Managed Cards

Managed Cards are a type of financial instrument offered by Weavr.

You can create virtual or physical cards that are issued to the consumer or corporate identity.

A card created in prepaid mode has its own balance, whereas a card created in debit mode does not have its own balance but taps into the balance of its parent managed account.

Create a managed card

Creates a managed card for the consumer or corporate identity. The Managed Card Profile (configured in the Multi Portal) specified determines the behaviour and restrictions that the managed card will have.

Securityauth_token and api_key
Request
header Parameters
idempotency-ref
string

A unique call reference generated by the caller that, taking into consideration the payload as well as the operation itself, helps avoid duplicate operations. Idempotency reference uniqueness is maintained for at least 24 hours.

Request Body schema: application/json
required
profileId
required
string (ProfileId) ^[0-9]+$

The profile Id which a specific identity, instrument or transaction type is linked to.

Profiles contain configuration and determine behavioral aspects of the newly created transaction, for example, fees that may apply.

You can have one or more profiles linked to your application, and these can be used to drive different behaviors according to your product's needs.

Profile Ids can be found in the Multi Portal, in the API Credentials page.

tag
string (Tag) <= 50 characters ^[a-zA-Z0-9_-]+$

The tag field is a custom field that can be used to search and filter.

friendlyName
required
string [ 1 .. 50 ] characters

The friendly name for the card.

nameOnCard
required
string [ 1 .. 27 ] characters ^[a-zA-Z0-9ßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÒÓÔÕÖØŠÙÚÛÜŸÝĄĆČĎ...

The card holder's name for the card.

This may be verified by merchants when the card is used online. For Physical cards, this field will be printed on the card. The maximum characters allowed will depend on the design chosen and will be provided to you by Weavr when setting up your plastic cards.

nameOnCardLine2
string <= 27 characters ^[a-zA-Z0-9ßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÒÓÔÕÖØŠÙÚÛÜŸÝĄĆČĎ...

Line 2 of the 'name on card' field. For Physical cards, this field will be printed on the card. The maximum characters allowed will depend on the design chosen and will be provided to you by Weavr when setting up your plastic cards.

cardholderMobileNumber
string [ 5 .. 20 ] characters ^\\+[0-9]+$
Deprecated

The mobile number including country code of the card holder.

For transactions that require a 3DS challenge, an SMS with a code will be sent on this number, to be entered during an online purchase.

required
object (BillingAddress)

The billing address set for the card holder. This may be verified by merchants when the card is used online.

object (DigitalWallets)

The Card Tokenisation details

authForwardingDefaultTimeoutDecision
string

Default decision for auth forwarding on timeout

Enum: "APPROVE" "DECLINE"
object (ThreeDSecureAuthConfig)

3DS details for card creation

mode
required
string

The card can be created in prepaid mode or debit mode.

  • A prepaid mode card has its own balance and can have funds transferred to or from it.
  • A debit mode card does not have its own balance but will be able to spend funds belonging to its parent managed account, subject to a configurable spend limit.
Array of objects (ExternalData) <= 10 items unique

External data fields, as provided and managed by the caller that are to be stored and associated with a Managed Card instance. This information is not processed or used by Weavr but some of the values could be shown in specific reports and used as filters

renewalType
string (CardRenewalType)

Indicates how the card will be handled once it is close to expiring.

  • RENEW: The card will be automatically renewed, keeping the same card number but with a new expiry date and CVV.
  • NO_RENEW: Once the expiry date is reached, the card is destroyed.
Enum: "RENEW" "NO_RENEW"
currency
required
string (Currency) = 3 characters ^[A-Z]*$

The currency expressed in ISO-4217 code. Example: GBP, EUR, USD.

Responses
200

Success

400

Bad Request Error - Your request is invalid.

401

Unauthorized - Your credentials or access token are invalid.

403

Forbidden - Access to the requested resource or action is forbidden.

409

Conflict

429

Too many requests.

500

Internal Server Error - There is a problem with the server. Please try again later.

503

Service Unavailable - We're temporarily offline for maintenance. Please try again later.

default

Error

post/managed_cards
Request samples
application/json
{
  • "profileId": "string",
  • "tag": "string",
  • "friendlyName": "string",
  • "nameOnCard": "string",
  • "nameOnCardLine2": "string",
  • "cardholderMobileNumber": "string",
  • "billingAddress": {
    },
  • "digitalWallets": {
    },
  • "authForwardingDefaultTimeoutDecision": "APPROVE",
  • "threeDSecureAuthConfig": {
    },
  • "mode": "PREPAID_MODE",
  • "externalData": [
    ],
  • "renewalType": "RENEW",
  • "currency": "str"
}
Response samples
application/json
{
  • "id": "string",
  • "profileId": "string",
  • "externalHandle": "string",
  • "tag": "string",
  • "friendlyName": "string",
  • "currency": "str",
  • "state": {
    },
  • "type": "VIRTUAL",
  • "cardBrand": "MASTERCARD",
  • "cardNumber": {
    },
  • "cvv": {
    },
  • "cardNumberFirstSix": "string",
  • "cardNumberLastFour": "stri",
  • "nameOnCard": "string",
  • "nameOnCardLine2": "string",
  • "startMmyy": "stri",
  • "expiryMmyy": "stri",
  • "cardLevelClassification": "CONSUMER",
  • "expiryPeriodMonths": 1,
  • "renewalType": "RENEW",
  • "renewalTimestamp": 0,
  • "creationTimestamp": 0,
  • "cardholderMobileNumber": "string",
  • "billingAddress": {
    },
  • "physicalCardDetails": {
    },
  • "digitalWallets": {
    },
  • "authForwardingDefaultTimeoutDecision": "APPROVE",
  • "threeDSecureAuthConfig": {
    },
  • "mode": "PREPAID_MODE",
  • "externalData": [
    ],
  • "balances": {
    }
}

Get all managed cards

Fetch cards matching the search criteria provided.

Securityauth_token and api_key
Request
query Parameters
offset
integer <int32> >= 0

The offset value for paging, indicating the initial item number to be returned from the data set satisfying the given criteria. Leave out to fetch the first page of results.

limit
integer <int32> [ 1 .. 100 ]

The limit of the results for paging, starting at the offset. Limit is always capped at 100.

profileId
string (ProfileId) ^[0-9]+$

Filter by the managed account/card profile. Leave out to fetch all managed accounts/card.

friendlyName
string [ 1 .. 50 ] characters

Filter by the managed account/card friendly name. Leave out to fetch all managed accounts/card.

The exact name must be provided, as wildcards are not supported.

state
Array of strings (InstrumentState) unique
Items Enum: "ACTIVE" "BLOCKED" "DESTROYED"
state.blockedReason
Array of strings (BlockedReason) unique
Items Enum: "USER" "SYSTEM" "LOST"
state.destroyedReason
Array of strings (DestroyedReason) unique
Items Enum: "SYSTEM" "USER" "LOST" "STOLEN" "EXPIRED"
currency
string (Currency) = 3 characters ^[A-Z]*$

Filter by the managed account/card currency.

