated.
\nThe new card has a new cardId and a new card credentials (PAN and expiry date).
\nIn the particular case of Virtual Card, the new Virtual Card is automaticaly activated.\n\n\nD1 manages to re-link automatically digital card from the old card to the new card upon activation.\n\nFor card registered in D1, the bank backend shall provide new cardId and new card credentials when calling the API.\nThe new cardId used to replace the card shall be unique. The new cardId can be reused from another card (having a different PAN) under several conditions :\n - The cardId to be reused is linked with a DELETED or REPLACED card (thus it's not possible to use the current cardId as newCardID when doing a replace)\n - The cardId to be reused is not associated to a card issued by D1 (a card created using the CREATE card API).\n - The cardId to be reused is not associated with a card product used for making transactions\n - In any case, it is not possible to use a card PAN already deleted or replaced. Even by reusing a cardId.\nReusing a cardId for another consumer is not recommanded. Since the cardId will disappear from the previous consumer cards list. \n\n\nFor card created by D1, D1 will generate a new cardId and new card credentials. Thus the newCardId shall not be provided by the issuer when calling this API.","parameters":[{"$ref":"#/components/parameters/issuer-id-path"},{"$ref":"#/components/parameters/card-id-path"},{"$ref":"#/components/parameters/x-correlation-id"},{"$ref":"#/components/parameters/x-user-id"}],"requestBody":{"content":{"application/json":{"schema":{"additionalProperties":false,"type":"object","properties":{"newCardId":{"$ref":"#/components/schemas/newCardId"},"encryptedData":{"type":"string","title":"encryptedData","maxLength":8192,"pattern":"^(?:[\\x20-\\x2D\\x2F-\\x7F]*\\.){4}(?:[\\x20-\\x2D\\x2F-\\x7F]*)$","description":"The encryptedData has to be provided in case of card registered in D1. It is not needed for card created by D1.
\nThe encryptedData is the encrypted json (cf http://www.json.org/) representation of the Card information.\nThis value is encrypted using the JWE encryption (please refer to the **[Encrypt sensitive data](../../../integrate-the-d1-api/encrypt-sensitive-data)** for more details)\n
Once deciphered, the plaintext contains a json structure with:\n|JSON field parameter name|description|MOC|Format|\n|-------|-------|-------|-------|\n|pan|The funding pan value.|M|string - up to 19 digits|\n|exp|The expiry date of the card.|M|string - 4 digits, following the format MMYY|\n|auxiliaryPan|The auxiliary funding pan value. It shall be provided when cobadge is supported and if the card has an auxiliary pan.|C|string - up to 19 digits|\n|auxiliaryExp|The auxiliary expiry date of the card. It shall be provided when cobadge is supported and if the card has an auxiliary pan.|C|string - 4 digits, following the format MMYY|\n\n
\n
\n"},"reason":{"$ref":"#/components/schemas/reason"},"stateReason":{"type":"string","description":"The reason why the action has been performed. If not provided, default reason code is ISSUER_DECISION.","enum":["CARD_LOST","CARD_STOLEN","CARD_BROKEN","CARD_NOT_RECEIVED","FRAUD","ISSUER_DECISION"]}},"required":["reason","stateReason"]}}}},"responses":{"200":{"description":"Card was replaced Successfully","content":{"application/json":{"schema":{"additionalProperties":false,"type":"object","required":["newCardId"],"properties":{"operationId":{"$ref":"#/components/schemas/operationId"},"newCardId":{"$ref":"#/components/schemas/cardId"}}}}}},"400":{"description":"Bad Request, Invalid request URI, header, paramters. The below table defines the possible 'Bad request' error:\n| errorCode | error | Retryable | Comments |\n| -------------- | ------------| ----------| -----------------------------------|\n| - | - | no | No error details available |\n| FIELD_INVALID_FORMAT | Contains the field in error (first found) | no | JSON not well formatted or
One field is not expected format as defined in this documentation |\n| FIELD_INVALID_VALUE | Contains the field in error (first found) | no | One field value is not allowed for the given field |\n| CRYPTO_ERROR | - | no | Not possible to decrypt the provided encrypted data |\n| INVALID_PAN | - | no | PAN is invalid |\n| INVALID_EXPIRY_DATE | Expiry date is invalid | \n","content":{"application/json":{"schema":{"$ref":"#/components/schemas/errorGeneric"}}}},"401":{"description":"Unauthorized request, the provided Authorization header is missing or invalid. In the table below only the field \"error\" is provided.