/v1/customers/{customerId}/accounts/{accountId}/.... A customer can have several accounts; a
card belongs to one of them. Every call uses the user’s bearer token.
Lifecycle
A card moves through these states:What you can do
Create a card
Get cards
Get card details
Activate
Block
Unblock
Cancel
Reset PIN
Update limit group
Secure card details
Confirm 3DS
Secure details (PAN / CVV)
The card object never exposes the real PAN or CVV — they’re masked. To show them, use the secure flow, which is encrypted end to end and gated by a step-up confirmation (passkey, 2FA code, or PIN on supported programs):- Get a secure key — a
secretKey(to decrypt) and acipher(to pass back). - For a passkey, get a passkey challenge and complete it on the device.
- Get the secure card details with a
confirmationobject and thecipher; decrypt with thesecretKey.
3DS
When a card transaction triggers 3D Secure, a challenge appears for the customer to approve. Receive challenges in real time over WebSockets (recommended) or poll Get 3DS challenges, then confirm withapprove or reject.
Cards, secure details, and 3DS are program/provider features — not every program has all of
them. If a feature isn’t available you’ll get a clear error rather than a result. See
Program capabilities.