API Documentation

Common Error Codes

The following are errors that can happen on any request to CorePro, depending on the request parameters, origin, intermediate network, etc. If present, these values will appear in the "errors" property of the envelope:

details

Code	Message (en-US)	HTTP Status Code	Notes
50401	User is not authorized	401	Check your configuration for proper CorePro API Key and Secret values against those in CorePro Admin console. Existing ones may have expired.
50403	IP is not trusted	403	Check the IP of the request. If it is a valid IP, contact CorePro support to whitelist it.
50404	The requested resource was not found.	404	The route is invalid or is not supported in the version associated with your API Key.
50405	The requested HTTP method is not allowed.	405	The route accepts a different HTTP method - did you issue a POST when you should have issued a GET for a particular route?
50429	Rate limit exceeded	429	Too many requests within a certain timeslice for your API Key. Wait a small amount of time and retry the request. If this happens regularly, contact CorePro support to increase your rate limit (additional fee may be applied)
50500	Internal Server Error	500	CorePro is experiencing issues. Please share your requestId with CorePro support.
50501	Not Implemented	501	The route is invalid. Verify your code is calling a documented CorePro route.
50502	Bad Gateway	502	Network connectivity issues between your server and CorePro servers, or CorePro is down for maintenance. Investigate, and if issues persist, contact CorePro support.
50503	Service Unavailable	503	CorePro servers are unavailable. You will need to try your request later.
50504	Gateway Timeout	504	Network connectivity issues between your server and CorePro servers, or CorePro is down for maintenance. Investigate, and if issues persist, contact CorePro support.
50505	HTTP Version Not Supported	505	HTTP/1.1 must be specified when using CorePro. Change your code to issue HTTP/1.1 requests.
50902	ProgramId {0} does not have a BIN mapped to it.	400	Your program is configured incorrectly. Contact support@corepro.io
50904	Could not find PciKeyId for BankId {0}, ProgramId {1} in a status of 1 (Encrypt and Decrypt allowed).	400	Your program is configured incorrectly. Contact support@corepro.io
52998	Internal Server Error. Incident Id : {0}	500	This is the catch-all error number for an internal server error. Please contact support@corepro.io with the Incidient Id provided in the message.
58150	QualiFile service call error received.	500	The content of this error message may be replaced by the actual one received from the QualiFile service call.
59001	No VerificationFundsAccount configured for program {0}	400	Your program is configured incorrectly. Contact support@corepro.io
59002	No RetailClearingAccount configured for program {0}	400	Your program is configured incorrectly. Contact support@corepro.io
59003	No ProgramExternalAccount configured for program {0}	400	Your program is configured incorrectly. Contact support@corepro.io
59004	No BankIncomeAccount configured for program {0}	400	Your program is configured incorrectly. Contact support@corepro.io
59005	No RegDFeeAmtForExceedingMonthlyMax configured for program {0}	400	Your program is configured incorrectly. Contact support@corepro.io
59006	No RegDMonthlyTransWithdrawCountMax configured for program {0}	400	Your program is configured incorrectly. Contact support@corepro.io
59007	Internal to Internal transfer is disabled for program {0}	400	Your program is configured incorrectly. Contact support@corepro.io
59008	AllowedAccountTypeId is not configured properly for program {0}	400	Your program is configured incorrectly. Contact support@corepro.io
59009	Program {0} does not have recurring contributions enabled.	400	You are unable to do recurring contributions because it is disabled for your program.
59010	Program {0} is not configured to require external account verification. Call /externalAccount/create instead.	400	Call `/externalAccount/create instead.`
59011	Program {0} is configured to require external account verification. Call /externalAccount/initiate instead.	400	Call `/externalAccount/initiate instead.`
59012	Program {0} is missing a ProgramReport record for the given date range and program.	400	Your program is configured incorrectly. Contact support@corepro.io
59013	No ProgramClearingAccount configured for program {0}	400	Your program is configured incorrectly. Contact support@corepro.io
59014	No MiscellaneousAccount configured for program {0}	400	Your program is configured incorrectly. Contact support@corepro.io
59015	No GeneralJournalAccount configured for program {0}	400	Your program is configured incorrectly. Contact support@corepro.io
59016	No CashAccount configured for program {0}	400	Your program is configured incorrectly. Contact support@corepro.io
59017	No RetailExternalAccount configured for program {0}	400	Your program is configured incorrectly. Contact support@corepro.io
59018	No ProgramEcode.PercentToClient configured for program {0}	400	Your program is configured incorrectly. Contact support@corepro.io
59019	No ProgramEcode.PercentToCorePro configured for program {0}	400	Your program is configured incorrectly. Contact support@corepro.io
59020	Program {0} does not have account type {1} enabled.	400	Your program is configured incorrectly. Contact support@corepro.io
59102	No ProgramClearingAccount linked to ProgramExternalAccount {0}	400	Your program is configured incorrectly. Contact support@corepro.io
59103	All card numbers are already allocated for Program {0}.	400	Your program is configured incorrectly. Contact support@corepro.io
59900	Could not convert {0} to {1}: {2}. Path '{3}', line {4}, position {5}.	400	Invalid value passed in for a JSON property. The value could not be converted to the proper type. {0} = JSON type, {1} = destination type, {2} = value, {3} = property name, {4} = line number, {5} = character position. e.g.: "Could not convert string to decimal: 11..04. Path 'recurringContributionAmount', line 9, position 42."
59901	Invalid JavaScript property identifier character: {0}. Path '{1}', line {2}, position {3}.	400	Property name is missing opening quote character ('"'). {0} = property name, {1} = line number, {2} = character position. e.g.: "Invalid JavaScript property identifier character: ". Path 'targetDate', line 13, position 7."
59902	Expected ':' but got: {0}. Path '{1}', line {2}, position {3}.	400	Property name is missing closing quote character ('"'). {0} = first character of property name, {1} = property name, {2} = line number, {3} = character position. e.g.: "Expected ':' but got: S. Path 'targetDate', line 13, position 11."
59903	Invalid character after parsing property name. Expected ':' but got: =. Path '{0}', line {1}, position {2}.	400	Attempting to use "=" instead of ":" to separate property name and its value. {0} = property name (typically the name of the previous property, not the one with the issue), {1} = line number, {2} = character position. e.g.: "Invalid character after parsing property name. Expected ':' but got: =. Path 'tag', line 11, position 18."
59904	Error reading {0}. Unexpected token: StartArray. Path '{1}', line {2}, position {3}.	400	Passed an array value to a property which is not an array. {0} = destination type, {1} = property name, {2} = line number, {3} = character position. e.g.: "Error reading string. Unexpected token: StartArray. Path 'tag', line 10, position 11."
59905	Error parsing NaN value. Path '{0}', line {1}, position {2}.	400	Attempting to pass `null` for a property value, but using an invalid casing (such as `NULL` or `Null`). {0} = property name, {1} = line number, {2} = character position. e.g.: "Error parsing NaN value. Path 'tag', line 10, position 10."
59906	After parsing a value an unexpected character was encountered: ;. Path '{0}', line {1}, position {2}.	400	Attempting to use a semicolon (`;`) where a comma (`,`) should be used. {0} = property name, {1} = line number, {2} = character position. e.g.: "After parsing a value an unexpected character was encountered: ;. Path 'customerId', line 2, position 22."
59949	(Message varies)	400	A generic JSON parsing error occurred. See message for details. i.e. The JSON payload is not structured properly in some way.
59950	Unexpected end when deserializing object. Path '{0}', line {1}, position {2}.	400	Closing curly brace ("}") is missing in JSON payload. {0} = property name, {1} = line number, {2} = character position. e.g.: "Unexpected end when deserializing object. Path 'type', line 15, position 1."
59951	Error converting value "{0}" to type '{1}'. Path '', line {2}, position {3}.	400	Opening curly brace ("}") is missing in JSON payload. {0} = first property name in payload, {1} = (varies, ignore), {2} = line number, {3} = character position. e.g.: "Error converting value \"customerId\" to type 'CorePro.Business.Account'. Path '', line 2, position 15."
59952	Value for property '{0}' is not formatted as a valid ISO-8601 DateTime. Example value=2015-01-31T22:43:21.123+00:00	400	The value for the property is not formatted as an ISO-8601 date. e.g.: "Value for property 'targetDate' is not formatted as a valid ISO-8601 DateTime. Example value=2015-01-31T22:43:21.123+00:00"
59953	Value for property '{0}' is not formatted as a valid boolean. Valid values=true,false	400	The value for the property is not formatted as a boolean value. e.g.: "Value for property 'isCloseable' is not formatted as a valid boolean. Valid values=true,false"
59954	Value for property '{0}' is not formatted as a valid decimal (precision up to 2). Example value=1234.56	400	The value for the property is not formatted as a decimal value. e.g.: "Value for property 'targetAmount' is not formatted as a valid decimal (precision up to 2). Example value=1234.56"
59955	Value for property '{0}' is not formatted as a valid decimal (precision up to 11). Example value=1234.56789012345	400	The value for the property is not formatted as a decimal value. e.g.: "Value for property 'interestRateMonthly' is not formatted as a valid decimal (precision up to 2). Example value=1234.56789012345"
59956	Value for property '{0}' is not acceptable. Specifics: {1}	400	The value for the property could not be cast properly. e.g.: "Value for property 'customerId' is not acceptable. Specifics: Input string '12548a' is not a valid integer. Path 'customerId', line 2, position 23."
59957	Missing a closing curly brace. Specifics: {0}	400	JSON payload is missing a closing curly brace. e.g.: "Missing a closing curly brace. Unexpected end when deserializing object. Path 'type', line 12, position 1."
59958	Missing an opening curly brace. Specifics: {0}	400	JSON payload is missing an opening closing curly brace. e.g.: "Missing an opening curly brace. Specifics: Error converting value "customerId" to type 'CorePro.Business.Account'. Path '', line 2, position 15."
59999	(Message varies)	400	A generic JSON deserialization error occurred. See message for details. i.e. The JSON payload is not structured properly in some way.
60001	Customer id {0} is invalid.	400	Provide a valid customerId in the request
60002	Customer id {0} is inactive.	400	An inactive customer cannot perform any actions in CorePro. Redirect the user to a page informing them of this.
60003	Customer id {0} is not in a verified status.	400	An unverified customer cannot perform any actions in CorePro (except call /customer/verify). Redirect the user to a page informing them of this.
60004	Customer id {0} is locked.	400	An locked customer cannot perform any actions in CorePro. Redirect the user to a page informing them of this.
60005	Customer id {0} is marked as deceased.	400	An deceased customer cannot perform any actions in CorePro. Redirect the user to a page informing them of this.