\n| errorCode | error | Retryable | Comments |\n| -------------- | ------------| ----------| -----------------------------------|\n| AUTHORIZER_UNAUTHORIZED | Unauthorized message | no | Access token not valid |\n","content":{"application/json":{"schema":{"$ref":"#/components/schemas/errorGeneric"}}}},"403":{"description":"Forbidden action detected by WAF or the application. The below table defines the possible error:\n| errorCode | error | Retryable | Comments |\n| -------------- | ------------| ----------| -----------------------------------|\n| - | - | no | No error details available |\n| AUTHORIZER_FORBIDDEN | not authorized error message | no | User is not authorized to access this resource \n| CARD_INVALID_STATE | - | no | The card to replace is in invalid state (DELETED, REPLACED) |\n| CARD_ALREADY_EXISTS | - | no | The new card referenced by newCardId or new PAN already exists in the solution |\n","content":{"application/json":{"schema":{"$ref":"#/components/schemas/errorGeneric"}}}},"404":{"description":"Ressource not found, Unknown issuerId or consumerId or card id'. The below table defines the possible error:\n| errorCode | error | Retryable | Comments |\n| -------------- | ------------| ----------| -----------------------------------|\n| - | - | no | No error details available |\n| UNKNOWN_CARD | - | no | Unknown cardId |\n","content":{"application/json":{"schema":{"$ref":"#/components/schemas/errorGeneric"}}}},"500":{"description":"Internal Server Error. The below table defines the possible error:\n|errorCode | error | Retryable | Comments |\n| -------------- | ------------| ----------| -----------------------------------|\n| - | - | yes | No error details available |\n| INTERNAL_ERROR | error details if any | no | The server has encountered an error when executing the request. |\n","content":{"application/json":{"schema":{"$ref":"#/components/schemas/errorGeneric"}}}},"503":{"$ref":"#/components/responses/ServiceUnavailableError"}},"summary":"Replace","tags":["Card Operations"],"operationId":"replaceCard-v2"}}}}
```
## Renew
> Card renewal is the process where a new card is provided to end-user. The new card has new expiry date, but cardId and PAN are remaining the same.\
> \
> For card registered in D1, this request is used by the bank backend to inform that card has been renewed. In such case the new expiry date shall be provided. Moreover, the auxiliary expiry date of the card shall also be provided for cobadged cards that have an auxiliary pan. \
> \
> For card created by D1, this request is used by the bank backend to manualy request the renewal of an existing card (a new expiry date will be generated by D1).\
> \
> In the particular case of the Virtual Card, the Virtual Card is automaticaly activated.\
> For Physical Card, the renewed card will remain active until:\
> \- an explicit activation perfomed using the activation operation using the same cardId as the renew card \
> \- an implicit activation following a valid card present transaction (if card product is configured as such)
```json
{"openapi":"3.0.0","info":{"title":"D1 Inbound Card API","version":"2.0"},"tags":[{"name":"Card Operations","description":"Different operations that can be done on a card."}],"servers":[{"url":"https://api.d1.thalescloud.io/banking","description":"Production server"},{"url":"https://api.d1-stg.thalescloud.io/banking","description":"Staging server"}],"security":[{"bearerAuth":[]}],"components":{"securitySchemes":{"bearerAuth":{"description":"A JWT generated by the [Get Authorization Token API](oauth2-api).
The server checks the validity of the provided token to control access to this protected resource. Please refer to [Get OAuth 2.0 access token](../../../integrate-the-d1-api/get-oauth-2.0-access-token) for more details on the flow and on how to get this JWT.","type":"http","scheme":"bearer","bearerFormat":"JWT"}},"parameters":{"issuer-id-path":{"description":"The id of the issuer","in":"path","name":"issuerId","required":true,"schema":{"$ref":"#/components/schemas/issuerId"}},"card-id-path":{"description":"The id of the card","in":"path","name":"cardId","required":true,"schema":{"$ref":"#/components/schemas/cardId"}}},"schemas":{"issuerId":{"maxLength":10,"minLength":10,"type":"string"},"cardId":{"type":"string","description":"Unique identifier of the card.","minLength":1,"maxLength":48,"pattern":"^[A-Za-z0-9_-]{1,48}$"},"cardExpiryDate":{"type":"string","description":"Expiry date of the card in MMYY format","pattern":"^(0[1-9]|1[0-2])\\d{2}$"},"reason":{"type":"string","title":"reason","pattern":"^[a-zA-Z0-9 ]{1,64}$","description":"The reason why the action is performed. \n\nThis a free text field in case the bank wants to send details, that will be returned in the operations list. "},"operationId":{"type":"string","description":"Unique identifier of the operation","minLength":1,"maxLength":64,"pattern":"^[A-Za-z0-9_-]{1,64}$"},"errorGeneric":{"additionalProperties":false,"type":"object","description":"Generic error returned by the APIs.","properties":{"errorCode":{"type":"string","description":"The type of the error"},"error":{"type":"string","description":"Provide more error details if possible.