Currencies are expressed as an ISO 4217 code. Leave out to fetch all managed accounts/card.

type
string

Filter by the type of the card.

Enum: "VIRTUAL" "PHYSICAL"
externalHandle
string

Search by the card's externalHandle.

cardNumberFirstSix
string = 6 characters ^[0-9]*$

Filter by first six digits of the card.

cardNumberLastFour
string = 4 characters ^[0-9]*$

Filter by last four digits of the card.

createdFrom
integer <int64>

Filter for managed accounts/cards created after createdFrom timestamp. Timestamp is expressed in Epoch timestamp using millisecond precision. Leave out to fetch all managed accounts/cards.

createdTo
integer <int64>

Filter for managed accounts/cards created before createdTo timestamp. Timestamp is expressed in Epoch timestamp using millisecond precision. Leave out to fetch all managed accounts/cards.

mode
string

Filter by card mode (prepaid mode or debit mode).

Enum: "DEBIT_MODE" "PREPAID_MODE"
tag
string

Filter by the managed account/card tag. The exact tag must be provided, as wildcards are not supported. Leave out to fetch all managed accounts/card.

parentManagedAccountId
string^[0-9]+$

Filter by the Id of the parent managed account associated with the card. This is applicable only for debit mode cards.

manufacturingState
Array of strings (ManufacturingState) unique
Items Enum: "REQUESTED" "SENT_FOR_FULFILLMENT" "DISPATCHED" "DELIVERED"
Responses
200

Success

400

Bad Request Error - Your request is invalid.

401

Unauthorized - Your credentials or access token are invalid.

403

Forbidden - Access to the requested resource or action is forbidden.

429

Too many requests.

500

Internal Server Error - There is a problem with the server. Please try again later.

503

Service Unavailable - We're temporarily offline for maintenance. Please try again later.

default

Error

get/managed_cards
Request samples
Response samples
application/json
{
  • "cards": [
    ],
  • "count": 0,
  • "responseCount": 0
}

Get a managed card

Returns all details of the managed card identified by the id path parameter.

Securityauth_token and api_key
Request
path Parameters
id
required
string^[0-9]+$

The unique identifier of a card.

Responses
200

Success

400

Bad Request Error - Your request is invalid.

401

Unauthorized - Your credentials or access token are invalid.

403

Forbidden - Access to the requested resource or action is forbidden.

404

Not found - The requested resource couldn't be found.

429

Too many requests.

500

Internal Server Error - There is a problem with the server. Please try again later.

503

Service Unavailable - We're temporarily offline for maintenance. Please try again later.

default

Error

get/managed_cards/{id}
Request samples
Response samples
application/json
{
  • "id": "string",
  • "profileId": "string",
  • "externalHandle": "string",
  • "tag": "string",
  • "friendlyName": "string",
  • "currency": "str",
  • "state": {
    },
  • "type": "VIRTUAL",
  • "cardBrand": "MASTERCARD",
  • "cardNumber": {
    },
  • "cvv": {
    },
  • "cardNumberFirstSix": "string",
  • "cardNumberLastFour": "stri",
  • "nameOnCard": "string",
  • "nameOnCardLine2": "string",
  • "startMmyy": "stri",
  • "expiryMmyy": "stri",
  • "cardLevelClassification": "CONSUMER",
  • "expiryPeriodMonths": 1,
  • "renewalType": "RENEW",
  • "renewalTimestamp": 0,
  • "creationTimestamp": 0,
  • "cardholderMobileNumber": "string",
  • "billingAddress": {
    },
  • "physicalCardDetails": {
    },
  • "digitalWallets": {
    },
  • "authForwardingDefaultTimeoutDecision": "APPROVE",
  • "threeDSecureAuthConfig": {
    },
  • "mode": "PREPAID_MODE",
  • "externalData": [
    ],
  • "balances": {
    }
}

Update a managed card

Update the details of the managed card identified by the id path parameter.

Securityauth_token and api_key
Request
path Parameters
id
required
string^[0-9]+$

The unique identifier of a card.

header Parameters
idempotency-ref
string

A unique call reference generated by the caller that, taking into consideration the payload as well as the operation itself, helps avoid duplicate operations. Idempotency reference uniqueness is maintained for at least 24 hours.

Request Body schema: application/json
required
tag
string (Tag) <= 50 characters ^[a-zA-Z0-9_-]+$

The tag field is a custom field that can be used to search and filter.

friendlyName
string [ 1 .. 50 ] characters

Updates the friendly name of the card. Leave blank if no change is needed.

nameOnCard
string <= 27 characters ^[a-zA-Z0-9ßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÒÓÔÕÖØŠÙÚÛÜŸÝĄĆČĎ...

The card holder's name for the card.

This may be verified by merchants when the card is used online. For Physical cards, this field will be printed on the card. The maximum characters allowed will depend on the design chosen and will be provided to you by Weavr when setting up your plastic cards.

nameOnCardLine2
string <= 27 characters ^[a-zA-Z0-9ßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÒÓÔÕÖØŠÙÚÛÜŸÝĄĆČĎ...

Line 2 of the 'name on card' field. For Physical cards, this field will be printed on the card. The maximum characters allowed will depend on the design chosen and will be provided to you by Weavr when setting up your plastic cards.

cardholderMobileNumber
string [ 5 .. 20 ] characters ^\\+[0-9]+$

The mobile number including country code of the card holder, needed in case a 3DS challenge is required.

object (BillingAddress)

The billing address of the card holder. Merchants may request the billing address to be checked for online purchases.

object (DeliveryAddress)

The delivery address set for the card holder. This is only applicable for physical cards.

deliveryMethod
string (DeliveryMethod)

The delivery methods supported for delivering printed physical cards. If not specified, the STANDARD_DELIVERY method will be used.

Enum: "STANDARD_DELIVERY" "REGISTERED_MAIL" "COURIER" "FIRST_CLASS_MAIL"
object (DigitalWallets)
authForwardingDefaultTimeoutDecision
string

Default decision for auth forwarding on timeout

Enum: "APPROVE" "DECLINE"
object (ThreeDSecureAuthConfig)
Array of objects (ExternalData) <= 10 items unique

External data fields, as provided and managed by the caller that are to be stored and associated with a Managed Card instance. This information is not processed or used by Weavr but some of the values could be shown in specific reports and used as filters

bulkDelivery
boolean (BulkCardDelivery)

Bulk delivery is available for deliveryMethods REGISTERED_MAIL or COURIER. All cards marked as bulk and ordered within the fulfilment centre’s dispatch window will be sent in bulk. Delivery address must be identical for all orders. contactNumber in the deliveryAddress object is mandatory when bulk is selected. Maximum number of cards delivered in a single box/packet is REGISTERED_MAIL = 90, COURIER = 200.

activationCode
string (PhysicalCardActivationCode) <= 6 characters ^[0-9]+$

The unique code to be used to activate the physical card.

productReference
string

The product design reference to be used for this physical card.

