Skip to main content
You’ll need an Apocor API key (client_id + client_secret). Your Apocor contact provisions this from the dashboard — the secret is shown only once.
1

Get an access token

Exchange your API key for a short-lived bearer token.
curl -s -X POST 'https://sandbox.apocor.ai/v1/oauth/token' \
  -H 'Content-Type: application/json' \
  -d '{
    "client_id": "apocor_1a2b3c4d5e6f7g8h",
    "client_secret": "apocor_sk_live_9i8u7y6t..."
  }'
{
  "access_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
  "token_type": "Bearer",
  "expires_in": 3600
}
Send Authorization: Bearer <access_token> on every subsequent request.
2

Create an applicant

Applicants are the end-users (or businesses) who will hold cards.
cURL
curl -s -X POST 'https://sandbox.apocor.ai/v1/applicants' \
  -H 'Authorization: Bearer YOUR_TOKEN' \
  -H 'Content-Type: application/json' \
  -d '{
    "type": "PERSON",
    "email": "[email protected]",
    "data": { "firstName": "Jane", "lastName": "Doe", "country": "US" }
  }'
3

Run identity verification (KYC)

Verify the applicant and wait for issuer readiness before issuing cards.
cURL
# Option 1 — hosted widget session
curl -s -X POST 'https://sandbox.apocor.ai/v1/applicants/app_abc123/kyc-session' \
  -H 'Authorization: Bearer YOUR_TOKEN'

# Option 2 — poll status (sandbox mock KYC)
curl -s -X POST 'https://sandbox.apocor.ai/v1/applicants/app_abc123/submit' \
  -H 'Authorization: Bearer YOUR_TOKEN'

# Confirm issuer KYC is ready
curl -s 'https://sandbox.apocor.ai/v1/applicants/app_abc123/kyc-status' \
  -H 'Authorization: Bearer YOUR_TOKEN'
Proceed only when status is APPROVED and issuerKycReady is true. See the KYC integration guide for BYOK share tokens.
In sandbox, applicant names containing DENY or REVIEW trigger those mock outcomes.
4

Set up an account and cardholder

Your program and account are provisioned in the Apocor dashboard. Use those ids here, then turn the approved applicant into a cardholder.
cURL
# 1. Account (use the program id from your dashboard)
curl -s -X POST 'https://sandbox.apocor.ai/v1/accounts' \
  -H 'Authorization: Bearer YOUR_TOKEN' -H 'Content-Type: application/json' \
  -d '{ "program_id": "prog_abc123", "currency": "USD" }'

# 2. Cardholder (from the approved applicant)
curl -s -X POST 'https://sandbox.apocor.ai/v1/cardholders' \
  -H 'Authorization: Bearer YOUR_TOKEN' -H 'Content-Type: application/json' \
  -d '{ "applicant_id": "app_abc123", "display_name": "Jane Doe" }'
5

Issue a card

cURL
curl -s -X POST 'https://sandbox.apocor.ai/v1/cards' \
  -H 'Authorization: Bearer YOUR_TOKEN' -H 'Content-Type: application/json' \
  -d '{
    "program_id": "prog_abc123",
    "account_id": "acct_abc123",
    "cardholder_id": "ch_abc123",
    "form_factor": "VIRTUAL"
  }'
{
  "data": {
    "id": "card_abc123",
    "status": "ACTIVE",
    "formFactor": "VIRTUAL",
    "lastFour": "4242",
    "expiry": "12/29"
  }
}
To render full PAN/CVV, call GET /v1/cards/{id}/secure-details for a short-lived reveal token — raw card numbers never touch your servers.

Next steps

Authentication

API keys and bearer tokens

Cards

Freeze, activate, and reveal card details

KYC integration

Hosted verification, BYOK share tokens, and issuer readiness

API Reference

Card integration endpoints with a live playground