For example name of the field with invalid format.
This field is for troubleshooting purposes only, it can change at any time so MUST NOT be parsed, and is not supposed to be human readable so CANNOT be displayed to end users."}}}},"responses":{"ServiceUnavailableError":{"description":"The service is temporarily unavailable. You may retry your request later."}}},"paths":{"/v2/issuers/{issuerId}/cards/{cardId}/operations:renew":{"post":{"description":"Card renewal is the process where a new card is provided to end-user. The new card has new expiry date, but cardId and PAN are remaining the same.\n\nFor card registered in D1, this request is used by the bank backend to inform that card has been renewed. In such case the new expiry date shall be provided. Moreover, the auxiliary expiry date of the card shall also be provided for cobadged cards that have an auxiliary pan. \n\nFor card created by D1, this request is used by the bank backend to manualy request the renewal of an existing card (a new expiry date will be generated by D1).\n\nIn the particular case of the Virtual Card, the Virtual Card is automaticaly activated.\nFor Physical Card, the renewed card will remain active until:\n - an explicit activation perfomed using the activation operation using the same cardId as the renew card \n - an implicit activation following a valid card present transaction (if card product is configured as such)","parameters":[{"$ref":"#/components/parameters/issuer-id-path"},{"$ref":"#/components/parameters/card-id-path"},{"$ref":"#/components/parameters/x-correlation-id"},{"$ref":"#/components/parameters/x-user-id"}],"requestBody":{"content":{"application/json":{"schema":{"additionalProperties":false,"type":"object","properties":{"newExp":{"$ref":"#/components/schemas/cardExpiryDate"},"newAuxiliaryExp":{"$ref":"#/components/schemas/cardExpiryDate"},"reason":{"$ref":"#/components/schemas/reason"},"stateReason":{"type":"string","description":"The reason why the action has been performed. If not provided, default reason code is ISSUER_DECISION.","enum":["ISSUER_DECISION","USER_DECISION","CARD_EXPIRED"]}}}}}},"responses":{"200":{"description":"Card was renewed Successfully","content":{"application/json":{"schema":{"additionalProperties":false,"type":"object","properties":{"operationId":{"$ref":"#/components/schemas/operationId"}}}}}},"400":{"description":"Bad Request, Invalid request URI, header, paramters. The below table defines the possible 'Bad request' error:\n| errorCode | error | Retryable | Comments |\n| -------------- | ------------| ----------| -----------------------------------|\n| - | - | no | No error details available |\n| FIELD_INVALID_FORMAT | Contains the field in error (first found) | no | JSON not well formatted or
One field is not expected format as defined in this documentation |\n| FIELD_INVALID_VALUE | Contains the field in error (first found) | no | One field is |\n","content":{"application/json":{"schema":{"$ref":"#/components/schemas/errorGeneric"}}}},"401":{"description":"Unauthorized request, the provided Authorization header is missing or invalid. In the table below only the field \"error\" is provided.\n| errorCode | error | Retryable | Comments |\n| -------------- | ------------| ----------| -----------------------------------|\n| AUTHORIZER_UNAUTHORIZED | Unauthorized message | no | Access token not valid |\n","content":{"application/json":{"schema":{"$ref":"#/components/schemas/errorGeneric"}}}},"403":{"description":"Forbidden action detected by WAF or the application. The below table defines the possible error:\n| errorCode | error | Retryable | Comments |\n| -------------- | ------------| ----------| -----------------------------------|\n| - | - | no | No error details available |\n| AUTHORIZER_FORBIDDEN | not authorized error message | no | User is not authorized to access this resource \n| CARD_INVALID_STATE | - | no | Renewal with this state reason is not allowed |\n","content":{"application/json":{"schema":{"$ref":"#/components/schemas/errorGeneric"}}}},"404":{"description":"Ressource