Card

A card is tied to one or more savings or checking accounts managed by CorePro. To correlate a specific card in CorePro to a specific card record in your system, store your system's unique key in the tag property, or store CorePro's cardId in your system.

Creating a real, physical card and shipping it to the end user is a multi-day process. Here is the "normal" production workflow for a card:

Call /card/initiate
Wait multiple day(s) for physical card to be printed and shipped to the end user.
End user would need to activate the card prior to use -- or in CorePro terms, "verify" the card via /card/verify
End user can now use the card immediately

Note: When reissuing a card in the sandbox, if a card is currently in PendingVerification or ReissuePendingVerification status, the new status will be ReissuePendingVerification. Otherwise, the new status will be Verified.

card Object

Represents a single card in CorePro. A single customer can have multiple cards. A single card can be tied to multiple accounts (4 checking, and 4 savings). A single account can be tied to multiple cards.

details

Property	Data Type (length)	Description
`cardId`	integer	The unique identifier for a card.
`customerId`	integer	The unique identifier of the customer who actually created the card (the customer who called `/card/initiate`). This customer must have a `status` of `Verified` and have an `accessTypeCode` of `FULL`.
`cardHolderCustomerId`	integer	The unique identifier of the customer who typically has the card in their possession. e.g.: a parent wants a card for their child (who is a minor) to use. If `0` or `null`, defaults to value in `customerId`. This customer must have a `status` of `Verified` and have an `accessTypeCode` of `FULL`, `ACCT`, or `CARD`. Assumes customer was already created and verified.
`typeCode`	string (3)	The type of card. Possible values include: `DBT` - Debit card (default if not specified)
`vendorTypeCode`	string (5)	The type of vendor for the card. Possible values include: `VS` - Visa
`status`	string (15)	The status of the card. Possible values include: `Initiated` - New card object was created via `/card/initiate`, but the request to generate the physical card has not yet been sent to card provider for processing. `Pending` - Request for the physical card has not yet been sent to card provider for processing. `PendingVerification` - Physical card is being produced and mailed to the customer, or the customer has received it already and has yet to verify they received the card. `Verified` - Customer has received the physical card and called `/card/verify` successfully. Card can be used to perform transactions. `Denied` - New physical card request was denied `Expired` - New card object was created and request to create a physical card was sent to the card provider, but the customer did not verify card quickly enough by calling `/card/verify`. Customer may or may not have been issued a physical card. No transactions were ever performed with this card. `Archived` - Card can no longer be used. It may or may not have been verified prior to archival. `Reissued` - A replacement card has been requested. This card may or may not still be useable, it depends on the parameters passed to `/card/reissue`. `Hotlisted` - Card and PAN can never be used again. PAN has been permanently marked as "hot" and no transactions will ever be approved for it again. `ReissuedPendingVerification` - An existing card has been reissued with the same PAN. New physical card is being produced and mailed to the customer, or the customer has received it already and has yet to verify they received the card.
`cardNumberMasked`	string (19)	The masked value of the PAN (Primary Account Number) for the card. e.g.: `***********1234`. NOTE:** This property returns all asterisks (`*`) until the card has been verified.
`tag`	string (50)	A caller-specified, unique identifier for this card. Must be unique within a given Program in production. Maximum length is 50 characters.
`firstName`	string (64)	The card holder's first name as it should appear on the card verbatim. See /card/initiate for restrictions.
`middleName`	string (64)	The card holder's middle name as it should appear on the card verbatim. See /card/initiate for restrictions.
`lastName`	string (128)	The card holder's last name as it should appear on the card verbatim. See /card/initiate for restrictions.
`nickName`	string (50)	A display-friendly name that applies to the card itself.
`expireMonth`	integer	The month the card expired / will expire
`expireYear`	integer	The 4-digit year the card expired / will expire
`primaryAccountId`	integer	The `accountId` of the default account for this card. Should typically be a DDA-type account (`type` of `Checking`, or some other DDA).
`lockTypeCode`	string (20)	The type of lock applied to the card. Possible values include: `UNL` - Unlocked `CST` - Customer Locked (locked via the API; Or, if a user of the Admin Console spcifies the lock can be unlocked by the customer via the API) `SYS` - System Locked (locked via the Admin Console or an automated process; the Admin user specified customer should not be able to unlock it via the API or the network provider deemed the card is locked on their end so it was reflected as such in CorePro) Note that customers can unlock most `CST` locks but none of the `SYS` locks. See /card/unlock for the matrix detailing out all possibilities.
`lockReasonTypeCode`	string (20)	The reason the lock was applied to the card. Possible values include: `UNK` - Unknown `STL` - Stolen * `LST` - Lost * `FRD` - Suspected Fraud * `DMG` - Physical Damage `ADM` - Administrative `TMP` - Temporary `PIN` - PIN Retries Exceeded * Can be set via /card/hotlist API route only. Cannot be subsequently unlocked. ** Can be set via Admin console or background processing only; not via API
`createdDate`	datetime	Date the card was created
`requestedDate`	datetime	Date the request to create the card was sent to the card provider
`verifiedDate`	datetime	Date the card was set to a `Verified`status by the successfully calling `/card/verify`
`reissuedDate`	datetime	Date the card was set to a `Reissued` status due to calling `/card/reissue`
`deniedDate`	datetime	Date the card was set to a `Denied` status.
`expiredDate`	datetime	Date the card was set to an `Expired` status due to the customer never calling `/card/verify`
`archivedDate`	datetime	Date the card was set to an `Archived` status due to calling `/card/archive`
`lastModifiedDate`	datetime	Date when the object was last altered in any way.Note: This property updates when a card is locked or unlocked.
`accounts`	List of partially-populated `account` objects	Properties that are populated on each partial `account` object are: `accountBalance` `accountId` `accountNumberMasked` `availableBalance` `balanceLastModifiedDate` `customerId` `lastModifiedDate` `name` `pendingBalance` `cardPriority` - values will be between 1 and 4 `status` `tag` `type` - `Checking`, `Savings`, etc. See `account` object for more detail.
`newPin`	string	The new 4-digit (0-9 only) value to assign to the PIN. Must be encrypted using this public key and converted to base64 per RFC 4648. For example, if your PIN is `1234`, the value for `newPin` would look something like the following: ahbL0fFx/do4mBEpURziDUEJftK5OZKhIts5yThxDgHcmvC56vX/GGrnAenz an3PuO9ZYm353KB/jYqupR0/3UDs0i0PNoeFro3fE5eZZuB3UZzO3HGaf8dJ XSg63CDeqDnuSFCMOhMciZwolgx+jGrSncTt3wWvwysreQ9RFN0+pgJsD8TZ LqZ5oWG/sdUG1yQej8Q/S3HOMmmPou9FIh4H7ZPeQGnkydCxpOKhfuLXKjW8 gc5yhaKA8lmTio+rQ1nA+zDaG/TeNx8FYIBX2TwB8HBkLe1vfQNpVEE8A/H4 SvhxmHrajrZmg2BA9xP/f/JoFTk7mwgeOWYwSC7VnA== This value will never be returned from the API Note: OAEP must be enabled during the encryption process. See the `publicKeyAlgorithms` property of the program object for language-specific details.
`qualifierCode`	string	The QualifierCode property is optional and accepts any alphanumeric (max length 3) characters. Valid values are defined by DPS at the time of BIN creation.
`binId`	int	The BinId property is optional and specifies which bin a card will be created under, if left null the first valid bin for the program will be used.

