POST
/
v1
/
customers
/
{customerId}
/
accounts
/
{accountId}
/
cards
curl --request POST \
  --url https://api.next.orenda.finance/v1/customers/{customerId}/accounts/{accountId}/cards \
  --header 'Authorization: Bearer <token>' \
  --header 'Content-Type: application/json' \
  --data '
{
  "cardType": "VIRTUAL",
  "nickName": "Online subscriptions",
  "limitGroupId": "lg_2b4d6f8a"
}
'
{
  "success": true,
  "data": {
    "id": "crd_9f2a1c4b",
    "status": "CREATED",
    "cardType": "VIRTUAL",
    "maskedPan": "•••• •••• •••• 4242",
    "cardScheme": "VISA",
    "cvv": "***",
    "expiryDate": "12/29",
    "currency": "GBP",
    "nickName": "Online subscriptions",
    "limitGroupId": "lg_2b4d6f8a",
    "accountType": "CONSUMER",
    "createdAt": "2026-06-18T10:32:00Z"
  }
}
{
"success": false,
"code": "VALIDATION_ERROR",
"message": "newPin must be 4 digits"
}
{
"success": false,
"code": "UNAUTHORIZED",
"message": "Unauthorized"
}
{
"success": false,
"code": "CARD_NOT_FOUND",
"message": "Card not found"
}
{
"success": false,
"code": "IDEMPOTENT_REQUEST_IN_PROGRESS",
"message": "A request with this Idempotency-Key is already in progress"
}
{
"success": false,
"code": "INVALID_CARD_STATE",
"message": "Card is already active"
}
{
"success": false,
"code": "INTERNAL_SERVER_ERROR",
"message": "Internal Server Error"
}

Authorizations

Authorization
string
header
required

The user's access token. The program and environment come from the token.

Headers

Idempotency-Key
string<uuid>

Optional. Makes the request retry-safe: a retry with the same key resolves to the same card instead of creating a duplicate. Must be a UUID, and is scoped to the authenticated customer. Preferred over any idempotencyKey body field.

Path Parameters

customerId
string
required

The customer's id.

accountId
string
required

The account the card belongs to. A customer can have several accounts; cards are issued against one.

Body

application/json
cardType
enum<string>

The card format. Send this or cardName.

Available options:
VIRTUAL,
PHYSICAL
cardName
string

A configured card product. Send this or cardType.

nickName
string

Optional label shown to the user.

limitGroupId
string

Optional. Initial limit group.

prepaid
boolean

Optional. Issue as a prepaid card (where the program supports it).

forCustomerId
string

Optional. The cardholder, for corporate cards.

idempotencyKey
string<uuid>

Optional. Idempotency key for retry-safety. The Idempotency-Key header is preferred and overrides this field. Reusing a key with different core parameters returns 400; a key whose card is still being claimed returns 409.

Response

Card created

success
boolean
Example:

true

data
object