Weavr
Powered by Redocly

Managed Cards

Managed Cards are a type of financial instrument offered by Weavr.

You can create virtual or physical cards that are issued to the consumer or corporate identity.

A card created in prepaid mode has its own balance, whereas a card created in debit mode does not have its own balance but taps into the balance of its parent managed account.

Create a managed card

Creates a managed card for the consumer or corporate identity. The Managed Card Profile (configured in the Multi Portal) specified determines the behaviour and restrictions that the managed card will have.

Securityauth_token and api_key
Request
header Parameters
idempotency-ref
string

A unique call reference generated by the caller that, taking into consideration the payload as well as the operation itself, helps avoid duplicate operations. Idempotency reference uniqueness is maintained for at least 24 hours.

Request Body schema: application/json
required
profileId
required
string (ProfileId) ^[0-9]+$

The profile Id which a specific identity, instrument or transaction type is linked to.

Profiles contain configuration and determine behavioral aspects of the newly created transaction, for example, fees that may apply.

You can have one or more profiles linked to your application, and these can be used to drive different behaviors according to your product's needs.

Profile Ids can be found in the Multi Portal, in the API Credentials page.

tag
string (Tag) <= 50 characters ^[a-zA-Z0-9_-]+$

The tag field is a custom field that can be used to search and filter.

friendlyName
required
string [ 1 .. 50 ] characters

The friendly name for the card.

nameOnCard
required
string [ 1 .. 27 ] characters ^[a-zA-Z0-9ßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÒÓÔÕÖØŠÙÚÛÜŸÝĄĆČĎ...

The card holder's name for the card.

This may be verified by merchants when the card is used online. For Physical cards, this field will be printed on the card. The maximum characters allowed will depend on the design chosen and will be provided to you by Weavr when setting up your plastic cards.

nameOnCardLine2
string <= 27 characters ^[a-zA-Z0-9ßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÒÓÔÕÖØŠÙÚÛÜŸÝĄĆČĎ...

Line 2 of the 'name on card' field. For Physical cards, this field will be printed on the card. The maximum characters allowed will depend on the design chosen and will be provided to you by Weavr when setting up your plastic cards.

cardholderMobileNumber
string [ 5 .. 20 ] characters ^\\+[0-9]+$
Deprecated

The mobile number including country code of the card holder.

For transactions that require a 3DS challenge, an SMS with a code will be sent on this number, to be entered during an online purchase.

required
object (BillingAddress)

The billing address set for the card holder. This may be verified by merchants when the card is used online.

object (DigitalWallets)

The Card Tokenisation details

authForwardingDefaultTimeoutDecision
string

Default decision for auth forwarding on timeout

Enum: "APPROVE" "DECLINE"
object (ThreeDSecureAuthConfig)

3DS details for card creation

mode
required
string

The card can be created in prepaid mode or debit mode.

  • A prepaid mode card has its own balance and can have funds transferred to or from it.
  • A debit mode card does not have its own balance but will be able to spend funds belonging to its parent managed account, subject to a configurable spend limit.
Array of objects (ExternalData) <= 10 items unique

External data fields, as provided and managed by the caller that are to be stored and associated with a Managed Card instance. This information is not processed or used by Weavr but some of the values could be shown in specific reports and used as filters

renewalType
string (CardRenewalType)

Indicates how the card will be handled once it is close to expiring.

  • RENEW: The card will be automatically renewed, keeping the same card number but with a new expiry date and CVV.
  • NO_RENEW: Once the expiry date is reached, the card is destroyed.
Enum: "RENEW" "NO_RENEW"
userId
string (UserId) ^[0-9]+$
currency
required
string (Currency) = 3 characters ^[A-Z]*$

The currency expressed in ISO-4217 code. Example: GBP, EUR, USD.

Responses
200

Success

400

Bad Request Error - Your request is invalid.

401

Unauthorized - Your credentials or access token are invalid.

403

Forbidden - Access to the requested resource or action is forbidden.

409

Conflict

429

Too many requests.

500

Internal Server Error - There is a problem with the server. Please try again later.

503

Service Unavailable - We're temporarily offline for maintenance. Please try again later.

default

Error

post/managed_cards
Request samples
application/json
{
  • "profileId": "string",
  • "tag": "string",
  • "friendlyName": "string",
  • "nameOnCard": "string",
  • "nameOnCardLine2": "string",
  • "cardholderMobileNumber": "string",
  • "billingAddress": {
    },
  • "digitalWallets": {
    },
  • "authForwardingDefaultTimeoutDecision": "APPROVE",
  • "threeDSecureAuthConfig": {
    },
  • "mode": "PREPAID_MODE",
  • "externalData": [
    ],
  • "renewalType": "RENEW",
  • "userId": "string",
  • "currency": "str"
}
Response samples
application/json
{
  • "id": "string",
  • "profileId": "string",
  • "externalHandle": "string",
  • "tag": "string",
  • "friendlyName": "string",
  • "currency": "str",
  • "state": {
    },
  • "type": "VIRTUAL",
  • "cardBrand": "MASTERCARD",
  • "cardNumber": {
    },
  • "cvv": {
    },
  • "cardNumberFirstSix": "string",
  • "cardNumberLastFour": "string",
  • "nameOnCard": "string",
  • "nameOnCardLine2": "string",
  • "startMmyy": "stri",
  • "expiryMmyy": "stri",
  • "cardLevelClassification": "CONSUMER",
  • "expiryPeriodMonths": 1,
  • "renewalType": "RENEW",
  • "renewalTimestamp": 0,
  • "creationTimestamp": 0,
  • "cardholderMobileNumber": "string",
  • "billingAddress": {
    },
  • "physicalCardDetails": {
    },
  • "digitalWallets": {
    },
  • "authForwardingDefaultTimeoutDecision": "APPROVE",
  • "threeDSecureAuthConfig": {
    },
  • "mode": "PREPAID_MODE",
  • "externalData": [
    ],
  • "userId": "string",
  • "balances": {
    }
}

Get all managed cards

Fetch cards matching the search criteria provided.

Securityauth_token and api_key
Request
query Parameters
offset
integer <int32> >= 0

The offset value for paging, indicating the initial item number to be returned from the data set satisfying the given criteria. Leave out to fetch the first page of results.

limit
integer <int32> [ 1 .. 100 ]

The limit of the results for paging, starting at the offset. Limit is always capped at 100.

profileId
string (ProfileId) ^[0-9]+$

Filter by the managed account/card profile. Leave out to fetch all managed accounts/card.

friendlyName
string [ 1 .. 50 ] characters

Filter by the managed account/card friendly name. Leave out to fetch all managed accounts/card.

The exact name must be provided, as wildcards are not supported.

state
Array of strings (InstrumentState) unique
Items Enum: "ACTIVE" "BLOCKED" "DESTROYED"
state.blockedReason
Array of strings (BlockedReason) unique
Items Enum: "USER" "SYSTEM" "LOST"
state.destroyedReason
Array of strings (DestroyedReason) unique
Items Enum: "SYSTEM" "USER" "LOST" "STOLEN" "EXPIRED"
currency
string (Currency) = 3 characters ^[A-Z]*$

Filter by the managed account/card currency.