addAccount

Adds an account to a card. Can be reversed by calling /card/removeAccount.

The customerId attempting to add the account must have an accessTypeCode of FULL to that account and the customer itself must have a accessTypeCode of FULL or ACCT.

POST /card/addAccount

Request Body Parameters

`customerId`	Required	Customer ID (the `customerId` or `cardHolderCustomerId` associated with the card)
`cardId`	Required	Card ID (returned when card was originally created)
`accountId`	Required	Account ID that should be accessible via the given `cardId`. The `customerId` must have `FULL` access to the `account`.
`cardPriority`	Required	Priority the Account ID will have. Must be between 1 and 4 inclusive. If this matches the priority of an existing account, that account's priority will be slid down one slot (as will all other lower priority accounts as needed)

Response Data

A `card` object

Error Codes

Code	Message (en-US)	Notes
1-60000	Any "Common Error Code" may occur.	See Common Error Codes
150601	Invalid CardId {0} or CustomerId {1} is not associated with the card.
150602	CardId {0} must be unlocked to add an account.
150603	AccountId {0} must be a Checking or Savings account.
150604	CardId {0} already has the maximum of 4 {1} accounts.
150605	AccountId {0} is in a status of {1}. Must be Open to add it to a card.
150606	AccountId {0} is already tied to CardId {1} with a priority of {2}.
150607	New priority of {0} must be between 1 and {1}.

Example

Request

POST /card/addAccount
Authorization: Basic PutBase64TokenHere

{
  "accountId": 810056,
  "cardId": 441612,
  "cardPriority": 1,
  "customerId": 809953
}

Response

    {
  "data": {
    "accounts": [
      {
        "accountBalance": 0.0,
        "accountId": 810056,
        "accountNumberMasked": "*************0148",
        "availableBalance": 0.0,
        "balanceLastModifiedDate": "2019-01-18T13:37:48.893-06:00",
        "cardPriority": 1,
        "customerId": 809953,
        "lastModifiedDate": "2019-01-18T13:37:48.890-06:00",
        "name": "New Bike",
        "pendingBalance": 0.0,
        "status": "Open",
        "tag": "",
        "type": "Checking"
      },
      {
        "accountBalance": 0.0,
        "accountId": 1325696,
        "accountNumberMasked": "*************3030",
        "availableBalance": 0.0,
        "balanceLastModifiedDate": "2019-06-13T15:57:18.102-05:00",
        "cardPriority": 2,
        "customerId": 809953,
        "lastModifiedDate": "2019-06-13T15:57:18.098-05:00",
        "name": "{{name}}",
        "pendingBalance": 0.0,
        "status": "Open",
        "tag": "",
        "type": "Checking"
      },
      {
        "accountBalance": 3100.0,
        "accountId": 809999,
        "accountNumberMasked": "*************9751",
        "availableBalance": 3100.0,
        "balanceLastModifiedDate": "2019-04-03T16:02:31.743-05:00",
        "cardPriority": 3,
        "customerId": 809953,
        "lastModifiedDate": "2019-06-14T12:54:09.357-05:00",
        "name": "shdkfjhdkjfdf",
        "pendingBalance": 0.0,
        "status": "Open",
        "tag": "",
        "type": "Checking"
      }
    ],
    "cardHolderCustomerId": 809953,
    "cardId": 441612,
    "cardNumberMasked": "****************",
    "createdDate": "2019-03-15T15:37:21.609-05:00",
    "customerId": 809953,
    "expireMonth": 3,
    "expireYear": 2022,
    "firstName": "JOHN",
    "lastModifiedDate": "2019-06-17T14:07:58.607-05:00",
    "lastName": "SMITH",
    "limits": [],
    "lockReasonTypeCode": "UNK",
    "lockTypeCode": "UNL",
    "middleName": "",
    "nameOnCard": "JOHN SMITH",
    "nickName": "My Card",
    "primaryAccountId": 810056,
    "status": "Verified",
    "tag": "OZJM1wkc4x3XVFeRikd8l8ue1XzxG5VOR9xtAl8n",
    "typeCode": "DBT",
    "vendorTypeCode": "VS"
  },
  "errors": [],
  "requestId": "e75a932a-402e-4f13-af18-b83f9aa20b48",
  "status": 200
}

get

Retrieve card information by the given customerId and cardId

Note: When you provide an invalid identifier (id,tag, or emailAddress), all routes ending with /get returns 400 (Bad Request). This route returns a filled out corresponding accounts array.