not found, Unknown issuerId or consumerId or card id'. The below table defines the possible error:\n| errorCode | error | Retryable | Comments |\n| -------------- | ------------| ----------| -----------------------------------|\n| - | - | no | No error details available |\n| UNKNOWN_CARD | - | no | Unknown cardId |\n","content":{"application/json":{"schema":{"$ref":"#/components/schemas/errorGeneric"}}}},"500":{"description":"Internal Server Error. The below table defines the possible error:\n|errorCode | error | Retryable | Comments |\n| -------------- | ------------| ----------| -----------------------------------|\n| - | - | yes | No error details available |\n| INTERNAL_ERROR | error details if any | no | The server has encountered an error when executing the request. |\n","content":{"application/json":{"schema":{"$ref":"#/components/schemas/errorGeneric"}}}},"503":{"$ref":"#/components/responses/ServiceUnavailableError"}},"summary":"Renew","tags":["Card Operations"],"operationId":"renewCard-v2"}}}}
```
## Get All Card Authorisation Operations
> This request is used by the core banking system to retrieve all the authorisations related to a card and its linked digital card.\
> The API specifies the starting point (offset) and the number of authorization (limit) to be retrieved:\
\
> \- Offset 0 (the default) corresponds to the most recent operation. \
> \- Use a stricly positive number and multipe of limit number to get older operations. Attention D1 will reject the reqest if offset is not a mulitpe of limit.\
> For example in case of limit of 10:\
> \- Use offset of 0 to get the last 10 most recents operations (0 to 10)\
> \- Use offset of 10 to get the next 10 operations (10 to 20)\
> \- Use offset of 20 to get the next 10 operations (20 to 30)\
> \- If you use 9 or 11 as offset, the request will be rejected by D1.\
> \
> Optionally, the request can filter operations for a given period using startDate and endDate parameters.\
> \
> Search authorisations by operation id is also possible.
```json
{"openapi":"3.0.0","info":{"title":"D1 Inbound Card API","version":"2.0"},"tags":[{"name":"Card Operations","description":"Different operations that can be done on a card."}],"servers":[{"url":"https://api.d1.thalescloud.io/banking","description":"Production server"},{"url":"https://api.d1-stg.thalescloud.io/banking","description":"Staging server"}],"security":[{"bearerAuth":[]}],"components":{"securitySchemes":{"bearerAuth":{"description":"A JWT generated by the [Get Authorization Token API](oauth2-api).
The server checks the validity of the provided token to control access to this protected resource. Please refer to [Get OAuth 2.0 access token](../../../integrate-the-d1-api/get-oauth-2.0-access-token) for more details on the flow and on how to get this JWT.","type":"http","scheme":"bearer","bearerFormat":"JWT"}},"parameters":{"issuer-id-path":{"description":"The id of the issuer","in":"path","name":"issuerId","required":true,"schema":{"$ref":"#/components/schemas/issuerId"}},"card-id-path":{"description":"The id of the card","in":"path","name":"cardId","required":true,"schema":{"$ref":"#/components/schemas/cardId"}},"limit-query":{"name":"limit","in":"query","schema":{"type":"integer","minimum":1,"maximum":50,"default":10},"description":"Upper limit of the query"},"offset-query-no-max":{"name":"offset","in":"query","schema":{"type":"integer","minimum":0},"description":"Index from which the query starts returning operations (default value: 0)"},"start-date":{"name":"startDate","in":"query","schema":{"$ref":"#/components/schemas/date"},"description":"Start date for the search criteria"},"end-date":{"name":"endDate","in":"query","schema":{"$ref":"#/components/schemas/date"},"description":"End date for the search criteria"},"authorisationCard-operation-id-query":{"in":"query","name":"operationId","schema":{"$ref":"#/components/schemas/authorisationCard-operationId"}}},"schemas":{"issuerId":{"maxLength":10,"minLength":10,"type":"string"},"cardId":{"type":"string","description":"Unique identifier of the card.","minLength":1,"maxLength":48,"pattern":"^[A-Za-z0-9_-]{1,48}$"},"date":{"type":"string","title":"Date","minLength":1,"maxLength":64,"pattern":"^[0-9]{4}-((0[13578]|1[02])-(0[1-9]|[12][0-9]|3[01])|(0[469]|11)-(0[1-9]|[12][0-9]|30)|02-(0[1-9]|[12][0-9]))T([0-1][0-9]|2[0-3]):[0-5][0-9]:[0-5][0-9](\\.