# Create card
Create a virtual or physical (plastic/metal) card.
Refer to the [Cards management](doc:cards-overview-1) guide for more information about physical and virtual cards.
For more information about embossing, refer to [Embossing flows](doc:physical-card-embossing#embossing-flow).
This endpoint generates a [Card created](https://developers.pismo.io/events/docs/cards-create-1) event. The card's PCI data is created asynchronously as is the Card created event. Any operation that tries to access a card before this event, such as update password or get PCI information, is going to return a **404, not found** error.
# OpenAPI definition
```json
{
"openapi": "3.0.1",
"info": {
"title": "Card issuing - Cards",
"version": "1.4.6",
"description": "Card endpoints API",
"contact": {
"name": "API Support",
"url": "https://developers.pismo.io/support/"
},
"license": {
"name": "Copyright Pismo"
}
},
"servers": [
{
"url": "https://sandbox.pismolabs.io",
"description": "Sandbox API server for testing."
},
{
"url": "https://gw-pci.pismolabs.io",
"description": "Sandbox PCI API server for testing"
}
],
"security": [
{
"BearerAuth": []
}
],
"tags": [
{
"name": "Cards",
"description": "Card management endpoints"
}
],
"components": {
"parameters": {
"customerIdHeader": {
"in": "header",
"name": "x-customer-id",
"schema": {
"type": "integer"
},
"required": true,
"description": "Pismo customer ID"
},
"idempotencyHeader": {
"in": "header",
"name": "x-idempotency-key",
"schema": {
"type": "string",
"maxLength": 36
},
"required": false,
"description": "A unique identifier to ensure the operation remains idempotent, allowing for operation repetition without causing unintended effects or duplication. An idempotent operation is one that can be applied multiple times, yet the outcome remains the same. it ensures that network errors, retries, or failures can occur without introducing inconsistencies. 36 chars max. \n"
}
},
"schemas": {
"ABUenabled": {
"type": "boolean",
"description": "\nThis field is **DEPRECATED**. For more information, refer to the [ABU documentation](https://developers.pismo.io/pismo-docs/docs/cards-overview-1#mastercards-automatic-billing-updater-option) in the Cards overview guide.\n\n\nWhen a card is created or reissued, or its account credentials change, Mastercard is notified if this feaure is enabled. Notification updates are sent to Mastercard on a daily basis. \n\nFor more information, refer to Mastercard's ABU documentation.\n",
"example": true,
"deprecated": true
},
"ATMchangeOnlinePinWhenScriptSent": {
"type": "boolean",
"description": "During ATM transactions, should the card's online PIN be updated when the offline PIN change script is sent to the terminal for execution? \n\nIf `false`, the online PIN is only updated after a subsequent transaction, once the Pismo platform verifies - via the card's CVR (Card Verification Results) — that the offline script was successfully applied. \n\nDefault is `false`.\n",
"default": false,
"example": false
},
"CardAlias": {
"type": "string",
"description": "Card alias name for a `VIRTUAL` card. \n\nThis field is **REQUIRED** to be unique for each `VIRTUAL` card a customer owns.\n\nNo matter what is passed for a `PLASTIC` card, the value is always `PLASTIC`.\n",
"minLength": 1,
"maxLength": 50,
"example": "Vacation card"
},
"CardID2": {
"type": "integer",
"description": "Pismo card ID",
"example": 123456
},
"CardStatus": {
"type": "string",
"description": "Card status enum. Refer to the [Card lifecycle and statuses](https://developers.pismo.io/pismo-docs/docs/card-lifecycle-and-statuses) guide for more information and a complete list.\n",
"example": "NORMAL"
},
"CardType": {
"type": "string",
