POST
/
v1
/
customers
/
{customerId}
/
accounts
/
{accountId}
/
cards
/
{cardId}
/
secure
curl --request POST \
  --url https://api.next.orenda.finance/v1/customers/{customerId}/accounts/{accountId}/cards/{cardId}/secure \
  --header 'Authorization: Bearer <token>' \
  --header 'Content-Type: application/json' \
  --data '
{
  "confirmation": {
    "method": "passkey",
    "passkeySession": "pks_5e8a3c1d9b7f",
    "assertion": "{\"id\":\"AQIDBAUGBwgJCgsMDQ4PEA\",\"response\":{\"clientDataJSON\":\"eyJ0eXBlIjoid2ViYXV0aG4uZ2V0In0\",\"authenticatorData\":\"SZYN5YgOjGh0NBcPZHZgW4_krrmihjLHmVzzuoMdl2M\",\"signature\":\"MEUCIQ\"}}"
  },
  "cipher": "v1.7c1d8e4a.8f3b2a9d6e4c1f0b"
}
'
{
  "success": true,
  "data": {
    "cardId": "crd_9f2a1c4b",
    "pan": "BASE64_ENCRYPTED_PAN==",
    "cvc2": "BASE64_ENCRYPTED_CVV==",
    "expiry": "12/29",
    "printedName": "Ada Lovelace"
  }
}
{
"success": false,
"code": "VALIDATION_ERROR",
"message": "newPin must be 4 digits"
}
{
"success": false,
"code": "UNAUTHORIZED",
"message": "Unauthorized"
}
{
"success": false,
"code": "CARD_NOT_FOUND",
"message": "Card not found"
}
{
"success": false,
"code": "INVALID_CARD_STATE",
"message": "Card is already active"
}

Authorizations

Authorization
string
header
required

The user's access token. The program and environment come from the token.

Path Parameters

customerId
string
required

The customer's id.

accountId
string
required

The account the card belongs to. A customer can have several accounts; cards are issued against one.

cardId
string
required

The card id from create / get cards.

Body

application/json
confirmation
Passkey · object
required

Step-up confirmation. Set method to passkey, totp, or pin and include that method's fields. pin is a program capability — see Program capabilities.

cipher
string

The cipher from Get secure key.

Response

Secure card data

success
boolean
Example:

true

data
object

Sensitive values, encrypted with the secretKey from Get secure key. Decrypt client-side; never log or store them.