Currencies are expressed as an ISO 4217 code. Leave out to fetch all managed accounts/card.

type
string

Filter by the type of the card.

Enum: "VIRTUAL" "PHYSICAL"
renewalType
string

Filter by the renewal type of the card.

Enum: "RENEW" "NO_RENEW"
externalHandle
string

Search by the card's externalHandle.

cardNumberFirstSix
string^[0-9]{6}$

Filter by first six digits of the card.

cardNumberLastFour
string^[0-9]{4}$

Filter by last four digits of the card.

createdFrom
integer <int64>

Filter for managed accounts/cards created after createdFrom timestamp. Timestamp is expressed in Epoch timestamp using millisecond precision. Leave out to fetch all managed accounts/cards.

createdTo
integer <int64>

Filter for managed accounts/cards created before createdTo timestamp. Timestamp is expressed in Epoch timestamp using millisecond precision. Leave out to fetch all managed accounts/cards.

mode
string

Filter by card mode (prepaid mode or debit mode).

Enum: "DEBIT_MODE" "PREPAID_MODE"
tag
string

Filter by the managed account/card tag. The exact tag must be provided, as wildcards are not supported. Leave out to fetch all managed accounts/card.

parentManagedAccountId
string^[0-9]+$

Filter by the Id of the parent managed account associated with the card. This is applicable only for debit mode cards.

manufacturingState
Array of strings (ManufacturingState) unique
Items Enum: "REQUESTED" "SENT_FOR_FULFILLMENT" "DISPATCHED" "DELIVERED"
Responses
200

Success

400

Bad Request Error - Your request is invalid.

401

Unauthorized - Your credentials or access token are invalid.

403

Forbidden - Access to the requested resource or action is forbidden.

429

Too many requests.

500

Internal Server Error - There is a problem with the server. Please try again later.

503

Service Unavailable - We're temporarily offline for maintenance. Please try again later.

default

Error

get/managed_cards
Request samples 
Response samples 
application/json
{
  • "cards": [
    ],
  • "count": 0,
  • "responseCount": 0
}
Get a managed card
Returns all details of the managed card identified by the id path parameter.


Securityauth_token and api_key 
Request 
path Parameters
id
required
string^[0-9]+$
The unique identifier of a card.


 
Responses 
200
Success


400
Bad Request Error - Your request is invalid.


401
Unauthorized - Your credentials or access token are invalid.


403
Forbidden - Access to the requested resource or action is forbidden.


404
Not found - The requested resource couldn't be found.


429
Too many requests.


500
Internal Server Error - There is a problem with the server. Please try again later.


503
Service Unavailable - We're temporarily offline for maintenance. Please try again later.


default
Error


get/managed_cards/{id}
Request samples 
Response samples 
application/json
{
  • "id": "string",
  • "profileId": "string",
  • "externalHandle": "string",
  • "tag": "string",
  • "friendlyName": "string",
  • "currency": "str",
  • "state": {
    },
  • "type": "VIRTUAL",
  • "cardBrand": "MASTERCARD",
  • "cardNumber": {
    },
  • "cvv": {
    },
  • "cardNumberFirstSix": "string",
  • "cardNumberLastFour": "string",
  • "nameOnCard": "string",
  • "nameOnCardLine2": "string",
  • "startMmyy": "stri",
  • "expiryMmyy": "stri",
  • "cardLevelClassification": "CONSUMER",
  • "expiryPeriodMonths": 1,
  • "renewalType": "RENEW",
  • "renewalTimestamp": 0,
  • "creationTimestamp": 0,
  • "cardholderMobileNumber": "string",
  • "billingAddress": {
    },
  • "physicalCardDetails": {
    },
  • "digitalWallets": {
    },
  • "authForwardingDefaultTimeoutDecision": "APPROVE",
  • "threeDSecureAuthConfig": {
    },
  • "mode": "PREPAID_MODE",
  • "externalData": [
    ],
  • "userId": "string",
  • "balances": {
    }
}
Update a managed card
Update the details of the managed card identified by the id path parameter.


Securityauth_token and api_key 
Request 
path Parameters
id
required
string^[0-9]+$
The unique identifier of a card.


 
header Parameters
idempotency-ref
string
A unique call reference generated by the caller that, taking into consideration the payload as well as the operation itself, helps avoid duplicate operations. Idempotency reference uniqueness is maintained for at least 24 hours.


 
Request Body schema: application/json
required
tag
string (Tag)   <= 50 characters ^[a-zA-Z0-9_-]+$
The tag field is a custom field that can be used to search and filter.


 
friendlyName
string  [ 1 .. 50 ] characters 
Updates the friendly name of the card. Leave blank if no change is needed.


 
nameOnCard
string  <= 27 characters ^[a-zA-Z0-9ßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÒÓÔÕÖØŠÙÚÛÜŸÝĄĆČĎ...
The card holder's name for the card.


This may be verified by merchants when the card is used online. For Physical cards, this field will be printed on the card.
The maximum characters allowed will depend on the design chosen and will be provided to you by Weavr when setting up your plastic cards.


 
nameOnCardLine2
string  <= 27 characters ^[a-zA-Z0-9ßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÒÓÔÕÖØŠÙÚÛÜŸÝĄĆČĎ...
Line 2 of the 'name on card' field. For Physical cards, this field will be printed on the card. The maximum characters allowed will depend on the design chosen and will be provided to you by Weavr when setting up your plastic cards.


 
cardholderMobileNumber
string  [ 5 .. 20 ] characters ^\\+[0-9]+$
The mobile number including country code of the card holder, needed in case a 3DS challenge is required.


 
object (BillingAddress) 
The billing address of the card holder. Merchants may request the billing address to be checked for online purchases.


 
object (DeliveryAddress) 
The delivery address set for the card holder. This is only applicable for physical cards.


 
deliveryMethod
string (DeliveryMethod) 
The delivery methods supported for delivering printed physical cards. If not specified, the STANDARD_DELIVERY method will be used.


 Enum: "STANDARD_DELIVERY" "REGISTERED_MAIL" "COURIER" "FIRST_CLASS_MAIL"  
object (DigitalWallets) 
 
authForwardingDefaultTimeoutDecision
string
Default decision for auth forwarding on timeout


 Enum: "APPROVE" "DECLINE"  
object (ThreeDSecureAuthConfig) 
 
Array of objects (ExternalData)   <= 10 items  unique 
External data fields, as provided and managed by the caller that are to be stored and associated with a Managed Card instance. This information is not processed or used by Weavr but some of the values could be shown in specific reports and used as filters


 
bulkDelivery
boolean (BulkCardDelivery) 
Bulk delivery is available for deliveryMethods REGISTERED_MAIL or COURIER.
All cards marked as bulk and ordered within the fulfilment centre’s dispatch window will be sent in bulk. Delivery address must be identical for all orders. contactNumber in the deliveryAddress object is mandatory when bulk is selected. Maximum number of cards delivered in a single box/packet is REGISTERED_MAIL = 90, COURIER = 200.


 
activationCode
string (PhysicalCardActivationCode) ^[0-9]{1,6}$
The unique code to be used to activate the physical card.


 
productReference
string
The product design reference to be used for this physical card.


This reference will be given to you once your physical card programme has been set up. If only one card programme is configured, this field can be left empty.


 
carrierType
string
The carrier type to be used for this physical card.


