# Change card password

Update a card's password (PIN).

**Note**: This does not change the password recorded on an embossed card's chip. If the card is configured for offline password verification, you need to change the password on the physical card. To do that, you can use a [card script](doc:card-scripts).

This endpoint generates a [Card password changed](https://developers.pismo.io/events/docs/cards-update-password-1) event.

**Note:** This is a PCI endpoint, use the https://gw-pci.pismolabs.io environment.


# OpenAPI definition

```json
{
  "openapi": "3.0.1",
  "info": {
    "title": "Card issuing - Cards",
    "version": "1.4.6",
    "description": "Card endpoints API",
    "contact": {
      "name": "API Support",
      "url": "https://developers.pismo.io/support/"
    },
    "license": {
      "name": "Copyright Pismo"
    }
  },
  "servers": [
    {
      "url": "https://sandbox.pismolabs.io",
      "description": "Sandbox API server for testing."
    },
    {
      "url": "https://gw-pci.pismolabs.io",
      "description": "Sandbox PCI API server for testing"
    }
  ],
  "security": [
    {
      "BearerAuth": []
    }
  ],
  "tags": [
    {
      "name": "PCI",
      "description": "Card PCI/sensitive information endpoints"
    }
  ],
  "components": {
    "parameters": {
      "cardId": {
        "in": "path",
        "name": "cardId",
        "schema": {
          "type": "string"
        },
        "description": "Pismo card ID",
        "required": true
      }
    },
    "schemas": {
      "CardUpdateResponse": {
        "type": "string",
        "description": "Response for card password update request",
        "example": "[:correlationId] Card updated"
      },
      "PIN2": {
        "type": "string",
        "description": "New card Primary Identification Number (PIN)- 4 or 6 digits.",
        "minLength": 4,
        "maxLength": 6,
        "example": "1234"
      },
      "SyncOfflinePin": {
        "type": "boolean",
        "description": "Synchronize the offline PIN with the current online PIN value?\n\nIf `true`, the platform generates a script with the new online PIN, sends the script in the response to the next authorization made with a chip (contact), and generates the [Card issuer script notification received](https://developers.pismo.io/events/docs/cards-issuer-script-1) event. \n \nDefault is `false`.\n",
        "example": true,
        "default": false
      },
      "UpdateCardPCI": {
        "type": "object",
        "description": "Object to update card password",
        "required": [
          "pin"
        ],
        "properties": {
          "pin": {
            "$ref": "#/components/schemas/PIN2"
          },
          "sync_offline_pin": {
            "$ref": "#/components/schemas/SyncOfflinePin"
          }
        }
      }
    },
    "securitySchemes": {
      "BearerAuth": {
        "type": "http",
        "scheme": "bearer",
        "description": "Account token - an access token encoded with a Pismo account ID. Tokens can expire quickly, which can result in an \"Unauthorized\" error.",
        "bearerFormat": "JWT"
      }
    },
    "responses": {
      "401Unauthorized": {
        "description": "Access token is missing or invalid"
      },
      "403Forbidden": {
        "description": "You don't have permission to access this resource"
      },
      "404NotFound": {
        "description": "The specified resource was not found"
      },
      "500InternalServer": {
        "description": "Internal server error"
      }
    }
  },
  "paths": {
    "/pcicards/v2/pcicards/card/{cardId}": {
      "put": {
        "operationId": "put-v2-card-password",
        "summary": "Change card password",
        "description": "Update a card's password (PIN).\n\n**Note**: This does not change the password recorded on an embossed card's chip. If the card is configured for offline password verification, you need to change the password on the physical card. To do that, you can use a [card script](https://developers.pismo.io/pismo-docs/docs/card-scripts).\n\nThis endpoint generates a [Card password changed](https://developers.pismo.io/events/docs/cards-update-password-1) event.\n\n**Note:** This is a PCI endpoint, use the https://gw-pci.pismolabs.io environment.\n",
        "tags": [
          "PCI"
        ],
        "parameters": [
          {
            "$ref": "#/components/parameters/cardId"
          }
        ],
        "requestBody": {
          "description": "Request body",
          "required": true,
          "content": {
            "application/json": {
              "schema": {
                "$ref": "#/components/schemas/UpdateCardPCI"
              }
            }
          }
        },
        "responses": {
          "201": {
            "description": "Response for Update password request",
            "content": {
              "application/json": {
                "schema": {
                  "$ref": "#/components/schemas/CardUpdateResponse"
                }
              }
            }
          },
          "401": {
            "$ref": "#/components/responses/401Unauthorized"
          },
          "403": {
            "$ref": "#/components/responses/403Forbidden"
          },
          "404": {
            "$ref": "#/components/responses/404NotFound"
          },
          "500": {
            "$ref": "#/components/responses/500InternalServer"
          }
        }
      }
    }
  }
}
```