Shell HTTP JavaScript Node.JS Ruby Python Java Go

Cards v0.15.2

Scroll down for code samples, example requests and responses. Select a language for code samples from the tabs above or the mobile navigation menu.

Monitor and manage debit cards associated with a bank account.

This API defines models and operations for the following resources:

This API provides the following features to customers (the card holder):

Only the card holder (the individual the card is issued to) may access the card control and card replacement operations.

This API provides the following features to financial institution administrative users:

Additionally, administrative users may perform the following operations on behalf of the customer:

Multi-factor authentication challenges

To prevent account takeover attacks, some operations to request cards or to operate on cards require multi-factor authentication (MFA). An MFA challenge is a process to verify the user's identity through one or more additional authentication steps.

For example, when the client tries the createCardRequest without a valid redeemable Apiture-Challenge request header, the operation may fail with a 409 Conflict. The response body, defined by the challengeErrorResponse schema, contains a challenge resource which includes one or more authenticators. An authenticator may require the user to enter a verification code sent to the user's email account or mobile phone. (The client may let the user choose which authenticators to use, if there are more options than the required minimum.) Next, the client should start least one of the authenticators.

The user completes the authenticator(s), for example by entering the verification code. Once the user has completed all the authenticators successfully, the client passes the resource ID of the challenge resource in the Apiture-Challenge request header to continue the operation that required MFA. Thus, these operations may require two tries: the first (without the Apiture-Challenge header), which fails with a 409 status (the response contains the challenge object), then after completing the challenges' authenticators, a second try, passing in the Apiture-Challenge header.

Error Types

Error responses in this API may have one of the type values described below. See Errors for more information on error responses and error types.

cardRequestRefNotFound

Description: The request card request resource ID does not identify a card.
Remediation: Pass the ID of an existing card request resource.

cardRefNotFound

Description: The request card resource ID does not identify a card.
Remediation: Pass the ID of an existing card resource.

Description: The request contains an invalid reference to an account.
Remediation: Pass the URI of a valid account that the current user holds.

missingApitureChallengeHeader

Description: The Apiture-Challenge request header was not passed.
Remediation: Pass the _id of a valid, verified challenge resource in the Apiture-Challenge request header.

productDoesNotSupportCards

Description: The banking product associated with the account does not support card requests.
Remediation: Select an account that supports cards.

challengedExpired

Description: The challenge resource specified in the Apiture-Challenge request header has expired.
Remediation: Obtain a new challenge resource.

challengedNotVerified

Description: The challenge resource specified in the Apiture-Challenge request header has not been verified.
Remediation: Complete the challenge verification before using a challenge resource.

challengedAlreadyRedeemed

Description: The challenge resource specified in the Apiture-Challenge request header has been redeemed the maximum number of times.
Remediation: Obtain a new challenge resource.

Download OpenAPI Definition (YAML)

Base URLs:

Terms of service

Email: Apiture Web: Apiture

Authentication

Scope Scope Description
card/read Read access to cards and card replacements.
card/write Write (update) access to cards and card replacements.
card/delete Delete access to cards and card replacements.
card/full Full access to cards and card replacements.
admin/write Administrative write (update) access to cards and card replacements.

Card Requests

Requests to Issue New or Replacement Cards

getCardRequests

Code samples

# You can also use wget
curl -X GET /cards/cardRequests \
  -H 'Accept: application/hal+json' \
  -H 'API-Key: API_KEY' \
  -H 'Authorization: Bearer {access-token}'

GET /cards/cardRequests HTTP/1.1

Accept: application/hal+json

var headers = {
  'Accept':'application/hal+json',
  'API-Key':'API_KEY',
  'Authorization':'Bearer {access-token}'

};

$.ajax({
  url: '/cards/cardRequests',
  method: 'get',

  headers: headers,
  success: function(data) {
    console.log(JSON.stringify(data));
  }
})

const fetch = require('node-fetch');

const headers = {
  'Accept':'application/hal+json',
  'API-Key':'API_KEY',
  'Authorization':'Bearer {access-token}'

};

fetch('/cards/cardRequests',
{
  method: 'GET',

  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

require 'rest-client'
require 'json'

headers = {
  'Accept' => 'application/hal+json',
  'API-Key' => 'API_KEY',
  'Authorization' => 'Bearer {access-token}'
}

result = RestClient.get '/cards/cardRequests',
  params: {
  }, headers: headers

p JSON.parse(result)

import requests
headers = {
  'Accept': 'application/hal+json',
  'API-Key': 'API_KEY',
  'Authorization': 'Bearer {access-token}'
}

r = requests.get('/cards/cardRequests', params={

}, headers = headers)

print r.json()

URL obj = new URL("/cards/cardRequests");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("GET");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
    new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
    response.append(inputLine);
}
in.close();
System.out.println(response.toString());

package main

import (
       "bytes"
       "net/http"
)

func main() {

    headers := map[string][]string{
        "Accept": []string{"application/hal+json"},
        "API-Key": []string{"API_KEY"},
        "Authorization": []string{"Bearer {access-token}"},
        
    }

    data := bytes.NewBuffer([]byte{jsonReq})
    req, err := http.NewRequest("GET", "/cards/cardRequests", data)
    req.Header = headers

    client := &http.Client{}
    resp, err := client.Do(req)
    // ...
}

Return a collection of card requests

GET /cardRequests

Return a paginated sortable filterable searchable collection of requests for new or replacement card. The links in the response include pagination links.

For financial institution customers, this collection only returns card requests that the customer has created or which apply to their cards.

Parameters

Parameter Description
start
(query)
integer(int64)
The zero-based index of the first card request item to include in this page. The default 0 denotes the beginning of the collection.
limit
(query)
integer(int32)
The maximum number of card request representations to return in this page.
Default: 100
sortBy
(query)
string
Optional sort criteria. See sort criteria format, such as ?sortBy=field1,-field2.
filter
(query)
string
Optional filter criteria. See filtering.
q
(query)
string
Optional search string. See searching.
state
(query)
string
Filter responses to list only cards in the listed state or |-separated set of states. Examples: ?state=submitted , ?state=canceled|completed|rejected
Enumerated values:
pending
submitted
canceled
rejected
completed
submittedOn
(query)
string(date)
Filter the response to card requests submitted on this date or set of |-separated dates. Dates are in RFC 3339 YYYY-MM-DD format. Examples: ?submittedDate=2019-06-10 or ?submittedDate=2019-06-10|2019-06-08|2019-06-07
modifiedOn
(query)
string(date)
Filter the response to card requests last modified on this date or set of |-separated dates. Dates are in RFC 3339 YYYY-MM-DD format. Examples: ?modifiedOn=2019-06-10 or ?modifiedOn=2019-06-10|2019-06-08|2019-06-07
resolvedOn
(query)
string(date)
Filter the response to card requests resolved on this date or set of |-separated dates. Dates are in RFC 3339 YYYY-MM-DD format. Examples: ?resolvedOn=2019-06-10 or ?resolvedOn=2019-06-10|2019-06-08|2019-06-07
updatedBy
(query)
string
Filter the response to card requests created by the user named by this user ID.

Try It

Example responses

200 Response

{
  "_profile": "https://api.apiture.com/schemas/cards/cardRequests/v1.0.0/profile.json",
  "start": 10,
  "limit": 10,
  "count": 67,
  "name": "cardRequests",
  "_links": {
    "self": {
      "href": "/cards/cardRequests?start=10&limit=10"
    },
    "first": {
      "href": "/cards/cardRequests?start=0&limit=10"
    },
    "next": {
      "href": "/cards/cardRequests?start=20&limit=10"
    },
    "collection": {
      "href": "/cards/cardRequests"
    }
  },
  "_embedded": {
    "items": {
      "anyOf": [
        {
          "_id": "0399abed-fd3d-4830-a88b-30f38b8a365c",
          "_profile": "https://api.apiture.com/schemas/cards/cardRequest/v1.0.0/profile.json",
          "_links": {
            "self": {
              "href": "/cards/cardRequests/0399abed-fd3d-4830-a88b-30f38b8a365c"
            }
          }
        },
        {
          "_id": "d62c0701-0d74-4836-83f9-ebf3709442ea",
          "_profile": "https://api.apiture.com/schemas/cards/cardRequest/v1.0.0/profile.json",
          "_links": {
            "self": {
              "href": "/cards/cardRequests/d62c0701-0d74-4836-83f9-ebf3709442ea"
            }
          }
        }
      ]
    }
  }
}

Responses

StatusDescription
200 OK
OK
Schema: cardRequests
StatusDescription
400 Bad Request
Bad Request. The request body or one or more of the query parameters was not well formed. The _error field in the response will contain details about the request error.
Schema: errorResponse
StatusDescription
422 Unprocessable Entity
Unprocessable Entity. One or more of the query parameters was well formed but otherwise invalid. The _error field in the response will contain details about the request error.
Schema: errorResponse

createCardRequest

Code samples

# You can also use wget
curl -X POST /cards/cardRequests \
  -H 'Content-Type: application/hal+json' \
  -H 'Accept: application/hal+json' \
  -H 'Apiture-Challenge: string' \
  -H 'API-Key: API_KEY' \
  -H 'Authorization: Bearer {access-token}'

POST /cards/cardRequests HTTP/1.1

Content-Type: application/hal+json
Accept: application/hal+json
Apiture-Challenge: string

var headers = {
  'Content-Type':'application/hal+json',
  'Accept':'application/hal+json',
  'Apiture-Challenge':'string',
  'API-Key':'API_KEY',
  'Authorization':'Bearer {access-token}'

};

$.ajax({
  url: '/cards/cardRequests',
  method: 'post',

  headers: headers,
  success: function(data) {
    console.log(JSON.stringify(data));
  }
})

const fetch = require('node-fetch');
const inputBody = '{
  "_profile": "https://api.apiture.com/schemas/cards/cardRequest/v1.0.0/profile.json",
  "cardId": "9e5a519c-ed3d-48ec-84d0-ef29b2843803",
  "reason": "lost",
  "description": "Replace lost card",
  "_links": {
    "apiture:account": {
      "href": "https://api.example.com/accounts/accounts/617c31ce-7bf0-4e55-a5df-12916ff22ada"
    }
  }
}';
const headers = {
  'Content-Type':'application/hal+json',
  'Accept':'application/hal+json',
  'Apiture-Challenge':'string',
  'API-Key':'API_KEY',
  'Authorization':'Bearer {access-token}'

};

fetch('/cards/cardRequests',
{
  method: 'POST',
  body: inputBody,
  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

require 'rest-client'
require 'json'

headers = {
  'Content-Type' => 'application/hal+json',
  'Accept' => 'application/hal+json',
  'Apiture-Challenge' => 'string',
  'API-Key' => 'API_KEY',
  'Authorization' => 'Bearer {access-token}'
}

result = RestClient.post '/cards/cardRequests',
  params: {
  }, headers: headers

p JSON.parse(result)

import requests
headers = {
  'Content-Type': 'application/hal+json',
  'Accept': 'application/hal+json',
  'Apiture-Challenge': 'string',
  'API-Key': 'API_KEY',
  'Authorization': 'Bearer {access-token}'
}

r = requests.post('/cards/cardRequests', params={

}, headers = headers)

print r.json()

URL obj = new URL("/cards/cardRequests");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("POST");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
    new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
    response.append(inputLine);
}
in.close();
System.out.println(response.toString());

package main

import (
       "bytes"
       "net/http"
)

func main() {

    headers := map[string][]string{
        "Content-Type": []string{"application/hal+json"},
        "Accept": []string{"application/hal+json"},
        "Apiture-Challenge": []string{"string"},
        "API-Key": []string{"API_KEY"},
        "Authorization": []string{"Bearer {access-token}"},
        
    }

    data := bytes.NewBuffer([]byte{jsonReq})
    req, err := http.NewRequest("POST", "/cards/cardRequests", data)
    req.Header = headers

    client := &http.Client{}
    resp, err := client.Do(req)
    // ...
}

Request a new or replacement card

POST /cardRequests

Request a new or replacement card by creating a new card request resource, adding it to the cardRequests collection.

This operation may require the user to complete an additional multi-factor authentication (MFA) challenge if the financial institution has configured MFA on new or replacement card requests. If the request fails because MFA is required, the response code is 409 and the _error.type in the response is missingApitureChallengeHeader. The client should complete the MFA challenge and retry the operation with the Apiture-Challenge request header as described in Multi-factor authentication challenges above.

Body parameter

{
  "_profile": "https://api.apiture.com/schemas/cards/cardRequest/v1.0.0/profile.json",
  "cardId": "9e5a519c-ed3d-48ec-84d0-ef29b2843803",
  "reason": "lost",
  "description": "Replace lost card",
  "_links": {
    "apiture:account": {
      "href": "https://api.example.com/accounts/accounts/617c31ce-7bf0-4e55-a5df-12916ff22ada"
    }
  }
}

Parameters

Parameter Description
Apiture-Challenge
(header)
string
The unique identifier of a Challenge resource which demonstrates the user has recently verified their identity. See the discussion of Multi-factor authentication challenges above. The value must be the _id string of a valid, redeemable Challenge resource which matches the challenge context.
body
(body)
createCardRequest (required)
The data necessary to create a new card request resource.

Try It

Example responses

201 Response

{
  "_id": "35eb0e67-ac9b-44d7-8799-6648ba6b1c65",
  "_profile": "https://api.apiture.com/schemas/cards/cardRequest/v1.0.0/profile.json",
  "cardId": "9e5a519c-ed3d-48ec-84d0-ef29b2843803",
  "reason": "lost",
  "description": "Replace lost card",
  "submittedAt": "2019-06-07T05:18:30.375Z",
  "updatedAt": "2019-06-07T05:18:30.375Z",
  "updatedBy": "lucy.wellphunded@bankcustomer.example.com",
  "_links": {
    "self": {
      "href": "/cards/cardRequests/35eb0e67-ac9b-44d7-8799-6648ba6b1c65"
    },
    "apiture:card": {
      "href": "/cards/cards/9e5a519c-ed3d-48ec-84d0-ef29b2843803"
    },
    "apiture:account": {
      "href": "https://api.example.com/accounts/accounts/617c31ce-7bf0-4e55-a5df-12916ff22ada"
    },
    "apiture:cancel": {
      "href": "https://api.example.com/cards/canceledCardRequests?cardRequest=617c31ce-7bf0-4e55-a5df-12916ff22ada"
    }
  }
}

Responses

StatusDescription
201 Created
Created
Schema: cardRequest
StatusDescription
400 Bad Request
Bad Request. The request body or one or more of the query parameters was not well formed. The _error field in the response will contain details about the request error.
Schema: errorResponse
StatusDescription
409 Conflict

Conflict. The request is not allowed or requires a valid Apiture-Challenge header The error response will contain a challenge object and one or more authenticators for the client to start and complete before retrying. See See Multi-factor authentication challenges above.

This error response may have one of the following type values:

Schema: challengeErrorResponse

Response Headers

StatusDescription
201 Location string uri
The URI of the new resource. If the URI begins with / it is relative to the API root context. Else, it is a full URI starting with scheme://host
201 ETag string
The ETag response header specifies an entity tag which must be provided in an If-Match request header for PUT or PATCH operations which update the resource.

getCardRequest

Code samples

# You can also use wget
curl -X GET /cards/cardRequests/{cardRequestId} \
  -H 'Accept: application/hal+json' \
  -H 'If-None-Match: string' \
  -H 'API-Key: API_KEY' \
  -H 'Authorization: Bearer {access-token}'

GET /cards/cardRequests/{cardRequestId} HTTP/1.1

Accept: application/hal+json
If-None-Match: string

var headers = {
  'Accept':'application/hal+json',
  'If-None-Match':'string',
  'API-Key':'API_KEY',
  'Authorization':'Bearer {access-token}'

};

$.ajax({
  url: '/cards/cardRequests/{cardRequestId}',
  method: 'get',

  headers: headers,
  success: function(data) {
    console.log(JSON.stringify(data));
  }
})

const fetch = require('node-fetch');

const headers = {
  'Accept':'application/hal+json',
  'If-None-Match':'string',
  'API-Key':'API_KEY',
  'Authorization':'Bearer {access-token}'

};

fetch('/cards/cardRequests/{cardRequestId}',
{
  method: 'GET',

  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

require 'rest-client'
require 'json'

headers = {
  'Accept' => 'application/hal+json',
  'If-None-Match' => 'string',
  'API-Key' => 'API_KEY',
  'Authorization' => 'Bearer {access-token}'
}

result = RestClient.get '/cards/cardRequests/{cardRequestId}',
  params: {
  }, headers: headers

p JSON.parse(result)

import requests
headers = {
  'Accept': 'application/hal+json',
  'If-None-Match': 'string',
  'API-Key': 'API_KEY',
  'Authorization': 'Bearer {access-token}'
}

r = requests.get('/cards/cardRequests/{cardRequestId}', params={

}, headers = headers)

print r.json()

URL obj = new URL("/cards/cardRequests/{cardRequestId}");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("GET");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
    new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
    response.append(inputLine);
}
in.close();
System.out.println(response.toString());

package main

import (
       "bytes"
       "net/http"
)

func main() {

    headers := map[string][]string{
        "Accept": []string{"application/hal+json"},
        "If-None-Match": []string{"string"},
        "API-Key": []string{"API_KEY"},
        "Authorization": []string{"Bearer {access-token}"},
        
    }

    data := bytes.NewBuffer([]byte{jsonReq})
    req, err := http.NewRequest("GET", "/cards/cardRequests/{cardRequestId}", data)
    req.Header = headers

    client := &http.Client{}
    resp, err := client.Do(req)
    // ...
}

Fetch a representation of this card request

GET /cardRequests/{cardRequestId}

Return a HAL representation of this card request resource.

Parameters

Parameter Description
cardRequestId
(path)
string (required)
The unique identifier of this card request resource. This is an opaque string.
If-None-Match
(header)
string
The entity tag that was returned in the ETag response. If the resource's current entity tag matches, the GET will return 304 (Not Modified) and no response body, else the resource representation will be returned.