[0-9]{3}Z|\\.[0-9]{2}([\\+\\-](0[1-9]|1[0-2])):00)$"},"authorisationCard-operationId":{"type":"string","minLength":1,"maxLength":12,"description":"Id corresponding to Retrieval Reference Number (ISO-8583 SID / Field No 37)."},"authorisationCard-operation":{"allOf":[{"$ref":"#/components/schemas/authorisationCard-operation-model"},{"type":"object","required":["details"],"properties":{"details":{"$ref":"#/components/schemas/authorisationCard-details"}}}]},"authorisationCard-operation-model":{"type":"object","required":["operationId","operation","status","startTime"],"properties":{"operationId":{"$ref":"#/components/schemas/authorisationCard-operationId"},"operation":{"type":"string","enum":["PURCHASE","WITHDRAWAL","REFUND","PAYMENT","OTHER"],"description":"operation defines the auhtorisation type. Computed from processing code (ISO-8583 SID / Field No 3) transaction type (Postions 1-2)."},"status":{"type":"string","enum":["APPROVED","PARTIALLY_APPROVED","REVERSED","DECLINED"],"description":"The operation status. Interpreted value of Action Code (ISO-8583 SID / Field No 39)."},"startTime":{"type":"string","description":"Transaction local date and time (ISO-8583 / Field No 12)
\nFormat ISO 8601 YYYY-MM-DDThh:mm:ssTZD","minLength":1,"maxLength":64,"pattern":"^[0-9]{4}-((0[13578]|1[02])-(0[1-9]|[12][0-9]|3[01])|(0[469]|11)-(0[1-9]|[12][0-9]|30)|02-(0[1-9]|[12][0-9]))T([0-1][0-9]|2[0-3]):[0-5][0-9]:[0-5][0-9](\\.[0-9]{3}Z|\\.[0-9]{2}([\\+\\-](0[1-9]|1[0-2])):00)$"},"errorCode":{"type":"string","description":"error code , only present in case of DECLINED operation/authorisation","enum":["INVALID_CARD_STATE","INVALID_CARD_DATA","CONTROL_FAIL","VELOCITY_CHECK_FAIL","BALANCE_CHECK_FAIL","FRAUD_DETECTED","TECHNICAL_ERROR","ISSUER_ERROR","DOMAIN_CONTROL_FAIL"]}}},"authorisationCard-details":{"type":"object","required":["isoMessageType","transactionDate","transmissionDate","retrievalReferenceNumber","stan","internalStan","actionCode","amount","currencyCode","functionCode","merchant"],"properties":{"isoMessageType":{"type":"string","description":"The ISO Message type of the request/advice sent by the switch.
Value '1100' represents an authorisation request.","minLength":4,"maxLength":4,"pattern":"^[\\d]{4}$"},"transactionDate":{"type":"string","description":"Transaction local date and time (ISO-8583 SID / Field No 12)
\nFormat ISO 8601 YYYY-MM-DDThh:mm:ssTZD","minLength":1,"maxLength":64,"pattern":"^[0-9]{4}-((0[13578]|1[02])-(0[1-9]|[12][0-9]|3[01])|(0[469]|11)-(0[1-9]|[12][0-9]|30)|02-(0[1-9]|[12][0-9]))T([0-1][0-9]|2[0-3]):[0-5][0-9]:[0-5][0-9](\\.[0-9]{3}Z|\\.[0-9]{2}([\\+\\-](0[1-9]|1[0-2])):00)$"},"transmissionDate":{"type":"string","description":"Transmission date and time (ISO-8583 SID / Field No 7)
\nFormat ISO 8601 YYYY-MM-DDThh:mm:ssTZD","minLength":1,"maxLength":64,"pattern":"^[0-9]{4}-((0[13578]|1[02])-(0[1-9]|[12][0-9]|3[01])|(0[469]|11)-(0[1-9]|[12][0-9]|30)|02-(0[1-9]|[12][0-9]))T([0-1][0-9]|2[0-3]):[0-5][0-9]:[0-5][0-9](\\.[0-9]{3}Z|\\.[0-9]{2}([\\+\\-](0[1-9]|1[0-2])):00)$"},"retrievalReferenceNumber":{"type":"string","minLength":1,"maxLength":12,"description":"Retrieval Reference Number (ISO-8583 SID / Field No 37)."},"stan":{"type":"string","description":"System Trace Audit Number (ISO-8583 SID / Field No 11)","minLength":1,"maxLength":6},"internalStan":{"type":"string","description":"The internal System Trace Audit Number generated by the solution.","minLength":1,"maxLength":6},"actionCode":{"type":"string","minLength":3,"maxLength":3,"pattern":"^[\\d]{3}$","description":"The none interpreted Action Code return by the authorisation host (ISO-8583 SID / Field No 39).