This reference will be given to you once your physical card programme has been set up. If only one card programme is configured, this field can be left empty.

carrierType
string

The carrier type to be used for this physical card.

This reference will be given to you once your physical card carrier has been set up. If only one carrier is configured, this field can be left empty.

renewalType
string (CardRenewalType)

Indicates how the card will be handled once it is close to expiring.

  • RENEW: The card will be automatically renewed, keeping the same card number but with a new expiry date and CVV.
  • NO_RENEW: Once the expiry date is reached, the card is destroyed.
Enum: "RENEW" "NO_RENEW"
Responses
200

Success

400

Bad Request Error - Your request is invalid.

401

Unauthorized - Your credentials or access token are invalid.

403

Forbidden - Access to the requested resource or action is forbidden.

404

Not found - The requested resource couldn't be found.

409

Conflict

429

Too many requests.

500

Internal Server Error - There is a problem with the server. Please try again later.

503

Service Unavailable - We're temporarily offline for maintenance. Please try again later.

default

Error

patch/managed_cards/{id}
Request samples
application/json
{
  • "tag": "string",
  • "friendlyName": "string",
  • "nameOnCard": "string",
  • "nameOnCardLine2": "string",
  • "cardholderMobileNumber": "string",
  • "billingAddress": {
    },
  • "deliveryAddress": {
    },
  • "deliveryMethod": "STANDARD_DELIVERY",
  • "digitalWallets": {
    },
  • "authForwardingDefaultTimeoutDecision": "APPROVE",
  • "threeDSecureAuthConfig": {
    },
  • "externalData": [
    ],
  • "bulkDelivery": true,
  • "activationCode": "string",
  • "productReference": "string",
  • "carrierType": "string",
  • "renewalType": "RENEW"
}
Response samples
application/json
{
  • "id": "string",
  • "profileId": "string",
  • "externalHandle": "string",
  • "tag": "string",
  • "friendlyName": "string",
  • "currency": "str",
  • "state": {
    },
  • "type": "VIRTUAL",
  • "cardBrand": "MASTERCARD",
  • "cardNumber": {
    },
  • "cvv": {
    },
  • "cardNumberFirstSix": "string",
  • "cardNumberLastFour": "stri",
  • "nameOnCard": "string",
  • "nameOnCardLine2": "string",
  • "startMmyy": "stri",
  • "expiryMmyy": "stri",
  • "cardLevelClassification": "CONSUMER",
  • "expiryPeriodMonths": 1,
  • "renewalType": "RENEW",
  • "renewalTimestamp": 0,
  • "creationTimestamp": 0,
  • "cardholderMobileNumber": "string",
  • "billingAddress": {
    },
  • "physicalCardDetails": {
    },
  • "digitalWallets": {
    },
  • "authForwardingDefaultTimeoutDecision": "APPROVE",
  • "threeDSecureAuthConfig": {
    },
  • "mode": "PREPAID_MODE",
  • "externalData": [
    ],
  • "balances": {
    }
}

Block a managed card

Blocks the managed card identified by the id path parameter. This is a reversible action and the card can be unblocked using the managedCardUnblock operation.

Securityauth_token and api_key
Request
path Parameters
id
required
string^[0-9]+$

The unique identifier of a managed card.

header Parameters
idempotency-ref
string

A unique call reference generated by the caller that, taking into consideration the payload as well as the operation itself, helps avoid duplicate operations. Idempotency reference uniqueness is maintained for at least 24 hours.

Responses
204

Success - No Content.

400

Bad Request Error - Your request is invalid.

401

Unauthorized - Your credentials or access token are invalid.

403

Forbidden - Access to the requested resource or action is forbidden.

404

Not found - The requested resource couldn't be found.

409

Conflict

429

Too many requests.

500

Internal Server Error - There is a problem with the server. Please try again later.

503

Service Unavailable - We're temporarily offline for maintenance. Please try again later.

default

Error

post/managed_cards/{id}/block
Request samples
Response samples
application/json
{
  • "message": "string",
  • "syntaxErrors": {
    }
}

Unblock a managed card

Unblocks the managed card identified by the id path parameter. The managed card must have state.blockedReason as USER so that it can be unblocked. If the managed card was blocked by SYSTEM, users cannot unblock it.

Securityauth_token and api_key
Request
path Parameters
id
required
string^[0-9]+$

The unique identifier of the managed card.

header Parameters
idempotency-ref
string

A unique call reference generated by the caller that, taking into consideration the payload as well as the operation itself, helps avoid duplicate operations. Idempotency reference uniqueness is maintained for at least 24 hours.

Responses
204

Success - No Content.

400

Bad Request Error - Your request is invalid.

401

Unauthorized - Your credentials or access token are invalid.

403

Forbidden - Access to the requested resource or action is forbidden.

404

Not found - The requested resource couldn't be found.

409

Conflict

429

Too many requests.

500

Internal Server Error - There is a problem with the server. Please try again later.

503

Service Unavailable - We're temporarily offline for maintenance. Please try again later.

default

Error

post/managed_cards/{id}/unblock
Request samples
Response samples
application/json
{
  • "message": "string",
  • "syntaxErrors": {
    }
}

Remove a managed card

Destroys the managed card identified by the id path parameter. Unlike block, this action is not reversible.

A managed card must be empty before it can be destroyed using this operation.

Securityauth_token and api_key
Request
path Parameters
id
required
string^[0-9]+$

The unique identifier of a managed card.

Responses
204

Success - No Content.

400

Bad Request Error - Your request is invalid.

401

Unauthorized - Your credentials or access token are invalid.

403

Forbidden - Access to the requested resource or action is forbidden.

404

Not found - The requested resource couldn't be found.

409

Conflict

429

Too many requests.

500

Internal Server Error - There is a problem with the server. Please try again later.

503

Service Unavailable - We're temporarily offline for maintenance. Please try again later.

default

Error

post/managed_cards/{id}/remove
Request samples
Response samples
application/json
{
  • "message": "string",
  • "syntaxErrors": {
    }
}

Get a managed card statement

Returns a list of transactions against the managed card identified by the id path parameter, matching the criteria provided in the request.

Securityauth_token and api_key
Request
path Parameters
id
required
string^[0-9]+$

The unique identifier of a managed card.

query Parameters
offset
integer <int32> >= 0

The offset value for paging, indicating the initial item number to be returned from the data set satisfying the given criteria. Leave out to fetch the first page of results.

limit
integer <int32> [ 1 .. 100 ]

The limit of the results for paging, starting at the offset. Limit is always capped at 100.

orderByTimestamp
string

Orders the result in ascending or descending order.

  • ASC: Ascending order, oldest transactions first.
  • DESC: Descending order, most recent transactions first.

If not specified, the transactions will be returned in descending order.