Try It

Example responses

200 Response

{
  "_id": "35eb0e67-ac9b-44d7-8799-6648ba6b1c65",
  "_profile": "https://api.apiture.com/schemas/cards/cardRequest/v1.0.0/profile.json",
  "cardId": "9e5a519c-ed3d-48ec-84d0-ef29b2843803",
  "reason": "lost",
  "description": "Replace lost card",
  "submittedAt": "2019-06-07T05:18:30.375Z",
  "updatedAt": "2019-06-07T05:18:30.375Z",
  "updatedBy": "lucy.wellphunded@bankcustomer.example.com",
  "_links": {
    "self": {
      "href": "/cards/cardRequests/35eb0e67-ac9b-44d7-8799-6648ba6b1c65"
    },
    "apiture:card": {
      "href": "/cards/cards/9e5a519c-ed3d-48ec-84d0-ef29b2843803"
    },
    "apiture:account": {
      "href": "https://api.example.com/accounts/accounts/617c31ce-7bf0-4e55-a5df-12916ff22ada"
    },
    "apiture:cancel": {
      "href": "https://api.example.com/cards/canceledCardRequests?cardRequest=617c31ce-7bf0-4e55-a5df-12916ff22ada"
    }
  }
}

Responses

StatusDescription
200 OK
OK
Schema: cardRequest
StatusDescription
304 Not Modified
Not Modified. The resource has not been modified since it was last fetched.
StatusDescription
404 Not Found
Not Found. There is no such card card request resource at the specified {cardRequestId}. The _error field in the response will contain details about the request error.
Schema: errorResponse

Response Headers

StatusDescription
200 ETag string
The ETag response header specifies an entity tag which must be provided in an If-Match request header for PUT or PATCH operations which update this card request resource.

deleteCardRequest

Code samples

# You can also use wget
curl -X DELETE /cards/cardRequests/{cardRequestId} \
  -H 'API-Key: API_KEY' \
  -H 'Authorization: Bearer {access-token}'

DELETE /cards/cardRequests/{cardRequestId} HTTP/1.1

var headers = {
  'API-Key':'API_KEY',
  'Authorization':'Bearer {access-token}'

};

$.ajax({
  url: '/cards/cardRequests/{cardRequestId}',
  method: 'delete',

  headers: headers,
  success: function(data) {
    console.log(JSON.stringify(data));
  }
})

const fetch = require('node-fetch');

const headers = {
  'API-Key':'API_KEY',
  'Authorization':'Bearer {access-token}'

};

fetch('/cards/cardRequests/{cardRequestId}',
{
  method: 'DELETE',

  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

require 'rest-client'
require 'json'

headers = {
  'API-Key' => 'API_KEY',
  'Authorization' => 'Bearer {access-token}'
}

result = RestClient.delete '/cards/cardRequests/{cardRequestId}',
  params: {
  }, headers: headers

p JSON.parse(result)

import requests
headers = {
  'API-Key': 'API_KEY',
  'Authorization': 'Bearer {access-token}'
}

r = requests.delete('/cards/cardRequests/{cardRequestId}', params={

}, headers = headers)

print r.json()

URL obj = new URL("/cards/cardRequests/{cardRequestId}");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("DELETE");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
    new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
    response.append(inputLine);
}
in.close();
System.out.println(response.toString());

package main

import (
       "bytes"
       "net/http"
)

func main() {

    headers := map[string][]string{
        "API-Key": []string{"API_KEY"},
        "Authorization": []string{"Bearer {access-token}"},
        
    }

    data := bytes.NewBuffer([]byte{jsonReq})
    req, err := http.NewRequest("DELETE", "/cards/cardRequests/{cardRequestId}", data)
    req.Header = headers

    client := &http.Client{}
    resp, err := client.Do(req)
    // ...
}

Delete this card request resource

DELETE /cardRequests/{cardRequestId}

Delete this card request resource and any resources that are owned by it. This effectively cancels the card request request if the request has not been processed.

Parameters

Parameter Description
cardRequestId
(path)
string (required)
The unique identifier of this card request resource. This is an opaque string.

Try It

Responses

StatusDescription
204 No Content
No Content. The resource was deleted successfully.

estimateCardShippingCharges

Code samples

# You can also use wget
curl -X POST /cards/shippingCharges \
  -H 'Content-Type: application/hal+json' \
  -H 'Accept: application/hal+json' \
  -H 'API-Key: API_KEY' \
  -H 'Authorization: Bearer {access-token}'

POST /cards/shippingCharges HTTP/1.1

Content-Type: application/hal+json
Accept: application/hal+json

var headers = {
  'Content-Type':'application/hal+json',
  'Accept':'application/hal+json',
  'API-Key':'API_KEY',
  'Authorization':'Bearer {access-token}'

};

$.ajax({
  url: '/cards/shippingCharges',
  method: 'post',

  headers: headers,
  success: function(data) {
    console.log(JSON.stringify(data));
  }
})

const fetch = require('node-fetch');
const inputBody = '{
  "_profile": "https://production.api.apiture.com/schemas/cards/cardShippingEstimateRequest/v1.0.0/profile.json",
  "cardId": "0399abed-fd3d-4830-a88b-30f38b8a365c",
  "_links": {
    "apiture:account": {
      "href": "/accounts/accounts/c4fff7a4-8654-4085-aeba-a984de81dcc3"
    }
  }
}';
const headers = {
  'Content-Type':'application/hal+json',
  'Accept':'application/hal+json',
  'API-Key':'API_KEY',
  'Authorization':'Bearer {access-token}'

};

fetch('/cards/shippingCharges',
{
  method: 'POST',
  body: inputBody,
  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

require 'rest-client'
require 'json'

headers = {
  'Content-Type' => 'application/hal+json',
  'Accept' => 'application/hal+json',
  'API-Key' => 'API_KEY',
  'Authorization' => 'Bearer {access-token}'
}

result = RestClient.post '/cards/shippingCharges',
  params: {
  }, headers: headers

p JSON.parse(result)

import requests
headers = {
  'Content-Type': 'application/hal+json',
  'Accept': 'application/hal+json',
  'API-Key': 'API_KEY',
  'Authorization': 'Bearer {access-token}'
}

r = requests.post('/cards/shippingCharges', params={

}, headers = headers)

print r.json()

URL obj = new URL("/cards/shippingCharges");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("POST");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
    new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
    response.append(inputLine);
}
in.close();
System.out.println(response.toString());

package main

import (
       "bytes"
       "net/http"
)

func main() {

    headers := map[string][]string{
        "Content-Type": []string{"application/hal+json"},
        "Accept": []string{"application/hal+json"},
        "API-Key": []string{"API_KEY"},
        "Authorization": []string{"Bearer {access-token}"},
        
    }

    data := bytes.NewBuffer([]byte{jsonReq})
    req, err := http.NewRequest("POST", "/cards/shippingCharges", data)
    req.Header = headers

    client := &http.Client{}
    resp, err := client.Do(req)
    // ...
}

Get estimated (expedited) shipping changes

POST /shippingCharges

Get estimated expedited shipping changes for a card.

Body parameter

{
  "_profile": "https://production.api.apiture.com/schemas/cards/cardShippingEstimateRequest/v1.0.0/profile.json",
  "cardId": "0399abed-fd3d-4830-a88b-30f38b8a365c",
  "_links": {
    "apiture:account": {
      "href": "/accounts/accounts/c4fff7a4-8654-4085-aeba-a984de81dcc3"
    }
  }
}

Parameters

Parameter Description
body
(body)
cardShippingEstimateRequest (required)
Information required to estimate the shipping.

Try It

Example responses

200 Response

{
  "_profile": "https://production.api.apiture.com/schemas/cards/cardShippingEstimate/v1.0.0/profile.json",
  "cardId": "0399abed-fd3d-4830-a88b-30f38b8a365c",
  "normal": {
    "value": "0.00",
    "currency": "USD"
  },
  "expedited": {
    "value": "12.00",
    "currency": "USD"
  },
  "_links": {
    "apiture:account": {
      "href": "/accounts/accounts/c4fff7a4-8654-4085-aeba-a984de81dcc3"
    },
    "apiture:card": {
      "href": "/cards/card/0399abed-fd3d-4830-a88b-30f38b8a365c"
    }
  }
}

Responses

StatusDescription
200 OK
OK.
Schema: cardShippingEstimate
StatusDescription
400 Bad Request
Bad Request. The request body or one or more of the query parameters was not well formed. The _error field in the response will contain details about the request error.
Schema: errorResponse
StatusDescription
422 Unprocessable Entity

Unprocessable Entity. One or more of the query parameters was well formed but otherwise invalid. The _error field in the response will contain details about the request error.

This error response may have one of the following type values:

Schema: errorResponse

createCardIssuerParameters

Code samples

# You can also use wget
curl -X POST /cards/issuerParameters?issuer=string \
  -H 'Accept: application/hal+json' \
  -H 'API-Key: API_KEY' \
  -H 'Authorization: Bearer {access-token}'

POST /cards/issuerParameters?issuer=string HTTP/1.1

Accept: application/hal+json

var headers = {
  'Accept':'application/hal+json',
  'API-Key':'API_KEY',
  'Authorization':'Bearer {access-token}'

};

$.ajax({
  url: '/cards/issuerParameters',
  method: 'post',
  data: '?issuer=string',
  headers: headers,
  success: function(data) {
    console.log(JSON.stringify(data));
  }
})

const fetch = require('node-fetch');

const headers = {
  'Accept':'application/hal+json',
  'API-Key':'API_KEY',
  'Authorization':'Bearer {access-token}'

};

fetch('/cards/issuerParameters?issuer=string',
{
  method: 'POST',

  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

require 'rest-client'
require 'json'

headers = {
  'Accept' => 'application/hal+json',
  'API-Key' => 'API_KEY',
  'Authorization' => 'Bearer {access-token}'
}

result = RestClient.post '/cards/issuerParameters',
  params: {
  'issuer' => 'string'
}, headers: headers

p JSON.parse(result)

import requests
headers = {
  'Accept': 'application/hal+json',
  'API-Key': 'API_KEY',
  'Authorization': 'Bearer {access-token}'
}

r = requests.post('/cards/issuerParameters', params={
  'issuer': 'string'
}, headers = headers)

print r.json()

URL obj = new URL("/cards/issuerParameters?issuer=string");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("POST");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
    new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
    response.append(inputLine);
}
in.close();
System.out.println(response.toString());

package main

import (
       "bytes"
       "net/http"
)

func main() {

    headers := map[string][]string{
        "Accept": []string{"application/hal+json"},
        "API-Key": []string{"API_KEY"},
        "Authorization": []string{"Bearer {access-token}"},
        
    }

    data := bytes.NewBuffer([]byte{jsonReq})
    req, err := http.NewRequest("POST", "/cards/issuerParameters", data)
    req.Header = headers

    client := &http.Client{}
    resp, err := client.Do(req)
    // ...
}

Generate card issuer parameters

POST /issuerParameters

Generate parameters for integrating with the card issuer. The client may embed a secure application component. This operation fetches parameters to allow this integration, based on the current user and optionally a card. There is no request body for this operation.

Parameters

Parameter Description
card
(query)
string
The optional resource identifier of an existing card. This is the card's _id property, not the card/account number. Use this to request parameters for the card issuer integration to change the card's PIN.
issuer
(query)
string (required)
The name of the card issuer, such as marqueta. This determines which issue parameters are returned to the client.

Try It

Example responses

201 Response

{
  "_profile": "https://api.apiture.com/schemas/cards/cardIssuerParameters/v1.0.0/profile.json",
  "issuer": "marqueta",
  "parameters": [
    {
      "name": "user_token",
      "value": "cd8775f7f49a/408a|9afa-982a78bd08bd::7466c8c38489/4541|b695/af7ac2ba4537"
    },
    {
      "name": "onetime_token",
      "value": "130d1a7d_fa0c/453a|86a9_93c411a9df3a::5f1d4ade5c34/40e4|8098/493475dd0c92"
    },
    {
      "name": "application_id",
      "value": "09CF5D57C6084956866126610758E149"
    },
    {
      "name": "card_token",
      "value": "77639FAF::7E77::4CDF::B096::4B5C5F971691--fc09b0af::a30b::4D34834F682826EE1C44"
    }
  ]
}

Responses

StatusDescription
201 Created
Created. The response contains the parameters to integrate with the card issuer components.
Schema: cardIssuerParameters
StatusDescription
400 Bad Request
Bad Request. The parameters are not well-formed.
Schema: errorResponse
StatusDescription
422 Unprocessable Entity

Unprocessable Entity. The parameters, while well-formed, are invalid.

This error response may have one of the following type values:

Schema: errorResponse

Cards

Debit Cards Issued by the Financial Institution

getCards

Code samples

# You can also use wget
curl -X GET /cards/cards \
  -H 'Accept: application/hal+json' \
  -H 'API-Key: API_KEY' \
  -H 'Authorization: Bearer {access-token}'

GET /cards/cards HTTP/1.1

Accept: application/hal+json

var headers = {
  'Accept':'application/hal+json',
  'API-Key':'API_KEY',
  'Authorization':'Bearer {access-token}'

};

$.ajax({
  url: '/cards/cards',
  method: 'get',

  headers: headers,
  success: function(data) {
    console.log(JSON.stringify(data));
  }
})

const fetch = require('node-fetch');

const headers = {
  'Accept':'application/hal+json',
  'API-Key':'API_KEY',
  'Authorization':'Bearer {access-token}'

};

fetch('/cards/cards',
{
  method: 'GET',

  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

require 'rest-client'
require 'json'

headers = {
  'Accept' => 'application/hal+json',
  'API-Key' => 'API_KEY',
  'Authorization' => 'Bearer {access-token}'
}

result = RestClient.get '/cards/cards',
  params: {
  }, headers: headers

p JSON.parse(result)

import requests
headers = {
  'Accept': 'application/hal+json',
  'API-Key': 'API_KEY',
  'Authorization': 'Bearer {access-token}'
}

r = requests.get('/cards/cards', params={

}, headers = headers)

print r.json()

URL obj = new URL("/cards/cards");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("GET");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
    new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
    response.append(inputLine);
}
in.close();
System.out.println(response.toString());

package main

import (
       "bytes"
       "net/http"
)

func main() {

    headers := map[string][]string{
        "Accept": []string{"application/hal+json"},
        "API-Key": []string{"API_KEY"},
        "Authorization": []string{"Bearer {access-token}"},
        
    }

    data := bytes.NewBuffer([]byte{jsonReq})
    req, err := http.NewRequest("GET", "/cards/cards", data)
    req.Header = headers

    client := &http.Client{}
    resp, err := client.Do(req)
    // ...
}

Return a collection of cards

GET /cards

Return a paginated sortable filterable searchable collection of cards for the user's accounts or the subset of those cards that satisfy the filter criteria. links in the response include pagination links.

For an account owner or joint owner of a personal account, the default response includes all cards issued to all primary or joint owners of the account. For authorized signers on business accounts, the default response includes cards for all authorized signers for that account.

There is another version of this operation which allows getting a list of cards based on the query constraints passed in the request body; see the getCardsForAccount operation.

Parameters

Parameter Description
start
(query)
integer(int64)
The zero-based index of the first card item to include in this page. The default 0 denotes the beginning of the collection.
limit
(query)
integer(int32)
The maximum number of card representations to return in this page.
Default: 100
sortBy
(query)
string
Optional sort criteria. See sort criteria format, such as ?sortBy=field1,-field2.
filter
(query)
string
Optional filter criteria. See filtering.
q
(query)
string
Optional search string. See searching.
unmasked
(query)
boolean
For security reasons, the default response includes only a masked banking account number, for partial identification purposes. For ?unmasked=true, the response body includes the full account number for each of the requested cards. Requests for full account numbers are auditable.
Note that card numbers are always masked.
mine
(query)
boolean
If true, limit the response to only cards issued to the user making the request.
account
(query)
array[string]
Filter cards to only those for the account with the account ID named in this query parameter. (By default, the list is pre-filtered to only accounts that the user has access to; this further narrows that list. FI admins can use this to view cards for a user.) This can match exactly one account ID, or a set of |-separated IDs This parameter is mutually exclusive with ?accountName=. Examples: ?account=a223db933809 or ?account=a223db933809|fd89d651283b.
accountName
(query)
array[string]
Filter cards to those whose account name matches this value. This can match exactly one account name, or a set of |-separated names. This parameter is mutually exclusive with ?account=. Examples: ?accountName=My%20Basic%20Savings or ?accountName=My%20Basic%20Savings|My%20Joint%02Savings.
state
(query)
string
Filter cards on the state of the card. This can match exactly one state, or a set of |-separated states. Examples: ?state=requested , ?state=lost|stolen|damaged.
fulfillmentState
(query)
array[string]
Filter the response to card by the state of their replacement states. This can match exactly one state, or a set of |-separated states. Examples: ?fulfillmentState=requested , ?fulfillmentState=ordered|reordered
modifiedOn
(query)
array[string]
Filter the response to cards last modified on this date or set of |-separated dates. Dates are in RFC 3339 YYYY-MM-DD format. Examples: ?modifiedOn=2019-06-10 , ?modifiedOn=2019-06-10|2019-06-08|2019-06-07
issuedOn
(query)
array[string]
Filter the response to cards issued on this date or set of |-separated dates. Dates are in RFC 3339 YYYY-MM-DD format. Examples: ?issuedOn=2019-06-10 , ?issuedOn=2019-06-10|2019-06-08|2019-06-07
updatedBy
(query)
string
Filter the response to card requests created by the user named by this user ID.

Try It

Example responses

200 Response

{
  "_profile": "https://api.apiture.com/schemas/cards/cards/v2.0.0/profile.json",
  "start": 10,
  "limit": 10,
  "count": 67,
  "name": "cards",
  "_links": {
    "self": {
      "href": "/cards/cards?start=10&limit=10"
    },
    "first": {
      "href": "/cards/cards?start=0&limit=10"
    },
    "next": {
      "href": "/cards/cards?start=20&limit=10"
    },
    "collection": {
      "href": "/cards/cards"
    }
  },
  "_embedded": {
    "items": {
      "_id": "0399abed-fd3d-4830-a88b-30f38b8a365c",
      "_profile": "https://api.apiture.com/schemas/cards/card/v2.0.0/profile.json",
      "holderName": "LUCILLE WELLPHUNDED",
      "label": "Premiere Checking *3210",
      "accountName": "Premiere Checking",
      "accountNumbers": {
        "masked": "*************3210",
        "full": "9876543210"
      },
      "cardNumbers": {
        "masked": "************3210"
      },
      "state": "active",
      "fulfillmentState": "shipped",
      "fulfillmentDescription": "Shipped on June 7, 2020",
      "mine": true,
      "issuedAt": "2019-06-07T05:18:30.375Z",
      "updatedAt": "2019-06-07T05:18:30.375Z",
      "updatedBy": "lucy.wellphunded@bankcustomer.example.com",
      "expiresOn": "2012-04-30",
      "_links": {
        "self": {
          "href": "/cards/cards/0399abed-fd3d-4830-a88b-30f38b8a365c"
        },
        "apiture:account": {
          "href": "/accounts/accounts/d62c0701-0d74-4836-83f9-ebf3709442ea"
        }
      }
    }
  }
}

Responses

StatusDescription
200 OK
OK
Schema: cards
StatusDescription
400 Bad Request
Bad Request. The request body or one or more of the query parameters was not well formed. The _error field in the response will contain details about the request error.
Schema: errorResponse
StatusDescription
422 Unprocessable Entity
Unprocessable Entity. One or more of the query parameters was well formed but otherwise invalid. The _error field in the response will contain details about the request error.
Schema: errorResponse

createCard

Code samples

# You can also use wget
curl -X POST /cards/cards \
  -H 'Content-Type: application/hal+json' \
  -H 'Accept: application/hal+json' \
  -H 'API-Key: API_KEY' \
  -H 'Authorization: Bearer {access-token}'

POST /cards/cards HTTP/1.1

Content-Type: application/hal+json
Accept: application/hal+json

var headers = {
  'Content-Type':'application/hal+json',
  'Accept':'application/hal+json',
  'API-Key':'API_KEY',
  'Authorization':'Bearer {access-token}'

};

$.ajax({
  url: '/cards/cards',
  method: 'post',

  headers: headers,
  success: function(data) {
    console.log(JSON.stringify(data));
  }
})

const fetch = require('node-fetch');
const inputBody = '{
  "_profile": "https://api.apiture.com/schemas/cards/createCard/v2.0.0/profile.json",
  "accountName": "My Premiere Savings",
  "_links": {
    "apiture:account": {
      "href": "/accounts/accounts/e7076b86-0f0b-4126-92eb-d90f4be1ae6a"
    }
  }
}';
const headers = {
  'Content-Type':'application/hal+json',
  'Accept':'application/hal+json',
  'API-Key':'API_KEY',
  'Authorization':'Bearer {access-token}'

};

fetch('/cards/cards',
{
  method: 'POST',
  body: inputBody,
  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

require 'rest-client'
require 'json'

headers = {
  'Content-Type' => 'application/hal+json',
  'Accept' => 'application/hal+json',
  'API-Key' => 'API_KEY',
  'Authorization' => 'Bearer {access-token}'
}

result = RestClient.post '/cards/cards',
  params: {
  }, headers: headers

p JSON.parse(result)

import requests
headers = {
  'Content-Type': 'application/hal+json',
  'Accept': 'application/hal+json',
  'API-Key': 'API_KEY',
  'Authorization': 'Bearer {access-token}'
}

r = requests.post('/cards/cards', params={

}, headers = headers)

print r.json()

URL obj = new URL("/cards/cards");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("POST");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
    new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
    response.append(inputLine);
}
in.close();
System.out.println(response.toString());

package main

import (
       "bytes"
       "net/http"
)

func main() {

    headers := map[string][]string{
        "Content-Type": []string{"application/hal+json"},
        "Accept": []string{"application/hal+json"},
        "API-Key": []string{"API_KEY"},
        "Authorization": []string{"Bearer {access-token}"},
        
    }

    data := bytes.NewBuffer([]byte{jsonReq})
    req, err := http.NewRequest("POST", "/cards/cards", data)
    req.Header = headers

    client := &http.Client{}
    resp, err := client.Do(req)
    // ...
}

Create a new card

POST /cards

Create a new card resource that represents a physical debit card. The URI to the associated account should be passed in the request in the link named `apiture:account'. Only administrative applications can create cards.

