You’ll need an Apocor API key (client_id + client_secret). Your Apocor contact provisions this from the dashboard — the secret is shown only once.
Get an access token
Exchange your API key for a short-lived bearer token.curl -s -X POST 'https://sandbox.apocor.ai/v1/oauth/token' \
-H 'Content-Type: application/json' \
-d '{
"client_id": "apocor_1a2b3c4d5e6f7g8h",
"client_secret": "apocor_sk_live_9i8u7y6t..."
}'
{
"access_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
"token_type": "Bearer",
"expires_in": 3600
}
Send Authorization: Bearer <access_token> on every subsequent request. Create an applicant
Applicants are the end-users (or businesses) who will hold cards.curl -s -X POST 'https://sandbox.apocor.ai/v1/applicants' \
-H 'Authorization: Bearer YOUR_TOKEN' \
-H 'Content-Type: application/json' \
-d '{
"type": "PERSON",
"email": "[email protected]",
"data": { "firstName": "Jane", "lastName": "Doe", "country": "US" }
}'
Run identity verification (KYC)
Verify the applicant and wait for issuer readiness before issuing cards.# Option 1 — hosted widget session
curl -s -X POST 'https://sandbox.apocor.ai/v1/applicants/app_abc123/kyc-session' \
-H 'Authorization: Bearer YOUR_TOKEN'
# Option 2 — poll status (sandbox mock KYC)
curl -s -X POST 'https://sandbox.apocor.ai/v1/applicants/app_abc123/submit' \
-H 'Authorization: Bearer YOUR_TOKEN'
# Confirm issuer KYC is ready
curl -s 'https://sandbox.apocor.ai/v1/applicants/app_abc123/kyc-status' \
-H 'Authorization: Bearer YOUR_TOKEN'
Proceed only when status is APPROVED and issuerKycReady is true. See the KYC integration guide for BYOK share tokens.In sandbox, applicant names containing DENY or REVIEW trigger those mock outcomes.
Set up an account and cardholder
Your program and account are provisioned in the Apocor dashboard. Use those ids here, then turn the approved applicant into a cardholder.# 1. Account (use the program id from your dashboard)
curl -s -X POST 'https://sandbox.apocor.ai/v1/accounts' \
-H 'Authorization: Bearer YOUR_TOKEN' -H 'Content-Type: application/json' \
-d '{ "program_id": "prog_abc123", "currency": "USD" }'
# 2. Cardholder (from the approved applicant)
curl -s -X POST 'https://sandbox.apocor.ai/v1/cardholders' \
-H 'Authorization: Bearer YOUR_TOKEN' -H 'Content-Type: application/json' \
-d '{ "applicant_id": "app_abc123", "display_name": "Jane Doe" }'
Issue a card
curl -s -X POST 'https://sandbox.apocor.ai/v1/cards' \
-H 'Authorization: Bearer YOUR_TOKEN' -H 'Content-Type: application/json' \
-d '{
"program_id": "prog_abc123",
"account_id": "acct_abc123",
"cardholder_id": "ch_abc123",
"form_factor": "VIRTUAL"
}'
{
"data": {
"id": "card_abc123",
"status": "ACTIVE",
"formFactor": "VIRTUAL",
"lastFour": "4242",
"expiry": "12/29"
}
}
To render full PAN/CVV, call GET /v1/cards/{id}/secure-details for a short-lived reveal token — raw card numbers never touch your servers.
Next steps
Authentication
API keys and bearer tokens
Cards
Freeze, activate, and reveal card details
KYC integration
Hosted verification, BYOK share tokens, and issuer readiness
API Reference
Card integration endpoints with a live playground