This reference will be given to you once your physical card carrier has been set up. If only one carrier is configured, this field can be left empty.


 
renewalType
string (CardRenewalType) 
Indicates how the card will be handled once it is close to expiring.


    

  • RENEW: The card will be automatically renewed, keeping the same card number but with a new expiry date and CVV.
    • 

  • NO_RENEW: Once the expiry date is reached, the card is destroyed.
    • 



 Enum: "RENEW" "NO_RENEW"  
userId
string (UserId) ^[0-9]+$
 
Responses 
200
Success


400
Bad Request Error - Your request is invalid.


401
Unauthorized - Your credentials or access token are invalid.


403
Forbidden - Access to the requested resource or action is forbidden.


404
Not found - The requested resource couldn't be found.


409
Conflict


429
Too many requests.


500
Internal Server Error - There is a problem with the server. Please try again later.


503
Service Unavailable - We're temporarily offline for maintenance. Please try again later.


default
Error


patch/managed_cards/{id}
Request samples 
application/json
{
  • "tag": "string",
  • "friendlyName": "string",
  • "nameOnCard": "string",
  • "nameOnCardLine2": "string",
  • "cardholderMobileNumber": "string",
  • "billingAddress": {
    },
  • "deliveryAddress": {
    },
  • "deliveryMethod": "STANDARD_DELIVERY",
  • "digitalWallets": {
    },
  • "authForwardingDefaultTimeoutDecision": "APPROVE",
  • "threeDSecureAuthConfig": {
    },
  • "externalData": [
    ],
  • "bulkDelivery": true,
  • "activationCode": "string",
  • "productReference": "string",
  • "carrierType": "string",
  • "renewalType": "RENEW",
  • "userId": "string"
}
Response samples 
application/json
{
  • "id": "string",
  • "profileId": "string",
  • "externalHandle": "string",
  • "tag": "string",
  • "friendlyName": "string",
  • "currency": "str",
  • "state": {
    },
  • "type": "VIRTUAL",
  • "cardBrand": "MASTERCARD",
  • "cardNumber": {
    },
  • "cvv": {
    },
  • "cardNumberFirstSix": "string",
  • "cardNumberLastFour": "string",
  • "nameOnCard": "string",
  • "nameOnCardLine2": "string",
  • "startMmyy": "stri",
  • "expiryMmyy": "stri",
  • "cardLevelClassification": "CONSUMER",
  • "expiryPeriodMonths": 1,
  • "renewalType": "RENEW",
  • "renewalTimestamp": 0,
  • "creationTimestamp": 0,
  • "cardholderMobileNumber": "string",
  • "billingAddress": {
    },
  • "physicalCardDetails": {
    },
  • "digitalWallets": {
    },
  • "authForwardingDefaultTimeoutDecision": "APPROVE",
  • "threeDSecureAuthConfig": {
    },
  • "mode": "PREPAID_MODE",
  • "externalData": [
    ],
  • "userId": "string",
  • "balances": {
    }
}
Block a managed card
Blocks the managed card identified by the id path parameter. This is a reversible action and the card can be unblocked using the managedCardUnblock operation.


Securityauth_token and api_key 
Request 
path Parameters
id
required
string^[0-9]+$
The unique identifier of a managed card.


 
header Parameters
idempotency-ref
string
A unique call reference generated by the caller that, taking into consideration the payload as well as the operation itself, helps avoid duplicate operations. Idempotency reference uniqueness is maintained for at least 24 hours.


 
Responses 
204
Success - No Content.


400
Bad Request Error - Your request is invalid.


401
Unauthorized - Your credentials or access token are invalid.


403
Forbidden - Access to the requested resource or action is forbidden.


404
Not found - The requested resource couldn't be found.


409
Conflict


429
Too many requests.


500
Internal Server Error - There is a problem with the server. Please try again later.


503
Service Unavailable - We're temporarily offline for maintenance. Please try again later.


default
Error


post/managed_cards/{id}/block
Request samples 
Response samples 
application/json
{
  • "message": "string",
  • "syntaxErrors": {
    }
}
Unblock a managed card
Unblocks the managed card identified by the id path parameter.
The managed card must have state.blockedReason as USER so that it can be unblocked.
If the managed card was blocked by SYSTEM, users cannot unblock it.


Securityauth_token and api_key 
Request 
path Parameters
id
required
string^[0-9]+$
The unique identifier of the managed card.


 
header Parameters
idempotency-ref
string
A unique call reference generated by the caller that, taking into consideration the payload as well as the operation itself, helps avoid duplicate operations. Idempotency reference uniqueness is maintained for at least 24 hours.


 
Responses 
204
Success - No Content.


400
Bad Request Error - Your request is invalid.


401
Unauthorized - Your credentials or access token are invalid.


403
Forbidden - Access to the requested resource or action is forbidden.


404
Not found - The requested resource couldn't be found.


409
Conflict


429
Too many requests.


500
Internal Server Error - There is a problem with the server. Please try again later.


503
Service Unavailable - We're temporarily offline for maintenance. Please try again later.


default
Error


post/managed_cards/{id}/unblock
Request samples 
Response samples 
application/json
{
  • "message": "string",
  • "syntaxErrors": {
    }
}
Remove a managed card
Destroys the managed card identified by the id path parameter. Unlike block, this action is not reversible.


A managed card must be empty before it can be destroyed using this operation.


Securityauth_token and api_key 
Request 
path Parameters
id
required
string^[0-9]+$
The unique identifier of a managed card.


 
Responses 
204
Success - No Content.


400
Bad Request Error - Your request is invalid.


401
Unauthorized - Your credentials or access token are invalid.


403
Forbidden - Access to the requested resource or action is forbidden.


404
Not found - The requested resource couldn't be found.


409
Conflict


429
Too many requests.


500
Internal Server Error - There is a problem with the server. Please try again later.


503
Service Unavailable - We're temporarily offline for maintenance. Please try again later.


default
Error


post/managed_cards/{id}/remove
Request samples 
Response samples 
application/json
{
  • "message": "string",
  • "syntaxErrors": {
    }
}
Get a managed card statement
Returns a list of transactions against the managed card identified by the id path parameter, matching the criteria provided in the request.


Securityauth_token and api_key 
Request 
path Parameters
id
required
string^[0-9]+$
The unique identifier of a managed card.


 
query Parameters
offset
integer <int32>   >= 0 
The offset value for paging, indicating the initial item number to be returned from the data set satisfying the given criteria. Leave out to fetch the first page of results.


 
limit
integer <int32>   [ 1 .. 100 ] 
The limit of the results for paging, starting at the offset. Limit is always capped at 100.


 
orderByTimestamp
string
Orders the result in ascending or descending order.


    

  • ASC: Ascending order, oldest transactions first.
    • 

  • DESC: Descending order, most recent transactions first.
    • 



If not specified, the transactions will be returned in descending order.