Body parameter

{
  "_profile": "https://api.apiture.com/schemas/cards/createCard/v2.0.0/profile.json",
  "accountName": "My Premiere Savings",
  "_links": {
    "apiture:account": {
      "href": "/accounts/accounts/e7076b86-0f0b-4126-92eb-d90f4be1ae6a"
    }
  }
}

Parameters

Parameter Description
body
(body)
createCard (required)
The data necessary to create a new card.

Try It

Example responses

201 Response

{
  "_id": "0399abed-fd3d-4830-a88b-30f38b8a365c",
  "_profile": "https://api.apiture.com/schemas/cards/card/v2.0.0/profile.json",
  "holderName": "LUCILLE WELLPHUNDED",
  "name": "My debit card for Premiere Checking",
  "accountName": "Premiere Checking",
  "accountNumbers": {
    "masked": "*************3210",
    "full": "9876543210"
  },
  "cardNumbers": {
    "masked": "************3210"
  },
  "state": "active",
  "fulfillmentState": "shipped",
  "fulfillmentDescription": "Shipped on June 7, 2020",
  "issuedAt": "2019-06-07T05:18:30.375Z",
  "updatedAt": "2019-06-07T05:18:30.375Z",
  "mine": true,
  "updatedBy": "lucy.wellphunded@bankcustomer.example.com",
  "expiresOn": "2012-04-30",
  "_embedded": {},
  "_links": {
    "self": {
      "href": "/cards/cards/0399abed-fd3d-4830-a88b-30f38b8a365c"
    },
    "apiture:lock": {
      "href": "/cards/lockedCards?card=0399abed-fd3d-4830-a88b-30f38b8a365c"
    },
    "apiture:account": {
      "href": "/accounts/accounts/d62c0701-0d74-4836-83f9-ebf3709442ea"
    }
  }
}

Responses

StatusDescription
201 Created
Created
Schema: card
StatusDescription
400 Bad Request
Bad Request. The request body or one or more of the query parameters was not well formed. The _error field in the response will contain details about the request error.
Schema: errorResponse
StatusDescription
409 Conflict

Conflict. The request is not allowed for the selected account or banking product.

This error response may have one of the following type values:

Schema: errorResponse

Response Headers

StatusDescription
201 Location string uri
The URI of the new resource. If the URI begins with / it is relative to the API root context. Else, it is a full URI starting with scheme://host
201 ETag string
The ETag response header specifies an entity tag which must be provided in an If-Match request header for PUT or PATCH operations which update the resource.

getCard

Code samples

# You can also use wget
curl -X GET /cards/cards/{cardId} \
  -H 'Accept: application/hal+json' \
  -H 'If-None-Match: string' \
  -H 'API-Key: API_KEY' \
  -H 'Authorization: Bearer {access-token}'

GET /cards/cards/{cardId} HTTP/1.1

Accept: application/hal+json
If-None-Match: string

var headers = {
  'Accept':'application/hal+json',
  'If-None-Match':'string',
  'API-Key':'API_KEY',
  'Authorization':'Bearer {access-token}'

};

$.ajax({
  url: '/cards/cards/{cardId}',
  method: 'get',

  headers: headers,
  success: function(data) {
    console.log(JSON.stringify(data));
  }
})

const fetch = require('node-fetch');

const headers = {
  'Accept':'application/hal+json',
  'If-None-Match':'string',
  'API-Key':'API_KEY',
  'Authorization':'Bearer {access-token}'

};

fetch('/cards/cards/{cardId}',
{
  method: 'GET',

  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

require 'rest-client'
require 'json'

headers = {
  'Accept' => 'application/hal+json',
  'If-None-Match' => 'string',
  'API-Key' => 'API_KEY',
  'Authorization' => 'Bearer {access-token}'
}

result = RestClient.get '/cards/cards/{cardId}',
  params: {
  }, headers: headers

p JSON.parse(result)

import requests
headers = {
  'Accept': 'application/hal+json',
  'If-None-Match': 'string',
  'API-Key': 'API_KEY',
  'Authorization': 'Bearer {access-token}'
}

r = requests.get('/cards/cards/{cardId}', params={

}, headers = headers)

print r.json()

URL obj = new URL("/cards/cards/{cardId}");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("GET");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
    new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
    response.append(inputLine);
}
in.close();
System.out.println(response.toString());

package main

import (
       "bytes"
       "net/http"
)

func main() {

    headers := map[string][]string{
        "Accept": []string{"application/hal+json"},
        "If-None-Match": []string{"string"},
        "API-Key": []string{"API_KEY"},
        "Authorization": []string{"Bearer {access-token}"},
        
    }

    data := bytes.NewBuffer([]byte{jsonReq})
    req, err := http.NewRequest("GET", "/cards/cards/{cardId}", data)
    req.Header = headers

    client := &http.Client{}
    resp, err := client.Do(req)
    // ...
}

Fetch a representation of this card

GET /cards/{cardId}

Return a HAL representation of this card resource.

Parameters

Parameter Description
cardId
(path)
string (required)
The unique identifier of this card. This is an opaque string.
If-None-Match
(header)
string
The entity tag that was returned in the ETag response. If the resource's current entity tag matches, the GET will return 304 (Not Modified) and no response body, else the resource representation will be returned.
unmasked
(query)
boolean
For security reasons, the default response includes only a masked banking account number, for partial identification purposes. For ?unmasked=true, the response body includes the full account number for each of the requested cards. Requests for full account numbers are auditable.
Note that card numbers are always masked.

Try It

Example responses

200 Response

{
  "_id": "0399abed-fd3d-4830-a88b-30f38b8a365c",
  "_profile": "https://api.apiture.com/schemas/cards/card/v2.0.0/profile.json",
  "holderName": "LUCILLE WELLPHUNDED",
  "name": "My debit card for Premiere Checking",
  "accountName": "Premiere Checking",
  "accountNumbers": {
    "masked": "*************3210",
    "full": "9876543210"
  },
  "cardNumbers": {
    "masked": "************3210"
  },
  "state": "active",
  "fulfillmentState": "shipped",
  "fulfillmentDescription": "Shipped on June 7, 2020",
  "issuedAt": "2019-06-07T05:18:30.375Z",
  "updatedAt": "2019-06-07T05:18:30.375Z",
  "mine": true,
  "updatedBy": "lucy.wellphunded@bankcustomer.example.com",
  "expiresOn": "2012-04-30",
  "_embedded": {},
  "_links": {
    "self": {
      "href": "/cards/cards/0399abed-fd3d-4830-a88b-30f38b8a365c"
    },
    "apiture:lock": {
      "href": "/cards/lockedCards?card=0399abed-fd3d-4830-a88b-30f38b8a365c"
    },
    "apiture:account": {
      "href": "/accounts/accounts/d62c0701-0d74-4836-83f9-ebf3709442ea"
    }
  }
}

Responses

StatusDescription
200 OK
OK
Schema: card
StatusDescription
304 Not Modified
Not Modified. The resource has not been modified since it was last fetched.
StatusDescription
404 Not Found
Not Found. There is no such card resource at the specified {cardId}. The _error field in the response will contain details about the request error.
Schema: errorResponse

Response Headers

StatusDescription
200 ETag string
The ETag response header specifies an entity tag which must be provided in an If-Match request header for PUT or PATCH operations which update this card resource.

Card Actions

Actions on Debit cards

activateCard

Code samples

# You can also use wget
curl -X POST /cards/activeCards?card=string \
  -H 'Accept: application/hal+json' \
  -H 'If-Match: string' \
  -H 'API-Key: API_KEY' \
  -H 'Authorization: Bearer {access-token}'

POST /cards/activeCards?card=string HTTP/1.1

Accept: application/hal+json
If-Match: string

var headers = {
  'Accept':'application/hal+json',
  'If-Match':'string',
  'API-Key':'API_KEY',
  'Authorization':'Bearer {access-token}'

};

$.ajax({
  url: '/cards/activeCards',
  method: 'post',
  data: '?card=string',
  headers: headers,
  success: function(data) {
    console.log(JSON.stringify(data));
  }
})

const fetch = require('node-fetch');

const headers = {
  'Accept':'application/hal+json',
  'If-Match':'string',
  'API-Key':'API_KEY',
  'Authorization':'Bearer {access-token}'

};

fetch('/cards/activeCards?card=string',
{
  method: 'POST',

  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

require 'rest-client'
require 'json'

headers = {
  'Accept' => 'application/hal+json',
  'If-Match' => 'string',
  'API-Key' => 'API_KEY',
  'Authorization' => 'Bearer {access-token}'
}

result = RestClient.post '/cards/activeCards',
  params: {
  'card' => 'string'
}, headers: headers

p JSON.parse(result)

import requests
headers = {
  'Accept': 'application/hal+json',
  'If-Match': 'string',
  'API-Key': 'API_KEY',
  'Authorization': 'Bearer {access-token}'
}

r = requests.post('/cards/activeCards', params={
  'card': 'string'
}, headers = headers)

print r.json()

URL obj = new URL("/cards/activeCards?card=string");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("POST");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
    new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
    response.append(inputLine);
}
in.close();
System.out.println(response.toString());

package main

import (
       "bytes"
       "net/http"
)

func main() {

    headers := map[string][]string{
        "Accept": []string{"application/hal+json"},
        "If-Match": []string{"string"},
        "API-Key": []string{"API_KEY"},
        "Authorization": []string{"Bearer {access-token}"},
        
    }

    data := bytes.NewBuffer([]byte{jsonReq})
    req, err := http.NewRequest("POST", "/cards/activeCards", data)
    req.Header = headers

    client := &http.Client{}
    resp, err := client.Do(req)
    // ...
}

Activate a card

POST /activeCards

Activate a card so a customer can use it and change the card's state property to active. Services or administrative users may activate a requested card after a card request has been approved. Customers may not use this operation for activating new cards.

This operation is available via the apiture:activate link on the card resource, if and only if the activation operation is available. The response is the updated representation of the card. The If-Match request header value must match the current entity tag value of the card.

Parameters

Parameter Description
card
(query)
string (required)
A string which uniquely identifies a card. This may be the unique {cardId} or the URI of the card.
If-Match
(header)
string (required)
The entity tag that was returned in the ETag response. This must match the current entity tag of the resource.

Try It

Example responses

200 Response

{
  "_id": "0399abed-fd3d-4830-a88b-30f38b8a365c",
  "_profile": "https://api.apiture.com/schemas/cards/card/v2.0.0/profile.json",
  "holderName": "LUCILLE WELLPHUNDED",
  "name": "My debit card for Premiere Checking",
  "accountName": "Premiere Checking",
  "accountNumbers": {
    "masked": "*************3210",
    "full": "9876543210"
  },
  "cardNumbers": {
    "masked": "************3210"
  },
  "state": "active",
  "fulfillmentState": "shipped",
  "fulfillmentDescription": "Shipped on June 7, 2020",
  "issuedAt": "2019-06-07T05:18:30.375Z",
  "updatedAt": "2019-06-07T05:18:30.375Z",
  "mine": true,
  "updatedBy": "lucy.wellphunded@bankcustomer.example.com",
  "expiresOn": "2012-04-30",
  "_embedded": {},
  "_links": {
    "self": {
      "href": "/cards/cards/0399abed-fd3d-4830-a88b-30f38b8a365c"
    },
    "apiture:lock": {
      "href": "/cards/lockedCards?card=0399abed-fd3d-4830-a88b-30f38b8a365c"
    },
    "apiture:account": {
      "href": "/accounts/accounts/d62c0701-0d74-4836-83f9-ebf3709442ea"
    }
  }
}

Responses

StatusDescription
200 OK
OK. The operation succeeded. The card was updated and its state changed to active.
Schema: card
StatusDescription
400 Bad Request

Bad Request. The card parameter was malformed or does not refer to an existing or accessible card.

This error response may have one of the following type values:

Schema: errorResponse
StatusDescription
409 Conflict
Conflict. The request to activate the card is not allowed. The _error field in the response will contain details about the request error.
Schema: errorResponse
StatusDescription
412 Precondition Failed
Precondition Failed. The supplied if-Match header value does not match the most recent ETag response header value. The resource has changed in the interim.
Schema: errorResponse

Response Headers

StatusDescription
200 ETag string
The ETag response header specifies an entity tag which must be provided in an If-Match request header for PUT or PATCH operations which update the resource.

lockCard

Code samples

# You can also use wget
curl -X POST /cards/lockedCards?card=string \
  -H 'Accept: application/hal+json' \
  -H 'If-Match: string' \
  -H 'API-Key: API_KEY' \
  -H 'Authorization: Bearer {access-token}'

POST /cards/lockedCards?card=string HTTP/1.1

Accept: application/hal+json
If-Match: string

var headers = {
  'Accept':'application/hal+json',
  'If-Match':'string',
  'API-Key':'API_KEY',
  'Authorization':'Bearer {access-token}'

};

$.ajax({
  url: '/cards/lockedCards',
  method: 'post',
  data: '?card=string',
  headers: headers,
  success: function(data) {
    console.log(JSON.stringify(data));
  }
})

const fetch = require('node-fetch');

const headers = {
  'Accept':'application/hal+json',
  'If-Match':'string',
  'API-Key':'API_KEY',
  'Authorization':'Bearer {access-token}'

};

fetch('/cards/lockedCards?card=string',
{
  method: 'POST',

  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

require 'rest-client'
require 'json'

headers = {
  'Accept' => 'application/hal+json',
  'If-Match' => 'string',
  'API-Key' => 'API_KEY',
  'Authorization' => 'Bearer {access-token}'
}

result = RestClient.post '/cards/lockedCards',
  params: {
  'card' => 'string'
}, headers: headers

p JSON.parse(result)

import requests
headers = {
  'Accept': 'application/hal+json',
  'If-Match': 'string',
  'API-Key': 'API_KEY',
  'Authorization': 'Bearer {access-token}'
}

r = requests.post('/cards/lockedCards', params={
  'card': 'string'
}, headers = headers)

print r.json()

URL obj = new URL("/cards/lockedCards?card=string");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("POST");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
    new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
    response.append(inputLine);
}
in.close();
System.out.println(response.toString());

package main

import (
       "bytes"
       "net/http"
)

func main() {

    headers := map[string][]string{
        "Accept": []string{"application/hal+json"},
        "If-Match": []string{"string"},
        "API-Key": []string{"API_KEY"},
        "Authorization": []string{"Bearer {access-token}"},
        
    }

    data := bytes.NewBuffer([]byte{jsonReq})
    req, err := http.NewRequest("POST", "/cards/lockedCards", data)
    req.Header = headers

    client := &http.Client{}
    resp, err := client.Do(req)
    // ...
}

Lock a card

POST /lockedCards

Lock a card so that it cannot be used for debits or other financial activity. (This differs from locking the entire account.) This is also referred to a placing a hold on the card. This is one step before reporting a card as lost or stolen. A user can unlock the card (restore it to the normal, active state) by using the apiture:unlock link which invokes the unlockCard operation. This is a self-service operation which a card holder may take if they want to prevent fraudulent use of the card, such as if they have misplaced it (but expect to find it again), or will be out of the country.

This operation changes the state property of the card to locked. This operation is available via the apiture:lock link on the card resource, if and only if the card is eligible for the lock operation. The response is the updated representation of the card. The If-Match request header value must match the current entity tag value of the card.

Only the card holder or an admin can lock a card.

Parameters

Parameter Description
card
(query)
string (required)
A string which uniquely identifies a card. This may be the unique {cardId} or the URI of the card.
If-Match
(header)
string (required)
The entity tag that was returned in the ETag response. This must match the current entity tag of the resource.

Try It

Example responses

200 Response

{
  "_id": "0399abed-fd3d-4830-a88b-30f38b8a365c",
  "_profile": "https://api.apiture.com/schemas/cards/card/v2.0.0/profile.json",
  "holderName": "LUCILLE WELLPHUNDED",
  "name": "My debit card for Premiere Checking",
  "accountName": "Premiere Checking",
  "accountNumbers": {
    "masked": "*************3210",
    "full": "9876543210"
  },
  "cardNumbers": {
    "masked": "************3210"
  },
  "state": "active",
  "fulfillmentState": "shipped",
  "fulfillmentDescription": "Shipped on June 7, 2020",
  "issuedAt": "2019-06-07T05:18:30.375Z",
  "updatedAt": "2019-06-07T05:18:30.375Z",
  "mine": true,
  "updatedBy": "lucy.wellphunded@bankcustomer.example.com",
  "expiresOn": "2012-04-30",
  "_embedded": {},
  "_links": {
    "self": {
      "href": "/cards/cards/0399abed-fd3d-4830-a88b-30f38b8a365c"
    },
    "apiture:lock": {
      "href": "/cards/lockedCards?card=0399abed-fd3d-4830-a88b-30f38b8a365c"
    },
    "apiture:account": {
      "href": "/accounts/accounts/d62c0701-0d74-4836-83f9-ebf3709442ea"
    }
  }
}

Responses

StatusDescription
200 OK
OK. The operation succeeded. The card was updated and its state changed to locked.
Schema: card
StatusDescription
400 Bad Request

Bad Request. The card parameter was malformed or does not refer to an existing or accessible card.

This error response may have one of the following type values:

Schema: errorResponse
StatusDescription
409 Conflict
Conflict. The request to lock the card is not allowed. The _error field in the response will contain details about the request error.
Schema: errorResponse
StatusDescription
412 Precondition Failed
Precondition Failed. The supplied if-Match header value does not match the most recent ETag response header value. The resource has changed in the interim.
Schema: errorResponse

Response Headers

StatusDescription
200 ETag string
The ETag response header specifies an entity tag which must be provided in an If-Match request header for PUT or PATCH operations which update the resource.

unlockCard

Code samples

# You can also use wget
curl -X POST /cards/unlockedCards?card=string \
  -H 'Accept: application/hal+json' \
  -H 'If-Match: string' \
  -H 'API-Key: API_KEY' \
  -H 'Authorization: Bearer {access-token}'

POST /cards/unlockedCards?card=string HTTP/1.1

Accept: application/hal+json
If-Match: string

var headers = {
  'Accept':'application/hal+json',
  'If-Match':'string',
  'API-Key':'API_KEY',
  'Authorization':'Bearer {access-token}'

};

$.ajax({
  url: '/cards/unlockedCards',
  method: 'post',
  data: '?card=string',
  headers: headers,
  success: function(data) {
    console.log(JSON.stringify(data));
  }
})

const fetch = require('node-fetch');

const headers = {
  'Accept':'application/hal+json',
  'If-Match':'string',
  'API-Key':'API_KEY',
  'Authorization':'Bearer {access-token}'

};

fetch('/cards/unlockedCards?card=string',
{
  method: 'POST',

  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

require 'rest-client'
require 'json'

headers = {
  'Accept' => 'application/hal+json',
  'If-Match' => 'string',
  'API-Key' => 'API_KEY',
  'Authorization' => 'Bearer {access-token}'
}

result = RestClient.post '/cards/unlockedCards',
  params: {
  'card' => 'string'
}, headers: headers

p JSON.parse(result)

import requests
headers = {
  'Accept': 'application/hal+json',
  'If-Match': 'string',
  'API-Key': 'API_KEY',
  'Authorization': 'Bearer {access-token}'
}

r = requests.post('/cards/unlockedCards', params={
  'card': 'string'
}, headers = headers)

print r.json()

URL obj = new URL("/cards/unlockedCards?card=string");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("POST");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
    new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
    response.append(inputLine);
}
in.close();
System.out.println(response.toString());

package main

import (
       "bytes"
       "net/http"
)

func main() {

    headers := map[string][]string{
        "Accept": []string{"application/hal+json"},
        "If-Match": []string{"string"},
        "API-Key": []string{"API_KEY"},
        "Authorization": []string{"Bearer {access-token}"},
        
    }

    data := bytes.NewBuffer([]byte{jsonReq})
    req, err := http.NewRequest("POST", "/cards/unlockedCards", data)
    req.Header = headers

    client := &http.Client{}
    resp, err := client.Do(req)
    // ...
}

Unlock a card

POST /unlockedCards

Unlock a locked card so that it can be used for debits or other financial activity. This changes the state property of the card back to active. This operation is available via the apiture:unlock link on the card resource, if and only if the card is currently locked. The response is the updated representation of the card. The If-Match request header value, if passed, must match the current entity tag value of the card.