GET /card/get/{customerId}/{cardId}

Request Parameters

`customerId`	Required	Customer ID (the `customerId` or `cardHolderCustomerId` associated with the card)
`cardId`	Required	Card ID (returned when card was originally created)

Response Data

A `card` Object

Error Codes

Code	Message (en-US)	Notes
1-60000	Any "Common Error Code" may occur.	See Common Error Codes

Example

Request

GET /card/get/1587534/1587540
Authorization: Basic PutBase64TokenHere

Response

{
  "data": {
    "accounts": [
      {
        "accountBalance": 0.0,
        "accountId": 1587539,
        "accountNumberMasked": "*************1034",
        "availableBalance": 0.0,
        "name": "Savings #1",
        "pendingBalance": 0.0,
        "priority": 1,
        "status": "Open",
        "tag": "",
        "type": "Savings"
      }
    ],
    "cardHolderCustomerId": 1587534,
    "cardId": 1587540,
    "cardNumberMasked": "********************",
    "createdDate": "2016-08-24T18:48:51.6890745-05:00",
    "customerId": 1587534,
    "expireMonth": 8,
    "expireYear": 2018,
    "lockReasonTypeCode": "UNK",
    "lockTypeCode": "UNL",
    "nameOnCard": "John Q. Smith",
    "nickName": "My Main Debit Card",
    "primaryAccountId": 1587539,
    "status": "Initiated",
    "typeCode": "DBT",
    "vendorTypeCode": "VS"
  },
  "errors": [],
  "requestId": "620c11c5-4674-4f2f-9cc1-2237cb1ad467",
  "status": 200
}

getByTag

Retrieve card information by the given customerId and tag

Note: When you provide an invalid identifier (id,tag, or emailAddress), all routes ending with /getByTag returns 400 (Bad Request). This route returns a filled out corresponding accounts array.

GET /card/getbytag/{customerId}/{tag}

Request Parameters

`customerId`	Required	Customer ID (the `customerId` or `cardHolderCustomerId` associated with the card)
`tag`	Required	Tag value provided when card was created

Response Data

A `card` Object

Error Codes

Code	Message (en-US)	Notes
1-60000	Any "Common Error Code" may occur.	See Common Error Codes
150801	Invalid CardId '{0}' or CustomerId '{1}' is not associated with the card.

Example

Request

GET /card/getbytag/1587534/cfe9e6b6-4b3a-49d2-9133-9641d45ea61e
Authorization: Basic PutBase64TokenHere

Response

{
  "data": {
    "accounts": [
      {
        "accountBalance": 0.0,
        "accountId": 1587539,
        "accountNumberMasked": "*************1034",
        "availableBalance": 0.0,
        "name": "Savings #1",
        "pendingBalance": 0.0,
        "priority": 1,
        "status": "Open",
        "tag": "cfe9e6b6-4b3a-49d2-9133-9641d45ea61e",
        "type": "Savings"
      }
    ],
    "cardHolderCustomerId": 1587534,
    "cardId": 1587540,
    "cardNumberMasked": "********************",
    "createdDate": "2016-08-24T18:48:51.6890745-05:00",
    "customerId": 1587534,
    "expireMonth": 8,
    "expireYear": 2018,
    "lockReasonTypeCode": "UNK",
    "lockTypeCode": "UNL",
    "nameOnCard": "John Q. Smith",
    "nickName": "My Main Debit Card",
    "primaryAccountId": 1587539,
    "status": "Initiated",
    "typeCode": "DBT",
    "vendorTypeCode": "VS"
  },
  "errors": [],
  "requestId": "45c8b54d-057a-4fd2-b1ae-526b6209424d",
  "status": 200
}

hotlist

Permanently locks a card with a FRD (Suspected Fraud), LST (Lost), or STL (Stolen) lockReasonTypeCode. This is a one-way function.

POST /card/hotlist

Request Body Parameters

`customerId`	Required	Customer ID (the `customerId` or `cardHolderCustomerId` associated with the card)
`cardId`	Required	Card ID (returned when card was originally created)
`lockReasonTypeCode`	Required	Possible values include: `STL` - Stolen `LST` - Lost `FRD` - Suspected Fraud

Response Data

A `card` object	The card will have a `lockTypeCode` of `CST` upon successful completion of this call. All card-based transfers will fail.

Error Codes

Code	Message (en-US)	Notes
1-60000	Any "Common Error Code" may occur.	See Common Error Codes
150401	Invalid Card Lock Reason Type Code '{0}'.
150402	CardId {0} has been locked by the System and cannot be unlocked by a customer.
150403	CustomerId {0} does not have access to CardId {1}.
150801	Must specify a lockReasonTypeCode of 'FRD', 'STL', or 'LST' when hotlisting a card.

Example

Request

POST /card/hotlist
Authorization: Basic PutBase64TokenHere

{
    "cardId":1587540,
    "customerId":1587534,
    "lockReasonTypeCode": "STL"
}

Response

    {
  "data": {
    "accounts": [
      {
        "accountBalance": 0.0,
        "accountId": 1587539,
        "accountNumberMasked": "*************1034",
        "availableBalance": 0.0,
        "name": "Savings #1",
        "pendingBalance": 0.0,
        "priority": 1,
        "status": "Open",
        "tag": "",
        "type": "Savings"
      }
    ],
    "cardHolderCustomerId": 1587534,
    "cardId": 1587540,
    "cardNumberMasked": "********************",
    "createdDate": "2016-08-24T18:48:51.6890745-05:00",
    "customerId": 1587534,
    "expireMonth": 8,
    "expireYear": 2018,
    "lockReasonTypeCode": "STL",
    "lockTypeCode": "CST",
    "nameOnCard": "John Q. Smith",
    "nickName": "My Main Debit Card",
    "primaryAccountId": 1587539,
    "status": "Verified",
    "typeCode": "DBT",
    "vendorTypeCode": "VS"
  },
  "errors": [],
  "requestId": "620c11c5-4674-4f2f-9cc1-2237cb1ad467",
  "status": 200
}

initiate

Initiate a request to create a new card and send it to a customer.

In the Sandbox environment, cards will always be created with a cardNumberMasked value of 1111 and can be verified via /card/verify immediately afterwards. This is to facilitate faster testing only.

POST /card/initiate

Request Body Parameters

`customerId`	Required	The `customerId` of the customer who is creating the card.
`cardHolderCustomerId`	Required	The `customerId` of the customer who will be using the card. This should almost always match the `customerId` property. Exception is when the card is being created for another user. e.g.: A parent wants to create a debit card for their child.
`vendorTypeCode`	Required	The vendor offering the card. Possible values include: `VS` - Visa `MC` - MasterCard
`typeCode`	Optional	The type of card to create. Possible values include: `DBT` - debit card (default if not specified)
`primaryAccountId`	Required	The account to use when no account is specified by an ISO-8583 request. e.g.: Swiping a card at a Point Of Sale.
`firstName`	Required	The first name that is to appear verbatim on the physical card itself. Can contain only A-Z, " " (space), or "-" (hyphen). If not provided in uppercase, will be converted to uppercase. NOTE: only the first 22 characters of `firstName` + {space} + `middleName` + {space} + `lastName` will appear on the card; this is a limitation of the card provider.
`middleName`	Optional	The middle name that is to appear verbatim on the physical card itself. Can contain only A-Z, " " (space), or "-" (hyphen). If not provided in uppercase, will be converted to uppercase. NOTE: only the first 22 characters of `firstName` + {space} + `middleName` + {space} + `lastName` will appear on the card; this is a limitation of the card provider.
`lastName`	Required	The last name that is to appear verbatim on the physical card itself. Can contain only A-Z or "-" (hyphen). If not provided in uppercase, will be converted to uppercase. NOTE: only the first 22 characters of `firstName` + {space} + `middleName` + {space} + `lastName` will appear on the card; this is a limitation of the card provider.
`nickName`	Required	A display-friendly name given to the card itself. e.g.: My Check Card
`tag`	Optional	A caller-specified, unique identifier for this card. Must be unique within a given Program. Maximum length is 50 characters.
`newPin`	Optional	The new 4-digit (0-9 only) value to assign to the PIN. Must be encrypted using this public key and converted to base64 per RFC 4648. For example, if your PIN is `1234`, the value for `newPin` would look something like the following: ahbL0fFx/do4mBEpURziDUEJftK5OZKhIts5yThxDgHcmvC56vX/GGrnAenz an3PuO9ZYm353KB/jYqupR0/3UDs0i0PNoeFro3fE5eZZuB3UZzO3HGaf8dJ XSg63CDeqDnuSFCMOhMciZwolgx+jGrSncTt3wWvwysreQ9RFN0+pgJsD8TZ LqZ5oWG/sdUG1yQej8Q/S3HOMmmPou9FIh4H7ZPeQGnkydCxpOKhfuLXKjW8 gc5yhaKA8lmTio+rQ1nA+zDaG/TeNx8FYIBX2TwB8HBkLe1vfQNpVEE8A/H4 SvhxmHrajrZmg2BA9xP/f/JoFTk7mwgeOWYwSC7VnA== This value will never be returned from the API Note: OAEP must be enabled during the encryption process. See the `publicKeyAlgorithms` property of the program object for language-specific details.
`qualifierCode`	string	The QualifierCode property is optional and accepts any alphanumeric (max length 3) characters. Valid values are defined by DPS at the time of BIN creation.
`binId`	int	The BinId property is optional and specifies which bin a card will be created under, if left null the first valid bin for the program will be used.