"description": "Card type enum:\n * `PLASTIC` - Physical card - plastic or metal.\n * `VIRTUAL` - Digital card with fixed PAN and dynamic CVV.\n * `TEMPORARY` - Virtual card with a fixed PAN and CVV meant for short-term use, typically 24 hours. For more information, refer to [Configuring temporary cards](https://developers.pismo.io/pismo-docs/docs/cards-overview-1#configuring-temporary-cards) in the Cards management guide.\n * `RECURRING` - Virtual card with a fixed PAN and CVV originally meant for use with recurring subscriptions. This type is being **DEPRECATED** and it is recommended you use `VIRTUAL` instead. \n",
"example": "VIRTUAL",
"enum": [
"PLASTIC",
"VIRTUAL",
"RECURRING",
"TEMPORARY"
]
},
"Contactless": {
"type": "boolean",
"description": "For physical cards. Is card enabled for contactless transactions? \n \nWith contactless transactions, you hold or tap the card on contactless-enabled card reader to complete a transaction. This requires that both the card and the terminal have Near Field Communication (NFC) technology. Most embossers can create plastic contactless cards.\n\nDefault is `true`.\n",
"default": true,
"example": false
},
"CreateCard": {
"type": "object",
"description": "Card create request payload",
"required": [
"name",
"type"
],
"properties": {
"name": {
"$ref": "#/components/schemas/CardAlias"
},
"type": {
"$ref": "#/components/schemas/CardType"
},
"printed_name": {
"$ref": "#/components/schemas/PrintedName"
},
"pin_length": {
"$ref": "#/components/schemas/PinLength"
},
"cvv_rotation_interval_hours": {
"$ref": "#/components/schemas/cvvRotationInterval"
},
"transaction_limit": {
"$ref": "#/components/schemas/TransactionLimit"
},
"metadata": {
"$ref": "#/components/schemas/Metadata"
},
"embossing_group": {
"$ref": "#/components/schemas/EmbossingGroup"
},
"embossing_custom_field": {
"$ref": "#/components/schemas/EmbossingCustomField"
},
"contactless_enabled": {
"$ref": "#/components/schemas/Contactless"
},
"abu_enabled": {
"$ref": "#/components/schemas/ABUenabled"
},
"template_id": {
"$ref": "#/components/schemas/TemplateID"
},
"mode_type": {
"$ref": "#/components/schemas/ModeType"
},
"generate_pvv": {
"$ref": "#/components/schemas/GeneratePvv"
},
"validity_period_hours": {
"$ref": "#/components/schemas/ValidityPeriodHours"
},
"status": {
"$ref": "#/components/schemas/Status"
},
"brand": {
"$ref": "#/components/schemas/SentBrand"
},
"expiration_date": {
"$ref": "#/components/schemas/ExpirationDate"
},
"atm_change_online_pin_when_script_sent": {
"$ref": "#/components/schemas/ATMchangeOnlinePinWhenScriptSent"
}
}
},
"CreateCardResponse": {
"type": "object",
"description": "Card creation response object",
"properties": {
"id": {
"$ref": "#/components/schemas/CardID2"
},
"name": {
"$ref": "#/components/schemas/CardAlias"
},
"status": {
"$ref": "#/components/schemas/CardStatus"
},
"type": {
"$ref": "#/components/schemas/CardType"
},
"transaction_limit": {
"$ref": "#/components/schemas/TransactionLimit"
},
"metadata": {
"$ref": "#/components/schemas/Metadata"
},
"cvv_rotation_interval_hours": {
"$ref": "#/components/schemas/cvvRotationInterval"
},
"embossing_custom_field": {
"$ref": "#/components/schemas/EmbossingCustomField"
},
"contactless_enabled": {
"$ref": "#/components/schemas/Contactless"
},
"abu_enabled": {
"$ref": "#/components/schemas/ABUenabled"
},
"template_id": {
"$ref": "#/components/schemas/TemplateID"
},
"mode_type": {
"$ref": "#/components/schemas/ModeType"
},
"validity_period_hours": {
"$ref": "#/components/schemas/ValidityPeriodHours"
},
"valid_until": {
"$ref": "#/components/schemas/ValidUntil2"
}
}
},
"cvvRotationInterval": {
"type": "integer",
"description": "REQUIRED for a virtual card. Virtual card CVV rotation interval in hours.\n\nTo force a rotation manually, call the [Rotate virtual card CVV](https://developers.pismo.io/pismo-docs/reference/post-v2-reset-cvv) endpoint.\n\nIf `0` is passed, the CVV will **NOT** be rotated.\n",
"minimum": 1,