Only the card holder or an admin can unlock a card.

Parameters

Parameter Description
card
(query)
string (required)
A string which uniquely identifies a card. This may be the unique {cardId} or the URI of the card.
If-Match
(header)
string (required)
The entity tag that was returned in the ETag response. This must match the current entity tag of the resource.

Try It

Example responses

200 Response

{
  "_id": "0399abed-fd3d-4830-a88b-30f38b8a365c",
  "_profile": "https://api.apiture.com/schemas/cards/card/v2.0.0/profile.json",
  "holderName": "LUCILLE WELLPHUNDED",
  "name": "My debit card for Premiere Checking",
  "accountName": "Premiere Checking",
  "accountNumbers": {
    "masked": "*************3210",
    "full": "9876543210"
  },
  "cardNumbers": {
    "masked": "************3210"
  },
  "state": "active",
  "fulfillmentState": "shipped",
  "fulfillmentDescription": "Shipped on June 7, 2020",
  "issuedAt": "2019-06-07T05:18:30.375Z",
  "updatedAt": "2019-06-07T05:18:30.375Z",
  "mine": true,
  "updatedBy": "lucy.wellphunded@bankcustomer.example.com",
  "expiresOn": "2012-04-30",
  "_embedded": {},
  "_links": {
    "self": {
      "href": "/cards/cards/0399abed-fd3d-4830-a88b-30f38b8a365c"
    },
    "apiture:lock": {
      "href": "/cards/lockedCards?card=0399abed-fd3d-4830-a88b-30f38b8a365c"
    },
    "apiture:account": {
      "href": "/accounts/accounts/d62c0701-0d74-4836-83f9-ebf3709442ea"
    }
  }
}

Responses

StatusDescription
200 OK
OK. The operation succeeded. The card was updated and its state changed to active.
Schema: card
StatusDescription
400 Bad Request

Bad Request. The card parameter was malformed or does not refer to an existing or accessible card.

This error response may have one of the following type values:

Schema: errorResponse
StatusDescription
409 Conflict
Conflict. The request to unlock the card is not allowed. The _error field in the response will contain details about the request error.
Schema: errorResponse
StatusDescription
412 Precondition Failed
Precondition Failed. The supplied if-Match header value does not match the most recent ETag response header value. The resource has changed in the interim.
Schema: errorResponse

Response Headers

StatusDescription
200 ETag string
The ETag response header specifies an entity tag which must be provided in an If-Match request header for PUT or PATCH operations which update the resource.

closeCard

Code samples

# You can also use wget
curl -X POST /cards/closedCards?card=string \
  -H 'Accept: application/hal+json' \
  -H 'If-Match: string' \
  -H 'API-Key: API_KEY' \
  -H 'Authorization: Bearer {access-token}'

POST /cards/closedCards?card=string HTTP/1.1

Accept: application/hal+json
If-Match: string

var headers = {
  'Accept':'application/hal+json',
  'If-Match':'string',
  'API-Key':'API_KEY',
  'Authorization':'Bearer {access-token}'

};

$.ajax({
  url: '/cards/closedCards',
  method: 'post',
  data: '?card=string',
  headers: headers,
  success: function(data) {
    console.log(JSON.stringify(data));
  }
})

const fetch = require('node-fetch');

const headers = {
  'Accept':'application/hal+json',
  'If-Match':'string',
  'API-Key':'API_KEY',
  'Authorization':'Bearer {access-token}'

};

fetch('/cards/closedCards?card=string',
{
  method: 'POST',

  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

require 'rest-client'
require 'json'

headers = {
  'Accept' => 'application/hal+json',
  'If-Match' => 'string',
  'API-Key' => 'API_KEY',
  'Authorization' => 'Bearer {access-token}'
}

result = RestClient.post '/cards/closedCards',
  params: {
  'card' => 'string'
}, headers: headers

p JSON.parse(result)

import requests
headers = {
  'Accept': 'application/hal+json',
  'If-Match': 'string',
  'API-Key': 'API_KEY',
  'Authorization': 'Bearer {access-token}'
}

r = requests.post('/cards/closedCards', params={
  'card': 'string'
}, headers = headers)

print r.json()

URL obj = new URL("/cards/closedCards?card=string");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("POST");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
    new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
    response.append(inputLine);
}
in.close();
System.out.println(response.toString());

package main

import (
       "bytes"
       "net/http"
)

func main() {

    headers := map[string][]string{
        "Accept": []string{"application/hal+json"},
        "If-Match": []string{"string"},
        "API-Key": []string{"API_KEY"},
        "Authorization": []string{"Bearer {access-token}"},
        
    }

    data := bytes.NewBuffer([]byte{jsonReq})
    req, err := http.NewRequest("POST", "/cards/closedCards", data)
    req.Header = headers

    client := &http.Client{}
    resp, err := client.Do(req)
    // ...
}

Close a card

POST /closedCards

Close a card by adding it to the set of closed cards. This changes the state property of the card to closed. This operation is available via the apiture:close link on the card resource, if and only if the card is eligible for the close operation. The response is the updated representation of the card. The If-Match request header value, if passed, must match the current entity tag value of the card.

Only the card holder or an admin can close a card.

Parameters

Parameter Description
card
(query)
string (required)
A string which uniquely identifies a card. This may be the unique {cardId} or the URI of the card.
If-Match
(header)
string (required)
The entity tag that was returned in the ETag response. This must match the current entity tag of the resource.

Try It

Example responses

200 Response

{
  "_id": "0399abed-fd3d-4830-a88b-30f38b8a365c",
  "_profile": "https://api.apiture.com/schemas/cards/card/v2.0.0/profile.json",
  "holderName": "LUCILLE WELLPHUNDED",
  "name": "My debit card for Premiere Checking",
  "accountName": "Premiere Checking",
  "accountNumbers": {
    "masked": "*************3210",
    "full": "9876543210"
  },
  "cardNumbers": {
    "masked": "************3210"
  },
  "state": "active",
  "fulfillmentState": "shipped",
  "fulfillmentDescription": "Shipped on June 7, 2020",
  "issuedAt": "2019-06-07T05:18:30.375Z",
  "updatedAt": "2019-06-07T05:18:30.375Z",
  "mine": true,
  "updatedBy": "lucy.wellphunded@bankcustomer.example.com",
  "expiresOn": "2012-04-30",
  "_embedded": {},
  "_links": {
    "self": {
      "href": "/cards/cards/0399abed-fd3d-4830-a88b-30f38b8a365c"
    },
    "apiture:lock": {
      "href": "/cards/lockedCards?card=0399abed-fd3d-4830-a88b-30f38b8a365c"
    },
    "apiture:account": {
      "href": "/accounts/accounts/d62c0701-0d74-4836-83f9-ebf3709442ea"
    }
  }
}

Responses

StatusDescription
200 OK
OK. The operation succeeded. The card was updated and its state changed to closed.
Schema: card
StatusDescription
400 Bad Request

Bad Request. The card parameter was malformed or does not refer to an existing or accessible card.

This error response may have one of the following type values:

Schema: errorResponse
StatusDescription
409 Conflict
Conflict. The request to close the card is not allowed. The _error field in the response will contain details about the request error.
Schema: errorResponse
StatusDescription
412 Precondition Failed
Precondition Failed. The supplied if-Match header value does not match the most recent ETag response header value. The resource has changed in the interim.
Schema: errorResponse

Response Headers

StatusDescription
200 ETag string
The ETag response header specifies an entity tag which must be provided in an If-Match request header for PUT or PATCH operations which update the resource.

API

The Cards API

getLabels

Code samples

# You can also use wget
curl -X GET /cards/labels \
  -H 'Accept: application/hal+json' \
  -H 'Accept-Language: string' \
  -H 'API-Key: API_KEY'

GET /cards/labels HTTP/1.1

Accept: application/hal+json
Accept-Language: string

var headers = {
  'Accept':'application/hal+json',
  'Accept-Language':'string',
  'API-Key':'API_KEY'

};

$.ajax({
  url: '/cards/labels',
  method: 'get',

  headers: headers,
  success: function(data) {
    console.log(JSON.stringify(data));
  }
})

const fetch = require('node-fetch');

const headers = {
  'Accept':'application/hal+json',
  'Accept-Language':'string',
  'API-Key':'API_KEY'

};

fetch('/cards/labels',
{
  method: 'GET',

  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

require 'rest-client'
require 'json'

headers = {
  'Accept' => 'application/hal+json',
  'Accept-Language' => 'string',
  'API-Key' => 'API_KEY'
}

result = RestClient.get '/cards/labels',
  params: {
  }, headers: headers

p JSON.parse(result)

import requests
headers = {
  'Accept': 'application/hal+json',
  'Accept-Language': 'string',
  'API-Key': 'API_KEY'
}

r = requests.get('/cards/labels', params={

}, headers = headers)

print r.json()

URL obj = new URL("/cards/labels");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("GET");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
    new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
    response.append(inputLine);
}
in.close();
System.out.println(response.toString());

package main

import (
       "bytes"
       "net/http"
)

func main() {

    headers := map[string][]string{
        "Accept": []string{"application/hal+json"},
        "Accept-Language": []string{"string"},
        "API-Key": []string{"API_KEY"},
        
    }

    data := bytes.NewBuffer([]byte{jsonReq})
    req, err := http.NewRequest("GET", "/cards/labels", data)
    req.Header = headers

    client := &http.Client{}
    resp, err := client.Do(req)
    // ...
}

Localized Labels

GET /labels

Return a JSON object which defines labels for enumeration types defined by the schemas defined in this API. The labels in the response may not all match the requested language; some may be in the default language (en-us).

Parameters

Parameter Description
Accept-Language
(header)
string
The weighted language tags which indicate the user's preferred natural language for the localized labels in the response, as per RFC 7231.

Try It

Example responses

200 Response

{
  "property1": {
    "label": "Limited Liability Corporation",
    "description": "string",
    "language": "en-us",
    "code": "31"
  },
  "property2": {
    "label": "Limited Liability Corporation",
    "description": "string",
    "language": "en-us",
    "code": "31"
  }
}

Responses

StatusDescription
200 OK
OK
Schema: localizedLabels

getApi

Code samples

# You can also use wget
curl -X GET /cards/ \
  -H 'Accept: application/hal+json' \
  -H 'API-Key: API_KEY'

GET /cards/ HTTP/1.1

Accept: application/hal+json

var headers = {
  'Accept':'application/hal+json',
  'API-Key':'API_KEY'

};

$.ajax({
  url: '/cards/',
  method: 'get',

  headers: headers,
  success: function(data) {
    console.log(JSON.stringify(data));
  }
})

const fetch = require('node-fetch');

const headers = {
  'Accept':'application/hal+json',
  'API-Key':'API_KEY'

};

fetch('/cards/',
{
  method: 'GET',

  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

require 'rest-client'
require 'json'

headers = {
  'Accept' => 'application/hal+json',
  'API-Key' => 'API_KEY'
}

result = RestClient.get '/cards/',
  params: {
  }, headers: headers

p JSON.parse(result)

import requests
headers = {
  'Accept': 'application/hal+json',
  'API-Key': 'API_KEY'
}

r = requests.get('/cards/', params={

}, headers = headers)

print r.json()

URL obj = new URL("/cards/");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("GET");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
    new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
    response.append(inputLine);
}
in.close();
System.out.println(response.toString());

package main

import (
       "bytes"
       "net/http"
)

func main() {

    headers := map[string][]string{
        "Accept": []string{"application/hal+json"},
        "API-Key": []string{"API_KEY"},
        
    }

    data := bytes.NewBuffer([]byte{jsonReq})
    req, err := http.NewRequest("GET", "/cards/", data)
    req.Header = headers

    client := &http.Client{}
    resp, err := client.Do(req)
    // ...
}

Top-level resources and operations in this API

GET /

Return links to the top-level resources and operations in this API.

Try It

Example responses

200 Response

{
  "id": "apiName",
  "name": "API name",
  "apiVersion": "1.0.0",
  "_profile": "https://production.api.apiture.com/schemas/common/root/v2.0.0/profile.json",
  "_links": {}
}

Responses

StatusDescription
200 OK
OK
Schema: root

getApiDoc

Code samples

# You can also use wget
curl -X GET /cards/apiDoc \
  -H 'Accept: application/json' \
  -H 'API-Key: API_KEY'

GET /cards/apiDoc HTTP/1.1

Accept: application/json

var headers = {
  'Accept':'application/json',
  'API-Key':'API_KEY'

};

$.ajax({
  url: '/cards/apiDoc',
  method: 'get',

  headers: headers,
  success: function(data) {
    console.log(JSON.stringify(data));
  }
})

const fetch = require('node-fetch');

const headers = {
  'Accept':'application/json',
  'API-Key':'API_KEY'

};

fetch('/cards/apiDoc',
{
  method: 'GET',

  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

require 'rest-client'
require 'json'

headers = {
  'Accept' => 'application/json',
  'API-Key' => 'API_KEY'
}

result = RestClient.get '/cards/apiDoc',
  params: {
  }, headers: headers

p JSON.parse(result)

import requests
headers = {
  'Accept': 'application/json',
  'API-Key': 'API_KEY'
}

r = requests.get('/cards/apiDoc', params={

}, headers = headers)

print r.json()

URL obj = new URL("/cards/apiDoc");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("GET");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
    new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
    response.append(inputLine);
}
in.close();
System.out.println(response.toString());

package main

import (
       "bytes"
       "net/http"
)

func main() {

    headers := map[string][]string{
        "Accept": []string{"application/json"},
        "API-Key": []string{"API_KEY"},
        
    }

    data := bytes.NewBuffer([]byte{jsonReq})
    req, err := http.NewRequest("GET", "/cards/apiDoc", data)
    req.Header = headers

    client := &http.Client{}
    resp, err := client.Do(req)
    // ...
}

Return API definition document

GET /apiDoc

Return the OpenAPI document that describes this API.

Try It

Example responses

200 Response

{}

Responses

StatusDescription
200 OK
OK
Schema: Inline

Response Schema

Card Requests Actions

completeCardRequest

Code samples

# You can also use wget
curl -X POST /cards/completedCardRequests?cardRequest=string \
  -H 'Accept: application/hal+json' \
  -H 'If-Match: string' \
  -H 'API-Key: API_KEY' \
  -H 'Authorization: Bearer {access-token}'

POST /cards/completedCardRequests?cardRequest=string HTTP/1.1

Accept: application/hal+json
If-Match: string

var headers = {
  'Accept':'application/hal+json',
  'If-Match':'string',
  'API-Key':'API_KEY',
  'Authorization':'Bearer {access-token}'

};

$.ajax({
  url: '/cards/completedCardRequests',
  method: 'post',
  data: '?cardRequest=string',
  headers: headers,
  success: function(data) {
    console.log(JSON.stringify(data));
  }
})

const fetch = require('node-fetch');

const headers = {
  'Accept':'application/hal+json',
  'If-Match':'string',
  'API-Key':'API_KEY',
  'Authorization':'Bearer {access-token}'

};

fetch('/cards/completedCardRequests?cardRequest=string',
{
  method: 'POST',

  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

require 'rest-client'
require 'json'

headers = {
  'Accept' => 'application/hal+json',
  'If-Match' => 'string',
  'API-Key' => 'API_KEY',
  'Authorization' => 'Bearer {access-token}'
}

result = RestClient.post '/cards/completedCardRequests',
  params: {
  'cardRequest' => 'string'
}, headers: headers

p JSON.parse(result)

import requests
headers = {
  'Accept': 'application/hal+json',
  'If-Match': 'string',
  'API-Key': 'API_KEY',
  'Authorization': 'Bearer {access-token}'
}

r = requests.post('/cards/completedCardRequests', params={
  'cardRequest': 'string'
}, headers = headers)

print r.json()

URL obj = new URL("/cards/completedCardRequests?cardRequest=string");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("POST");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
    new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
    response.append(inputLine);
}
in.close();
System.out.println(response.toString());

package main

import (
       "bytes"
       "net/http"
)

func main() {

    headers := map[string][]string{
        "Accept": []string{"application/hal+json"},
        "If-Match": []string{"string"},
        "API-Key": []string{"API_KEY"},
        "Authorization": []string{"Bearer {access-token}"},
        
    }

    data := bytes.NewBuffer([]byte{jsonReq})
    req, err := http.NewRequest("POST", "/cards/completedCardRequests", data)
    req.Header = headers

    client := &http.Client{}
    resp, err := client.Do(req)
    // ...
}

Complete a card request

POST /completedCardRequests

Mark a card request as completed when the card has been issued. This changes the state property of the card request to completed. This operation is available via the apiture:complete link on the card request resource, if and only if the card request is eligible for the complete operation. Only the FI admin may invoke this operation. The response is the updated representation of the card request. The If-Match request header value must match the current entity tag value of the card request.

Parameters

Parameter Description
cardRequest
(query)
string (required)
A string which uniquely identifies a card request which is to added to the canceled card requests resource set. This may be the unique cardRequestId or the URI of the card request.
If-Match
(header)
string (required)
The entity tag that was returned in the ETag response. This must match the current entity tag of the resource.

Try It

Example responses

200 Response

{
  "_id": "35eb0e67-ac9b-44d7-8799-6648ba6b1c65",
  "_profile": "https://api.apiture.com/schemas/cards/cardRequest/v1.0.0/profile.json",
  "cardId": "9e5a519c-ed3d-48ec-84d0-ef29b2843803",
  "reason": "lost",
  "description": "Replace lost card",
  "submittedAt": "2019-06-07T05:18:30.375Z",
  "updatedAt": "2019-06-07T05:18:30.375Z",
  "updatedBy": "lucy.wellphunded@bankcustomer.example.com",
  "_links": {
    "self": {
      "href": "/cards/cardRequests/35eb0e67-ac9b-44d7-8799-6648ba6b1c65"
    },
    "apiture:card": {
      "href": "/cards/cards/9e5a519c-ed3d-48ec-84d0-ef29b2843803"
    },
    "apiture:account": {
      "href": "https://api.example.com/accounts/accounts/617c31ce-7bf0-4e55-a5df-12916ff22ada"
    },
    "apiture:cancel": {
      "href": "https://api.example.com/cards/canceledCardRequests?cardRequest=617c31ce-7bf0-4e55-a5df-12916ff22ada"
    }
  }
}

Responses

StatusDescription
200 OK
OK. The operation succeeded. The card request was updated and its state changed to completed.
Schema: cardRequest
StatusDescription
400 Bad Request

Bad Request. The cardRequest parameter was malformed or does not refer to an existing or accessible card request.

