Lifecycle
Issue a card
Prerequisites (in order):- Applicant
status: APPROVEDandissuerKycReady: true - Funding account created (
POST /v1/accounts) - Cardholder created (
POST /v1/cardholders) - Issue card with body fields below
product_type on the program).
cURL
INACTIVE until shipped and activated.
Batch issue and delete
Batch issuance is asynchronous — the issuer returns atask_id you can poll. Up to 100 cards per request.
cURL
cURL
cURL
Spend controls (MCC / consumption scenarios)
Configure issuer-level whitelist/blacklist rules for MCC codes, transaction scenarios, or currencies.| Action | Endpoint |
|---|---|
| List controls | GET /v1/cards/spend-controls?applicant_id=...&usage=MCC&list_type=BLACKLIST |
| Create / update | POST /v1/cards/spend-controls |
| Delete | DELETE /v1/cards/spend-controls?id=...&applicant_id=... |
| Batch upsert | POST /v1/cards/spend-controls/batch |
usage is one of MCC, SCENARIO, or TRANSACTION_CURRENCY. For MCC rules, keywords must be a 4-digit MCC string (e.g. "7995"). Optionally scope rules to specific Apocor card_ids or issuer card_bin_ids.
cURL
Fund cards and accounts
| Action | Endpoint |
|---|---|
| Fund prepaid card | POST /v1/cards/{id}/fund — body { "amount": "25.00" } |
| Withdraw from prepaid | POST /v1/cards/{id}/defund |
| Fund/deplete budget account | POST /v1/accounts/{id}/transfers — { "applicant_id", "direction": "in|out", "amount" } |
| List issuer budgets | GET /v1/accounts/{id}/budgets?applicant_id=... |
Manage a card
| Action | Endpoint |
|---|---|
| Freeze | POST /v1/cards/{id}/freeze |
| Unfreeze | POST /v1/cards/{id}/unfreeze |
| Activate | POST /v1/cards/{id}/activate (physical: calls issuer activate) |
| Close | POST /v1/cards/{id}/close |
| Update label / spend limit | PATCH /v1/cards/{id} |
| Card transactions | GET /v1/cards/{id}/transactions or GET /v1/transactions?card_id=... |
| Reveal details | GET /v1/cards/{id}/secure-details |
Physical cards
| Action | Endpoint |
|---|---|
| Ship | POST /v1/cards/{id}/physical/ship |
| Shipping status | GET /v1/cards/{id}/physical/shipping |
| Set PIN | PUT /v1/cards/{id}/pin |
Cardholders
| Action | Endpoint |
|---|---|
| Create | POST /v1/cardholders |
| List | GET /v1/cardholders |
| Get | GET /v1/cardholders/{id} |
| Update | PATCH /v1/cardholders/{id} |
Sandbox testing
POST /v1/sandbox/simulate with { "type": "authorization\|refund\|reversal\|kyc_review", "card_id": "..." } (sandbox issuer only).
Revealing PAN & CVV securely
Full card numbers never pass through your servers. Request a short-lived reveal token and render the sensitive fields inside a PCI-compliant iframe.cURL