curl --request POST \
--url https://api.next.orenda.finance/v1/customers/{customerId}/accounts/{accountId}/cards \
--header 'Authorization: Bearer <token>' \
--header 'Content-Type: application/json' \
--data '
{
"cardType": "VIRTUAL",
"nickName": "Online subscriptions",
"limitGroupId": "lg_2b4d6f8a"
}
'{
"success": true,
"data": {
"id": "crd_9f2a1c4b",
"status": "CREATED",
"cardType": "VIRTUAL",
"maskedPan": "•••• •••• •••• 4242",
"cardScheme": "VISA",
"cvv": "***",
"expiryDate": "12/29",
"currency": "GBP",
"nickName": "Online subscriptions",
"limitGroupId": "lg_2b4d6f8a",
"accountType": "CONSUMER",
"createdAt": "2026-06-18T10:32:00Z"
}
}{
"success": false,
"code": "VALIDATION_ERROR",
"message": "newPin must be 4 digits"
}{
"success": false,
"code": "UNAUTHORIZED",
"message": "Unauthorized"
}{
"success": false,
"code": "CARD_NOT_FOUND",
"message": "Card not found"
}{
"success": false,
"code": "IDEMPOTENT_REQUEST_IN_PROGRESS",
"message": "A request with this Idempotency-Key is already in progress"
}{
"success": false,
"code": "INVALID_CARD_STATE",
"message": "Card is already active"
}{
"success": false,
"code": "INTERNAL_SERVER_ERROR",
"message": "Internal Server Error"
}Create a card
Issues a new card on the account. Send either cardType (the format) or cardName (a configured product), not both.
curl --request POST \
--url https://api.next.orenda.finance/v1/customers/{customerId}/accounts/{accountId}/cards \
--header 'Authorization: Bearer <token>' \
--header 'Content-Type: application/json' \
--data '
{
"cardType": "VIRTUAL",
"nickName": "Online subscriptions",
"limitGroupId": "lg_2b4d6f8a"
}
'{
"success": true,
"data": {
"id": "crd_9f2a1c4b",
"status": "CREATED",
"cardType": "VIRTUAL",
"maskedPan": "•••• •••• •••• 4242",
"cardScheme": "VISA",
"cvv": "***",
"expiryDate": "12/29",
"currency": "GBP",
"nickName": "Online subscriptions",
"limitGroupId": "lg_2b4d6f8a",
"accountType": "CONSUMER",
"createdAt": "2026-06-18T10:32:00Z"
}
}{
"success": false,
"code": "VALIDATION_ERROR",
"message": "newPin must be 4 digits"
}{
"success": false,
"code": "UNAUTHORIZED",
"message": "Unauthorized"
}{
"success": false,
"code": "CARD_NOT_FOUND",
"message": "Card not found"
}{
"success": false,
"code": "IDEMPOTENT_REQUEST_IN_PROGRESS",
"message": "A request with this Idempotency-Key is already in progress"
}{
"success": false,
"code": "INVALID_CARD_STATE",
"message": "Card is already active"
}{
"success": false,
"code": "INTERNAL_SERVER_ERROR",
"message": "Internal Server Error"
}Authorizations
The user's access token. The program and environment come from the token.
Headers
Optional. Makes the request retry-safe: a retry with the same key resolves to the same card instead of creating a duplicate. Must be a UUID, and is scoped to the authenticated customer. Preferred over any idempotencyKey body field.
Path Parameters
The customer's id.
The account the card belongs to. A customer can have several accounts; cards are issued against one.
Body
The card format. Send this or cardName.
VIRTUAL, PHYSICAL A configured card product. Send this or cardType.
Optional label shown to the user.
Optional. Initial limit group.
Optional. Issue as a prepaid card (where the program supports it).
Optional. The cardholder, for corporate cards.
Optional. Idempotency key for retry-safety. The Idempotency-Key header is preferred and overrides this field. Reusing a key with different core parameters returns 400; a key whose card is still being claimed returns 409.