Response Data

A `card` object in an `Initiated` state

Error Codes

Code	Message (en-US)	Notes
1-60000	Any "Common Error Code" may occur.	See Common Error Codes
150201	TypeCode {0} is not valid. Must be 'DBT' or 'CDT'.
150202	VendorTypeCode {0} is not valid. Must be 'VS' or 'MC'.
150203	NameOnCard is a required field.
150204	Tag {0} is already associated with another card.
150205	Invalid Card Holder CustomerId {0}.
150206	Assigned Customer {0} status is '{1}'. Must be 'Initiated', 'Manual Review', or 'Verified'.
150207	Assigned Customer {0} access type is '{1}'. Must be 'FULL', 'ACCT', or 'CARD'.
150208	Invalid Primary AccountId {0}.
150209	Primary AccountId {0} is in invalid status of {1}. Must be Open or PendingOpen.
150210	Primary AccountId {0} must be a Checking or Savings account.
150211	Insufficient access type {0} for CustomerId {1} to Primary AccountId {2} to add a card. FULL is required.
150212	A Primary Account must be specified.
150213	Both FirstName and LastName are required.
150230	Another card for CustomerId {0} is using NickName of {1}. NickName must be unique.
150231	The primary customer {0} must have its Mobile or Home phone specified prior to creating a card.
150232	The primary customer {0} must have its Mailing or Residence address specified prior to creating a card.
150240	FirstName ({0}) must contain only characters A-Z, hyphen, apostrophe, period, comma, ampersand, or space.
150241	MiddleName ({0}) must contain only characters A-Z, hyphen, apostrophe, period, comma, ampersand, or space.
150242	LastName ({0}) must contain only characters A-Z, hyphen, apostrophe, period, comma, or ampersand.
150243	Card Bin {0} is not valid.

Example

Request

POST /card/initiate
Authorization: Basic PutBase64TokenHere

{
  "customerId": 1587542,
  "cardHolderCustomerId": 1587542,
  "typeCode": "DBT",
  "vendorTypeCode": "VS",
  "tag": "",
  "firstName": "John",
  "middleName": "Q",
  "lastName": "Smith",
  "nickName": "My Main Debit Card",
  "primaryAccountId": 1587547
}

Response

{
  "data": {
    "accounts": [
      {
        "accountBalance": 0.0,
        "accountId": 1587547,
        "accountNumberMasked": "*************1038",
        "availableBalance": 0.0,
        "name": "Savings #1",
        "pendingBalance": 0.0,
        "priority": 1,
        "status": "Open",
        "tag": "",
        "type": "Savings"
      }
    ],
    "cardHolderCustomerId": 1587542,
    "cardId": 1587549,
    "cardNumberMasked": "********************",
    "createdDate": "2016-08-24T19:28:04.3031184-05:00",
    "customerId": 1587542,
    "expireMonth": 8,
    "expireYear": 2018,
    "lockReasonType": "UNK",
    "lockType": "UNL",
    "firstName": "John",
    "middleName": "Q",
    "lastName": "Smith",
    "nickName": "My Card",
    "primaryAccountId": 1587547,
    "status": "Initiated",
    "typeCode": "DBT",
    "vendorTypeCode": "VS"
  },
  "errors": [],
  "requestId": "9f7d34bd-2b24-424e-9e87-62b49e3f0bbe",
  "status": 200
}

list

Retrieve all card information for the given customerId

GET /card/list/{customerId}

Request Parameters

`customerId`	Required	Customer ID (the `customerId` or `cardHolderCustomerId` associated with the card)

Response Data

A list of `card` objects

Error Codes

Code	Message (en-US)	Notes
1-60000	Any "Common Error Code" may occur.	See Common Error Codes

Example

Request

GET /card/list/1587542
Authorization: Basic PutBase64TokenHere

Response

{
  "data": [
    {
      "accounts": [
        {
          "accountBalance": 0.0,
          "accountId": 1587547,
          "accountNumberMasked": "*************1038",
          "availableBalance": 0.0,
          "name": "Savings #1",
          "pendingBalance": 0.0,
          "priority": 1,
          "status": "Open",
          "tag": "",
          "type": "Savings"
        }
      ],
      "cardHolderCustomerId": 1587542,
      "cardId": 1587548,
      "cardNumberMasked": "XXXXXXXXXXXXXXXXXXXX",
      "createdDate": "2016-08-24T19:26:42.3331488-05:00",
      "customerId": 1587542,
      "expireMonth": 8,
      "expireYear": 2018,
      "lockReasonTypeCode": "UNK",
      "lockTypeCode": "UNL",
      "nameOnCard": "John Q. Smith",
      "nickName": "My Main Debit Card",
      "primaryAccountId": 1587547,
      "status": "Initiated",
      "typeCode": "DBT",
      "vendorTypeCode": "VS"
    },
    {
      "accounts": [
        {
          "accountBalance": 0.0,
          "accountId": 1587547,
          "accountNumberMasked": "*************1038",
          "availableBalance": 0.0,
          "name": "Savings #1",
          "pendingBalance": 0.0,
          "priority": 1,
          "status": "Open",
          "tag": "",
          "type": "Savings"
        }
      ],
      "cardHolderCustomerId": 1587542,
      "cardId": 1587549,
      "cardNumberMasked": "********************",
      "createdDate": "2016-08-24T19:28:04.3031184-05:00",
      "customerId": 1587542,
      "expireMonth": 8,
      "expireYear": 2018,
      "lockReasonTypeCode": "UNK",
      "lockTypeCode": "UNL",
      "nameOnCard": "John Q. Smith",
      "nickName": "My Card",
      "primaryAccountId": 1587547,
      "status": "Initiated",
      "typeCode": "DBT",
      "vendorTypeCode": "VS"
    }
  ],
  "errors": [],
  "requestId": "e7470b66-556f-40bc-b394-a9ec1e44911b",
  "status": 200
}

lock

Temporarily locks a card. Will apply a lockTypeCode of CST on success. Will remain in effect until it is reversed by calling /card/unlock.