This error response may have one of the following type values:

Schema: errorResponse
StatusDescription
409 Conflict
Conflict. The request to complete the card request is not allowed. The _error field in the response will contain details about the request error.
Schema: errorResponse
StatusDescription
412 Precondition Failed
Precondition Failed. The supplied if-Match header value does not match the most recent ETag response header value. The resource has changed in the interim.
Schema: errorResponse

Response Headers

StatusDescription
200 ETag string
The ETag response header specifies an entity tag which must be provided in an If-Match request header for PUT or PATCH operations which update the resource.

rejectCardRequest

Code samples

# You can also use wget
curl -X POST /cards/rejectedCardRequests?cardRequest=string \
  -H 'Accept: application/hal+json' \
  -H 'If-Match: string' \
  -H 'API-Key: API_KEY' \
  -H 'Authorization: Bearer {access-token}'

POST /cards/rejectedCardRequests?cardRequest=string HTTP/1.1

Accept: application/hal+json
If-Match: string

var headers = {
  'Accept':'application/hal+json',
  'If-Match':'string',
  'API-Key':'API_KEY',
  'Authorization':'Bearer {access-token}'

};

$.ajax({
  url: '/cards/rejectedCardRequests',
  method: 'post',
  data: '?cardRequest=string',
  headers: headers,
  success: function(data) {
    console.log(JSON.stringify(data));
  }
})

const fetch = require('node-fetch');

const headers = {
  'Accept':'application/hal+json',
  'If-Match':'string',
  'API-Key':'API_KEY',
  'Authorization':'Bearer {access-token}'

};

fetch('/cards/rejectedCardRequests?cardRequest=string',
{
  method: 'POST',

  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

require 'rest-client'
require 'json'

headers = {
  'Accept' => 'application/hal+json',
  'If-Match' => 'string',
  'API-Key' => 'API_KEY',
  'Authorization' => 'Bearer {access-token}'
}

result = RestClient.post '/cards/rejectedCardRequests',
  params: {
  'cardRequest' => 'string'
}, headers: headers

p JSON.parse(result)

import requests
headers = {
  'Accept': 'application/hal+json',
  'If-Match': 'string',
  'API-Key': 'API_KEY',
  'Authorization': 'Bearer {access-token}'
}

r = requests.post('/cards/rejectedCardRequests', params={
  'cardRequest': 'string'
}, headers = headers)

print r.json()

URL obj = new URL("/cards/rejectedCardRequests?cardRequest=string");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("POST");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
    new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
    response.append(inputLine);
}
in.close();
System.out.println(response.toString());

package main

import (
       "bytes"
       "net/http"
)

func main() {

    headers := map[string][]string{
        "Accept": []string{"application/hal+json"},
        "If-Match": []string{"string"},
        "API-Key": []string{"API_KEY"},
        "Authorization": []string{"Bearer {access-token}"},
        
    }

    data := bytes.NewBuffer([]byte{jsonReq})
    req, err := http.NewRequest("POST", "/cards/rejectedCardRequests", data)
    req.Header = headers

    client := &http.Client{}
    resp, err := client.Do(req)
    // ...
}

Reject a card request

POST /rejectedCardRequests

Mark a card request as rejected. This changes the state property of the card request to rejected. Only the FI admin may invoke this operation.

This operation is available via the apiture:reject link on the card request resource, if and only if the card request is eligible for the reject operation. The response is the updated representation of the card request. The If-Match request header value, if passed, must match the current entity tag value of the card request.

Parameters

Parameter Description
cardRequest
(query)
string (required)
A string which uniquely identifies a card request which is to added to the canceled card requests resource set. This may be the unique cardRequestId or the URI of the card request.
If-Match
(header)
string (required)
The entity tag that was returned in the ETag response. This must match the current entity tag of the resource.

Try It

Example responses

200 Response

{
  "_id": "35eb0e67-ac9b-44d7-8799-6648ba6b1c65",
  "_profile": "https://api.apiture.com/schemas/cards/cardRequest/v1.0.0/profile.json",
  "cardId": "9e5a519c-ed3d-48ec-84d0-ef29b2843803",
  "reason": "lost",
  "description": "Replace lost card",
  "submittedAt": "2019-06-07T05:18:30.375Z",
  "updatedAt": "2019-06-07T05:18:30.375Z",
  "updatedBy": "lucy.wellphunded@bankcustomer.example.com",
  "_links": {
    "self": {
      "href": "/cards/cardRequests/35eb0e67-ac9b-44d7-8799-6648ba6b1c65"
    },
    "apiture:card": {
      "href": "/cards/cards/9e5a519c-ed3d-48ec-84d0-ef29b2843803"
    },
    "apiture:account": {
      "href": "https://api.example.com/accounts/accounts/617c31ce-7bf0-4e55-a5df-12916ff22ada"
    },
    "apiture:cancel": {
      "href": "https://api.example.com/cards/canceledCardRequests?cardRequest=617c31ce-7bf0-4e55-a5df-12916ff22ada"
    }
  }
}

Responses

StatusDescription
200 OK
OK. The operation succeeded. The card request was updated and its state changed to rejected.
Schema: cardRequest
StatusDescription
400 Bad Request

Bad Request. The cardRequest parameter was malformed or does not refer to an existing or accessible card request.

This error response may have one of the following type values:

Schema: errorResponse
StatusDescription
409 Conflict
Conflict. The request to reject the card request is not allowed. The _error field in the response will contain details about the request error.
Schema: errorResponse
StatusDescription
412 Precondition Failed
Precondition Failed. The supplied if-Match header value does not match the most recent ETag response header value. The resource has changed in the interim.
Schema: errorResponse

Response Headers

StatusDescription
200 ETag string
The ETag response header specifies an entity tag which must be provided in an If-Match request header for PUT or PATCH operations which update the resource.

cancelCardRequest

Code samples

# You can also use wget
curl -X POST /cards/canceledCardRequests?cardRequest=string \
  -H 'Accept: application/hal+json' \
  -H 'If-Match: string' \
  -H 'API-Key: API_KEY' \
  -H 'Authorization: Bearer {access-token}'

POST /cards/canceledCardRequests?cardRequest=string HTTP/1.1

Accept: application/hal+json
If-Match: string

var headers = {
  'Accept':'application/hal+json',
  'If-Match':'string',
  'API-Key':'API_KEY',
  'Authorization':'Bearer {access-token}'

};

$.ajax({
  url: '/cards/canceledCardRequests',
  method: 'post',
  data: '?cardRequest=string',
  headers: headers,
  success: function(data) {
    console.log(JSON.stringify(data));
  }
})

const fetch = require('node-fetch');

const headers = {
  'Accept':'application/hal+json',
  'If-Match':'string',
  'API-Key':'API_KEY',
  'Authorization':'Bearer {access-token}'

};

fetch('/cards/canceledCardRequests?cardRequest=string',
{
  method: 'POST',

  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

require 'rest-client'
require 'json'

headers = {
  'Accept' => 'application/hal+json',
  'If-Match' => 'string',
  'API-Key' => 'API_KEY',
  'Authorization' => 'Bearer {access-token}'
}

result = RestClient.post '/cards/canceledCardRequests',
  params: {
  'cardRequest' => 'string'
}, headers: headers

p JSON.parse(result)

import requests
headers = {
  'Accept': 'application/hal+json',
  'If-Match': 'string',
  'API-Key': 'API_KEY',
  'Authorization': 'Bearer {access-token}'
}

r = requests.post('/cards/canceledCardRequests', params={
  'cardRequest': 'string'
}, headers = headers)

print r.json()

URL obj = new URL("/cards/canceledCardRequests?cardRequest=string");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("POST");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
    new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
    response.append(inputLine);
}
in.close();
System.out.println(response.toString());

package main

import (
       "bytes"
       "net/http"
)

func main() {

    headers := map[string][]string{
        "Accept": []string{"application/hal+json"},
        "If-Match": []string{"string"},
        "API-Key": []string{"API_KEY"},
        "Authorization": []string{"Bearer {access-token}"},
        
    }

    data := bytes.NewBuffer([]byte{jsonReq})
    req, err := http.NewRequest("POST", "/cards/canceledCardRequests", data)
    req.Header = headers

    client := &http.Client{}
    resp, err := client.Do(req)
    // ...
}

Cancel a card request

POST /canceledCardRequests

Cancel a card replacement request. This changes the state property of the card request to canceled. This operation is available via the apiture:cancel link on the card request resource, if and only if the card request is eligible for the cancel operation. The response is the updated representation of the card request. The If-Match request header value, if passed, must match the current entity tag value of the card request.

Parameters

Parameter Description
cardRequest
(query)
string (required)
A string which uniquely identifies a card request which is to added to the canceled card requests resource set. This may be the unique cardRequestId or the URI of the card request.
If-Match
(header)
string (required)
The entity tag that was returned in the ETag response. This must match the current entity tag of the resource.

Try It

Example responses

200 Response

{
  "_id": "35eb0e67-ac9b-44d7-8799-6648ba6b1c65",
  "_profile": "https://api.apiture.com/schemas/cards/cardRequest/v1.0.0/profile.json",
  "cardId": "9e5a519c-ed3d-48ec-84d0-ef29b2843803",
  "reason": "lost",
  "description": "Replace lost card",
  "submittedAt": "2019-06-07T05:18:30.375Z",
  "updatedAt": "2019-06-07T05:18:30.375Z",
  "updatedBy": "lucy.wellphunded@bankcustomer.example.com",
  "_links": {
    "self": {
      "href": "/cards/cardRequests/35eb0e67-ac9b-44d7-8799-6648ba6b1c65"
    },
    "apiture:card": {
      "href": "/cards/cards/9e5a519c-ed3d-48ec-84d0-ef29b2843803"
    },
    "apiture:account": {
      "href": "https://api.example.com/accounts/accounts/617c31ce-7bf0-4e55-a5df-12916ff22ada"
    },
    "apiture:cancel": {
      "href": "https://api.example.com/cards/canceledCardRequests?cardRequest=617c31ce-7bf0-4e55-a5df-12916ff22ada"
    }
  }
}

Responses

StatusDescription
200 OK
OK. The operation succeeded. The card request was updated and its state changed to canceled.
Schema: cardRequest
StatusDescription
400 Bad Request

Bad Request. The cardRequest parameter was malformed or does not refer to an existing or accessible card request.

This error response may have one of the following type values:

Schema: errorResponse
StatusDescription
409 Conflict
Conflict. The request to cancel the card request is not allowed. The _error field in the response will contain details about the request error.
Schema: errorResponse
StatusDescription
412 Precondition Failed
Precondition Failed. The supplied if-Match header value does not match the most recent ETag response header value. The resource has changed in the interim.
Schema: errorResponse

Response Headers

StatusDescription
200 ETag string
The ETag response header specifies an entity tag which must be provided in an If-Match request header for PUT or PATCH operations which update the resource.

Schemas

abstractRequest

{
  "_profile": "{uri of resource profile.json}",
  "_links": {
    "self": {
      "href": "{uri of current resource}"
    }
  }
}

Abstract Request (v2.0.0)

An abstract schema used to define other request-only schemas. This is a HAL resource representation, minus the _error defined in abstractResource.

Properties

NameDescription
_links links
An optional map of links, mapping each link relation to a link object. This model defines the _links object of HAL representations.
_embedded object
An optional map of nested resources, mapping each nested resource name to a nested resource representation.
_profile string(uri)
The URI of a resource profile which describes the representation.

abstractResource

{
  "_profile": "{uri of resource profile.json}",
  "_links": {
    "self": {
      "href": "{uri of current resource}"
    }
  }
}

Abstract Resource (v2.0.0)

An abstract schema used to define other schemas for request and response bodies. This is a HAL resource representation. This model contains hypermedia _links, and either optional domain object data with _profile and optional _embedded objects, or an _error object. In responses, if the operation was successful, this object will not include the _error, but if the operation was a 4xx or 5xx error, this object will not include _embedded or any data fields, only _error and optionally _links.

Properties

NameDescription
_links links
An optional map of links, mapping each link relation to a link object. This model defines the _links object of HAL representations.
_embedded object
An optional map of nested resources, mapping each nested resource name to a nested resource representation.
_profile string(uri)
The URI of a resource profile which describes the representation.
_error error
An object which describes an error. This value is omitted if the operation succeeded without error.

accountNumbers

{
  "masked": "*************3210",
  "full": "9876543210"
}

Account Numbers (v1.0.0)

Different representations of an account number.

Properties

NameDescription
masked string
A partial account number that does not contain all the digits of the full account number. This masked number appears in statements or in user experience presentation. It is sufficient for a user to differentiate this account from other accounts they hold, but is not sufficient for initiating transfers, etc. The first character is the mask character and is repeated; this does not indicate that the full account number is the same as the mask length. This value is derived and immutable.
read-only
minLength: 8
maxLength: 32
full string
The full account number. This value only appears when ?unmasked=true is passed on the GET request. Not included in the summary representation of the account that is included in account collection responses. This value is derived and immutable.
read-only
minLength: 4
maxLength: 17

attributeValue

{}

Attribute Value (v2.0.0)

The data associated with this attribute.

Properties

attributes

{
  "property1": {},
  "property2": {}
}

Attributes (v2.0.0)

An optional map of name/value pairs which contains additional dynamic data about the resource.

Properties

NameDescription
additionalProperties attributeValue
The data associated with this attribute.

authenticator

{
  "_id": "7fadd35b-6f6b-4901-b1ba-d3b91c9dcee3",
  "_profile": "https://api.apiture.com/schemas/auth/authenticator/v1.0.1/profile.json",
  "userId": "b2720469-3497-4b82-8b85-30f2155aa66d",
  "state": "started",
  "type": {
    "name": "sms",
    "label": "SMS Code",
    "description": "Enter a code sent via SMS to the user's preferred mobile device.",
    "category": "device",
    "schema": {
      "title": "SMS attributes",
      "description": "Schema for an authenticator's `attributes` when the authenticator type is `sms`.",
      "type": "object",
      "required": [
        "code",
        "length"
      ],
      "properties": {
        "code": {
          "type": "string",
          "description": "A code that was sent to the user's mobile device via SMS. The user should enter the code in the app, then set `attributes.code` to that. The length of the code (the number of characters or digits) must equal the `length'.",
          "minLength": 3,
          "maxLength": 10
        },
        "length": {
          "description": "The number of digits/characters that are sent to the user via SMS.",
          "type": "integer",
          "minimum": 3,
          "maximum": 10,
          "example": 6
        }
      }
    }
  },
  "maximumRetries": 3,
  "retryCount": 1,
  "createdAt": "2019-08-23T12:42:50.375Z",
  "expiresAt": "2019-08-23T13:12:50.375Z",
  "_links": {
    "self": {
      "href": "/auth/challenges/2e61e506-1568-4f1a-a93e-4d0a48a06d0e/authenticators/7fadd35b-6f6b-4901-b1ba-d3b91c9dcee3"
    },
    "apiture:challenge": {
      "href": "/auth/challenges/challenges/b59438cd-5efb-4915-916b-0600bb2a4e1e"
    },
    "apiture:retry": {
      "href": "/auth/challenges/retriedAuthenticators?authenticator=7fadd35b-6f6b-4901-b1ba-d3b91c9dcee3"
    },
    "apiture:verify": {
      "href": "/auth/challenges/verifiedAuthenticators"
    }
  }
}

Authenticator (v1.0.1)

Representation of authenticators which verify a user's identity.

Response and request bodies using this authenticator schema may contain the following links:

RelSummaryMethod
apiture:retryRetry an authenticatorPOST
apiture:startStart an authenticatorPOST
apiture:verifyVerify a user's identityPOST
apiture:challengeFetch a representation of this challengeGET

Properties

NameDescription
_links links
An optional map of links, mapping each link relation to a link object. This model defines the _links object of HAL representations.
_embedded object
An optional map of nested resources, mapping each nested resource name to a nested resource representation.
_profile string(uri)
The URI of a resource profile which describes the representation.
_error error
An object which describes an error. This value is omitted if the operation succeeded without error.
type authenticatorType
The type of this authenticator. This must be one of the items in the /authenticatorTypes resource.
maximumRetries integer
The maximum number of times the user may retry this authenticator. If 0, the user must authenticate correctly on the first try. When an authenticator is retried, the client should POST to the apiture:retry link on the authenticators; absence of the link means the user cannot retry the authenticator. The default is 3.
maximum: 10
_id string
The unique identifier for this authenticator resource. This is an immutable opaque string assigned upon creation.
read-only
userId string
The user ID of the user who is requested to verify their identity.
state authenticatorState
The state of this authenticator. This is derived and read-only.
read-only
retryCount integer
The actual number of times a user has retried this authenticator.
read-only
maximum: 10
attributes object
Data collected from the user that is used to verify this authenticator. This data conforms to the schema defined in the type. For example, for sms, the attributes must contains a code.
createdAt string(date-time)
The time stamp when authenticator was created, in RFC 3339 UTC date-time format (YYYY-MM-DDThh:mm:ss.sssZ).
read-only
verifiedAt string(date-time)
The time stamp when authenticator was verified in RFC 3339 UTC date-time format (YYYY-MM-DDThh:mm:ss.sssZ).
read-only
failedAt string(date-time)
The time stamp when the user failed to verify their identity verification (authentication) for this challenge, in RFC 3339 UTC date-time format (YYYY-MM-DDThh:mm:ss.sssZ).
read-only
expiresAt string(date-time)
The time stamp when the this challenge expires, in RFC 3339 UTC date-time format (YYYY-MM-DDThh:mm:ss.sssZ).
read-only

authenticatorCategory

"knowledge"

authenticatorCategory (v1.0.0)

Categories which help classify and organize different authenticator types:

authenticatorCategory strings may have one of the following enumerated values:

ValueDescription
knowledgeKnowledge: Authenticate with information the user knows, such as a password or answers to personal questions.
biometricBiometric: Authenticate with physical characteristics of the user, such as fingerprints, voiceprint, or faceprint.
deviceDevice: Authenticate with a device that the user has, such as a mobile phone or an electronic key.

These enumeration values are further described by the label group named authenticatorCategory in the response from the getLabels operation.

Type: string
Enumerated values:
knowledge
biometric
device

authenticatorState

"pending"

Authenticator State (v1.0.0)

The state of a challenge authenticator resource.

authenticatorState strings may have one of the following enumerated values:

ValueDescription
pendingPending: The authenticator is created but not yet started.
startedStarted: The user has started the authenticator.
verifiedVerified: The user corresponding verified the authenticator.
failedFailed: The user failed the authenticators criteria.
expiredExpired: The authenticator expired before the user completed the criteria.

These enumeration values are further described by the label group named authenticatorState in the response from the getLabels operation.

Type: string
Enumerated values:
pending
started
verified
failed
expired

authenticatorType

{
  "name": "sms",
  "label": "SMS code",
  "description": "Enter a code sent via SMS to the user's preferred mobile device.",
  "category": "device",
  "schema": {
    "title": "SMS attributes",
    "description": "Schema for an authenticator's `attributes` when the authenticator type is `sms`.",
    "type": "object",
    "required": [
      "code",
      "length"
    ],
    "properties": {
      "code": {
        "type": "string",
        "description": "A code that was sent to the user's mobile device via SMS. The user should enter the code in the app, then set `attributes.code` to that. The length of the code (the number of characters or digits) must equal the `length'.",
        "minLength": 3,
        "maxLength": 10
      },
      "length": {
        "description": "The number of digits/characters that are sent to the user via SMS.",
        "type": "integer",
        "minimum": 3,
        "maximum": 10,
        "example": 6
      }
    }
  }
}

Authenticator Type (v1.0.0)

An authenticator type description.