Enum: "ASC" "DESC"
fromTimestamp
integer <int64>

Filter for transactions having transaction timestamp after fromTimestamp. Timestamp is expressed in Epoch timestamp using millisecond precision. Leave out to fetch all managed accounts.

toTimestamp
integer <int64>

Filter for transactions having transaction timestamp before toTimestamp. Timestamp is expressed in Epoch timestamp using millisecond precision. Leave out to fetch all managed accounts. Must be higher than fromTimestamp if both parameters are provided.

singleEntryPerTransaction
boolean

Returns transactions that span multiple movements as a single entry. Only includes transactions that have been completed. Defaults to true for PDF statements, false otherwise. Note: due to the fact that only completed transactions are included, some transactions that are in progress and have modified the balance of the instrument will not be shown, which could lead to seemingly inconsistent balance being displayed.

header Parameters
accept
string

A request parameter specifying the type of response the client would like. Must be one of application/json, application/pdf or text/csv.

The default response type (application/json) will be returned if specified incorrectly or not specified.

Responses
200

Success

400

Bad Request Error - Your request is invalid.

401

Unauthorized - Your credentials or access token are invalid.

403

Forbidden - Access to the requested resource or action is forbidden.

404

Not found - The requested resource couldn't be found.

429

Too many requests.

500

Internal Server Error - There is a problem with the server. Please try again later.

503

Service Unavailable - We're temporarily offline for maintenance. Please try again later.

default

Error

get/managed_cards/{id}/statement
Request samples
Response samples
{
  • "entry": [
    ],
  • "count": 0,
  • "responseCount": 0,
  • "startBalance": {
    },
  • "endBalance": {
    },
  • "footer": "string"
}

Assign a managed card

If your application requires anonymous cards, Weavr will create a pool of cards that are initially not assigned to any identity. This operation assigns one such previously created managed card from the card pool to the logged-in consumer or corporate identity.

Securityauth_token and api_key
Request
header Parameters
idempotency-ref
string

A unique call reference generated by the caller that, taking into consideration the payload as well as the operation itself, helps avoid duplicate operations. Idempotency reference uniqueness is maintained for at least 24 hours.

Request Body schema: application/json
required
externalReference
required
string

Unique code identifying a card.

activationCode
required
string

The code to be used to activate the physical card. Depending on how the cards were created, this may be a code set upon creation, or it may be the same as the externalReference.

friendlyName
required
string [ 1 .. 50 ] characters

The friendly name given to the card.

nameOnCard
required
string <= 27 characters ^[a-zA-Z0-9ßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÒÓÔÕÖØŠÙÚÛÜŸÝĄĆČĎ...

The card holder’s name for the card. This may be verified by merchants when the card is used online. For Physical cards, this field will be printed on the card. The maximum characters allowed will depend on the design chosen and will be provided to you by Weavr when setting up your plastic cards.

nameOnCardLine2
string <= 27 characters ^[a-zA-Z0-9ßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÒÓÔÕÖØŠÙÚÛÜŸÝĄĆČĎ...

Line 2 of the 'name on card' field. For Physical cards, this field will be printed on the card. The maximum characters allowed will depend on the design chosen and will be provided to you by Weavr when setting up your plastic cards.

required
object (BillingAddress)

The billing address set for the card holder, required for AVS checking.

cardholderMobileNumber
string [ 5 .. 20 ] characters ^\\+[0-9]+$

The mobile number including country code of the card holder, needed for 3DS challenge.

authForwardingDefaultTimeoutDecision
string

Default decision for auth forwarding on timeout

Enum: "APPROVE" "DECLINE"
object (ThreeDSecureAuthConfig)
Responses
200

Success

400

Bad Request Error - Your request is invalid.

401

Unauthorized - Your credentials or access token are invalid.

403

Forbidden - Access to the requested resource or action is forbidden.

409

Conflict

429

Too many requests.

500

Internal Server Error - There is a problem with the server. Please try again later.

503

Service Unavailable - We're temporarily offline for maintenance. Please try again later.

default

Error

post/managed_cards/assign
Request samples
application/json
{
  • "externalReference": "string",
  • "activationCode": "string",
  • "friendlyName": "string",
  • "nameOnCard": "string",
  • "nameOnCardLine2": "string",
  • "billingAddress": {
    },
  • "cardholderMobileNumber": "string",
  • "authForwardingDefaultTimeoutDecision": "APPROVE",
  • "threeDSecureAuthConfig": {
    }
}
Response samples
application/json
{
  • "id": "string",
  • "profileId": "string",
  • "externalHandle": "string",
  • "tag": "string",
  • "friendlyName": "string",
  • "currency": "str",
  • "state": {
    },
  • "type": "VIRTUAL",
  • "cardBrand": "MASTERCARD",
  • "cardNumber": {
    },
  • "cvv": {
    },
  • "cardNumberFirstSix": "string",
  • "cardNumberLastFour": "stri",
  • "nameOnCard": "string",
  • "nameOnCardLine2": "string",
  • "startMmyy": "stri",
  • "expiryMmyy": "stri",
  • "cardLevelClassification": "CONSUMER",
  • "expiryPeriodMonths": 1,
  • "renewalType": "RENEW",
  • "renewalTimestamp": 0,
  • "creationTimestamp": 0,
  • "cardholderMobileNumber": "string",
  • "billingAddress": {
    },
  • "physicalCardDetails": {
    },
  • "digitalWallets": {
    },
  • "authForwardingDefaultTimeoutDecision": "APPROVE",
  • "threeDSecureAuthConfig": {
    },
  • "mode": "PREPAID_MODE",
  • "externalData": [
    ],
  • "balances": {
    }
}

Get all spend rules for a managed card

Fetch the list of spend rules associated with the managed card identified by the id path parameter.

Securityauth_token and api_key
Request
path Parameters
id
required
string^[0-9]+$
Responses
200

Success

400

Bad Request Error - Your request is invalid.

401

Unauthorized - Your credentials or access token are invalid.

403

Forbidden - Access to the requested resource or action is forbidden.

404

Not found - The requested resource couldn't be found.

429

Too many requests.

500

Internal Server Error - There is a problem with the server. Please try again later.

503

Service Unavailable - We're temporarily offline for maintenance. Please try again later.

default

Error

get/managed_cards/{id}/spend_rules
Request samples
Response samples
application/json
{
  • "allowedMerchantCategories": [
    ],
  • "blockedMerchantCategories": [
    ],
  • "allowedMerchantIds": [
    ],
  • "blockedMerchantIds": [
    ],
  • "allowedMerchantCountries": [
    ],
  • "blockedMerchantCountries": [
    ],
  • "allowContactless": true,
  • "allowAtm": true,
  • "allowECommerce": true,
  • "allowCashback": true,
  • "allowCreditAuthorisations": true,
  • "minTransactionAmount": 0,
  • "maxTransactionAmount": 0,
  • "spendLimit": [
    ],
  • "cardLevelSpendRules": {
    },
  • "profileLevelSpendRules": {
    },
  • "identityLevelSpendRules": {
    }
}

Create spend rules for a managed card

Create the spend rules associated with the managed card identified by the id path parameter.

Securityauth_token and api_key
Request
path Parameters
id
required
string^[0-9]+$
header Parameters
idempotency-ref
string

A unique call reference generated by the caller that, taking into consideration the payload as well as the operation itself, helps avoid duplicate operations. Idempotency reference uniqueness is maintained for at least 24 hours.