POST /card/lock

Request Body Parameters

`customerId`	Required	Customer ID (the `customerId` or `cardHolderCustomerId` associated with the card)
`cardId`	Required	Card ID (returned when card was originally created)
`lockReasonTypeCode`	Required	Possible values include: `UNK` - Unknown `FRD` - Suspected Fraud `DMG` - Physical Damage `TMP` - Temporary

Response Data

A `card` object	The card will have a `lockTypeCode` of `CST` upon successful completion of this call. All card-based transfers will fail.

Error Codes

Code	Message (en-US)	Notes
1-60000	Any "Common Error Code" may occur.	See Common Error Codes
150401	Invalid Card Lock Reason Type Code '{0}'.
150402	CardId {0} has been locked by the System and cannot be unlocked by a customer.
150403	CustomerId {0} does not have access to CardId {1}.
150404	Use the /customer/hotlist route to report a lost, stolen, or suspected fraud card.	Occurs only if given `lockReasonTypeCode` is `LST` or `STL`
150405	Must specify a valid lockReasonTypeCode. Values include UNK, FRD, DMG, ADM, TMP.

Example

Request

POST /card/lock
Authorization: Basic PutBase64TokenHere

{
    "cardId":1587540,
    "customerId":1587534,
    "lockReasonTypeCode": "TMP"
}

Response

    {
  "data": {
    "accounts": [
      {
        "accountBalance": 0.0,
        "accountId": 1587539,
        "accountNumberMasked": "*************1034",
        "availableBalance": 0.0,
        "name": "Savings #1",
        "pendingBalance": 0.0,
        "priority": 1,
        "status": "Open",
        "tag": "",
        "type": "Savings"
      }
    ],
    "cardHolderCustomerId": 1587534,
    "cardId": 1587540,
    "cardNumberMasked": "********************",
    "createdDate": "2016-08-24T18:48:51.6890745-05:00",
    "customerId": 1587534,
    "expireMonth": 8,
    "expireYear": 2018,
    "lockReasonTypeCode": "TMP",
    "lockTypeCode": "CST",
    "nameOnCard": "John Q. Smith",
    "nickName": "My Main Debit Card",
    "primaryAccountId": 1587539,
    "status": "Verified",
    "typeCode": "DBT",
    "vendorTypeCode": "VS"
  },
  "errors": [],
  "requestId": "620c11c5-4674-4f2f-9cc1-2237cb1ad467",
  "status": 200
}

lostOrStolen

Deprecated
Please use /card/hotlist instead.

removeAccount

Removes an account from a card. Can be reversed by calling /card/addAccount.

The customerId attempting to remove the account must have an accessTypeCode of FULL to that account and the customer itself must have a accessTypeCode of FULL or ACCT.

POST /card/removeAccount

Request Body Parameters

`customerId`	Required	Customer ID (the `customerId` or `cardHolderCustomerId` associated with the card)
`cardId`	Required	Card ID (returned when card was originally created)
`accountId`	Required	Account ID that should be removed from the given `cardId`.

Response Data

A `card` object

Error Codes

Code	Message (en-US)	Notes
1-60000	Any "Common Error Code" may occur.	See Common Error Codes
150701	Invalid CardId {0} or CustomerId {1} is not associated with the card.
150702	Cannot remove primaryAccountId {0} from cardId {1}. First reassign a new primary account to the card, then try again.

Example

Request

POST /card/removeAccount
Authorization: Basic PutBase64TokenHere

{
    "cardId":1587540,
    "customerId":1587534,
    "accountId":1587539
}

Response

    {
  "data": {
    "accounts": [
      {
        "accountBalance": 0.0,
        "accountId": 1587546,
        "accountNumberMasked": "*************1055",
        "availableBalance": 0.0,
        "name": "Savings #1",
        "pendingBalance": 0.0,
        "priority": 1,
        "status": "Open",
        "tag": "",
        "type": "Savings"
      }
    ],
    "cardHolderCustomerId": 1587534,
    "cardId": 1587540,
    "cardNumberMasked": "********************",
    "createdDate": "2016-08-24T18:48:51.6890745-05:00",
    "customerId": 1587534,
    "expireMonth": 8,
    "expireYear": 2018,
    "lockReasonTypeCode": "UNK",
    "lockTypeCode": "UNL",
    "nameOnCard": "John Q. Smith",
    "nickName": "My Main Debit Card",
    "primaryAccountId": 1587539,
    "status": "Verified",
    "typeCode": "DBT",
    "vendorTypeCode": "VS"
  },
  "errors": [],
  "requestId": "620c11c5-4674-4f2f-9cc1-2237cb1ad467",
  "status": 200
}

reissue

Reissue a card and send it to a customer. May or may not generate a new card number depending on the reissue reason type.

POST /card/reissue

Request Body Parameters

`customerId`	Required	The `customerId` of the customer who is creating the card.
`cardId`	Required	The `cardId` of the card to reissue.
`reissueReasonTypeCode`	Required	The reason the card is being reissued. Possible values include: `DMG` - Physical Damage * `FRD` - Suspected Fraud `LST` - Lost `STL` - Stolen ** * The card will not be automatically locked; the card number can continue to be used. A new card with the SAME card number will be mailed to customer. The card WILL NOT need to be re-verified upon receipt. ** The card will be hotlisted. i.e. All transactions for that card number will denied. A new card with a NEW card number will be mailed to the customer. The card WILL need to be verified upon receipt.
`newPin`	Optional	The new 4-digit (0-9 only) value to assign to the PIN. Must be encrypted using this public key and converted to base64 per RFC 4648. For example, if your PIN is `1234`, the value for `newPin` would look something like the following: ahbL0fFx/do4mBEpURziDUEJftK5OZKhIts5yThxDgHcmvC56vX/GGrnAenz an3PuO9ZYm353KB/jYqupR0/3UDs0i0PNoeFro3fE5eZZuB3UZzO3HGaf8dJ XSg63CDeqDnuSFCMOhMciZwolgx+jGrSncTt3wWvwysreQ9RFN0+pgJsD8TZ LqZ5oWG/sdUG1yQej8Q/S3HOMmmPou9FIh4H7ZPeQGnkydCxpOKhfuLXKjW8 gc5yhaKA8lmTio+rQ1nA+zDaG/TeNx8FYIBX2TwB8HBkLe1vfQNpVEE8A/H4 SvhxmHrajrZmg2BA9xP/f/JoFTk7mwgeOWYwSC7VnA== This value will never be returned from the API Note: OAEP must be enabled during the encryption process. See the `publicKeyAlgorithms` property of the program object for language-specific details.
`qualifierCode`	Optional	The card qualifier code, if none specified card will be reissued with the current one. (VisaDPS Only)

Response Data

A `card` object in a `Verified`, `PendingVerification` or `ReissuedPendingVerification`

Error Codes

Code	Message (en-US)	Notes
1-60000	Any "Common Error Code" may occur.	See Common Error Codes
	Any error codes associated with card locking.	See /card/lock
	Any error codes associated with card initiation.	See /card/initiate
153001	Invalid Reissue Reason Type {0}. Must be LST, STL, FRD, or DMG.
153002	CardId {0} is not associated with CustomerId {1}.
153003	CardId {0} status is {1}. Must be Verified, Expired, or PendingVerification.