Properties

NameDescription
name string
The name of this authenticator; also the key in the authenticatorTypes object.
label string
A localized label or title which may be used labels or other UI controls which present a value.
description string
A more detailed localized description of an authenticator type.
language string
The actual natural language tag to which this authentication type description is associated, as per RFC 7231. If omitted, this serves as the default.
category authenticatorCategory
The authentication category.
schema object
The JSON schema which describe the attributes object for all authenticators of this type. For example, for sms, the schema defines a required code string.

card

{
  "_id": "0399abed-fd3d-4830-a88b-30f38b8a365c",
  "_profile": "https://api.apiture.com/schemas/cards/card/v2.0.0/profile.json",
  "holderName": "LUCILLE WELLPHUNDED",
  "name": "My debit card for Premiere Checking",
  "accountName": "Premiere Checking",
  "accountNumbers": {
    "masked": "*************3210",
    "full": "9876543210"
  },
  "cardNumbers": {
    "masked": "************3210"
  },
  "state": "active",
  "fulfillmentState": "shipped",
  "fulfillmentDescription": "Shipped on June 7, 2020",
  "issuedAt": "2019-06-07T05:18:30.375Z",
  "updatedAt": "2019-06-07T05:18:30.375Z",
  "mine": true,
  "updatedBy": "lucy.wellphunded@bankcustomer.example.com",
  "expiresOn": "2012-04-30",
  "_embedded": {},
  "_links": {
    "self": {
      "href": "/cards/cards/0399abed-fd3d-4830-a88b-30f38b8a365c"
    },
    "apiture:lock": {
      "href": "/cards/lockedCards?card=0399abed-fd3d-4830-a88b-30f38b8a365c"
    },
    "apiture:account": {
      "href": "/accounts/accounts/d62c0701-0d74-4836-83f9-ebf3709442ea"
    }
  }
}

Card (v2.0.0)

A card resource, which represents physical Debit cards associated with a banking account or credit cards.

The default representation includes only a masked card number. Use ?unmasked=true on the request to include the full card number.

The hypermedia _links in the response (listed below) include several action links which change the state of the card. These links should be used with the POST verb (see Resource sets).

Response and request bodies using this card schema may contain the following links:

RelSummaryMethod
selfFetch a representation of this cardGET
apiture:account The Account associated with this cardGET
apiture:unlockUnlock a cardPOST
apiture:closeClose a cardPOST
apiture:lockLock a cardPOST
apiture:activateActivate a cardPOST
apiture:replaceRequest a new or replacement cardPOST

Properties

NameDescription
_links links
An optional map of links, mapping each link relation to a link object. This model defines the _links object of HAL representations.
_embedded object
An optional map of nested resources, mapping each nested resource name to a nested resource representation.
_profile string(uri)
The URI of a resource profile which describes the representation.
_error error
An object which describes an error. This value is omitted if the operation succeeded without error.
accountName string
The name of the account that this card is tied to.
read-only
minLength: 1
maxLength: 128
accountNumbers accountNumbers
The masked and (optionally) full number for the account this card is associated with. This is derived from the account used in the initial card request. By default, only the masked number is returned; use ?unmasked=true to reveal the full account number.
read-only
_id string
The unique identifier for this card resource. This is an immutable opaque string.
read-only
label string
The text label for this card.
read-only
minLength: 1
maxLength: 128
holderName string
The card holder's full name, as it appears on the card. This value is often ALL CAPS.
read-only
cardNumbers cardNumbers
The masked and full card number this card.
read-only
fulfillmentState cardFulfillmentState
Indicates the state of a card replacement request. The user cannot change this property.
read-only
fulfillmentDescription string
The card provider's explanation of the current fulfillmentState.
read-only
mine boolean
If true, the card is owned by the user making the request. By default a user can view all cards for a given Account, but they may only take action on cards they own.
read-only
state cardState
The state of this card. This is derived.
read-only
issuedAt string(date-time)
The date-time when this card was issued. This is in RFC 3339 UTC format. This field is present only after the card has been issued, and if the card vendor provides the time stamp.
read-only
activatedAt string(date-time)
The date-time when this card was activated. This is in RFC 3339 UTC format. This field is present only after the card has been activated, and if the card vendor provides the time stamp.
read-only
expiresOn string(date)
The card's expiration date. The day should is the last day of the month, such as 2021-10-31 if the card expires at the end of October, 2021. in RFC 3339 YYYY-MM-DD format.
read-only
updatedAt string(date-time)
The date-time when this card's state or other attributes were last changed. This is in RFC 3339 UTC format.
read-only
updatedBy string
The username of the person who last modified this card resource.
read-only

cardFulfillmentState

"none"

Card Fulfillment State (v1.0.0)

The state of a card order fulfillment from the provider.

cardFulfillmentState strings may have one of the following enumerated values values (described by the named cardReplacementState)

These enumeration values are further described by the label group named cardReplacementState in the response from the getLabels operation.

ValueDescription
noneNone: No card replacement requests are active.
requestedRequested: The user has requested a card replacement.
orderedOrdered: The card replacement order has been sent to the card provider.
issuedIssued: The card has been issued by the card provider.
shippedShipped: The issued card has been shipped by the card provider.
replacedWithSameNumberReplaced with same card number: The card for this account number has been replaced; the card has been issued, shipped, and activated.
replacedWithNewNumberReplaced with new card number: The card for this account has been replaced with a new card and new card number; the card has been issued, shipped, and activated.

Type: string
Enumerated values:
none
requested
ordered
reordered
issued
shipped
rejected

cardIssuerParameter

{
  "name": "card_token",
  "value": "77639FAF::7E77::4CDF::B096::4B5C5F971691--fc09b0af::a30b::4D34834F682826EE1C44"
}

Card Issuer Parameter (v1.0.0)

A single name/value parameter that the client passes to the card issuer user interface component.

Properties

NameDescription
name string (required)
The parameter name.
minLength: 4
maxLength: 32
pattern: ^[a-zA-Z][-a-zA-Z0-9_]{3,31}
value string (required)
The parameter value.
maxLength: 256

cardIssuerParameters

{
  "_profile": "https://api.apiture.com/schemas/cards/cardIssuerParameters/v1.0.0/profile.json",
  "issuer": "marqueta",
  "parameters": [
    {
      "name": "user_token",
      "value": "cd8775f7f49a/408a|9afa-982a78bd08bd::7466c8c38489/4541|b695/af7ac2ba4537"
    },
    {
      "name": "onetime_token",
      "value": "130d1a7d_fa0c/453a|86a9_93c411a9df3a::5f1d4ade5c34/40e4|8098/493475dd0c92"
    },
    {
      "name": "application_id",
      "value": "09CF5D57C6084956866126610758E149"
    },
    {
      "name": "card_token",
      "value": "77639FAF::7E77::4CDF::B096::4B5C5F971691--fc09b0af::a30b::4D34834F682826EE1C44"
    }
  ]
}

Card Issuer Parameters (v1.0.0)

Parameters that the client passes to the card issuer user interface component. The example shows possible parameters for the card issuer Marqueta.

Properties

NameDescription
_links links
An optional map of links, mapping each link relation to a link object. This model defines the _links object of HAL representations.
_embedded object
An optional map of nested resources, mapping each nested resource name to a nested resource representation.
_profile string(uri)
The URI of a resource profile which describes the representation.
_error error
An object which describes an error. This value is omitted if the operation succeeded without error.
issuer string (required)
The name of the card issuer associated with the parameters.
parameters [cardIssuerParameter] (required)
An array of individual card issuer parameters.

cardNumbers

{
  "masked": "************3210"
}

Card Numbers (v1.0.0)

Masked and full representation of a card number.

Properties

NameDescription
masked string
A partial (masked) card number that does not contain all the digits of the full card number. This masked number appears in statements or in user experience presentation. It is sufficient for a user to differentiate this card from other cards the user holds, but is not sufficient for initiating transactions, etc. The first character is the mask character and is repeated; this does not indicate that the full card number is the same as the mask length. This value is derived and immutable.
read-only
maxLength: 16

cardReplacementState

"none"

Card Replacement State (v1.0.0)

The state of a card replacement request.

cardReplacementState strings may have one of the following enumerated values values (described by the named cardReplacementState)

These enumeration values are further described by the label group named cardReplacementState in the response from the getLabels operation.

ValueDescription
noneNone: No card replacement requests are active.
requestedRequested: The user has requested a card replacement.
orderedOrdered: The card replacement order has been sent to the card provider.
issuedIssued: The card has been issued by the card provider.
shippedShipped: The issued card has been shipped by the card provider.
replacedWithSameNumberReplaced with same card number: The card for this account number has been replaced; the card has been issued, shipped, and activated.
replacedWithNewNumberReplaced with new card number: The card for this account has been replaced with a new card and new card number; the card has been issued, shipped, and activated.

Type: string
Enumerated values:
none
requested
ordered
issued
shipped
replacedWithSameNumber
replacedWithNewNumber
rejected

cardRequest

{
  "_id": "35eb0e67-ac9b-44d7-8799-6648ba6b1c65",
  "_profile": "https://api.apiture.com/schemas/cards/cardRequest/v1.0.0/profile.json",
  "cardId": "9e5a519c-ed3d-48ec-84d0-ef29b2843803",
  "reason": "lost",
  "description": "Replace lost card",
  "submittedAt": "2019-06-07T05:18:30.375Z",
  "updatedAt": "2019-06-07T05:18:30.375Z",
  "updatedBy": "lucy.wellphunded@bankcustomer.example.com",
  "_links": {
    "self": {
      "href": "/cards/cardRequests/35eb0e67-ac9b-44d7-8799-6648ba6b1c65"
    },
    "apiture:card": {
      "href": "/cards/cards/9e5a519c-ed3d-48ec-84d0-ef29b2843803"
    },
    "apiture:account": {
      "href": "https://api.example.com/accounts/accounts/617c31ce-7bf0-4e55-a5df-12916ff22ada"
    },
    "apiture:cancel": {
      "href": "https://api.example.com/cards/canceledCardRequests?cardRequest=617c31ce-7bf0-4e55-a5df-12916ff22ada"
    }
  }
}

Card Request (v1.1.0)

Representation of a card request resource. This represents a request to issue a new card or replace a lost, stolen, or damaged card.

The hypermedia _links in the card request representation (listed below) include several action links which change the state of the card request. These links should be used with the POST verb (see Resource sets).

Response and request bodies using this cardRequest schema may contain the following links:

RelSummaryMethod
apiture:cancelCancel a card requestPOST
apiture:completeComplete a card requestPOST
apiture:rejectReject a card requestPOST

Properties

NameDescription
_links links
An optional map of links, mapping each link relation to a link object. This model defines the _links object of HAL representations.
_embedded object
An optional map of nested resources, mapping each nested resource name to a nested resource representation.
_profile string(uri)
The URI of a resource profile which describes the representation.
_error error
An object which describes an error. This value is omitted if the operation succeeded without error.
cardId string
The resource ID of the card that is to be replaced.
reason cardRequestReason (required)
Reasons which describe why the user is requesting a a card.
description any
The card holder's description, note, or explanation of why they requested a card. type: string
accountNumbers accountNumbers
The masked and (optionally) full number for the account this card is associated with. The full number is only returned when requests contain the ?unmasked query parameter.
read-only
_id string
The unique identifier for this card request resource. This is an immutable opaque string.
read-only
state cardRequestState
Indicates the state of a card request.
read-only
submittedAt string(date-time)
The date-time when this card request request was submitted. This is in RFC 3339 UTC format.
resolvedAt string(date-time)
The date-time when this card request request was completed, rejected, or canceled. This is in RFC 3339 UTC format.
updatedAt string(date-time)
The date-time when this card request attributes were last changed. This is in RFC 3339 UTC format.
resolutionReason string
The explanation for why the card was resolved. This may be the reason the card request was rejected.
maxLength: 2048
updatedBy string
The username of the person who last modified or resolved this card request.

cardRequestReason

"initial"

Card Request Reason (v1.1.0)

The reason the user is requesting a replacement card.

cardRequestReason strings may have one of the following enumerated values values (described by the named cardRequestReason)

These enumeration values are further described by the label group named cardRequestReason in the response from the getLabels operation.

ValueDescription
initialInitial Card Request
lostLost Card
stolenStolen Card
damagedDamaged Card
neverReceivedNever Received: The card holder is requesting a replacement of card that was shipped but never received.
reorderReorder Closed Card: The card holder is requesting a replacement of a previously closed card.

Type: string
Enumerated values:
initial
lost
stolen
damaged
neverReceived
reorder

cardRequestState

"pending"

Card Request State (v1.0.0)

Indicates the state of a card request.

cardRequestState strings may have one of the following enumerated values values (described by the named cardRequestState)

These enumeration values are further described by the label group named cardRequestState in the response from the getLabels operation.

ValueDescription
pendingPending: A card request has been created but not yet submitted.
submittedSubmitted: A card request has been submitted but not processed.
canceledCanceled: A card request has been canceled.
rejectedRejected: A card request has been rejected.
completedCompleted: A card request has been completed.

Type: string
Enumerated values:
pending
submitted
canceled
rejected
completed

cardRequests

{
  "_profile": "https://api.apiture.com/schemas/cards/cardRequests/v1.0.0/profile.json",
  "start": 10,
  "limit": 10,
  "count": 67,
  "name": "cardRequests",
  "_links": {
    "self": {
      "href": "/cards/cardRequests?start=10&limit=10"
    },
    "first": {
      "href": "/cards/cardRequests?start=0&limit=10"
    },
    "next": {
      "href": "/cards/cardRequests?start=20&limit=10"
    },
    "collection": {
      "href": "/cards/cardRequests"
    }
  },
  "_embedded": {
    "items": {
      "anyOf": [
        {
          "_id": "0399abed-fd3d-4830-a88b-30f38b8a365c",
          "_profile": "https://api.apiture.com/schemas/cards/cardRequest/v1.0.0/profile.json",
          "_links": {
            "self": {
              "href": "/cards/cardRequests/0399abed-fd3d-4830-a88b-30f38b8a365c"
            }
          }
        },
        {
          "_id": "d62c0701-0d74-4836-83f9-ebf3709442ea",
          "_profile": "https://api.apiture.com/schemas/cards/cardRequest/v1.0.0/profile.json",
          "_links": {
            "self": {
              "href": "/cards/cardRequests/d62c0701-0d74-4836-83f9-ebf3709442ea"
            }
          }
        }
      ]
    }
  }
}

Card Requests Collection (v1.1.0)

Collection of requests to issue a new or replacement card. The items in the collection are ordered in the _embedded.items array; the name is replacements. The top-level _links object may contain pagination links (self, next, prev, first, last, collection).

Properties

NameDescription
_links links
An optional map of links, mapping each link relation to a link object. This model defines the _links object of HAL representations.
_embedded object
Embedded objects.
ยป items [summaryCardRequest]
An array containing a page of replacement items.
_profile string(uri)
The URI of a resource profile which describes the representation.
_error error
An object which describes an error. This value is omitted if the operation succeeded without error.
count integer
The number of items in the collection. This value is optional and may be omitted if the count is not computable efficiently. If a filter is applied to the collection (either implicitly or explicitly), the count, if present, indicates the number of items that satisfy the filter.
start integer
The start index of this page of items.
limit integer
The maximum number of items per page.
name string
The name of the collection.

cardShippingEstimate

{
  "_profile": "https://production.api.apiture.com/schemas/cards/cardShippingEstimate/v1.0.0/profile.json",
  "cardId": "0399abed-fd3d-4830-a88b-30f38b8a365c",
  "normal": {
    "value": "0.00",
    "currency": "USD"
  },
  "expedited": {
    "value": "12.00",
    "currency": "USD"
  },
  "_links": {
    "apiture:account": {
      "href": "/accounts/accounts/c4fff7a4-8654-4085-aeba-a984de81dcc3"
    },
    "apiture:card": {
      "href": "/cards/card/0399abed-fd3d-4830-a88b-30f38b8a365c"
    }
  }
}

Card Shipping Estimate (v1.0.0)

The estimated shipping costs for a new or replacement card.

Response and request bodies using this cardShippingEstimate schema may contain the following links:

RelSummaryMethod
apiture:cardFetch a representation of this cardGET
apiture:account The account associated with the cardGET

Properties

NameDescription
_links links
An optional map of links, mapping each link relation to a link object. This model defines the _links object of HAL representations.
_embedded object
An optional map of nested resources, mapping each nested resource name to a nested resource representation.
_profile string(uri)
The URI of a resource profile which describes the representation.
_error error
An object which describes an error. This value is omitted if the operation succeeded without error.
cardId string
The _id property of a card if requesting card replacement. For a new card, this is blank; refer to the the apiture:account link instead.
read-only
normal positiveMoney
The normal (non-expedited) shipping charges.
expedited positiveMoney
The optional expedited shipping charges. This is omitted from the response if expedited shipping is not allowed for the account's banking product. (The card object of the banking product reveals if expedited shipping is for that product.)

cardShippingEstimateRequest

{
  "_profile": "https://production.api.apiture.com/schemas/cards/cardShippingEstimateRequest/v1.0.0/profile.json",
  "cardId": "0399abed-fd3d-4830-a88b-30f38b8a365c",
  "_links": {
    "apiture:account": {
      "href": "/accounts/accounts/c4fff7a4-8654-4085-aeba-a984de81dcc3"
    }
  }
}

Card Shipping Estimate Request (v1.0.0)

Information required to estimate the expedited shipping costs for a card. The shipping address is the preferred mailing address for the user making the request.

Response and request bodies using this cardShippingEstimateRequest schema may contain the following links:

RelSummaryMethod
apiture:account The account associated with the cardGET

Properties

NameDescription
_links links
An optional map of links, mapping each link relation to a link object. This model defines the _links object of HAL representations.
_embedded object
An optional map of nested resources, mapping each nested resource name to a nested resource representation.
_profile string(uri)
The URI of a resource profile which describes the representation.
cardId string
The _id property of a card if requesting card replacement. For a new card, pass the apiture:account link instead.

cardState

"unknown"

Card State (v1.0.0)

The state of a card.

cardState strings may have one of the following enumerated values values (described by the named cardState)

These enumeration values are further described by the label group named cardState in the response from the getLabels operation.

ValueDescription
unknownUnknown
requestedRequested: The used has submitted the request to issue the card but the request has not been completed.
issuedIssued: The card has been issued but the card holder has not activated it.
activeActive: The card has been issued and activated an is available for use.
lockedLocked: The user has requested that the card be locked so that it may not be used. This is useful if they have misplaced the card but do not yet want to report it as lost.
lostReported as lost: The user has reported the card as lost. The card is disabled. A new card (with a new card number) will be issued.
stolenReported as stolen: The user has reported the card as stolen. The card is disabled. A new card (with a new card number) will be issued.
damagedReported as damaged: The user has reported the card as stolen. A new card with the same card number will be issued.
frozenFrozen: The financial institution has frozen the card or the account associated with this card.
closedClosed: The card has been closed at the card holder's request or by the financial institution. The card is disabled and the card holder cannot use it for banking activity.

Type: string
Enumerated values:
unknown
requested
issued
active
locked
lost
stolen
damaged
frozen
closed

cards

{
  "_profile": "https://api.apiture.com/schemas/cards/cards/v2.0.0/profile.json",
  "start": 10,
  "limit": 10,
  "count": 67,
  "name": "cards",
  "_links": {
    "self": {
      "href": "/cards/cards?start=10&limit=10"
    },
    "first": {
      "href": "/cards/cards?start=0&limit=10"
    },
    "next": {
      "href": "/cards/cards?start=20&limit=10"
    },
    "collection": {
      "href": "/cards/cards"
    }
  },
  "_embedded": {
    "items": {
      "_id": "0399abed-fd3d-4830-a88b-30f38b8a365c",
      "_profile": "https://api.apiture.com/schemas/cards/card/v2.0.0/profile.json",
      "holderName": "LUCILLE WELLPHUNDED",
      "label": "Premiere Checking *3210",
      "accountName": "Premiere Checking",
      "accountNumbers": {
        "masked": "*************3210",
        "full": "9876543210"
      },
      "cardNumbers": {
        "masked": "************3210"
      },
      "state": "active",
      "fulfillmentState": "shipped",
      "fulfillmentDescription": "Shipped on June 7, 2020",
      "mine": true,
      "issuedAt": "2019-06-07T05:18:30.375Z",
      "updatedAt": "2019-06-07T05:18:30.375Z",
      "updatedBy": "lucy.wellphunded@bankcustomer.example.com",
      "expiresOn": "2012-04-30",
      "_links": {
        "self": {
          "href": "/cards/cards/0399abed-fd3d-4830-a88b-30f38b8a365c"
        },
        "apiture:account": {
          "href": "/accounts/accounts/d62c0701-0d74-4836-83f9-ebf3709442ea"
        }
      }
    }
  }
}

Card Collection (v2.0.0)

Collection of cards. The items in the collection are ordered in the _embedded.items array; the name is cards. The top-level _links object may contain pagination links (self, next, prev, first, last, collection).