Request Body schema: application/json
required
allowedMerchantCategories
Array of strings <= 50 items

Whitelist MCC: A list of allowed merchant category codes (MCCs). If the MCC does not match, then the transaction will be declined. If an MCC is also in the blocked list, the blocked list will take precedence.

blockedMerchantCategories
Array of strings <= 50 items

Blacklist MCC: A list of disallowed merchant category codes (MCCs). If the MCC matches, then the transaction will be declined. If an MCC is also in the allowed list, the blocked list will take precedence.

allowedMerchantIds
Array of strings <= 50 items

Whitelist Merchant Id: A list of allowed merchant IDs. If the Merchant Id does not match, then the transaction will be declined. If a Merchant Id is also provided in the blocked list, the blocked list will take precedence.

blockedMerchantIds
Array of strings <= 50 items

Blacklist Merchant Id: A list of disallowed merchant IDs. If the Merchant Id matches, then the transaction will be declined. If a Merchant Id is also in the allowed list, the blocked list will take precedence.

allowedMerchantCountries
Array of strings <= 50 items

Whitelist Merchant Country: A list of allowed merchant countries, in ISO 3166-1 alpha-2 format. If the Merchant country does not match, then the transaction will be declined. If a Merchant Country is also provided in the blocked list, the blocked list will take precedence.

blockedMerchantCountries
Array of strings <= 50 items

Blacklist Merchant Country: A list of disallowed merchant countries, in ISO 3166-1 alpha-2 format. If the Merchant country matches, then the transaction will be declined. If a Merchant Country is also in the allowed list, the blocked list will take precedence.

allowContactless
boolean

Indicates if a contactless transaction is allowed on the card.

allowAtm
boolean

Indicates if an ATM Withdrawal transaction is allowed on the card.

allowECommerce
boolean

Indicates if an online transaction is allowed on the card.

allowCashback
boolean

Indicates if a cashback transaction at a physical terminal is allowed on the card.

allowCreditAuthorisations
boolean

Indicates if a the card can receive a credit transaction.

Array of objects (SpendLimit)

The total amount of funds that can be spent using this card, in a given time interval.

minTransactionAmount
integer <int64> >= 0

The minimum transaction amount, in card currency, that is allowed. If the transaction amount is less than this value, then the transaction will be declined.

maxTransactionAmount
integer <int64> >= 0

The maximum transaction amount, in card currency, that is allowed. If the transaction amount is greater than this value, then the transaction will be declined.

Responses
204

Success - No Content.

400

Bad Request Error - Your request is invalid.

401

Unauthorized - Your credentials or access token are invalid.

403

Forbidden - Access to the requested resource or action is forbidden.

404

Not found - The requested resource couldn't be found.

409

Conflict

429

Too many requests.

500

Internal Server Error - There is a problem with the server. Please try again later.

503

Service Unavailable - We're temporarily offline for maintenance. Please try again later.

default

Error

post/managed_cards/{id}/spend_rules
Request samples
application/json
{
  • "allowedMerchantCategories": [
    ],
  • "blockedMerchantCategories": [
    ],
  • "allowedMerchantIds": [
    ],
  • "blockedMerchantIds": [
    ],
  • "allowedMerchantCountries": [
    ],
  • "blockedMerchantCountries": [
    ],
  • "allowContactless": true,
  • "allowAtm": true,
  • "allowECommerce": true,
  • "allowCashback": true,
  • "allowCreditAuthorisations": true,
  • "spendLimit": [
    ],
  • "minTransactionAmount": 0,
  • "maxTransactionAmount": 0
}
Response samples
application/json
{
  • "message": "string",
  • "syntaxErrors": {
    }
}

Update spend rules for a managed card

Must be user after a POST, to update individual spend rules associated with the managed card identified by the id path parameter.

Securityauth_token and api_key
Request
path Parameters
id
required
string^[0-9]+$
header Parameters
idempotency-ref
string

A unique call reference generated by the caller that, taking into consideration the payload as well as the operation itself, helps avoid duplicate operations. Idempotency reference uniqueness is maintained for at least 24 hours.

Request Body schema: application/json
required
allowedMerchantCategories
Array of strings <= 50 items

Whitelist MCC: A list of allowed merchant category codes (MCCs). If the MCC does not match, then the transaction will be declined. If an MCC is also in the blocked list, the blocked list will take precedence.

blockedMerchantCategories
Array of strings <= 50 items

Blacklist MCC: A list of disallowed merchant category codes (MCCs). If the MCC matches, then the transaction will be declined. If an MCC is also in the allowed list, the blocked list will take precedence.

allowedMerchantIds
Array of strings <= 50 items

Whitelist Merchant Id: A list of allowed merchant IDs. If the Merchant Id does not match, then the transaction will be declined. If a Merchant Id is also provided in the blocked list, the blocked list will take precedence.

blockedMerchantIds
Array of strings <= 50 items

Blacklist Merchant Id: A list of disallowed merchant IDs. If the Merchant Id matches, then the transaction will be declined. If a Merchant Id is also in the allowed list, the blocked list will take precedence.

allowedMerchantCountries
Array of strings <= 50 items

Whitelist Merchant Country: A list of allowed merchant countries, in ISO 3166-1 alpha-2 format. If the Merchant country does not match, then the transaction will be declined. If a Merchant Country is also provided in the blocked list, the blocked list will take precedence.

blockedMerchantCountries
Array of strings <= 50 items

Blacklist Merchant Country: A list of disallowed merchant countries, in ISO 3166-1 alpha-2 format. If the Merchant country matches, then the transaction will be declined. If a Merchant Country is also in the allowed list, the blocked list will take precedence.

allowContactless
boolean

Indicates if a contactless transaction is allowed on the card.

allowAtm
boolean

Indicates if an ATM Withdrawal transaction is allowed on the card.

allowECommerce
boolean

Indicates if an online transaction is allowed on the card.

allowCashback
boolean

Indicates if a cashback transaction at a physical terminal is allowed on the card.

allowCreditAuthorisations
boolean

Indicates if a the card can receive a credit transaction.

Array of objects (SpendLimit)

The total amount of funds that can be spent using this card, in a given time interval.

minTransactionAmount
integer <int64> >= 0

The minimum transaction amount, in card currency, that is allowed. If the transaction amount is less than this value, then the transaction will be declined.

maxTransactionAmount
integer <int64> >= 0

The maximum transaction amount, in card currency, that is allowed. If the transaction amount is greater than this value, then the transaction will be declined.

updateSpendLimitMethod
string (SpendLimitUpdateMethod)

The spend limit update method to apply. Currently supported:

  • OVERWRITE: (default option if nothing selected). Overwrites the previous values for the spendLimit object i.e. sets new limits
  • INCREMENT : This will increase the existing value of the spend limit by the amount input the value field. If used in conjunction with an ALWAYS interval, this can be used to increment a spend limit on a periodic basis (controlled by you, e.g. monthly), and means that any 'unused' balance from the previous period will still available to spend. See examples in our documentation
Enum: "OVERWRITE" "INCREMENT"
Responses
204

Success - No Content.