 Enum: "ASC" "DESC"  
fromTimestamp
integer <int64> 
Filter for transactions having transaction timestamp after fromTimestamp. Timestamp is expressed in Epoch timestamp using millisecond precision. Leave out to fetch all managed accounts.


 
toTimestamp
integer <int64> 
Filter for transactions having transaction timestamp before toTimestamp. Timestamp is expressed in Epoch timestamp using millisecond precision. Leave out to fetch all managed accounts. Must be higher than fromTimestamp if both parameters are provided.


 
singleEntryPerTransaction
boolean
Returns transactions that span multiple movements as a single entry.
Only includes transactions that have been completed.
Defaults to true for PDF statements, false otherwise.
Note: due to the fact that only completed transactions are included, some
transactions that are in progress and have modified the balance of the instrument
will not be shown, which could lead to seemingly inconsistent balance being displayed.


 
header Parameters
accept
string
A request parameter specifying the type of response the client would like. Must be one of application/json, application/pdf or text/csv.


The default response type (application/json) will be returned if specified incorrectly or not specified.


 
Responses 
200
Success


400
Bad Request Error - Your request is invalid.


401
Unauthorized - Your credentials or access token are invalid.


403
Forbidden - Access to the requested resource or action is forbidden.


404
Not found - The requested resource couldn't be found.


429
Too many requests.


500
Internal Server Error - There is a problem with the server. Please try again later.


503
Service Unavailable - We're temporarily offline for maintenance. Please try again later.


default
Error


get/managed_cards/{id}/statement
Request samples 
Response samples 
{
  • "entry": [
    ],
  • "count": 0,
  • "responseCount": 0,
  • "startBalance": {
    },
  • "endBalance": {
    },
  • "footer": "string"
}
Assign a managed card
If your application requires anonymous cards, Weavr will create a pool of cards that are initially not assigned to any identity.
This operation assigns one such previously created managed card from the card pool to the logged-in consumer or corporate identity.


Securityauth_token and api_key 
Request 
header Parameters
idempotency-ref
string
A unique call reference generated by the caller that, taking into consideration the payload as well as the operation itself, helps avoid duplicate operations. Idempotency reference uniqueness is maintained for at least 24 hours.


 
Request Body schema: application/json
required
externalReference
required
string
Unique code identifying a card.


 
activationCode
required
string
The code to be used to activate the physical card. Depending on how the cards were created, this may be a code set upon creation, or it may be the same as the externalReference.


 
friendlyName
required
string  [ 1 .. 50 ] characters 
The friendly name given to the card.


 
nameOnCard
required
string  <= 27 characters ^[a-zA-Z0-9ßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÒÓÔÕÖØŠÙÚÛÜŸÝĄĆČĎ...
The card holder’s name for the card. This may be verified by merchants when the card is used online. For Physical cards, this field will be printed on the card. The maximum characters allowed will depend on the design chosen and will be provided to you by Weavr when setting up your plastic cards.


 
nameOnCardLine2
string  <= 27 characters ^[a-zA-Z0-9ßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÒÓÔÕÖØŠÙÚÛÜŸÝĄĆČĎ...
Line 2 of the 'name on card' field. For Physical cards, this field will be printed on the card. The maximum characters allowed will depend on the design chosen and will be provided to you by Weavr when setting up your plastic cards.


 
required
object (BillingAddress) 
The billing address set for the card holder, required for AVS checking.


 
cardholderMobileNumber
string  [ 5 .. 20 ] characters ^\\+[0-9]+$
The mobile number including country code of the card holder, needed for 3DS challenge.


 
authForwardingDefaultTimeoutDecision
string
Default decision for auth forwarding on timeout


 Enum: "APPROVE" "DECLINE"  
object (ThreeDSecureAuthConfig) 
 
userId
string (UserId) ^[0-9]+$
 
Responses 
200
Success


400
Bad Request Error - Your request is invalid.


401
Unauthorized - Your credentials or access token are invalid.


403
Forbidden - Access to the requested resource or action is forbidden.


409
Conflict


429
Too many requests.


500
Internal Server Error - There is a problem with the server. Please try again later.


503
Service Unavailable - We're temporarily offline for maintenance. Please try again later.


default
Error


post/managed_cards/assign
Request samples 
application/json
{
  • "externalReference": "string",
  • "activationCode": "string",
  • "friendlyName": "string",
  • "nameOnCard": "string",
  • "nameOnCardLine2": "string",
  • "billingAddress": {
    },
  • "cardholderMobileNumber": "string",
  • "authForwardingDefaultTimeoutDecision": "APPROVE",
  • "threeDSecureAuthConfig": {
    },
  • "userId": "string"
}
Response samples 
application/json
{
  • "id": "string",
  • "profileId": "string",
  • "externalHandle": "string",
  • "tag": "string",
  • "friendlyName": "string",
  • "currency": "str",
  • "state": {
    },
  • "type": "VIRTUAL",
  • "cardBrand": "MASTERCARD",
  • "cardNumber": {
    },
  • "cvv": {
    },
  • "cardNumberFirstSix": "string",
  • "cardNumberLastFour": "string",
  • "nameOnCard": "string",
  • "nameOnCardLine2": "string",
  • "startMmyy": "stri",
  • "expiryMmyy": "stri",
  • "cardLevelClassification": "CONSUMER",
  • "expiryPeriodMonths": 1,
  • "renewalType": "RENEW",
  • "renewalTimestamp": 0,
  • "creationTimestamp": 0,
  • "cardholderMobileNumber": "string",
  • "billingAddress": {
    },
  • "physicalCardDetails": {
    },
  • "digitalWallets": {
    },
  • "authForwardingDefaultTimeoutDecision": "APPROVE",
  • "threeDSecureAuthConfig": {
    },
  • "mode": "PREPAID_MODE",
  • "externalData": [
    ],
  • "userId": "string",
  • "balances": {
    }
}
Get all spend rules for a managed card
Fetch the list of spend rules associated with the managed card identified by the id path parameter.


Securityauth_token and api_key 
Request 
path Parameters
id
required
string^[0-9]+$
 
Responses 
200
Success


400
Bad Request Error - Your request is invalid.


401
Unauthorized - Your credentials or access token are invalid.


403
Forbidden - Access to the requested resource or action is forbidden.


404
Not found - The requested resource couldn't be found.


429
Too many requests.


500
Internal Server Error - There is a problem with the server. Please try again later.


503
Service Unavailable - We're temporarily offline for maintenance. Please try again later.


default
Error


get/managed_cards/{id}/spend_rules
Request samples 
Response samples 
application/json
{
  • "allowedMerchantCategories": [
    ],
  • "blockedMerchantCategories": [
    ],
  • "allowedMerchantIds": [
    ],
  • "blockedMerchantIds": [
    ],
  • "allowedMerchantCountries": [
    ],
  • "blockedMerchantCountries": [
    ],
  • "allowContactless": true,
  • "allowAtm": true,
  • "allowECommerce": true,
  • "allowCashback": true,
  • "allowCreditAuthorisations": true,
  • "minTransactionAmount": 0,
  • "maxTransactionAmount": 0,
  • "spendLimit": [
    ],
  • "cardLevelSpendRules": {
    },
  • "profileLevelSpendRules": {
    },
  • "identityLevelSpendRules": {
    }
}
Create spend rules for a managed card
Create the spend rules associated with the managed card identified by the id path parameter.


Securityauth_token and api_key 
Request 
path Parameters
id
required
string^[0-9]+$
 
header Parameters
idempotency-ref
string
A unique call reference generated by the caller that, taking into consideration the payload as well as the operation itself, helps avoid duplicate operations. Idempotency reference uniqueness is maintained for at least 24 hours.