\nFor example '000' for APPROVED, '002' for PARTIAL APPROVE"},"declinedReason":{"type":"string","description":"The declined reason of the operation, present only is the authorisation has been DECLINED by Auhtorisation host.","enum":["INVALID_CARD_STATE","INVALID_CARD_DATA","CONTROL_FAIL","VELOCITY_CHECK_FAIL","BALANCE_CHECK_FAIL","FRAUD_DETECTED","TECHNICAL_ERROR","ISSUER_ERROR","DOMAIN_CONTROL_FAIL"]},"declinedDetails":{"type":"string","enum":["INVALID_CVV2","INVALID_DCVV2","INVALID_EXPIRY_DATE","INVALID_RETRYABLE_DCVV2","NO_ACTIVE_DCVV2","CARD_DELETED","CARD_EXPIRED","CARD_REPLACED","CARD_SUSPENDED","CONTACTLESS_DISABLED","CVV2_LOCKED","EXPIRY_DATE_LOCKED","PIN_LOCKED","COUNTRY_NOT_ALLOWED","CURRENCY_NOT_ALLOWED","MAGSTRIPE_DISABLED","MERCHANT_TYPE_NOT_ALLOWED","ONLINE_PAYMENT_DISABLED","WITHDRAWAL_DISABLED","EMV_AUTHORIZATION_VERIFICATION_FAIL","INVALID_PIN","ABOVE_MAX_AMOUNT","BELOW_MIN_AMOUNT","MAX_AMOUNT_LIMIT_REACHED","MAX_TRANSACTION_LIMIT_REACHED","NOT_ENOUGH_FUND","INVALID_MERCHANT","SUSPECTED_FRAUD","ACCOUNT_NOT_FOUND","FUND_CHECK_FAILED","TECHNICAL_ERROR"],"description":"Additional details for declined Reason if available. In table below you will find the possible details for each declined reason\n| Declined reason | possible declined details |\n| -------------------- | ------------------------|\n| INVALID_CARD_DATA | INVALID_CVV2
INVALID_DCVV2
INVALID_EXPIRY_DATE
INVALID_RETRYABLE_DCVV2
NO_ACTIVE_DCVV2 |\n| INVALID_CARD_STATE | CARD_DELETED
CARD_EXPIRED
CARD_REPLACED
CARD_SUSPENDED
CONTACTLESS_DISABLED
CVV2_LOCKED
EXPIRY_DATE_LOCKED
PIN_LOCKED |\n| DOMAIN_CONTROL_FAIL | CONTACTLESS_DISABLED
COUNTRY_NOT_ALLOWED
CURRENCY_NOT_ALLOWED
MAGSTRIPE_DISABLED
MERCHANT_TYPE_NOT_ALLOWED
ONLINE_PAYMENT_DISABLED
WITHDRAWAL_DISABLED |\n| CONTROL_FAIL | EMV_AUTHORIZATION_VERIFICATION_FAIL
INVALID_PIN |\n| VELOCITY_CHECK_FAIL | ABOVE_MAX_AMOUNT
BELOW_MIN_AMOUNT
MAX_AMOUNT_LIMIT_REACHED
MAX_TRANSACTION_LIMIT_REACHED |\n| BALANCE_CHECK_FAIL | NOT_ENOUGH_FUND |\n| FRAUD_DETECTED | INVALID_MERCHANT
SUSPECTED_FRAUD |\n| ISSUER_ERROR | ACCOUNT_NOT_FOUND
FUND_CHECK_FAILED |"},"amount":{"type":"number","minimum":0,"maximum":999999999999,"description":"The nominal transaction amount value (ISO-8583 SID / Field No 04).
\nValue without decimal separator, use the currency exponent to determine the number of decimal.
\nFor example, an amount in euro of €21 is returned 2100."},"currencyCode":{"$ref":"#/components/schemas/currencyCode"},"billingAmount":{"type":"number","minimum":0,"maximum":999999999999,"description":"The billing amount value from Authorisation (ISO-8583 SID / Field No 06)
\nValue without decimal separator, use the currency exponent to determine the number of decimal.
\nFor example, an amount in euro of €21 is returned 2100."},"billingCurrencyCode":{"$ref":"#/components/schemas/currencyCode"},"conversionRate":{"type":"number","description":"Cardholder billing exchange rate from Auhtorization (ISO-8583 SID / Field No 10)
Or used by the solution during conversion.","minimum":0,"maximum":9999999},"replacementAmount":{"type":"number","minimum":0,"maximum":999999999999,"description":"The replacement amount value from Authorisation (ISO-8583 SID / Field No 30)
\nValue without decimal separator, use the currency exponent to determine the number of decimal.