400

Bad Request Error - Your request is invalid.

401

Unauthorized - Your credentials or access token are invalid.

403

Forbidden - Access to the requested resource or action is forbidden.

404

Not found - The requested resource couldn't be found.

409

Conflict

429

Too many requests.

500

Internal Server Error - There is a problem with the server. Please try again later.

503

Service Unavailable - We're temporarily offline for maintenance. Please try again later.

default

Error

patch/managed_cards/{id}/spend_rules
Request samples
application/json
{
  • "allowedMerchantCategories": [
    ],
  • "blockedMerchantCategories": [
    ],
  • "allowedMerchantIds": [
    ],
  • "blockedMerchantIds": [
    ],
  • "allowedMerchantCountries": [
    ],
  • "blockedMerchantCountries": [
    ],
  • "allowContactless": true,
  • "allowAtm": true,
  • "allowECommerce": true,
  • "allowCashback": true,
  • "allowCreditAuthorisations": true,
  • "spendLimit": [
    ],
  • "minTransactionAmount": 0,
  • "maxTransactionAmount": 0,
  • "updateSpendLimitMethod": "OVERWRITE"
}
Response samples
application/json
{
  • "message": "string",
  • "syntaxErrors": {
    }
}

Delete all spend rules for a managed card

Remove all spend rules associated with the managed card identified by the id path parameter.

Securityauth_token and api_key
Request
path Parameters
id
required
string^[0-9]+$
Responses
204

Success - No Content.

400

Bad Request Error - Your request is invalid.

401

Unauthorized - Your credentials or access token are invalid.

403

Forbidden - Access to the requested resource or action is forbidden.

404

Not found - The requested resource couldn't be found.

429

Too many requests.

500

Internal Server Error - There is a problem with the server. Please try again later.

503

Service Unavailable - We're temporarily offline for maintenance. Please try again later.

default

Error

delete/managed_cards/{id}/spend_rules
Request samples
Response samples
application/json
{
  • "message": "string",
  • "syntaxErrors": {
    }
}

Upgrade a card to physical

Upgrades the virtual card identified by the id path parameter to physical.

Before cards can be upgraded, a physical card programme must be set up and the card profile configuration updated accordingly.

Securityauth_token and api_key
Request
path Parameters
id
required
string^[0-9]+$
header Parameters
idempotency-ref
string

A unique call reference generated by the caller that, taking into consideration the payload as well as the operation itself, helps avoid duplicate operations. Idempotency reference uniqueness is maintained for at least 24 hours.

Request Body schema: application/json
required
productReference
string

The product design reference to be used for this physical card.

This reference will be given to you once your physical card programme has been set up. If only one card programme is configured, this field can be left empty.

carrierType
string

The carrier type to be used for this physical card.

This reference will be given to you once your physical card carrier has been set up. If only one carrier is configured, this field can be left empty.

deliveryMethod
string (DeliveryMethod)

The delivery methods supported for delivering printed physical cards. If not specified, the STANDARD_DELIVERY method will be used.

Enum: "STANDARD_DELIVERY" "REGISTERED_MAIL" "COURIER" "FIRST_CLASS_MAIL"
required
object (DeliveryAddress)

The delivery address where the physical card is delivered.

activationCode
required
string (PhysicalCardActivationCode) <= 6 characters ^[0-9]+$

The unique code to be used to activate the physical card.

object (SensitivePin)

The PIN used for in-person transactions done with physical cards.

Unless you are PCI-DSS compliant and have opted to switch off Weavr's security model, the card's PIN will be tokenised.

To show the PIN to your user, you need to embed the Display Card PIN UI Component in your application. This accepts the tokenised PIN and shows the plain text PIN to the user on screen.

nameOnCardLine2
string <= 27 characters ^[a-zA-Z0-9ßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÒÓÔÕÖØŠÙÚÛÜŸÝĄĆČĎ...
Deprecated

Line 2 of the 'name on card' field. For Physical cards, this field will be printed on the card. The maximum characters allowed will depend on the design chosen and will be provided to you by Weavr when setting up your plastic cards. This field is deprecated.

bulkDelivery
boolean (BulkCardDelivery)

Bulk delivery is available for deliveryMethods REGISTERED_MAIL or COURIER. All cards marked as bulk and ordered within the fulfilment centre’s dispatch window will be sent in bulk. Delivery address must be identical for all orders. contactNumber in the deliveryAddress object is mandatory when bulk is selected. Maximum number of cards delivered in a single box/packet is REGISTERED_MAIL = 90, COURIER = 200.

Responses
200

Success

400

Bad Request Error - Your request is invalid.

401

Unauthorized - Your credentials or access token are invalid.

403

Forbidden - Access to the requested resource or action is forbidden.

404

Not found - The requested resource couldn't be found.

409

Conflict

429

Too many requests.

500

Internal Server Error - There is a problem with the server. Please try again later.

503

Service Unavailable - We're temporarily offline for maintenance. Please try again later.

default

Error

post/managed_cards/{id}/physical
Request samples
application/json
{
  • "productReference": "string",
  • "carrierType": "string",
  • "deliveryMethod": "STANDARD_DELIVERY",
  • "deliveryAddress": {
    },
  • "activationCode": "string",
  • "pin": {
    },
  • "nameOnCardLine2": "string",
  • "bulkDelivery": true
}
Response samples
application/json
{
  • "id": "string",
  • "profileId": "string",
  • "externalHandle": "string",
  • "tag": "string",
  • "friendlyName": "string",
  • "currency": "str",
  • "state": {
    },
  • "type": "VIRTUAL",
  • "cardBrand": "MASTERCARD",
  • "cardNumber": {
    },
  • "cvv": {
    },
  • "cardNumberFirstSix": "string",
  • "cardNumberLastFour": "stri",
  • "nameOnCard": "string",
  • "nameOnCardLine2": "string",
  • "startMmyy": "stri",
  • "expiryMmyy": "stri",
  • "cardLevelClassification": "CONSUMER",
  • "expiryPeriodMonths": 1,
  • "renewalType": "RENEW",
  • "renewalTimestamp": 0,
  • "creationTimestamp": 0,
  • "cardholderMobileNumber": "string",
  • "billingAddress": {
    },
  • "physicalCardDetails": {
    },
  • "digitalWallets": {
    },
  • "authForwardingDefaultTimeoutDecision": "APPROVE",
  • "threeDSecureAuthConfig": {
    },
  • "mode": "PREPAID_MODE",
  • "externalData": [
    ],
  • "balances": {
    }
}

Activate a physical card

Activates the physical card identified by the id path paramter.

Securityauth_token and api_key
Request
path Parameters
id
required
string^[0-9]+$
header Parameters
idempotency-ref
string

A unique call reference generated by the caller that, taking into consideration the payload as well as the operation itself, helps avoid duplicate operations. Idempotency reference uniqueness is maintained for at least 24 hours.