 
Request Body schema: application/json
required
allowedMerchantCategories
Array of strings  <= 50 items 
Whitelist MCC: A list of allowed merchant category codes (MCCs). If the MCC does not match, then the transaction will be declined. If an MCC is also in the blocked list, the blocked list will take precedence.


 
blockedMerchantCategories
Array of strings  <= 50 items 
Blacklist MCC: A list of disallowed merchant category codes (MCCs). If the MCC matches, then the transaction will be declined. If an MCC is also in the allowed list, the blocked list will take precedence.


 
allowedMerchantIds
Array of strings  <= 50 items 
Whitelist Merchant Id: A list of allowed merchant IDs. If the Merchant Id does not match, then the transaction will be declined. If a Merchant Id is also provided in the blocked list, the blocked list will take precedence.


 
blockedMerchantIds
Array of strings  <= 50 items 
Blacklist Merchant Id: A list of disallowed merchant IDs. If the Merchant Id matches, then the transaction will be declined. If a Merchant Id is also in the allowed list, the blocked list will take precedence.


 
allowedMerchantCountries
Array of strings  <= 50 items 
Whitelist Merchant Country: A list of allowed merchant countries, in ISO 3166-1 alpha-2 format. If the Merchant country does not match, then the transaction will be declined. If a Merchant Country is also provided in the blocked list, the blocked list will take precedence.


 
blockedMerchantCountries
Array of strings  <= 50 items 
Blacklist Merchant Country: A list of disallowed merchant countries, in ISO 3166-1 alpha-2 format. If the Merchant country matches, then the transaction will be declined. If a Merchant Country is also in the allowed list, the blocked list will take precedence.


 
allowContactless
boolean
Indicates if a contactless transaction is allowed on the card.


 
allowAtm
boolean
Indicates if an ATM Withdrawal transaction is allowed on the card.


 
allowECommerce
boolean
Indicates if an online transaction is allowed on the card.


 
allowCashback
boolean
Indicates if a cashback transaction at a physical terminal is allowed on the card.


 
allowCreditAuthorisations
boolean
Indicates if a the card can receive a credit transaction.


 
Array of objects (SpendLimit) 
The total amount of funds that can be spent using this card, in a given time interval.


 
minTransactionAmount
integer <int64>   >= 0 
The minimum transaction amount, in card currency, that is allowed. If the transaction amount is less than this value, then the transaction will be declined.


 
maxTransactionAmount
integer <int64>   >= 0 
The maximum transaction amount, in card currency, that is allowed. If the transaction amount is greater than this value, then the transaction will be declined.


 
Responses 
204
Success - No Content.


400
Bad Request Error - Your request is invalid.


401
Unauthorized - Your credentials or access token are invalid.


403
Forbidden - Access to the requested resource or action is forbidden.


404
Not found - The requested resource couldn't be found.


409
Conflict


429
Too many requests.


500
Internal Server Error - There is a problem with the server. Please try again later.


503
Service Unavailable - We're temporarily offline for maintenance. Please try again later.


default
Error


post/managed_cards/{id}/spend_rules
Request samples 
application/json
{
  • "allowedMerchantCategories": [
    ],
  • "blockedMerchantCategories": [
    ],
  • "allowedMerchantIds": [
    ],
  • "blockedMerchantIds": [
    ],
  • "allowedMerchantCountries": [
    ],
  • "blockedMerchantCountries": [
    ],
  • "allowContactless": true,
  • "allowAtm": true,
  • "allowECommerce": true,
  • "allowCashback": true,
  • "allowCreditAuthorisations": true,
  • "spendLimit": [
    ],
  • "minTransactionAmount": 0,
  • "maxTransactionAmount": 0
}
Response samples 
application/json
{
  • "message": "string",
  • "syntaxErrors": {
    }
}
Update spend rules for a managed card
Must be user after a POST, to update individual spend rules associated with the managed card identified by the id path parameter.


Securityauth_token and api_key 
Request 
path Parameters
id
required
string^[0-9]+$
 
header Parameters
idempotency-ref
string
A unique call reference generated by the caller that, taking into consideration the payload as well as the operation itself, helps avoid duplicate operations. Idempotency reference uniqueness is maintained for at least 24 hours.


 
Request Body schema: application/json
required
allowedMerchantCategories
Array of strings  <= 50 items 
Whitelist MCC: A list of allowed merchant category codes (MCCs). If the MCC does not match, then the transaction will be declined. If an MCC is also in the blocked list, the blocked list will take precedence.


 
blockedMerchantCategories
Array of strings  <= 50 items 
Blacklist MCC: A list of disallowed merchant category codes (MCCs). If the MCC matches, then the transaction will be declined. If an MCC is also in the allowed list, the blocked list will take precedence.


 
allowedMerchantIds
Array of strings  <= 50 items 
Whitelist Merchant Id: A list of allowed merchant IDs. If the Merchant Id does not match, then the transaction will be declined. If a Merchant Id is also provided in the blocked list, the blocked list will take precedence.


 
blockedMerchantIds
Array of strings  <= 50 items 
Blacklist Merchant Id: A list of disallowed merchant IDs. If the Merchant Id matches, then the transaction will be declined. If a Merchant Id is also in the allowed list, the blocked list will take precedence.


 
allowedMerchantCountries
Array of strings  <= 50 items 
Whitelist Merchant Country: A list of allowed merchant countries, in ISO 3166-1 alpha-2 format. If the Merchant country does not match, then the transaction will be declined. If a Merchant Country is also provided in the blocked list, the blocked list will take precedence.


 
blockedMerchantCountries
Array of strings  <= 50 items 
Blacklist Merchant Country: A list of disallowed merchant countries, in ISO 3166-1 alpha-2 format. If the Merchant country matches, then the transaction will be declined. If a Merchant Country is also in the allowed list, the blocked list will take precedence.


 
allowContactless
boolean
Indicates if a contactless transaction is allowed on the card.


 
allowAtm
boolean
Indicates if an ATM Withdrawal transaction is allowed on the card.


 
allowECommerce
boolean
Indicates if an online transaction is allowed on the card.


 
allowCashback
boolean
Indicates if a cashback transaction at a physical terminal is allowed on the card.


 
allowCreditAuthorisations
boolean
Indicates if a the card can receive a credit transaction.


 
Array of objects (SpendLimit) 
The total amount of funds that can be spent using this card, in a given time interval.


 
minTransactionAmount
integer <int64>   >= 0 
The minimum transaction amount, in card currency, that is allowed. If the transaction amount is less than this value, then the transaction will be declined.


 
maxTransactionAmount
integer <int64>   >= 0 
The maximum transaction amount, in card currency, that is allowed. If the transaction amount is greater than this value, then the transaction will be declined.


 
updateSpendLimitMethod
string (SpendLimitUpdateMethod) 
The spend limit update method to apply. Currently supported:


    

  • OVERWRITE: (default option if nothing selected). Overwrites the previous values for the spendLimit object i.e. sets new limits
    • 

  • INCREMENT : This will increase the existing value of the spend limit by the amount input the value field. If used in conjunction with an ALWAYS interval, this can be used to increment a spend limit on a periodic basis (controlled by you, e.g. monthly), and means that any 'unused' balance from the previous period will still available to spend. See examples in our documentation
    • 



 Enum: "OVERWRITE" "INCREMENT"  
Responses 
204
Success - No Content.