"maximum": 4320,
"example": 24
},
"EmbossingCustomField": {
"type": "string",
"description": "For physical cards. Additional information for embossing company. For example: tracking number or whether the card should be plastic or metal. \n\nYou can use this field for any embossing needs specific to your business. Whatever is sent must be agreed upon with the embosser—what to send, what values to send, what format to send, what size to send for each value, and so on.\n",
"example": "Tracking ID = 5859930",
"maxLength": 1000
},
"EmbossingGroup": {
"type": "string",
"description": "Embossing group name. Clients can work with multi-embossers. You can use this field to notify an embosser about a card request. If this parameter is not passed, and you work with multi-embossers, the default embosser is used. For more information, refer to the [Physical card embossing](https://developers.pismo.io/pismo-docs/docs/physical-card-embossing) guide.\n",
"minLength": 2,
"maxLength": 32,
"example": "EM1-embosser"
},
"ExpirationDate": {
"type": "string",
"description": "Card expiration date (format = yymm). If passed, the card expiration date is not calculated using the \"Card expiration (# of months)\" program parameter.\n",
"example": "2803"
},
"GeneratePvv": {
"type": "boolean",
"description": "For physical cards. Should a PIN Verification Value (PVV) be generated and inserted into the card tracks during embossing, or should the PVV be generated and sent to Visa when updating the card's PIN? Visa's PIN Verification Service (PVS) **must** be enabled. The default is `false`.\n",
"default": false,
"example": true
},
"Metadata": {
"type": "object",
"description": "Any key-value object. Max length = 3200 bytes. This **must** be valid JSON data.",
"example": {
"my-custom-key": "my-custom-value"
},
"maxLength": 3200
},
"ModeType": {
"type": "string",
"description": "Mode type enum - `SINGLE` or `COMBO`. A combo card can have both a credit and debit *mode*, meaning it is associated with both a credit and debit program and account. A single card has one mode - credit or debit. Refer to the [mode documentation](https://developers.pismo.io/pismo-docs/docs/cards-overview-1#create-a-combination-card-with-card-modes) in the Card overview guide for more information.\n",
"example": "COMBO",
"enum": [
"SINGLE",
"COMBO"
]
},
"PinLength": {
"type": "integer",
"description": "PIN length - 4 or 6 digits. Default is `4`.",
"default": 4,
"enum": [
4,
6
]
},
"PrintedName": {
"type": "string",
"minLength": 2,
"maxLength": 26,
"example": "Chester Fields",
"description": "Printed/embossed card name.\n\nCurrently, you have 3 ways to populate this field:\n \n 1. During account creation via the `application.applicant.personal.social_name` field.\n 2. During account creation via the `application.applicant.personal.name` field when the field in #1 is not set.\n 3. Passing the `printed_name` field during card creation, updating a card, or when reissuing a card. This takes priority over #1 and #2.\n\nNo letters with accents, numbers, or special characters - only letters (a-z|A-Z) and space, as specified in the ISO EMV tag 5F20 for cardholder name.\n\n**REQUIRED** for an `UNNUMBERED` card (Card created without PIN or PAN that issuer defines at some point in the future.)\n"
},
"SentBrand": {
"type": "string",
"description": "Card network that overrides the one set up by the card's program. \n\n**REQUIRED** when the `status` field is used for `UNNUMBERED` cards.\n",
"example": "VISA",
"enum": [
"VISA",
"MASTERCARD",
"ELO",
"RUPAY",
"PRIVATE"
]
},
"Status": {
"type": "string",
"description": "Card status, sent when an `UNNUMBERED` card is requested. For issuers who want to create cards on the Pismo platform that will not have PCI data (PAN, PIN) generated here but that they will provide at some point in the future. \n",
