GET
/
v1
/
customers
/
{customerId}
/
accounts
/
{accountId}
/
cards
Get cards
curl --request GET \
  --url https://api.next.orenda.finance/v1/customers/{customerId}/accounts/{accountId}/cards \
  --header 'Authorization: Bearer <token>'
import requests

url = "https://api.next.orenda.finance/v1/customers/{customerId}/accounts/{accountId}/cards"

headers = {"Authorization": "Bearer <token>"}

response = requests.get(url, headers=headers)

print(response.text)
const options = {method: 'GET', headers: {Authorization: 'Bearer <token>'}};

fetch('https://api.next.orenda.finance/v1/customers/{customerId}/accounts/{accountId}/cards', options)
.then(res => res.json())
.then(res => console.log(res))
.catch(err => console.error(err));
<?php

$curl = curl_init();

curl_setopt_array($curl, [
CURLOPT_URL => "https://api.next.orenda.finance/v1/customers/{customerId}/accounts/{accountId}/cards",
CURLOPT_RETURNTRANSFER => true,
CURLOPT_ENCODING => "",
CURLOPT_MAXREDIRS => 10,
CURLOPT_TIMEOUT => 30,
CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
CURLOPT_CUSTOMREQUEST => "GET",
CURLOPT_HTTPHEADER => [
"Authorization: Bearer <token>"
],
]);

$response = curl_exec($curl);
$err = curl_error($curl);

curl_close($curl);

if ($err) {
echo "cURL Error #:" . $err;
} else {
echo $response;
}
package main

import (
"fmt"
"net/http"
"io"
)

func main() {

url := "https://api.next.orenda.finance/v1/customers/{customerId}/accounts/{accountId}/cards"

req, _ := http.NewRequest("GET", url, nil)

req.Header.Add("Authorization", "Bearer <token>")

res, _ := http.DefaultClient.Do(req)

defer res.Body.Close()
body, _ := io.ReadAll(res.Body)

fmt.Println(string(body))

}
HttpResponse<String> response = Unirest.get("https://api.next.orenda.finance/v1/customers/{customerId}/accounts/{accountId}/cards")
.header("Authorization", "Bearer <token>")
.asString();
require 'uri'
require 'net/http'

url = URI("https://api.next.orenda.finance/v1/customers/{customerId}/accounts/{accountId}/cards")

http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true

request = Net::HTTP::Get.new(url)
request["Authorization"] = 'Bearer <token>'

response = http.request(request)
puts response.read_body
{
  "success": true,
  "data": [
    {
      "id": "crd_9f2a1c4b",
      "status": "ACTIVE",
      "cardType": "VIRTUAL",
      "maskedPan": "•••• •••• •••• 4242",
      "cardScheme": "VISA",
      "cvv": "***",
      "expiryDate": "12/29",
      "currency": "GBP",
      "nickName": "Online subscriptions",
      "limitGroupId": "lg_2b4d6f8a",
      "accountType": "CONSUMER",
      "createdAt": "2026-06-18T10:32:00Z"
    },
    {
      "id": "crd_4d7e2a9f",
      "status": "BLOCKED",
      "cardType": "PHYSICAL",
      "maskedPan": "•••• •••• •••• 1881",
      "cardScheme": "VISA",
      "cvv": "***",
      "expiryDate": "08/28",
      "currency": "GBP",
      "nickName": "Everyday spend",
      "accountType": "CONSUMER",
      "createdAt": "2026-02-04T09:14:00Z"
    }
  ]
}
{
"success": false,
"code": "UNAUTHORIZED",
"message": "Unauthorized"
}
{
"success": false,
"code": "CARD_NOT_FOUND",
"message": "Card not found"
}

Authorizations

Authorization
string
header
required

The user's access token. The program and environment come from the token.

Path Parameters

customerId
string
required

The customer's id.

accountId
string
required

The account the card belongs to. A customer can have several accounts; cards are issued against one.

Response

Cards

success
boolean
Example:

true

data
object[]