400
Bad Request Error - Your request is invalid.


401
Unauthorized - Your credentials or access token are invalid.


403
Forbidden - Access to the requested resource or action is forbidden.


404
Not found - The requested resource couldn't be found.


409
Conflict


429
Too many requests.


500
Internal Server Error - There is a problem with the server. Please try again later.


503
Service Unavailable - We're temporarily offline for maintenance. Please try again later.


default
Error


patch/managed_cards/{id}/spend_rules
Request samples 
application/json
{
  • "allowedMerchantCategories": [
    ],
  • "blockedMerchantCategories": [
    ],
  • "allowedMerchantIds": [
    ],
  • "blockedMerchantIds": [
    ],
  • "allowedMerchantCountries": [
    ],
  • "blockedMerchantCountries": [
    ],
  • "allowContactless": true,
  • "allowAtm": true,
  • "allowECommerce": true,
  • "allowCashback": true,
  • "allowCreditAuthorisations": true,
  • "spendLimit": [
    ],
  • "minTransactionAmount": 0,
  • "maxTransactionAmount": 0,
  • "updateSpendLimitMethod": "OVERWRITE"
}
Response samples 
application/json
{
  • "message": "string",
  • "syntaxErrors": {
    }
}
Delete all spend rules for a managed card
Remove all spend rules associated with the managed card identified by the id path parameter.


Securityauth_token and api_key 
Request 
path Parameters
id
required
string^[0-9]+$
 
Responses 
204
Success - No Content.


400
Bad Request Error - Your request is invalid.


401
Unauthorized - Your credentials or access token are invalid.


403
Forbidden - Access to the requested resource or action is forbidden.


404
Not found - The requested resource couldn't be found.


429
Too many requests.


500
Internal Server Error - There is a problem with the server. Please try again later.


503
Service Unavailable - We're temporarily offline for maintenance. Please try again later.


default
Error


delete/managed_cards/{id}/spend_rules
Request samples 
Response samples 
application/json
{
  • "message": "string",
  • "syntaxErrors": {
    }
}
Upgrade a card to physical
Upgrades the virtual card identified by the id path parameter to physical.


Before cards can be upgraded, a physical card programme must be set up and the card profile configuration updated accordingly.


Securityauth_token and api_key 
Request 
path Parameters
id
required
string^[0-9]+$
 
header Parameters
idempotency-ref
string
A unique call reference generated by the caller that, taking into consideration the payload as well as the operation itself, helps avoid duplicate operations. Idempotency reference uniqueness is maintained for at least 24 hours.


 
Request Body schema: application/json
required
productReference
string
The product design reference to be used for this physical card.


This reference will be given to you once your physical card programme has been set up. If only one card programme is configured, this field can be left empty.


 
carrierType
string
The carrier type to be used for this physical card.


This reference will be given to you once your physical card carrier has been set up. If only one carrier is configured, this field can be left empty.


 
deliveryMethod
string (DeliveryMethod) 
The delivery methods supported for delivering printed physical cards. If not specified, the STANDARD_DELIVERY method will be used.


 Enum: "STANDARD_DELIVERY" "REGISTERED_MAIL" "COURIER" "FIRST_CLASS_MAIL"  
required
object (DeliveryAddress) 
The delivery address where the physical card is delivered.


 
activationCode
required
string (PhysicalCardActivationCode) ^[0-9]{1,6}$
The unique code to be used to activate the physical card.


 
object (SensitivePin) 
The PIN used for in-person transactions done with physical cards.


Unless you are PCI-DSS compliant and have opted to switch off Weavr's security model, the card's PIN will be tokenised.


To show the PIN to your user, you need to embed the Display Card PIN UI Component in your application. This accepts the tokenised PIN and shows the plain text PIN to the user on screen.


 
nameOnCardLine2
string  <= 27 characters ^[a-zA-Z0-9ßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÒÓÔÕÖØŠÙÚÛÜŸÝĄĆČĎ...
 Deprecated 
Line 2 of the 'name on card' field. For Physical cards, this field will be printed on the card. The maximum characters allowed will depend on the design chosen and will be provided to you by Weavr when setting up your plastic cards. This field is deprecated.


 
bulkDelivery
boolean (BulkCardDelivery) 
Bulk delivery is available for deliveryMethods REGISTERED_MAIL or COURIER.
All cards marked as bulk and ordered within the fulfilment centre’s dispatch window will be sent in bulk. Delivery address must be identical for all orders. contactNumber in the deliveryAddress object is mandatory when bulk is selected. Maximum number of cards delivered in a single box/packet is REGISTERED_MAIL = 90, COURIER = 200.


 
Responses 
200
Success


400
Bad Request Error - Your request is invalid.


401
Unauthorized - Your credentials or access token are invalid.


403
Forbidden - Access to the requested resource or action is forbidden.


404
Not found - The requested resource couldn't be found.


409
Conflict


429
Too many requests.


500
Internal Server Error - There is a problem with the server. Please try again later.


503
Service Unavailable - We're temporarily offline for maintenance. Please try again later.


default
Error


post/managed_cards/{id}/physical
Request samples 
application/json
{
  • "productReference": "string",
  • "carrierType": "string",
  • "deliveryMethod": "STANDARD_DELIVERY",
  • "deliveryAddress": {
    },
  • "activationCode": "string",
  • "pin": {
    },
  • "nameOnCardLine2": "string",
  • "bulkDelivery": true
}
Response samples 
application/json
{
  • "id": "string",
  • "profileId": "string",
  • "externalHandle": "string",
  • "tag": "string",
  • "friendlyName": "string",
  • "currency": "str",
  • "state": {
    },
  • "type": "VIRTUAL",
  • "cardBrand": "MASTERCARD",
  • "cardNumber": {
    },
  • "cvv": {
    },
  • "cardNumberFirstSix": "string",
  • "cardNumberLastFour": "string",
  • "nameOnCard": "string",
  • "nameOnCardLine2": "string",
  • "startMmyy": "stri",
  • "expiryMmyy": "stri",
  • "cardLevelClassification": "CONSUMER",
  • "expiryPeriodMonths": 1,
  • "renewalType": "RENEW",
  • "renewalTimestamp": 0,
  • "creationTimestamp": 0,
  • "cardholderMobileNumber": "string",
  • "billingAddress": {
    },
  • "physicalCardDetails": {
    },
  • "digitalWallets": {
    },
  • "authForwardingDefaultTimeoutDecision": "APPROVE",
  • "threeDSecureAuthConfig": {
    },
  • "mode": "PREPAID_MODE",
  • "externalData": [
    ],
  • "userId": "string",
  • "balances": {
    }
}
Activate a physical card
Activates the physical card identified by the id path paramter.


Securityauth_token and api_key 
Request 
path Parameters
id
required
string^[0-9]+$
 
header Parameters
idempotency-ref
string
A unique call reference generated by the caller that, taking into consideration the payload as well as the operation itself, helps avoid duplicate operations. Idempotency reference uniqueness is maintained for at least 24 hours.