Properties

NameDescription
_links links
An optional map of links, mapping each link relation to a link object. This model defines the _links object of HAL representations.
_embedded object
Embedded objects.
ยป items [summaryCard]
An array containing a page of card items.
_profile string(uri)
The URI of a resource profile which describes the representation.
_error error
An object which describes an error. This value is omitted if the operation succeeded without error.
count integer
The number of items in the collection. This value is optional and may be omitted if the count is not computable efficiently. If a filter is applied to the collection (either implicitly or explicitly), the count, if present, indicates the number of items that satisfy the filter.
start integer
The start index of this page of items.
limit integer
The maximum number of items per page.
name string
The name of the collection.

challenge

{
  "_id": "0399abed-fd3d-4830-a88b-30f38b8a365c",
  "_profile": "https://api.apiture.com/schemas/auth/challenge/v1.0.1/profile.json",
  "reason": "Transfer amount much higher than normal",
  "contextUri": "https://fi.apiture.com/transfers/scheduledTransfers/50b9df19-d6bf-4ac0-b5f4-3e6448b7dacd",
  "minimumAuthenticatorCount": 1,
  "authenticators": [
    {
      "_id": "7fadd35b-6f6b-4901-b1ba-d3b91c9dcee3",
      "_profile": "https://api.apiture.com/schemas/auth/authenticator/v1.0.1/profile.json",
      "userId": "b2720469-3497-4b82-8b85-30f2155aa66d",
      "state": "started",
      "type": {
        "name": "sms",
        "label": "SMS Code",
        "description": "Enter a code sent via SMS to the user's preferred mobile device.",
        "category": "device",
        "schema": {
          "title": "SMS attributes",
          "description": "Schema for an authenticator's `attributes` when the authenticator type is `sms`.",
          "type": "object",
          "required": [
            "code",
            "length"
          ],
          "properties": {
            "code": {
              "type": "string",
              "description": "A code that was sent to the user's mobile device via SMS. The user should enter the code in the app, then set `attributes.code` to that. The length of the code (the number of characters or digits) must equal the `length'.",
              "minLength": 3,
              "maxLength": 10
            },
            "length": {
              "description": "The number of digits/characters that are sent to the user via SMS.",
              "type": "integer",
              "minimum": 3,
              "maximum": 10,
              "example": 6
            }
          }
        }
      },
      "maximumRetries": 3,
      "retryCount": 1,
      "createdAt": "2019-08-23T12:42:50.375Z",
      "expiresAt": "2019-08-23T13:12:50.375Z",
      "_links": {
        "self": {
          "href": "/auth/challenges/0399abed-fd3d-4830-a88b-30f38b8a365c/authenticators/7fadd35b-6f6b-4901-b1ba-d3b91c9dcee3"
        },
        "apiture:challenge": {
          "href": "/auth/challenges/0399abed-fd3d-4830-a88b-30f38b8a365c"
        },
        "apiture:retry": {
          "href": "/auth/challenges/retriedAuthenticators?authenticator=7fadd35b-6f6b-4901-b1ba-d3b91c9dcee3"
        },
        "apiture:verify": {
          "href": "/auth/challenges/verifiedAuthenticators"
        }
      }
    }
  ],
  "maximumRedemptionCount": 1,
  "redemptionCount": 0,
  "state": "pending",
  "createdAt": "2019-08-23T11:37:55.375Z",
  "expiresAt": "2019-08-23T12:37:55.375Z",
  "_links": {
    "self": {
      "href": "/auth/challenges/5d63053d-435c-4455-a0b5-6f88ab729d1a"
    },
    "apiture:redeem": {
      "href": "/auth/redeemedChallenges?challenge=5d63053d-435c-4455-a0b5-6f88ab729d1a"
    }
  }
}

Challenge (v1.0.1)

A resource which represents an identity verification challenge to a user. The user must verify one or more of the authentication methods defined in this challenge in order to proceed with a banking operation (such as scheduling a larger than normal transfer, adding a joint owner or authorized signer to an account, or changing their mailing address or mobile phone number).

Response and request bodies using this challenge schema may contain the following links:

RelSummaryMethod
apiture:redeemRedeem or use a challengePOST

Properties

NameDescription
_links links
An optional map of links, mapping each link relation to a link object. This model defines the _links object of HAL representations.
_embedded object
An optional map of nested resources, mapping each nested resource name to a nested resource representation.
_profile string(uri)
The URI of a resource profile which describes the representation.
_error error
An object which describes an error. This value is omitted if the operation succeeded without error.
reason string
The reason the application or service has issued a challenge requesting the user verify their identity. This is for labeling or informational purposes.
contextUri string(uri)
The URI of a resource that establishes the context in which the user is asked to authenticate their identity. For example, for this may be for a pending transfer, a user's mailing address, or an account if adding a joint owner.
maxLength: 2048
userId string
The user ID of the user who is requested to verify their identity. The default is the userID of the authenticated person creating the challenge.
minimumAuthenticatorCount integer
The minimum number of different authenticators the user must verify in order to satisfy the identity challenge. The default is 1.
maximum: 4
maximumRedemptionCount integer
The maximum number of times the challenge may be used or redeemed. The default is 1.
minimum: 1
_id string
The unique identifier for this challenge resource. This is an immutable opaque string assigned upon creation.
read-only
redemptionCount integer
How many times the challenge has been redeemed.
read-only
state challengeState
The state of this authenticator.
read-only
createdAt string(date-time)
The time stamp when challenge was created, in RFC 3339 UTC date-time format (YYYY-MM-DDThh:mm:ss.sssZ).
read-only
authenticators [authenticator]
An array of authenticators with which the user can verify their identity. This is derived; the array and the authenticators are constructed in the createChallenge operation.
read-only
redeemable boolean
true if and only if the challenge may be redeemed. This is derived from the states of the challenge's authenticators; if the number of verified authenticators meets or exceeds the minimumAuthenticatorCount, the challenge becomes verified and may be redeemed via a POST to href in the challenge's apiture:redeem link.
read-only
verifiedAt string(date-time)
The time stamp when challenge was verified in RFC 3339 UTC date-time format (YYYY-MM-DDThh:mm:ss.sssZ).
read-only
failedAt string(date-time)
The time stamp when the user failed to verify their identity verification (authentication) for this challenge, in RFC 3339 UTC date-time format (YYYY-MM-DDThh:mm:ss.sssZ).
read-only
expiresAt string(date-time)
The time stamp when the this challenge expires, in RFC 3339 UTC date-time format (YYYY-MM-DDThh:mm:ss.sssZ).
read-only
redemptionHistory [string]
The time stamps when a service or operation redeemed this challenge, in RFC 3339 UTC date-time format (YYYY-MM-DDThh:mm:ss.sssZ). Item 0 is the time stamp the challenge was first redeemed, item 1 is the time stamp of the next redemption, and so on.
read-only
code string
An optional authentication code which is only returned in the challenge resource if both a) the platform assigned the code when constructing the challenge), and b) the user has successfully verified the challenge. The client must re-fetch the verified challenge in order to access this property.
read-only
minLength: 16
maxLength: 128

challengeError

{
  "message": "string",
  "_id": "string",
  "statusCode": 422,
  "type": "string",
  "occurredAt": "2018-02-02T03:37:15.375Z",
  "attributes": {
    "property1": {},
    "property2": {}
  },
  "remediation": "string",
  "errors": [
    {
      "_id": "2eae46e1575c0a7b0115a4b3",
      "message": "Descriptive error message...",
      "statusCode": 422,
      "type": "errorType1",
      "remediation": "Remediation string...",
      "occurredAt": "2018-01-25T05:50:52.375Z",
      "errors": [
        {
          "_id": "ccdbe2c5c938a230667b3827",
          "message": "An optional embedded error"
        },
        {
          "_id": "dbe9088dcfe2460f229338a3",
          "message": "Another optional embedded error"
        }
      ],
      "_links": {
        "describedby": {
          "href": "https://developer.apiture.com/errors/errorType1"
        }
      }
    }
  ],
  "_links": {
    "property1": {
      "href": "/contacts/contacts/328f6bf6-d762-422f-a077-ab91ca4d0b6f",
      "title": "Applicant"
    },
    "property2": {
      "href": "/contacts/contacts/328f6bf6-d762-422f-a077-ab91ca4d0b6f",
      "title": "Applicant"
    }
  },
  "_embedded": {
    "challenge": {
      "_id": "0399abed-fd3d-4830-a88b-30f38b8a365c",
      "_profile": "https://api.apiture.com/schemas/auth/challenge/v1.0.1/profile.json",
      "reason": "Transfer amount much higher than normal",
      "contextUri": "https://fi.apiture.com/transfers/scheduledTransfers/50b9df19-d6bf-4ac0-b5f4-3e6448b7dacd",
      "minimumAuthenticatorCount": 1,
      "authenticators": [
        {
          "_id": "7fadd35b-6f6b-4901-b1ba-d3b91c9dcee3",
          "_profile": "https://api.apiture.com/schemas/auth/authenticator/v1.0.1/profile.json",
          "userId": "b2720469-3497-4b82-8b85-30f2155aa66d",
          "state": "started",
          "type": {
            "name": "sms",
            "label": "SMS Code",
            "description": "Enter a code sent via SMS to the user's preferred mobile device.",
            "category": "device",
            "schema": {
              "title": "SMS attributes",
              "description": "Schema for an authenticator's `attributes` when the authenticator type is `sms`.",
              "type": "object",
              "required": [
                "code",
                "length"
              ],
              "properties": {
                "code": {
                  "type": "string",
                  "description": "A code that was sent to the user's mobile device via SMS. The user should enter the code in the app, then set `attributes.code` to that. The length of the code (the number of characters or digits) must equal the `length'.",
                  "minLength": 3,
                  "maxLength": 10
                },
                "length": {
                  "description": "The number of digits/characters that are sent to the user via SMS.",
                  "type": "integer",
                  "minimum": 3,
                  "maximum": 10,
                  "example": 6
                }
              }
            }
          },
          "maximumRetries": 3,
          "retryCount": 1,
          "createdAt": "2019-08-23T12:42:50.375Z",
          "expiresAt": "2019-08-23T13:12:50.375Z",
          "_links": {
            "self": {
              "href": "/auth/challenges/0399abed-fd3d-4830-a88b-30f38b8a365c/authenticators/7fadd35b-6f6b-4901-b1ba-d3b91c9dcee3"
            },
            "apiture:challenge": {
              "href": "/auth/challenges/0399abed-fd3d-4830-a88b-30f38b8a365c"
            },
            "apiture:retry": {
              "href": "/auth/challenges/retriedAuthenticators?authenticator=7fadd35b-6f6b-4901-b1ba-d3b91c9dcee3"
            },
            "apiture:verify": {
              "href": "/auth/challenges/verifiedAuthenticators"
            }
          }
        }
      ],
      "maximumRedemptionCount": 1,
      "redemptionCount": 0,
      "state": "pending",
      "createdAt": "2019-08-23T11:37:55.375Z",
      "expiresAt": "2019-08-23T12:37:55.375Z",
      "_links": {
        "self": {
          "href": "/auth/challenges/5d63053d-435c-4455-a0b5-6f88ab729d1a"
        },
        "apiture:redeem": {
          "href": "/auth/redeemedChallenges?challenge=5d63053d-435c-4455-a0b5-6f88ab729d1a"
        }
      }
    }
  }
}

Challenge Error (v1.0.0)

The operation error description with an embedded identity challenge.

Properties

NameDescription
message string (required)
A localized message string describing the error condition.
_id string
A unique identifier for this error instance. This may be used as a correlation ID with the root cause error (i.e. this ID may be logged at the source of the error). This is is an opaque string.
read-only
statusCode integer
The HTTP status code associate with this error.
minimum: 100
maximum: 599
type string
An error identifier which indicates the category of error and associate it with API support documentation or which the UI tier can use to render an appropriate message or hint. This provides a finer level of granularity than the statusCode. For example, instead of just 400 Bad Request, the type may be much more specific. such as integerValueNotInAllowedRange or numericValueExceedsMaximum or stringValueNotInAllowedSet.
occurredAt string(date-time)
An RFC 3339 UTC time stamp indicating when the error occurred.
attributes attributes
Informative values or constraints which describe the error. For example, for a value out of range error, the attributes may specify the minimum and maximum values. This allows clients to present error messages as they see fit (the API does not assume the client/presentation tier). The set of attributes varies by error type.
remediation string
An optional localized string which provides hints for how the user or client can resolve the error.
errors [error]
An optional array of nested error objects. This property is not always present.
_links links
An optional map of links, mapping each link relation to a link object. This model defines the _links object of HAL representations.
_embedded object
Embedded objects
ยป challenge challenge
The details of the identity verification challenge.

challengeErrorResponse

{
  "_links": {
    "property1": {
      "href": "/contacts/contacts/328f6bf6-d762-422f-a077-ab91ca4d0b6f",
      "title": "Applicant"
    },
    "property2": {
      "href": "/contacts/contacts/328f6bf6-d762-422f-a077-ab91ca4d0b6f",
      "title": "Applicant"
    }
  },
  "_embedded": {},
  "_profile": "http://example.com",
  "_error": {
    "message": "string",
    "_id": "string",
    "statusCode": 422,
    "type": "string",
    "occurredAt": "2018-02-02T03:37:15.375Z",
    "attributes": {
      "property1": {},
      "property2": {}
    },
    "remediation": "string",
    "errors": [
      {
        "_id": "2eae46e1575c0a7b0115a4b3",
        "message": "Descriptive error message...",
        "statusCode": 422,
        "type": "errorType1",
        "remediation": "Remediation string...",
        "occurredAt": "2018-01-25T05:50:52.375Z",
        "errors": [
          {
            "_id": "ccdbe2c5c938a230667b3827",
            "message": "An optional embedded error"
          },
          {
            "_id": "dbe9088dcfe2460f229338a3",
            "message": "Another optional embedded error"
          }
        ],
        "_links": {
          "describedby": {
            "href": "https://developer.apiture.com/errors/errorType1"
          }
        }
      }
    ],
    "_links": {
      "property1": {
        "href": "/contacts/contacts/328f6bf6-d762-422f-a077-ab91ca4d0b6f",
        "title": "Applicant"
      },
      "property2": {
        "href": "/contacts/contacts/328f6bf6-d762-422f-a077-ab91ca4d0b6f",
        "title": "Applicant"
      }
    },
    "_embedded": {
      "challenge": {
        "_id": "0399abed-fd3d-4830-a88b-30f38b8a365c",
        "_profile": "https://api.apiture.com/schemas/auth/challenge/v1.0.1/profile.json",
        "reason": "Transfer amount much higher than normal",
        "contextUri": "https://fi.apiture.com/transfers/scheduledTransfers/50b9df19-d6bf-4ac0-b5f4-3e6448b7dacd",
        "minimumAuthenticatorCount": 1,
        "authenticators": [
          {
            "_id": "7fadd35b-6f6b-4901-b1ba-d3b91c9dcee3",
            "_profile": "https://api.apiture.com/schemas/auth/authenticator/v1.0.1/profile.json",
            "userId": "b2720469-3497-4b82-8b85-30f2155aa66d",
            "state": "started",
            "type": {
              "name": "sms",
              "label": "SMS Code",
              "description": "Enter a code sent via SMS to the user's preferred mobile device.",
              "category": "device",
              "schema": {
                "title": "SMS attributes",
                "description": "Schema for an authenticator's `attributes` when the authenticator type is `sms`.",
                "type": "object",
                "required": [
                  "code",
                  "length"
                ],
                "properties": {
                  "code": {
                    "type": "string",
                    "description": "A code that was sent to the user's mobile device via SMS. The user should enter the code in the app, then set `attributes.code` to that. The length of the code (the number of characters or digits) must equal the `length'.",
                    "minLength": 3,
                    "maxLength": 10
                  },
                  "length": {
                    "description": "The number of digits/characters that are sent to the user via SMS.",
                    "type": "integer",
                    "minimum": 3,
                    "maximum": 10,
                    "example": 6
                  }
                }
              }
            },
            "maximumRetries": 3,
            "retryCount": 1,
            "createdAt": "2019-08-23T12:42:50.375Z",
            "expiresAt": "2019-08-23T13:12:50.375Z",
            "_links": {
              "self": {
                "href": "/auth/challenges/0399abed-fd3d-4830-a88b-30f38b8a365c/authenticators/7fadd35b-6f6b-4901-b1ba-d3b91c9dcee3"
              },
              "apiture:challenge": {
                "href": "/auth/challenges/0399abed-fd3d-4830-a88b-30f38b8a365c"
              },
              "apiture:retry": {
                "href": "/auth/challenges/retriedAuthenticators?authenticator=7fadd35b-6f6b-4901-b1ba-d3b91c9dcee3"
              },
              "apiture:verify": {
                "href": "/auth/challenges/verifiedAuthenticators"
              }
            }
          }
        ],
        "maximumRedemptionCount": 1,
        "redemptionCount": 0,
        "state": "pending",
        "createdAt": "2019-08-23T11:37:55.375Z",
        "expiresAt": "2019-08-23T12:37:55.375Z",
        "_links": {
          "self": {
            "href": "/auth/challenges/5d63053d-435c-4455-a0b5-6f88ab729d1a"
          },
          "apiture:redeem": {
            "href": "/auth/redeemedChallenges?challenge=5d63053d-435c-4455-a0b5-6f88ab729d1a"
          }
        }
      }
    }
  }
}

Challenge Error Response (v1.0.0)

When an operation requires an additional identity verification challenge, it returns a 401 Unauthorized response status code and an error response with a challenge resource embedded in the _error._embedded.challenge. This informs the caller that they should verify the challenge via one or more of its authenticators, then retry the operation with the Apiture-Challenge header that references the challenge's _id.

Properties

NameDescription
_links links
An optional map of links, mapping each link relation to a link object. This model defines the _links object of HAL representations.
_embedded object
An optional map of nested resources, mapping each nested resource name to a nested resource representation.
_profile string(uri)
The URI of a resource profile which describes the representation.
_error challengeError
The description of the error.

challengeState

"pending"

Challenge States (v1.0.0)

The state of an identity challenge resource. This is derived based on the state of the challenge's authenticators.

challengeState strings may have one of the following enumerated values:

ValueDescription
pendingPending: The challenge is created but not yet started.
startedStarted: The user has started the challenge and associated authenticator(s).
verifiedVerified: The user correctly verified the corresponding authenticator(s), marking the challenge as verified.
failedFailed: The challenge has failed, often because the user failed one or more of the authenticators.
redeemedRedeemed: The user has redeemed (used) the challenge.
expiredExpired: The challenge has expired without being verified.

These enumeration values are further described by the label group named challengeState in the response from the getLabels operation.