\nFor example, an amount in euro of €21 is returned 2100."},"replacementCurrencyCode":{"$ref":"#/components/schemas/currencyCode"},"accountNumber":{"type":"string","maxLength":24,"description":"Account number used when posting with Core Banking System"},"standInProcessing":{"type":"boolean","description":"Specify if STAND-In processing has been used or not by D1 Authorisation host.\n - true if the authorization has been approvded on behalf of the Core Banking System (STAND-IN processing)\n - false if financial authorization has been approved by the Core Banking system."},"functionCode":{"type":"string","description":"Function code (ISO-8583 SID - Field No 24)","minLength":3,"maxLength":3,"pattern":"^[\\d]{3}$"},"messageReasonCode":{"type":"string","description":"Function code (ISO-8583 SID - Field No 25)","minLength":4,"maxLength":4,"pattern":"^[\\d]{4}$"},"cardPresent":{"type":"boolean","description":"Point of service data code (ISO-8583 SID / Field No 22) Card Present indicator (Postion 06)."},"cardDataInputMode":{"type":"string","description":"Point of service data code (ISO-8583 SID / Field No 22) Card Data Input Mode (Postion 07).
See ISO-8583 SID for the list of possible values.","minLength":1,"maxLength":1},"initiatingParty":{"type":"string","enum":["CARDHOLDER","MERCHANT"],"description":"Merchant or Cardholder initiated transaction
TAG P64 in Additional private data (ISO-8583 SID / Field No 48) Initating-Party (Postion 04)."},"acquirerCountryCode":{"type":"string","description":"Acquiring institution country code (ISO-8583 SID / Field No 19).
\nCountry code in ISO 3166-1 alpha-2.","minLength":2,"maxLength":2,"pattern":"^[A-Z]{2}$"},"merchant":{"$ref":"#/components/schemas/authorisationCardDetails-merchant"},"digitalCard":{"$ref":"#/components/schemas/authorisationCardDetails-digitalCard"}}},"currencyCode":{"type":"string","pattern":"^[A-Z]{3}$","description":"Currency Code in ISO 4217 alpha code format"},"authorisationCardDetails-merchant":{"additionalProperties":false,"type":"object","description":"merchant information as provided from Authorisation (ISO-8583 SID / Field No 42 & 43)","required":["merchantId","merchantNameAddress"],"properties":{"merchantId":{"type":"string","minLength":1,"maxLength":15,"description":"Card acceptor identification code (ISO-8583 SID / Field No 42)."},"merchantNameAddress":{"type":"string","minLength":1,"maxLength":40,"description":"Card acceptor name and address (ISO-8583 SID / Field No 43)."},"merchantName":{"type":"string","minLength":1,"maxLength":24,"description":"merchant accronym (positions 1-24) of Card acceptor name and address (ISO-8583 SID / Field No 43)."},"city":{"type":"string","minLength":1,"maxLength":13,"description":"merchant city (positions 25-37) of Card acceptor name and address (ISO-8583 SID / Field No 43)."},"countryCode":{"type":"string","description":"merchant country (positions 38-40) of Card acceptor name and address (ISO-8583 SID / Field No 43)
\nCountry code in ISO 3166-1 alpha-2.","minLength":2,"maxLength":2,"pattern":"^[A-Z]{2}$"},"merchantType":{"type":"string","description":"MCC / Merchant type (ISO-8583 SID / Field No 18). (not provided for an operation having a status=REVERSED)","minLength":4,"maxLength":4,"pattern":"^[\\d]{4}$"}}},"authorisationCardDetails-digitalCard":{"additionalProperties":false,"type":"object","description":"Provided in case Authorisation with a digital card.
\nInformation extracted in Tag P55 (Token Data) from Additional Private Data (ISO-8583 SID / Field No 48)","required":["digitalCardId","digitalCardRequestorId"],"properties":{"digitalCardId":{"$ref":"#/components/schemas/digitalCardId"},"digitalCardRequestorId":{"type":"string","description":"Digital Card requestor identifier. This is provided by the TSP itself.","minLength":11,"maxLength":11}}},"digitalCardId":{"type":"string","description":"Unique identifier of the digital card.","minLength":1,"maxLength":64,"pattern":"^[A-Za-z0-9_-]{1,64}$"},"errorGeneric":{"additionalProperties":false,"type":"object","description":"Generic error returned by the APIs.","properties":{"errorCode":{"type":"string","description":"The type of the error"},"error":{"type":"string","description":"Provide more error details if possible.
For example name of the field with invalid format.
