Getting Started
API Documentation
Corporate card issuing API for managing users, cardholders, and virtual cards.
Prefer a different format?
Users
Create users, retrieve user data, check balances, and get deposit addresses.
Cardholders
KYC-verified identities linked to users for card issuance.
Cards
Issue virtual cards, manage balances, freeze/unfreeze, and retrieve card details.
Webhooks
Real-time notifications for card events, transactions, and status updates.
Authentication
All endpoints require the API-KEY header with your project API key.
HTTP Header
API-KEY: your-api-key-hereEncryption
All request and response payloads are encrypted using PyNaCl with XSalsa20-Poly1305 (SecretBox). The schemas in this documentation describe the decrypted JSON bodies.
Encrypted Payload Format
{"encrypted": "<base64-secretbox-ciphertext>"}Quick Start
Request Format
All requests must include:
API-KEYheader with your API keyrequest_timestampfield in microseconds (replay protection)Idempotency-Keyheader for mutation operations (create, topup, etc.)Content-Type: application/jsonheader
Example Request
cURL
curl -X POST "https://api.example.com/api/v1/users/create" \
-H "Content-Type: application/json" \
-H "API-KEY: your-api-key" \
-H "Idempotency-Key: unique-request-id" \
-d '{"encrypted": "<base64-secretbox-encrypted-payload>"}'Response Format
All responses return JSON with either:
Success
{"encrypted": "<encrypted-response-data>"}Error
{"success": false, "error": "message", "error_slug": "error_code"}Common Error Codes
| Error Slug | Description |
|---|---|
user_not_found | User with specified external_user_id does not exist |
external_user_id_exists | User with this external_user_id already exists |
card_not_found | Card with specified card_id does not exist |
cardholder_not_found | Cardholder not found for given user |
insufficient_funds | Not enough balance for the operation |
idempotency_key_required | Idempotency-Key header is missing for mutation operation |