Type: string
Enumerated values:
pending
started
verified
failed
redeemed
expired

collection

{
  "_links": {
    "property1": {
      "href": "/contacts/contacts/328f6bf6-d762-422f-a077-ab91ca4d0b6f",
      "title": "Applicant"
    },
    "property2": {
      "href": "/contacts/contacts/328f6bf6-d762-422f-a077-ab91ca4d0b6f",
      "title": "Applicant"
    }
  },
  "_embedded": {},
  "_profile": "http://example.com",
  "_error": {
    "_id": "2eae46e1575c0a7b0115a4b3",
    "message": "Descriptive error message...",
    "statusCode": 422,
    "type": "errorType1",
    "remediation": "Remediation string...",
    "occurredAt": "2018-01-25T05:50:52.375Z",
    "errors": [
      {
        "_id": "ccdbe2c5c938a230667b3827",
        "message": "An optional embedded error"
      },
      {
        "_id": "dbe9088dcfe2460f229338a3",
        "message": "Another optional embedded error"
      }
    ],
    "_links": {
      "describedby": {
        "href": "https://developer.apiture.com/errors/errorType1"
      }
    }
  },
  "count": 0,
  "start": 0,
  "limit": 0,
  "name": "string"
}

Collection (v2.0.0)

A collection of resources. This is an abstract model schema which is extended to define specific resource collections.

Properties

NameDescription
_links links
An optional map of links, mapping each link relation to a link object. This model defines the _links object of HAL representations.
_embedded object
An optional map of nested resources, mapping each nested resource name to a nested resource representation.
_profile string(uri)
The URI of a resource profile which describes the representation.
_error error
An object which describes an error. This value is omitted if the operation succeeded without error.
count integer
The number of items in the collection. This value is optional and may be omitted if the count is not computable efficiently. If a filter is applied to the collection (either implicitly or explicitly), the count, if present, indicates the number of items that satisfy the filter.
start integer
The start index of this page of items.
limit integer
The maximum number of items per page.
name string
The name of the collection.

createCard

{
  "_profile": "https://api.apiture.com/schemas/cards/createCard/v2.0.0/profile.json",
  "accountName": "My Premiere Savings",
  "_links": {
    "apiture:account": {
      "href": "/accounts/accounts/e7076b86-0f0b-4126-92eb-d90f4be1ae6a"
    }
  }
}

Create Card (v2.0.0)

Representation used to create a new card.

Properties

NameDescription
_links links
An optional map of links, mapping each link relation to a link object. This model defines the _links object of HAL representations.
_embedded object
An optional map of nested resources, mapping each nested resource name to a nested resource representation.
_profile string(uri)
The URI of a resource profile which describes the representation.
_error error
An object which describes an error. This value is omitted if the operation succeeded without error.
accountName string (required)
The name of the account that this card is tied to.
read-only
minLength: 1
maxLength: 128
accountNumbers accountNumbers
The masked and (optionally) full number for the account this card is associated with. This is derived from the account used in the initial card request. By default, only the masked number is returned; use ?unmasked=true to reveal the full account number.
read-only

createCardRequest

{
  "_profile": "https://api.apiture.com/schemas/cards/cardRequest/v1.0.0/profile.json",
  "cardId": "9e5a519c-ed3d-48ec-84d0-ef29b2843803",
  "reason": "lost",
  "description": "Replace lost card",
  "_links": {
    "apiture:account": {
      "href": "https://api.example.com/accounts/accounts/617c31ce-7bf0-4e55-a5df-12916ff22ada"
    }
  }
}

Create Card Request (v1.1.0)

Representation used to create a request for a new or replacement card. The _links in the request must contain a apiture:account link to the user's banking account; that account must allow card ordering (as contained in the banking product's card object; see the Products API.)

Response and request bodies using this createCardRequest schema may contain the following links:

RelSummaryMethod
apiture:account The banking account associated with the cardGET

Properties

NameDescription
_links links
An optional map of links, mapping each link relation to a link object. This model defines the _links object of HAL representations.
_embedded object
An optional map of nested resources, mapping each nested resource name to a nested resource representation.
_profile string(uri)
The URI of a resource profile which describes the representation.
_error error
An object which describes an error. This value is omitted if the operation succeeded without error.
cardId string
The resource ID of the card that is to be replaced.
reason cardRequestReason (required)
Reasons which describe why the user is requesting a a card.
description any
The card holder's description, note, or explanation of why they requested a card. type: string
accountNumbers accountNumbers
The masked and (optionally) full number for the account this card is associated with. The full number is only returned when requests contain the ?unmasked query parameter.
read-only

error

{
  "_id": "2eae46e1575c0a7b0115a4b3",
  "message": "Descriptive error message...",
  "statusCode": 422,
  "type": "errorType1",
  "remediation": "Remediation string...",
  "occurredAt": "2018-01-25T05:50:52.375Z",
  "errors": [
    {
      "_id": "ccdbe2c5c938a230667b3827",
      "message": "An optional embedded error"
    },
    {
      "_id": "dbe9088dcfe2460f229338a3",
      "message": "Another optional embedded error"
    }
  ],
  "_links": {
    "describedby": {
      "href": "https://developer.apiture.com/errors/errorType1"
    }
  }
}

Error (v2.0.0)

Describes an error in an API request or in a service called via the API.

Properties

NameDescription
message string (required)
A localized message string describing the error condition.
_id string
A unique identifier for this error instance. This may be used as a correlation ID with the root cause error (i.e. this ID may be logged at the source of the error). This is is an opaque string.
read-only
statusCode integer
The HTTP status code associate with this error.
minimum: 100
maximum: 599
type string
An error identifier which indicates the category of error and associate it with API support documentation or which the UI tier can use to render an appropriate message or hint. This provides a finer level of granularity than the statusCode. For example, instead of just 400 Bad Request, the type may be much more specific. such as integerValueNotInAllowedRange or numericValueExceedsMaximum or stringValueNotInAllowedSet.
occurredAt string(date-time)
An RFC 3339 UTC time stamp indicating when the error occurred.
attributes attributes
Informative values or constraints which describe the error. For example, for a value out of range error, the attributes may specify the minimum and maximum values. This allows clients to present error messages as they see fit (the API does not assume the client/presentation tier). The set of attributes varies by error type.
remediation string
An optional localized string which provides hints for how the user or client can resolve the error.
errors [error]
An optional array of nested error objects. This property is not always present.
_links links
An optional map of links, mapping each link relation to a link object. This model defines the _links object of HAL representations.

errorResponse

{
  "_profile": "https://api.apiture.com/schemas/common/errorResponse/v2.0.0/profile.json",
  "_error": {
    "_id": "2eae46e1-575c-4d69-8a8f-0a7b0115a4b3",
    "message": "The value for deposit must be greater than 0.",
    "statusCode": 422,
    "type": "positiveNumberRequired",
    "attributes": {
      "value": -125.5
    },
    "remediation": "Provide a value which is greater than 0",
    "occurredAt": "2018-01-25T05:50:52.375Z",
    "_links": {
      "describedby": {
        "href": "https://api.apiture.com/errors/positiveNumberRequired"
      }
    },
    "_embedded": {
      "errors": []
    }
  }
}

Error Response (v2.0.0)

Describes an error response, typically returned on 4xx or 5xx errors from API operations. The _error object contains the error details.

Properties

NameDescription
_links links
An optional map of links, mapping each link relation to a link object. This model defines the _links object of HAL representations.
_embedded object
An optional map of nested resources, mapping each nested resource name to a nested resource representation.
_profile string(uri)
The URI of a resource profile which describes the representation.
_error error
An object which describes an error. This value is omitted if the operation succeeded without error.

{
  "href": "/contacts/contacts/328f6bf6-d762-422f-a077-ab91ca4d0b6f",
  "title": "Applicant"
}

Link (v1.0.0)

Describes a hypermedia link within a _links object in HAL representations. In Apiture APIs, links are HAL links, but Apiture APIs do not use the name or hreflang properties of HAL. Apiture links may include a method property.

Properties

NameDescription
href string(uri) (required)
The URI or URI template for the resource/operation this link refers to.
type string
The media type for the resource.
templated boolean
If true, the link's href is a URI template.
title string
An optional human-readable localized title for the link.
deprecation string(uri)
If present, the containing link is deprecated and the value is a URI which provides human-readable text information about the deprecation.
profile string(uri)
The URI of a profile document, a JSON document which describes the target resource/operation.

{
  "property1": {
    "href": "/contacts/contacts/328f6bf6-d762-422f-a077-ab91ca4d0b6f",
    "title": "Applicant"
  },
  "property2": {
    "href": "/contacts/contacts/328f6bf6-d762-422f-a077-ab91ca4d0b6f",
    "title": "Applicant"
  }
}

Links (v1.0.0)

An optional map of links, mapping each link relation to a link object. This model defines the _links object of HAL representations.

Properties

NameDescription
additionalProperties link
Describes a hypermedia link within a _links object in HAL representations. In Apiture APIs, links are HAL links, but Apiture APIs do not use the name or hreflang properties of HAL. Apiture links may include a method property.

localizedLabel

{
  "label": "Limited Liability Corporation",
  "description": "string",
  "language": "en-us",
  "code": "31"
}

Localized Label (v1.0.0)

A localized label and optional description for localizable content defined in this API. This schema is deprecated; use labelItem instead.

Properties

NameDescription
label string
A localized label or title which may be used labels or other UI controls which present a value.
description string
A more detailed localized description of a localizable label.
language string
The actual natural language tag to which this localized label is associated, as per RFC 7231
code string
If the localized value is associated with an external standard, this is a lookup code or key or URI for that value.

localizedLabels

{
  "property1": {
    "label": "Limited Liability Corporation",
    "description": "string",
    "language": "en-us",
    "code": "31"
  },
  "property2": {
    "label": "Limited Liability Corporation",
    "description": "string",
    "language": "en-us",
    "code": "31"
  }
}

Localized Labels (v1.0.0)

A map that defines lables for an enumeration or other item in a JSON schema. This is a map which maps enumeration schema names to an localizedLabel object. This schema is deprecated. Use labelGroups` instead.

Properties

NameDescription
additionalProperties localizedLabel
A localized label and optional description for localizable content defined in this API. This schema is deprecated; use labelItem instead.

positiveMoney

{
  "value": "3456.78",
  "currency": "str"
}

Positive Money (v1.0.0)

An amount of money in a specific currency, supporting only positive amounts.

Properties

NameDescription
value string
The monetary value, supporting only positive amounts. The numeric value is represented as a string so that it can be exact with no loss of precision.
currency string
The ISO 4217 currency code for this monetary value. This is always upper case ASCII.
minLength: 3
maxLength: 3

root

{
  "id": "apiName",
  "name": "API name",
  "apiVersion": "1.0.0",
  "_profile": "https://production.api.apiture.com/schemas/common/root/v2.0.0/profile.json",
  "_links": {}
}

API Root (v2.0.0)

A HAL response, with hypermedia _links for the top-level resources and operations in API.

Properties

NameDescription
_links links
An optional map of links, mapping each link relation to a link object. This model defines the _links object of HAL representations.
_embedded object
An optional map of nested resources, mapping each nested resource name to a nested resource representation.
_profile string(uri)
The URI of a resource profile which describes the representation.
_error error
An object which describes an error. This value is omitted if the operation succeeded without error.
_id string
This API's unique ID.
read-only
name string
This API's name.
apiVersion string
This API's version.

summaryCard

{
  "_id": "0399abed-fd3d-4830-a88b-30f38b8a365c",
  "_profile": "https://api.apiture.com/schemas/cards/summaryCard/v2.0.0/profile.json",
  "holderName": "LUCILLE WELLPHUNDED",
  "label": "Premiere Checking *3210",
  "accountName": "Premiere Checking",
  "accountNumbers": {
    "masked": "*************3210",
    "full": "9876543210"
  },
  "cardNumbers": {
    "masked": "************3210"
  },
  "state": "active",
  "fulfillmentState": "shipped",
  "fulfillmentDescription": "Shipped on June 7, 2020",
  "issuedAt": "2019-06-07T05:18:30.375Z",
  "updatedAt": "2019-06-07T05:18:30.375Z",
  "mine": true,
  "updatedBy": "lucy.wellphunded@bankcustomer.example.com",
  "expiresOn": "2012-04-30",
  "_embedded": {},
  "_links": {
    "self": {
      "href": "/cards/cards/0399abed-fd3d-4830-a88b-30f38b8a365c"
    },
    "apiture:lock": {
      "href": "/cards/lockedCards?card=0399abed-fd3d-4830-a88b-30f38b8a365c"
    },
    "apiture:account": {
      "href": "/accounts/accounts/d62c0701-0d74-4836-83f9-ebf3709442ea"
    }
  }
}

Card Summary (v2.0.0)

Summary representation of a card resource in cards collections. This representation normally does not contain any _embedded objects. If needed, call the GET operation on the item's self link to get _embedded objects.

Properties

NameDescription
_links links
An optional map of links, mapping each link relation to a link object. This model defines the _links object of HAL representations.
_embedded object
An optional map of nested resources, mapping each nested resource name to a nested resource representation.
_profile string(uri)
The URI of a resource profile which describes the representation.
_error error
An object which describes an error. This value is omitted if the operation succeeded without error.
accountName string
The name of the account that this card is tied to.
read-only
minLength: 1
maxLength: 128
accountNumbers accountNumbers
The masked and (optionally) full number for the account this card is associated with. This is derived from the account used in the initial card request. By default, only the masked number is returned; use ?unmasked=true to reveal the full account number.
read-only
_id string
The unique identifier for this card resource. This is an immutable opaque string.
read-only
label string
The text label for this card.
read-only
minLength: 1
maxLength: 128
holderName string
The card holder's full name, as it appears on the card. This value is often ALL CAPS.
read-only
cardNumbers cardNumbers
The masked and full card number this card.
read-only
fulfillmentState cardFulfillmentState
Indicates the state of a card replacement request. The user cannot change this property.
read-only
fulfillmentDescription string
The card provider's explanation of the current fulfillmentState.
read-only
mine boolean
If true, the card is owned by the user making the request. By default a user can view all cards for a given Account, but they may only take action on cards they own.
read-only
state cardState
The state of this card. This is derived.
read-only
issuedAt string(date-time)
The date-time when this card was issued. This is in RFC 3339 UTC format. This field is present only after the card has been issued, and if the card vendor provides the time stamp.
read-only
activatedAt string(date-time)
The date-time when this card was activated. This is in RFC 3339 UTC format. This field is present only after the card has been activated, and if the card vendor provides the time stamp.
read-only
expiresOn string(date)
The card's expiration date. The day should is the last day of the month, such as 2021-10-31 if the card expires at the end of October, 2021. in RFC 3339 YYYY-MM-DD format.
read-only
updatedAt string(date-time)
The date-time when this card's state or other attributes were last changed. This is in RFC 3339 UTC format.
read-only
updatedBy string
The username of the person who last modified this card resource.
read-only

summaryCardRequest

{
  "_id": "35eb0e67-ac9b-44d7-8799-6648ba6b1c65",
  "_profile": "https://api.apiture.com/schemas/cards/cardRequest/v1.0.0/profile.json",
  "cardId": "9e5a519c-ed3d-48ec-84d0-ef29b2843803",
  "reason": "lost",
  "description": "Replace lost card",
  "submittedAt": "2019-06-07T05:18:30.375Z",
  "updatedAt": "2019-06-07T05:18:30.375Z",
  "updatedBy": "lucy.wellphunded@bankcustomer.example.com",
  "_links": {
    "self": {
      "href": "/cards/cards/35eb0e67-ac9b-44d7-8799-6648ba6b1c65"
    },
    "apiture:account": {
      "href": "https://api.example.com/accounts/accounts/617c31ce-7bf0-4e55-a5df-12916ff22ada"
    },
    "apiture:cancel": {
      "href": "https://api.example.com/cards/canceledCardRequests?cardRequest=617c31ce-7bf0-4e55-a5df-12916ff22ada"
    }
  }
}

Card Request Summary (v1.1.0)

Summary representation of a card request resource in replacements collections. This representation normally does not contain any _embedded objects. If needed, call the GET operation on the item's self link to get _embedded objects.

Properties

NameDescription
_links links
An optional map of links, mapping each link relation to a link object. This model defines the _links object of HAL representations.
_embedded object
An optional map of nested resources, mapping each nested resource name to a nested resource representation.
_profile string(uri)
The URI of a resource profile which describes the representation.
_error error
An object which describes an error. This value is omitted if the operation succeeded without error.
cardId string
The resource ID of the card that is to be replaced.
reason cardRequestReason (required)
Reasons which describe why the user is requesting a a card.
description any
The card holder's description, note, or explanation of why they requested a card. type: string
accountNumbers accountNumbers
The masked and (optionally) full number for the account this card is associated with. The full number is only returned when requests contain the ?unmasked query parameter.
read-only
_id string
The unique identifier for this card request resource. This is an immutable opaque string.
read-only
state cardRequestState
Indicates the state of a card request.
read-only
submittedAt string(date-time)
The date-time when this card request request was submitted. This is in RFC 3339 UTC format.
resolvedAt string(date-time)
The date-time when this card request request was completed, rejected, or canceled. This is in RFC 3339 UTC format.
updatedAt string(date-time)
The date-time when this card request attributes were last changed. This is in RFC 3339 UTC format.
resolutionReason string
The explanation for why the card was resolved. This may be the reason the card request was rejected.
maxLength: 2048
updatedBy string
The username of the person who last modified or resolved this card request.

summaryChallenge

{
  "_links": {
    "property1": {
      "href": "/contacts/contacts/328f6bf6-d762-422f-a077-ab91ca4d0b6f",
      "title": "Applicant"
    },
    "property2": {
      "href": "/contacts/contacts/328f6bf6-d762-422f-a077-ab91ca4d0b6f",
      "title": "Applicant"
    }
  },
  "_embedded": {},
  "_profile": "http://example.com",
  "_error": {
    "_id": "2eae46e1575c0a7b0115a4b3",
    "message": "Descriptive error message...",
    "statusCode": 422,
    "type": "errorType1",
    "remediation": "Remediation string...",
    "occurredAt": "2018-01-25T05:50:52.375Z",
    "errors": [
      {
        "_id": "ccdbe2c5c938a230667b3827",
        "message": "An optional embedded error"
      },
      {
        "_id": "dbe9088dcfe2460f229338a3",
        "message": "Another optional embedded error"
      }
    ],
    "_links": {
      "describedby": {
        "href": "https://developer.apiture.com/errors/errorType1"
      }
    }
  },
  "reason": "string",
  "contextUri": "http://example.com",
  "userId": "string",
  "minimumAuthenticatorCount": 0,
  "maximumRedemptionCount": 1,
  "_id": "string",
  "redemptionCount": 0,
  "state": "pending",
  "createdAt": "2019-08-24T14:15:22Z"
}

Summary Challenge (v1.0.0)

Summary representation of a challenge, used in the challenge collection.

Properties

NameDescription
_links links
An optional map of links, mapping each link relation to a link object. This model defines the _links object of HAL representations.
_embedded object
An optional map of nested resources, mapping each nested resource name to a nested resource representation.
_profile string(uri)
The URI of a resource profile which describes the representation.
_error error
An object which describes an error. This value is omitted if the operation succeeded without error.
reason string
The reason the application or service has issued a challenge requesting the user verify their identity. This is for labeling or informational purposes.
contextUri string(uri)
The URI of a resource that establishes the context in which the user is asked to authenticate their identity. For example, for this may be for a pending transfer, a user's mailing address, or an account if adding a joint owner.
maxLength: 2048
userId string
The user ID of the user who is requested to verify their identity. The default is the userID of the authenticated person creating the challenge.
minimumAuthenticatorCount integer
The minimum number of different authenticators the user must verify in order to satisfy the identity challenge. The default is 1.
maximum: 4
maximumRedemptionCount integer
The maximum number of times the challenge may be used or redeemed. The default is 1.
minimum: 1
_id string
The unique identifier for this challenge resource. This is an immutable opaque string assigned upon creation.
read-only
redemptionCount integer
How many times the challenge has been redeemed.
read-only
state challengeState
The state of this authenticator.
read-only
createdAt string(date-time)
The time stamp when challenge was created, in RFC 3339 UTC date-time format (YYYY-MM-DDThh:mm:ss.sssZ).
read-only