Request Body schema: application/json
required
activationCode
string (PhysicalCardActivationCode) <= 6 characters ^[0-9]+$

The code that was set up when upgrading the card, that can be used to activate a physical card. If provided in the request, this will be validated against the code that was originally provided. If left blank, no validation will be carried out.

Responses
200

Success

400

Bad Request Error - Your request is invalid.

401

Unauthorized - Your credentials or access token are invalid.

403

Forbidden - Access to the requested resource or action is forbidden.

404

Not found - The requested resource couldn't be found.

409

Conflict

429

Too many requests.

500

Internal Server Error - There is a problem with the server. Please try again later.

503

Service Unavailable - We're temporarily offline for maintenance. Please try again later.

default

Error

post/managed_cards/{id}/physical/activate
Request samples
application/json
{
  • "activationCode": "string"
}
Response samples
application/json
{
  • "id": "string",
  • "profileId": "string",
  • "externalHandle": "string",
  • "tag": "string",
  • "friendlyName": "string",
  • "currency": "str",
  • "state": {
    },
  • "type": "VIRTUAL",
  • "cardBrand": "MASTERCARD",
  • "cardNumber": {
    },
  • "cvv": {
    },
  • "cardNumberFirstSix": "string",
  • "cardNumberLastFour": "stri",
  • "nameOnCard": "string",
  • "nameOnCardLine2": "string",
  • "startMmyy": "stri",
  • "expiryMmyy": "stri",
  • "cardLevelClassification": "CONSUMER",
  • "expiryPeriodMonths": 1,
  • "renewalType": "RENEW",
  • "renewalTimestamp": 0,
  • "creationTimestamp": 0,
  • "cardholderMobileNumber": "string",
  • "billingAddress": {
    },
  • "physicalCardDetails": {
    },
  • "digitalWallets": {
    },
  • "authForwardingDefaultTimeoutDecision": "APPROVE",
  • "threeDSecureAuthConfig": {
    },
  • "mode": "PREPAID_MODE",
  • "externalData": [
    ],
  • "balances": {
    }
}

Get PIN for a physical card

Retrieves the PIN of the physical card identified by the id path parameter.

Securityauth_token and api_key
Request
path Parameters
id
required
string^[0-9]+$
Responses
200

Success

400

Bad Request Error - Your request is invalid.

401

Unauthorized - Your credentials or access token are invalid.

403

Forbidden - Access to the requested resource or action is forbidden.

404

Not found - The requested resource couldn't be found.

409

Conflict

429

Too many requests.

500

Internal Server Error - There is a problem with the server. Please try again later.

503

Service Unavailable - We're temporarily offline for maintenance. Please try again later.

default

Error

get/managed_cards/{id}/physical/pin
Request samples
Response samples
application/json
{
  • "pin": {
    }
}

Unblock PIN for a physical card

Physical cards can be marked as pinBlocked if there are too many failed PIN attempts.

Use this operation to unblock a PIN so that the card can be used again.

Securityauth_token and api_key
Request
path Parameters
id
required
string^[0-9]+$
Responses
204

Success - No Content.

400

Bad Request Error - Your request is invalid.

401

Unauthorized - Your credentials or access token are invalid.

403

Forbidden - Access to the requested resource or action is forbidden.

404

Not found - The requested resource couldn't be found.

409

Conflict

429

Too many requests.

500

Internal Server Error - There is a problem with the server. Please try again later.

503

Service Unavailable - We're temporarily offline for maintenance. Please try again later.

default

Error

patch/managed_cards/{id}/physical/pin/unblock
Request samples
Response samples
application/json
{
  • "message": "string",
  • "syntaxErrors": {
    }
}

Replace a damaged physical card

Report as damaged, and replace the physical card identified by the id path parameter.

Securityauth_token and api_key
Request
path Parameters
id
required
string^[0-9]+$
header Parameters
idempotency-ref
string

A unique call reference generated by the caller that, taking into consideration the payload as well as the operation itself, helps avoid duplicate operations. Idempotency reference uniqueness is maintained for at least 24 hours.

Request Body schema: application/json
required
activationCode
required
string (PhysicalCardActivationCode) <= 6 characters ^[0-9]+$

The code that will be used to activate the physical card replacement.

Responses
204

Success - No Content.

400

Bad Request Error - Your request is invalid.

401

Unauthorized - Your credentials or access token are invalid.

403

Forbidden - Access to the requested resource or action is forbidden.

404

Not found - The requested resource couldn't be found.

409

Conflict

429

Too many requests.

500

Internal Server Error - There is a problem with the server. Please try again later.

503

Service Unavailable - We're temporarily offline for maintenance. Please try again later.

default

Error

post/managed_cards/{id}/physical/replace_damaged
Request samples
application/json
{
  • "activationCode": "string"
}
Response samples
application/json
{
  • "message": "string",
  • "syntaxErrors": {
    }
}

Report a physical card as lost

Report the physical card identified by the id path parameter as lost. This will deactivate the instrument and a new card will need to be requested.

Securityauth_token and api_key
Request
path Parameters
id
required
string^[0-9]+$
header Parameters
idempotency-ref
string

A unique call reference generated by the caller that, taking into consideration the payload as well as the operation itself, helps avoid duplicate operations. Idempotency reference uniqueness is maintained for at least 24 hours.

Responses
204

Success - No Content.

400

Bad Request Error - Your request is invalid.

401

Unauthorized - Your credentials or access token are invalid.

403

Forbidden - Access to the requested resource or action is forbidden.

404

Not found - The requested resource couldn't be found.

409

Conflict

429

Too many requests.

500

Internal Server Error - There is a problem with the server. Please try again later.

503

Service Unavailable - We're temporarily offline for maintenance. Please try again later.

default

Error

post/managed_cards/{id}/physical/report_lost
Request samples
Response samples
application/json
{
  • "message": "string",
  • "syntaxErrors": {
    }
}

Report a physical card as stolen

Report the physical card identified by the id path parameter as stolen. This will destroy the instrument and a new replacement card will need to be requested.

Once a replacement is requested, any funds remaining on this destroyed card will be transferred to the replacement card."

Securityauth_token and api_key
Request
path Parameters
id
required
string^[0-9]+$
header Parameters
idempotency-ref
string

A unique call reference generated by the caller that, taking into consideration the payload as well as the operation itself, helps avoid duplicate operations. Idempotency reference uniqueness is maintained for at least 24 hours.

Responses
204

Success - No Content.

400

Bad Request Error - Your request is invalid.

401

Unauthorized - Your credentials or access token are invalid.

403

Forbidden - Access to the requested resource or action is forbidden.

404

Not found - The requested resource couldn't be found.

409

Conflict

429

Too many requests.

500

Internal Server Error - There is a problem with the server. Please try again later.

503

Service Unavailable - We're temporarily offline for maintenance. Please try again later.

default

Error

post/managed_cards/{id}/physical/report_stolen
Request samples
Response samples
application/json
{
  • "message": "string",
  • "syntaxErrors": {
    }
}

Replace a lost or stolen physical card

Issue a replacement for the physical card, identified by the id path parameter, that has already been reported as lost or stolen.