Example

Request

POST /card/reissue
Authorization: Basic PutBase64TokenHere

{
  "customerId": 1587542,
  "cardId": 1587549,
  "reissueReasonTypeCode": "DMG"
}

Response

{
  "data": {
    "accounts": [
      {
        "accountBalance": 0.0,
        "accountId": 1587547,
        "accountNumberMasked": "*************1038",
        "availableBalance": 0.0,
        "name": "Savings #1",
        "pendingBalance": 0.0,
        "priority": 1,
        "status": "Open",
        "tag": "",
        "type": "Savings"
      }
    ],
    "cardHolderCustomerId": 1587542,
    "cardId": 15878949,
    "cardNumberMasked": "********************",
    "createdDate": "2016-08-24T19:28:04.3031184-05:00",
    "customerId": 1587542,
    "expireMonth": 8,
    "expireYear": 2018,
    "lockReasonType": "UNK",
    "lockType": "UNL",
    "nameOnCard": "John Q. Smith",
    "nickName": "My Card",
    "primaryAccountId": 1587547,
    "status": "Initiated",
    "typeCode": "DBT",
    "vendorTypeCode": "VS"
  },
  "errors": [],
  "requestId": "9f7d34bd-2b24-424e-9e87-62b49e3f0bbe",
  "status": 200
}

reprioritizeAccount

Reprioritizes an account on a card.

The customerId attempting to reprioritize the account must have a customer accessTypeCode of FULL or ACCT.

POST /card/reprioritizeAccount

Request Body Parameters

`customerId`	Required	Customer ID (the `customerId` or `cardHolderCustomerId` associated with the card)
`cardId`	Required	Card ID (returned when card was originally created)
`accountId`	Required	Account ID that should be removed from the given `cardId`.
`cardPriority`	Required	The new priority to give the account. Must be between 1 and 4 inclusive. Other accounts tied to the card in the same `productCategoryType` as the `accountId` will be reprioritized accordingly. NOTE: If the account in the priority 1 slot is changing AND that account is the `primaryAccountId` for that card, the account that is moved into the priority 1 slot will be assigned as the new `primaryAccountId`.

Response Data

A `card` object

Error Codes

Code	Message (en-US)	Notes
1-60000	Any "Common Error Code" may occur.	See Common Error Codes
150801	Invalid CardId {0} or CustomerId {1} is not associated with the card.
150802	New Priority {0} for CardId {1}, AccountId {2} must be between 1 and {3}.

Scenarios

Account Name	Priority	Notes
Checking A	1	Checking A is the "primary account" on the card
Checking B	2
Checking C	3

"Set priority of Checking A to 3"

Checking A will change priorities from 1 to 3
Checking B and Checking C priorities will each "slide up" 1
Checking B will be marked as the primaryAccountId for the card

Account Name	Priority	Notes
Checking B	1	Checking B is now the "primary account" on the card
Checking C	2
Checking A	3

"Set priority of Checking C to 1"

Checking C will change priorities from 3 to 1
Checking A and Checking B priorities will each "slide down" 1
Checking C will be marked as the primaryAccountId for the card

Account Name	Priority	Notes
Checking C	1	Checking B is now the "primary account" on the card
Checking A	2
Checking B	3

"Set priority of Checking B to 3"

Checking B will change priorities from 2 to 3
Checking C will "slide up" 1
Checking A remains the primaryAccountId for the card

Account Name	Priority	Notes
Checking A	1	Checking A remains the "primary account" on the card
Checking C	2
Checking B	3

Example

Request

POST /card/reprioritizeAccount
Authorization: Basic PutBase64TokenHere

{
    "cardId":1587540,
    "customerId":1587534,
    "accountId":1587539,
    "priority":1
}

Response

    {
  "data": {
    "accounts": [
      {
        "accountBalance": 0.0,
        "accountId": 1587539,
        "accountNumberMasked": "*************1055",
        "availableBalance": 0.0,
        "name": "Savings #1",
        "pendingBalance": 0.0,
        "priority": 1,
        "status": "Open",
        "tag": "",
        "type": "Savings"
      },
      {
        "accountBalance": 20.0,
        "accountId": 1587547,
        "accountNumberMasked": "*************1922",
        "availableBalance": 0.0,
        "name": "Savings ABC",
        "pendingBalance": 0.0,
        "priority": 2,
        "status": "Open",
        "tag": "",
        "type": "Savings"
      }
    ],
    "cardHolderCustomerId": 1587534,
    "cardId": 1587540,
    "cardNumberMasked": "********************",
    "createdDate": "2016-08-24T18:48:51.6890745-05:00",
    "customerId": 1587534,
    "expireMonth": 8,
    "expireYear": 2018,
    "lockReasonTypeCode": "UNK",
    "lockTypeCode": "UNL",
    "nameOnCard": "John Q. Smith",
    "nickName": "My Main Debit Card",
    "primaryAccountId": 1587539,
    "status": "Verified",
    "typeCode": "DBT",
    "vendorTypeCode": "VS"
  },
  "errors": [],
  "requestId": "620c11c5-4674-4f2f-9cc1-2237cb1ad467",
  "status": 200
}

resetPin

Creates a request to reset the PIN for a card. NOTE: This is not a real-time PIN reset. May take up to 24 hours to reset the PIN.

POST /card/resetpin

Request Body Parameters

`customerId`	Required	Customer ID (the `customerId` or `cardHolderCustomerId` associated with the card)
`cardId`	Required	Card ID (returned when card was originally created)
`newPin`	Required	The new 4-digit (0-9 only) value to assign to the PIN. Must be encrypted using this public key and converted to base64 per RFC 4648. For example, if your PIN is `1234`, the value for `newPin` would look something like the following: ahbL0fFx/do4mBEpURziDUEJftK5OZKhIts5yThxDgHcmvC56vX/GGrnAenz an3PuO9ZYm353KB/jYqupR0/3UDs0i0PNoeFro3fE5eZZuB3UZzO3HGaf8dJ XSg63CDeqDnuSFCMOhMciZwolgx+jGrSncTt3wWvwysreQ9RFN0+pgJsD8TZ LqZ5oWG/sdUG1yQej8Q/S3HOMmmPou9FIh4H7ZPeQGnkydCxpOKhfuLXKjW8 gc5yhaKA8lmTio+rQ1nA+zDaG/TeNx8FYIBX2TwB8HBkLe1vfQNpVEE8A/H4 SvhxmHrajrZmg2BA9xP/f/JoFTk7mwgeOWYwSC7VnA== Note: OAEP must be enabled during the encryption process. See the `publicKeyAlgorithms` property of the program object for language-specific details.

Response Data

A `card` object

Error Codes

Code	Message (en-US)	Notes
1-60000	Any "Common Error Code" may occur.	See Common Error Codes
150403	CustomerId {0} does not have access to CardId {1}.
150901	New PIN must be an integer value between 1 and 9999.
150903	New PIN must be an integer value between 1 and 9999.
OTHER TBD

Example

Request

POST /card/resetpin
Authorization: Basic PutBase64TokenHere

{
    "cardId":1587540,
    "customerId":1587534,
    "newPin": "ahbL0fFx/do4mBEpURziDUEJftK5OZKhIts5yThxDgHcmvC56vX/GGrnAenzan3PuO9ZYm353KB/jYqupR0/3UDs0i0PNoeFro3fE5eZZuB3UZzO3HGaf8dJXSg63CDeqDnuSFCMOhMciZwolgx+jGrSncTt3wWvwysreQ9RFN0+pgJsD8TZLqZ5oWG/sdUG1yQej8Q/S3HOMmmPou9FIh4H7ZPeQGnkydCxpOKhfuLXKjW8gc5yhaKA8lmTio+rQ1nA+zDaG/TeNx8FYIBX2TwB8HBkLe1vfQNpVEE8A/H4SvhxmHrajrZmg2BA9xP/f/JoFTk7mwgeOWYwSC7VnA=="
}

Response

    {
  "data": {
    "accounts": [
      {
        "accountBalance": 0.0,
        "accountId": 1587539,
        "accountNumberMasked": "*************1034",
        "availableBalance": 0.0,
        "name": "Savings #1",
        "pendingBalance": 0.0,
        "priority": 1,
        "status": "Open",
        "tag": "",
        "type": "Savings"
      }
    ],
    "cardHolderCustomerId": 1587534,
    "cardId": 1587540,
    "cardNumberMasked": "********************",
    "createdDate": "2016-08-24T18:48:51.6890745-05:00",
    "customerId": 1587534,
    "expireMonth": 8,
    "expireYear": 2018,
    "lockReasonTypeCode": "UNK",
    "lockTypeCode": "UNL",
    "nameOnCard": "John Q. Smith",
    "nickName": "My Main Debit Card",
    "primaryAccountId": 1587539,
    "status": "Verified",
    "typeCode": "DBT",
    "vendorTypeCode": "VS"
  },
  "errors": [],
  "requestId": "620c11c5-4674-4f2f-9cc1-2237cb1ad467",
  "status": 200
}

unlock

Unlocks a card. Can be reversed by calling /card/lock.