This field is for troubleshooting purposes only, it can change at any time so MUST NOT be parsed, and is not supposed to be human readable so CANNOT be displayed to end users."}}}},"responses":{"ServiceUnavailableError":{"description":"The service is temporarily unavailable. You may retry your request later."}}},"paths":{"/v2/issuers/{issuerId}/cards/{cardId}/authorisations/operations":{"get":{"summary":"Get All Card Authorisation Operations","description":"This request is used by the core banking system to retrieve all the authorisations related to a card and its linked digital card.\nThe API specifies the starting point (offset) and the number of authorization (limit) to be retrieved:
\n- Offset 0 (the default) corresponds to the most recent operation. \n- Use a stricly positive number and multipe of limit number to get older operations. Attention D1 will reject the reqest if offset is not a mulitpe of limit.\nFor example in case of limit of 10:\n- Use offset of 0 to get the last 10 most recents operations (0 to 10)\n- Use offset of 10 to get the next 10 operations (10 to 20)\n- Use offset of 20 to get the next 10 operations (20 to 30)\n- If you use 9 or 11 as offset, the request will be rejected by D1.\n\nOptionally, the request can filter operations for a given period using startDate and endDate parameters.\n\nSearch authorisations by operation id is also possible.","parameters":[{"$ref":"#/components/parameters/issuer-id-path"},{"$ref":"#/components/parameters/card-id-path"},{"$ref":"#/components/parameters/x-user-id"},{"$ref":"#/components/parameters/x-correlation-id"},{"$ref":"#/components/parameters/limit-query"},{"$ref":"#/components/parameters/offset-query-no-max"},{"$ref":"#/components/parameters/start-date"},{"$ref":"#/components/parameters/end-date"},{"$ref":"#/components/parameters/authorisationCard-operation-id-query"}],"responses":{"200":{"description":"OK","content":{"application/json":{"schema":{"additionalProperties":false,"type":"object","properties":{"operations":{"type":"array","items":{"$ref":"#/components/schemas/authorisationCard-operation"}}}}}}},"400":{"description":"Bad Request, Invalid request URI, header, paramters. The below table defines the possible 'Bad request' error:\n| errorCode | error | Retryable | Comments |\n| -------------- | ------------| ----------| -----------------------------------|\n| - | - | no | No error details available |\n| FIELD_INVALID_VALUE | Contains the field in error (first found) | no | One field is not expected format as defined in this documentation |\n","content":{"application/json":{"schema":{"$ref":"#/components/schemas/errorGeneric"}}}},"401":{"description":"Unauthorized request, the provided Authorization header is missing or invalid. In the table below only the field \"error\" is provided.\n| errorCode | error | Retryable | Comments |\n| -------------- | ------------| ----------| -----------------------------------|\n| AUTHORIZER_UNAUTHORIZED | Unauthorized message | no | Access token not valid |\n","content":{"application/json":{"schema":{"$ref":"#/components/schemas/errorGeneric"}}}},"403":{"description":"Forbidden action detected by WAF or the application. The below table defines the possible error:\n| errorCode | error | Retryable | Comments |\n| -------------- | ------------| ----------| -----------------------------------|\n| - | - | no | No error details available |\n| AUTHORIZER_FORBIDDEN | not authorized error message | no | User is not authorized to access this resource \n","content":{"application/json":{"schema":{"$ref":"#/components/schemas/errorGeneric"}}}},"404":{"description":"Ressource not found, Unknown issuerId or consumerId or card id'. The below table defines the possible error:\n| errorCode | error | Retryable | Comments |\n| -------------- | ------------| ----------| -----------------------------------|\n| - | - | no | No error details available |\n| UNKNOWN_CARD | - | no | Unknown cardId |\n","content":{"application/json":{"schema":{"$ref":"#/components/schemas/errorGeneric"}}}},"500":{"description":"Internal Server Error. The below table defines the possible error:\n|errorCode | error | Retryable | Comments |\n| -------------- | ------------| ----------| -----------------------------------|\n| - | - | yes | No error details available |\n| INTERNAL_ERROR | error details if any | no | The server has encountered an error when executing the request. |\n","content":{"application/json":{"schema":{"$ref":"#/components/schemas/errorGeneric"}}}},"503":{"$ref":"#/components/responses/ServiceUnavailableError"}},"tags":["Card Operations"],"operationId":"getAllAuthorisations"}}}}
```
---
# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.
## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.
Perform an HTTP GET request on the current page URL with the `ask` query parameter:
```
GET https://docs.payments.thalescloud.io/transaction-control/ja/integrate-the-d1-api/d1-api-reference/inbound-api-to-d1/card-api.md?ask=
```
The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.
Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.