Any funds (that are not blocked pending a purchase for a previous authorisation) remaining on the card will be automatically transferred to the new replacement card.

Securityapi_key
Request
path Parameters
id
required
string^[0-9]+$
header Parameters
idempotency-ref
string

A unique call reference generated by the caller that, taking into consideration the payload as well as the operation itself, helps avoid duplicate operations. Idempotency reference uniqueness is maintained for at least 24 hours.

Request Body schema: application/json
required
activationCode
required
string (PhysicalCardActivationCode) <= 6 characters ^[0-9]+$

A unique code to be used to activate the replacement physical card.

Responses
200

Success

400

Bad Request Error - Your request is invalid.

401

Unauthorized - Your credentials or access token are invalid.

403

Forbidden - Access to the requested resource or action is forbidden.

404

Not found - The requested resource couldn't be found.

409

Conflict

429

Too many requests.

500

Internal Server Error - There is a problem with the server. Please try again later.

503

Service Unavailable - We're temporarily offline for maintenance. Please try again later.

default

Error

post/managed_cards/{id}/physical/replace_lost_stolen
Request samples
application/json
{
  • "activationCode": "string"
}
Response samples
application/json
{
  • "id": "string",
  • "profileId": "string",
  • "externalHandle": "string",
  • "tag": "string",
  • "friendlyName": "string",
  • "currency": "str",
  • "state": {
    },
  • "type": "VIRTUAL",
  • "cardBrand": "MASTERCARD",
  • "cardNumber": {
    },
  • "cvv": {
    },
  • "cardNumberFirstSix": "string",
  • "cardNumberLastFour": "stri",
  • "nameOnCard": "string",
  • "nameOnCardLine2": "string",
  • "startMmyy": "stri",
  • "expiryMmyy": "stri",
  • "cardLevelClassification": "CONSUMER",
  • "expiryPeriodMonths": 1,
  • "renewalType": "RENEW",
  • "renewalTimestamp": 0,
  • "creationTimestamp": 0,
  • "cardholderMobileNumber": "string",
  • "billingAddress": {
    },
  • "physicalCardDetails": {
    },
  • "digitalWallets": {
    },
  • "authForwardingDefaultTimeoutDecision": "APPROVE",
  • "threeDSecureAuthConfig": {
    },
  • "mode": "PREPAID_MODE",
  • "externalData": [
    ],
  • "balances": {
    }
}

Reset contactless limit for a physical card

For security purposes, the cardholder needs to provide the PIN after a number of contactless purchases. Use this operation to reset the physical card's contactless limit. The contactless limit can only be reset for physical cards having the wearable form factor.

Securityauth_token and api_key
Request
path Parameters
id
required
string^[0-9]+$
header Parameters
idempotency-ref
string

A unique call reference generated by the caller that, taking into consideration the payload as well as the operation itself, helps avoid duplicate operations. Idempotency reference uniqueness is maintained for at least 24 hours.

Responses
204

Success - No Content.

401

Unauthorized - Your credentials or access token are invalid.

403

Forbidden - Access to the requested resource or action is forbidden.

404

Not found - The requested resource couldn't be found.

409

Conflict

429

Too many requests.

500

Internal Server Error - There is a problem with the server. Please try again later.

503

Service Unavailable - We're temporarily offline for maintenance. Please try again later.

default

Error

post/managed_cards/{id}/physical/contactless_limit/reset
Request samples
Response samples
application/json
{
  • "code": "string",
  • "message": "string"
}

Authorisation ForwardingWebhook

Receive purchase authorisation events and choose if to approve or decline them by replying to the event.

Switch on Authorisation Forwarding in your Sandbox Innovator Portal and configure the Authorisation Forwarding URL to start receiving these events. Weavr will send webhook events on the following URL {Authorisation Forwarding URL}/managed_cards/authorisation_request.

A response is expected in 1.5s, after which the Default Timeout Response configured in the card profile or the card authForwardingDefaultTimeoutDecision parameter will be used.

Securitywebhooks_key
Request
header Parameters
request-ref
string

A unique call reference included in every call, that enables the receiver to avoid duplicate handling of a webhook request (e.g. webhook was resent).

published-timestamp
required
integer <int64>

The timestamp, expressed in Epoch timestamp using millisecond precision, when this event was published.

signature
required
string
Deprecated

The signature to verify the authenticity of this request. This is the base64 hash (HmacSHA256) of the published-timestamp using your API key.

Request Body schema: application/json
required
cardId
required
string^[0-9]+$

The unique identifier of the card on which an authorisation is being performed

transactionId
required
string^[0-9]+$

The id of this transaction, for reference.

authorisationType
required
string (CardAuthorisationDetailsAuthorisationType)

The type of authorisation (Debit or Credit)

Enum: "AUTHORISED" "AUTHORISED_CREDIT"
required
object (CurrencyAmount)

The amount in the currency of the merchant.

required
object (CurrencyAmount)

The amount in the currency of the card.

required
object (CurrencyAmount)

The total amount to be deducted in the currency of the card. This is the summation of the transaction amount, forex padding and forex fees.

transactionTimestamp
required
integer <int64>

The timestamp of the transaction, using epoch timestamp with millisecond precision.

required
object (MerchantData)

Merchant related information

required
object (IdentityId)

The owner of the card

cardholderPresent
string (CardHolderPresent)

Optional detail indicating if the card holder was present when the authorisation occurred.

Enum: "PRESENT" "NOT_PRESENT" "PRESENCE_UNKNOWN"
cardPresent
boolean

Optional detail indicating if the card was present when the authorisation occurred.

authCode
string [ 1 .. 6 ] characters

The authorisation code associated with this authorisation.

object (CurrencyAmount)

The forex padding amount, if any, that has been included in the transactionAmount. Forex padding is extra amount blocked to cater for currency fluctuation.

object (CurrencyAmount)

The forex fee, if set, that is included in the transactionAmount.

mode
string

The card can be created in prepaid mode or debit mode.

  • A prepaid mode card has its own balance and can have funds transferred to or from it.
  • A debit mode card does not have its own balance but will be able to spend funds belonging to its parent managed account, subject to a configurable spend limit.
object (CurrencyAmount)

The card available balance before this authorisation is processed.

Responses
200

Authorisation event received with APPROVED or DECLINED decision.

404

Not found - The requested resource couldn't be found.

default

Error

Request samples
application/json
{
  • "cardId": "string",
  • "transactionId": "string",
  • "authorisationType": "AUTHORISED",
  • "sourceAmount": {
    },
  • "transactionAmount": {
    },
  • "totalTransactionCost": {
    },
  • "transactionTimestamp": 0,
  • "merchantData": {
    },
  • "owner": {
    },
  • "cardholderPresent": "PRESENT",
  • "cardPresent": true,
  • "authCode": "string",
  • "forexPadding": {
    },
  • "forexFee": {
    },
  • "mode": "PREPAID_MODE",
  • "availableBalance": {
    }
}
Response samples
application/json
{
  • "result": "APPROVED"
}