The following matrix details when this call will succeed or fail.

Current lockTypeCode	Current lockReasonTypeCode	Result
`CST`	`UNK` - Uknown	Unlocked Successfully
`CST`	`DMG` - Physical Damage	Unlocked Successfully
`CST`	`TMP` - Temporary	Unlocked Successfully
`CST`	`ADM` - Administrative	Unlocked Successfully
`CST`	`LST` - Lost	Unlock Fails - Lost cards can never be used again
`CST`	`STL` - Stolen	Unlock Fails - Stolen cards can never be used again
`CST`	`FRD` - Suspected Fraud	Unlock Fails - Suspected Fraud cards can never be used again
`SYS`	`LST` - Lost	Unlock Fails - Lost cards can never be used again
`SYS`	`STL` - Stolen	Unlock Fails - Stolen cards can never be used again
`SYS`	`FRD` - Suspected Fraud	Unlock Fails - Suspected Fraud cards can never be used again
`SYS`	`ADM` - Administrative	Unlock Fails - Only Admin Console or an automated process can unlock
`SYS`	`PIN` - PIN Retry Limit Exceeded	Unlock Fails - Only Admin Console or an automated process can unlock
`CST` = Customer Applied `SYS` = System Applied

POST /card/unlock

Request Body Parameters

`customerId`	Required	Customer ID (the `customerId` or `cardHolderCustomerId` associated with the card)
`cardId`	Required	Card ID (returned when card was originally created)

Response Data

A `card` object	The card will have a `lockTypeCode` of `UNL` upon successful completion of this call. The card is unlocked and ready for transfers to take place.

Error Codes

Code	Message (en-US)	Notes
1-60000	Any "Common Error Code" may occur.	See Common Error Codes
150501	Invalid CardId {0} or CustomerId {1}.
150502	CardId {0} has been locked by an Administrator or an automated process.
150503	CardId {0} has been marked as lost, stolen, suspected fraudulent. Cannot unlock.

Example

Request

POST /card/unlock
Authorization: Basic PutBase64TokenHere

{
    "cardId":1587540,
    "customerId":1587534
}

Response

    {
  "data": {
    "accounts": [
      {
        "accountBalance": 0.0,
        "accountId": 1587539,
        "accountNumberMasked": "*************1034",
        "availableBalance": 0.0,
        "name": "Savings #1",
        "pendingBalance": 0.0,
        "priority": 1,
        "status": "Open",
        "tag": "",
        "type": "Savings"
      }
    ],
    "cardHolderCustomerId": 1587534,
    "cardId": 1587540,
    "cardNumberMasked": "********************",
    "createdDate": "2016-08-24T18:48:51.6890745-05:00",
    "customerId": 1587534,
    "expireMonth": 8,
    "expireYear": 2018,
    "lockReasonTypeCode": "UNK",
    "lockTypeCode": "UNL",
    "nameOnCard": "John Q. Smith",
    "nickName": "My Main Debit Card",
    "primaryAccountId": 1587539,
    "status": "Verified",
    "typeCode": "DBT",
    "vendorTypeCode": "VS"
  },
  "errors": [],
  "requestId": "620c11c5-4674-4f2f-9cc1-2237cb1ad467",
  "status": 200
}

verify

Verify a customer has received a physical card and activate it for use.

POST /card/verify

Request Body Parameters

`customerId`	Required	Customer ID (the `customerId` or `cardHolderCustomerId` associated with the card)
`cardId`	Required	Card ID (returned when card was originally created)
`birthDate`	Required	The `birthDate` of the `customerId` who created the card.
`cardNumberMasked`	Required	The last 4 digits of the `cardNumber` value printed on the physical card. In Sandbox environment, this value is always `1111`.

Response Data

A `card` object	The card will be in a status of `Verified` upon successful completion of this call. Transfers may then be made using this card.

Error Codes

Code	Message (en-US)	Notes
1-60000	Any "Common Error Code" may occur.	See Common Error Codes
150301	Invalid CardId {0} or CustomerId {1} is not associated with the card.
150302	CardId {0} must be in a PendingVerification status to be verified. Current status is {1}.
150303	Provided values do not match those on file.

Example

Request

POST /card/verify
Authorization: Basic PutBase64TokenHere

{
    "cardId":12,
    "customerId":456,
    "birthDate": "1975-02-28T00:00:00.000+00:00",
    "cardNumberMasked":"1111"
}

Response

    {
  "data": {
    "accounts": [
      {
        "accountBalance": 0.0,
        "accountId": 1587539,
        "accountNumberMasked": "*************1034",
        "availableBalance": 0.0,
        "name": "Savings #1",
        "pendingBalance": 0.0,
        "priority": 1,
        "status": "Open",
        "tag": "",
        "type": "Savings"
      }
    ],
    "cardHolderCustomerId": 1587534,
    "cardId": 1587540,
    "cardNumberMasked": "************1111",
    "createdDate": "2016-08-24T18:48:51.6890745-05:00",
    "customerId": 1587534,
    "expireMonth": 8,
    "expireYear": 2018,
    "lockReasonTypeCode": "UNK",
    "lockTypeCode": "UNL",
    "nameOnCard": "John Q. Smith",
    "nickName": "My Main Debit Card",
    "primaryAccountId": 1587539,
    "status": "Verified",
    "typeCode": "DBT",
    "vendorTypeCode": "VS"
  },
  "errors": [],
  "requestId": "620c11c5-4674-4f2f-9cc1-2237cb1ad467",
  "status": 200
}

`customerId`	Required	Id of the customer who created the card (`customerId`) OR to whom the card is assigned (`cardHolderCustomerId`) i.e. either the card creator or the card assignee can archive a card.
`cardId`	Required	Id of the card (returned when the card was created)

API Documentation

Common Error Codes

details

Card

card Object

details

addAccount

POST /card/addAccount

Request Body Parameters

Response Data

Error Codes

Example

Request

Response

archive

POST /card/archive

Request Body Parameters

Response Data

Error Codes

Example

Request

Response

get

GET /card/get/{customerId}/{cardId}

Request Parameters

Response Data

Error Codes

Example

Request

Response

getByTag

GET /card/getbytag/{customerId}/{tag}

Request Parameters

Response Data

Error Codes

Example

Request

Response

hotlist

POST /card/hotlist

Request Body Parameters

Response Data

Error Codes

Example

Request

Response

initiate

POST /card/initiate

Request Body Parameters

Response Data

Error Codes

Example

Request

Response

list

GET /card/list/{customerId}

Request Parameters

Response Data

Error Codes

Example

Request

Response

lock

POST /card/lock

Request Body Parameters

Response Data

Error Codes

Example

Request

Response

lostOrStolen

removeAccount

POST /card/removeAccount

Request Body Parameters

Response Data

Error Codes

Example

Request

Response

reissue