"example": "UNNUMBERED",
"enum": [
"UNNUMBERED"
]
},
"TemplateID": {
"type": "string",
"description": "Template ID. Templates are used to implement the BIN override feature. For more information, refer to the [BIN override](https://developers.pismo.io/pismo-docs/docs/bin-override-feature) guide.\n",
"example": "EAFA693A-57B2-4029-97F3-D20D6F06D79B"
},
"TransactionLimit": {
"type": "string",
"description": "Optional for virtual cards. Maximum amount allowed per transaction. Set up to the approved limit. If not set, account limit is used.",
"example": "500.00"
},
"ValidityPeriodHours": {
"type": "integer",
"description": "How long, in hours, the card is valid. Cannot exceed the card's `expiration_date`. Once this period is exceeded, and the card has a `NORMAL`, `BLOCKED`, `PENDING`, `WARNING` or `REISSUED` status, its status becomes `INOPERATIVE`. \n\nThis field is used to calculate the datetime value for `valid_until`.\n\nFor `VIRTUAL` and `PLASTIC` cards. Setting this field for `TEMPORARY` or `RECURRING` cards returns a **400 Bad request** error. \n",
"example": 240
},
"ValidUntil2": {
"type": "string",
"description": "Card is valid until this datetime. ISO 8601 format. Once this time is exceeded, and the card has a `NORMAL`, `BLOCKED`, `PENDING`, `WARNING` or `REISSUED` status, its status becomes `INOPERATIVE`. \nThis field's value is calculated using the `validity_period_hours`. \n",
"example": "2021-07-03T17:23:18Z"
}
},
"securitySchemes": {
"BearerAuth": {
"type": "http",
"scheme": "bearer",
"description": "Account token - an access token encoded with a Pismo account ID. Tokens can expire quickly, which can result in an \"Unauthorized\" error.",
"bearerFormat": "JWT"
}
},
"responses": {
"401Unauthorized": {
"description": "Access token is missing or invalid"
},
"403Forbidden": {
"description": "You don't have permission to access this resource"
},
"409ConflictCardsPost": {
"description": "You already have a card with this type and name active"
},
"500InternalServer": {
"description": "Internal server error"
}
}
},
"paths": {
"/wallet/v2/cards": {
"post": {
"summary": "Create card",
"description": "Create a virtual or physical (plastic/metal) card.\n\nRefer to the [Cards management](https://developers.pismo.io/pismo-docs/docs/cards-overview-1) guide for more information about physical and virtual cards.\n\nFor more information about embossing, refer to [Embossing flows](https://developers.pismo.io/pismo-docs/docs/physical-card-embossing#embossing-flow).\n\nThis endpoint generates a [Card created](https://developers.pismo.io/events/docs/cards-create-1) event. The card's PCI data is created asynchronously as is the Card created event. Any operation that tries to access a card before this event, such as update password or get PCI information, is going to return a **404, not found** error.\n",
"operationId": "post-v2-card",
"tags": [
"Cards"
],
"parameters": [
{
"$ref": "#/components/parameters/customerIdHeader"
},
{
"$ref": "#/components/parameters/idempotencyHeader"
}
],
"requestBody": {
"description": "Request body",
"required": true,
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/CreateCard"
}
}
}
},
"responses": {
"200": {
"description": "Card creation response when `x-idempotency-key` is passed and the card had already been created in a preivous call.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/CreateCardResponse"
}
}
}
},
"201": {
"description": "Card creation response - with or without `x-idempotency-key` passed.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/CreateCardResponse"
}
}
}
},
"401": {
"$ref": "#/components/responses/401Unauthorized"
},
"403": {
"$ref": "#/components/responses/403Forbidden"
},
"409": {
"$ref": "#/components/responses/409ConflictCardsPost"
},
"500": {
"$ref": "#/components/responses/500InternalServer"
}
}
}
}
}
}
```