 
Request Body schema: application/json
required
activationCode
string (PhysicalCardActivationCode) ^[0-9]{1,6}$
The code that was set up when upgrading the card, that can be used to activate a physical card. If provided in the request, this will be validated against the code that was originally provided. If left blank, no validation will be carried out.


 
Responses 
200
Success


400
Bad Request Error - Your request is invalid.


401
Unauthorized - Your credentials or access token are invalid.


403
Forbidden - Access to the requested resource or action is forbidden.


404
Not found - The requested resource couldn't be found.


409
Conflict


429
Too many requests.


500
Internal Server Error - There is a problem with the server. Please try again later.


503
Service Unavailable - We're temporarily offline for maintenance. Please try again later.


default
Error


post/managed_cards/{id}/physical/activate
Request samples 
application/json
{
  • "activationCode": "string"
}
Response samples 
application/json
{
  • "id": "string",
  • "profileId": "string",
  • "externalHandle": "string",
  • "tag": "string",
  • "friendlyName": "string",
  • "currency": "str",
  • "state": {
    },
  • "type": "VIRTUAL",
  • "cardBrand": "MASTERCARD",
  • "cardNumber": {
    },
  • "cvv": {
    },
  • "cardNumberFirstSix": "string",
  • "cardNumberLastFour": "string",
  • "nameOnCard": "string",
  • "nameOnCardLine2": "string",
  • "startMmyy": "stri",
  • "expiryMmyy": "stri",
  • "cardLevelClassification": "CONSUMER",
  • "expiryPeriodMonths": 1,
  • "renewalType": "RENEW",
  • "renewalTimestamp": 0,
  • "creationTimestamp": 0,
  • "cardholderMobileNumber": "string",
  • "billingAddress": {
    },
  • "physicalCardDetails": {
    },
  • "digitalWallets": {
    },
  • "authForwardingDefaultTimeoutDecision": "APPROVE",
  • "threeDSecureAuthConfig": {
    },
  • "mode": "PREPAID_MODE",
  • "externalData": [
    ],
  • "userId": "string",
  • "balances": {
    }
}
Get PIN for a physical card
Retrieves the PIN of the physical card identified by the id path parameter.


Securityauth_token and api_key 
Request 
path Parameters
id
required
string^[0-9]+$
 
Responses 
200
Success


400
Bad Request Error - Your request is invalid.


401
Unauthorized - Your credentials or access token are invalid.


403
Forbidden - Access to the requested resource or action is forbidden.


404
Not found - The requested resource couldn't be found.


409
Conflict


429
Too many requests.


500
Internal Server Error - There is a problem with the server. Please try again later.


503
Service Unavailable - We're temporarily offline for maintenance. Please try again later.


default
Error


get/managed_cards/{id}/physical/pin
Request samples 
Response samples 
application/json
{
  • "pin": {
    }
}
Unblock PIN for a physical card
Physical cards can be marked as pinBlocked if there are too many failed PIN attempts.


Use this operation to unblock a PIN so that the card can be used again.


Securityauth_token and api_key 
Request 
path Parameters
id
required
string^[0-9]+$
 
Responses 
204
Success - No Content.


400
Bad Request Error - Your request is invalid.


401
Unauthorized - Your credentials or access token are invalid.


403
Forbidden - Access to the requested resource or action is forbidden.


404
Not found - The requested resource couldn't be found.


409
Conflict


429
Too many requests.


500
Internal Server Error - There is a problem with the server. Please try again later.


503
Service Unavailable - We're temporarily offline for maintenance. Please try again later.


default
Error


patch/managed_cards/{id}/physical/pin/unblock
Request samples 
Response samples 
application/json
{
  • "message": "string",
  • "syntaxErrors": {
    }
}
Replace a damaged physical card
Report as damaged, and replace the physical card identified by the id path parameter.


Securityauth_token and api_key 
Request 
path Parameters
id
required
string^[0-9]+$
 
header Parameters
idempotency-ref
string
A unique call reference generated by the caller that, taking into consideration the payload as well as the operation itself, helps avoid duplicate operations. Idempotency reference uniqueness is maintained for at least 24 hours.


 
Request Body schema: application/json
required
activationCode
required
string (PhysicalCardActivationCode) ^[0-9]{1,6}$
The code that will be used to activate the physical card replacement.


 
Responses 
204
Success - No Content.


400
Bad Request Error - Your request is invalid.


401
Unauthorized - Your credentials or access token are invalid.


403
Forbidden - Access to the requested resource or action is forbidden.


404
Not found - The requested resource couldn't be found.


409
Conflict


429
Too many requests.


500
Internal Server Error - There is a problem with the server. Please try again later.


503
Service Unavailable - We're temporarily offline for maintenance. Please try again later.


default
Error


post/managed_cards/{id}/physical/replace_damaged
Request samples 
application/json
{
  • "activationCode": "string"
}
Response samples 
application/json
{
  • "message": "string",
  • "syntaxErrors": {
    }
}
Report a physical card as lost
Report the physical card identified by the id path parameter as lost. This will deactivate the instrument and a new card will need to be requested.


Securityauth_token and api_key 
Request 
path Parameters
id
required
string^[0-9]+$
 
header Parameters
idempotency-ref
string
A unique call reference generated by the caller that, taking into consideration the payload as well as the operation itself, helps avoid duplicate operations. Idempotency reference uniqueness is maintained for at least 24 hours.


 
Responses 
204
Success - No Content.


400
Bad Request Error - Your request is invalid.


401
Unauthorized - Your credentials or access token are invalid.


403
Forbidden - Access to the requested resource or action is forbidden.


404
Not found - The requested resource couldn't be found.


409
Conflict


429
Too many requests.


500
Internal Server Error - There is a problem with the server. Please try again later.


503
Service Unavailable - We're temporarily offline for maintenance. Please try again later.


default
Error


post/managed_cards/{id}/physical/report_lost
Request samples 
Response samples 
application/json
{
  • "message": "string",
  • "syntaxErrors": {
    }
}
Report a physical card as stolen
Report the physical card identified by the id path parameter as stolen. This will destroy the instrument and a new replacement card will need to be requested.


Once a replacement is requested, any funds remaining on this destroyed card will be transferred to the replacement card."


Securityauth_token and api_key 
Request 
path Parameters
id
required
string^[0-9]+$
 
header Parameters
idempotency-ref
string
A unique call reference generated by the caller that, taking into consideration the payload as well as the operation itself, helps avoid duplicate operations. Idempotency reference uniqueness is maintained for at least 24 hours.


 
Responses 
204
Success - No Content.


400
Bad Request Error - Your request is invalid.


401
Unauthorized - Your credentials or access token are invalid.


403
Forbidden - Access to the requested resource or action is forbidden.


404
Not found - The requested resource couldn't be found.


409
Conflict


429
Too many requests.


500
Internal Server Error - There is a problem with the server. Please try again later.


503
Service Unavailable - We're temporarily offline for maintenance. Please try again later.


default
Error


post/managed_cards/{id}/physical/report_stolen
Request samples 
Response samples 
application/json
{
  • "message": "string",
  • "syntaxErrors": {
    }
}
Replace a lost or stolen physical card
Issue a replacement for the physical card, identified by the id path parameter, that has already been reported as lost or stolen.


