> ## Documentation Index
> Fetch the complete documentation index at: https://docs.apocor.ai/llms.txt
> Use this file to discover all available pages before exploring further.

# Quickstart

> Go from an API key to a live card in five steps.

<Note>
  You'll need an Apocor API key (`client_id` + `client_secret`). Your Apocor contact provisions this from the dashboard — the secret is shown only once.
</Note>

<Steps>
  <Step title="Get an access token">
    Exchange your API key for a short-lived bearer token.

    <RequestExample>
      ```bash cURL theme={null}
      curl -s -X POST 'https://sandbox.apocor.ai/v1/oauth/token' \
        -H 'Content-Type: application/json' \
        -d '{
          "client_id": "apocor_1a2b3c4d5e6f7g8h",
          "client_secret": "apocor_sk_live_9i8u7y6t..."
        }'
      ```
    </RequestExample>

    <ResponseExample>
      ```json Success theme={null}
      {
        "access_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
        "token_type": "Bearer",
        "expires_in": 3600
      }
      ```
    </ResponseExample>

    Send `Authorization: Bearer <access_token>` on every subsequent request.
  </Step>

  <Step title="Create an applicant">
    Applicants are the end-users (or businesses) who will hold cards.

    ```bash cURL theme={null}
    curl -s -X POST 'https://sandbox.apocor.ai/v1/applicants' \
      -H 'Authorization: Bearer YOUR_TOKEN' \
      -H 'Content-Type: application/json' \
      -d '{
        "type": "PERSON",
        "email": "jane@example.com",
        "data": { "firstName": "Jane", "lastName": "Doe", "country": "US" }
      }'
    ```
  </Step>

  <Step title="Run identity verification (KYC)">
    Verify the applicant and wait for **issuer** readiness before issuing cards.

    ```bash cURL theme={null}
    # Option 1 — hosted widget session
    curl -s -X POST 'https://sandbox.apocor.ai/v1/applicants/app_abc123/kyc-session' \
      -H 'Authorization: Bearer YOUR_TOKEN'

    # Option 2 — poll status (sandbox mock KYC)
    curl -s -X POST 'https://sandbox.apocor.ai/v1/applicants/app_abc123/submit' \
      -H 'Authorization: Bearer YOUR_TOKEN'

    # Confirm issuer KYC is ready
    curl -s 'https://sandbox.apocor.ai/v1/applicants/app_abc123/kyc-status' \
      -H 'Authorization: Bearer YOUR_TOKEN'
    ```

    Proceed only when `status` is `APPROVED` **and** `issuerKycReady` is `true`. See the [KYC integration guide](/guides/kyc-integration) for BYOK share tokens.

    <Tip>In sandbox, applicant names containing `DENY` or `REVIEW` trigger those mock outcomes.</Tip>
  </Step>

  <Step title="Set up an account and cardholder">
    Your **program** and **account** are provisioned in the Apocor dashboard. Use those ids here, then turn the approved applicant into a cardholder.

    ```bash cURL theme={null}
    # 1. Account (use the program id from your dashboard)
    curl -s -X POST 'https://sandbox.apocor.ai/v1/accounts' \
      -H 'Authorization: Bearer YOUR_TOKEN' -H 'Content-Type: application/json' \
      -d '{ "program_id": "prog_abc123", "currency": "USD" }'

    # 2. Cardholder (from the approved applicant)
    curl -s -X POST 'https://sandbox.apocor.ai/v1/cardholders' \
      -H 'Authorization: Bearer YOUR_TOKEN' -H 'Content-Type: application/json' \
      -d '{ "applicant_id": "app_abc123", "display_name": "Jane Doe" }'
    ```
  </Step>

  <Step title="Issue a card">
    ```bash cURL theme={null}
    curl -s -X POST 'https://sandbox.apocor.ai/v1/cards' \
      -H 'Authorization: Bearer YOUR_TOKEN' -H 'Content-Type: application/json' \
      -d '{
        "program_id": "prog_abc123",
        "account_id": "acct_abc123",
        "cardholder_id": "ch_abc123",
        "form_factor": "VIRTUAL"
      }'
    ```

    <ResponseExample>
      ```json Card issued theme={null}
      {
        "data": {
          "id": "card_abc123",
          "status": "ACTIVE",
          "formFactor": "VIRTUAL",
          "lastFour": "4242",
          "expiry": "12/29"
        }
      }
      ```
    </ResponseExample>

    To render full PAN/CVV, call [`GET /v1/cards/{id}/secure-details`](/api-reference) for a short-lived reveal token — raw card numbers never touch your servers.
  </Step>
</Steps>

## Next steps

<CardGroup cols={2}>
  <Card title="Authentication" icon="key" href="/authentication">
    API keys and bearer tokens
  </Card>

  <Card title="Cards" icon="credit-card" href="/concepts/cards">
    Freeze, activate, and reveal card details
  </Card>

  <Card title="KYC integration" icon="shield-check" href="/guides/kyc-integration">
    Hosted verification, BYOK share tokens, and issuer readiness
  </Card>

  <Card title="API Reference" icon="square-terminal" href="/api-reference">
    Card integration endpoints with a live playground
  </Card>
</CardGroup>