Any funds (that are not blocked pending a purchase for a previous authorisation) remaining on the card will be automatically transferred to the new replacement card.


Securityapi_key 
Request 
path Parameters
id
required
string^[0-9]+$
 
header Parameters
idempotency-ref
string
A unique call reference generated by the caller that, taking into consideration the payload as well as the operation itself, helps avoid duplicate operations. Idempotency reference uniqueness is maintained for at least 24 hours.


 
Request Body schema: application/json
required
activationCode
required
string (PhysicalCardActivationCode) ^[0-9]{1,6}$
A unique code to be used to activate the replacement physical card.


 
Responses 
200
Success


400
Bad Request Error - Your request is invalid.


401
Unauthorized - Your credentials or access token are invalid.


403
Forbidden - Access to the requested resource or action is forbidden.


404
Not found - The requested resource couldn't be found.


409
Conflict


429
Too many requests.


500
Internal Server Error - There is a problem with the server. Please try again later.


503
Service Unavailable - We're temporarily offline for maintenance. Please try again later.


default
Error


post/managed_cards/{id}/physical/replace_lost_stolen
Request samples 
application/json
{
  • "activationCode": "string"
}
Response samples 
application/json
{
  • "id": "string",
  • "profileId": "string",
  • "externalHandle": "string",
  • "tag": "string",
  • "friendlyName": "string",
  • "currency": "str",
  • "state": {
    },
  • "type": "VIRTUAL",
  • "cardBrand": "MASTERCARD",
  • "cardNumber": {
    },
  • "cvv": {
    },
  • "cardNumberFirstSix": "string",
  • "cardNumberLastFour": "string",
  • "nameOnCard": "string",
  • "nameOnCardLine2": "string",
  • "startMmyy": "stri",
  • "expiryMmyy": "stri",
  • "cardLevelClassification": "CONSUMER",
  • "expiryPeriodMonths": 1,
  • "renewalType": "RENEW",
  • "renewalTimestamp": 0,
  • "creationTimestamp": 0,
  • "cardholderMobileNumber": "string",
  • "billingAddress": {
    },
  • "physicalCardDetails": {
    },
  • "digitalWallets": {
    },
  • "authForwardingDefaultTimeoutDecision": "APPROVE",
  • "threeDSecureAuthConfig": {
    },
  • "mode": "PREPAID_MODE",
  • "externalData": [
    ],
  • "userId": "string",
  • "balances": {
    }
}
Reset contactless limit for a physical card
For security purposes, the cardholder needs to provide the PIN after a number of contactless purchases. Use this operation to reset the physical card's contactless limit.
The contactless limit can only be reset for physical cards having the wearable form factor.


Securityauth_token and api_key 
Request 
path Parameters
id
required
string^[0-9]+$
 
header Parameters
idempotency-ref
string
A unique call reference generated by the caller that, taking into consideration the payload as well as the operation itself, helps avoid duplicate operations. Idempotency reference uniqueness is maintained for at least 24 hours.


 
Responses 
204
Success - No Content.


401
Unauthorized - Your credentials or access token are invalid.


403
Forbidden - Access to the requested resource or action is forbidden.


404
Not found - The requested resource couldn't be found.


409
Conflict


429
Too many requests.


500
Internal Server Error - There is a problem with the server. Please try again later.


503
Service Unavailable - We're temporarily offline for maintenance. Please try again later.


default
Error


post/managed_cards/{id}/physical/contactless_limit/reset
Request samples 
Response samples 
application/json
{
  • "code": "string",
  • "message": "string"
}
Authorisation ForwardingWebhook 
Receive purchase authorisation events and choose if to approve or decline them by replying to the event.


Switch on Authorisation Forwarding in your Sandbox Innovator Portal and configure the Authorisation Forwarding URL to start receiving these events. Weavr will send webhook events on the following URL {Authorisation Forwarding URL}/managed_cards_authorisation_forwarding.


A response is expected in 1.5s, after which the Default Timeout Response configured in the card profile or the card authForwardingDefaultTimeoutDecision parameter will be used.


Securitywebhooks_key 
Request 
header Parameters
call-ref
string
A call reference generated by the caller and unique to the caller to provide correlation between the caller and system with a maximum length of 255


 
published-timestamp
required
integer <int64> 
The timestamp, expressed in Epoch timestamp using millisecond precision, when this event was published.


 
signature
required
string
 Deprecated 
The signature to verify the authenticity of this request.  This is the base64 hash (HmacSHA256) of the published-timestamp using your API key.


 
Request Body schema: application/json
required
cardId
required
string^[0-9]+$
The unique identifier of the card on which an authorisation is being performed


 
transactionId
required
string^[0-9]+$
The id of this transaction, for reference.


 
authorisationType
required
string (CardAuthorisationDetailsAuthorisationType) 
The type of authorisation (Debit or Credit)


 Enum: "AUTHORISED" "AUTHORISED_CREDIT"  
required
object (CurrencyAmount) 
The amount in the currency of the merchant.


 
required
object (CurrencyAmount) 
The amount in the currency of the card.


 
required
object (CurrencyAmount) 
The total amount to be deducted in the currency of the card. This is the summation of the transaction amount, forex padding and forex fees.


 
transactionTimestamp
required
integer <int64> 
The timestamp of the transaction, using epoch timestamp with millisecond precision.


 
required
object (MerchantData) 
Merchant related information


 
required
object (IdentityId) 
The owner of the card


 
cardholderPresent
string (CardHolderPresent) 
Optional detail indicating if the card holder was present when the authorisation occurred.


 Enum: "PRESENT" "NOT_PRESENT" "PRESENCE_UNKNOWN"  
cardPresent
boolean
Optional detail indicating if the card was present when the authorisation occurred.


 
authCode
string  [ 1 .. 6 ] characters 
The authorisation code associated with this authorisation.


 
object (CurrencyAmount) 
The forex padding amount, if any, that has been included in the transactionAmount.  Forex padding is extra amount blocked to cater for currency fluctuation.


 
object (CurrencyAmount) 
The forex fee, if set, that is included in the transactionAmount.


 
mode
string
The card can be created in prepaid mode or debit mode.


    

  • A prepaid mode card has its own balance and can have funds transferred to or from it.
    • 

  • A debit mode card does not have its own balance but will be able to spend funds belonging to its parent managed account, subject to a configurable spend limit.
    • 



 
object (CurrencyAmount) 
The card available balance before this authorisation is processed.


 
Responses 
200
Authorisation event received with APPROVED or DECLINED decision.


404
Not found - The requested resource couldn't be found.


default
Error


Request samples 
application/json
{
  • "cardId": "string",
  • "transactionId": "string",
  • "authorisationType": "AUTHORISED",
  • "sourceAmount": {
    },
  • "transactionAmount": {
    },
  • "totalTransactionCost": {
    },
  • "transactionTimestamp": 0,
  • "merchantData": {
    },
  • "owner": {
    },
  • "cardholderPresent": "PRESENT",
  • "cardPresent": true,
  • "authCode": "string",
  • "forexPadding": {
    },
  • "forexFee": {
    },
  • "mode": "PREPAID_MODE",
  • "availableBalance": {
    }
}
Response samples 
application/json
{
  • "result": "APPROVED"
}
➔ Next to Linked Accounts