Card

These APIs are designed for you to be able to manage your consumer's cards easily, allowing you to set spending limits, modify the status of the cards, or view a list of cards that belong to a specific profile.

The primary resource that you will be interacting with when managing your user's cards.

tokentext

Token

profileIdnumber

Profile ID

clientIdtext

Client ID

status.valuetext

Status Text

cardHolderNametext

Name of the card holder

expiryDatetext

Date when the card will expire

lastFourDigitstext

Last 4 digits of the card number

bankIdentificationNumbertext

Bank identification number of the card

phoneNumbertext

Phone number of the card

cardProgram.nametext

Name of the card program

cardProgram.schemetext

Scheme of the card program. E.g. VISA or MASTERCARD

cardProgram.defaultCurrencytext

Default currency of the card. E.g. GBP

cardProgram.cardTypetext

Type of the card. E.g. PHYSICAL or VIRTUAL

creationTimetext

Time when the card is created

modificationTimetext

Time when the card was last modified

Table of available card status and descriptions

CodeDescription
ACTIVECard is active and can be used
INACTIVEPhysical card has not been activated
BLOCKEDCard is blocked and cannot be reversed back to any state
FROZENCard is “blocked” but temporarily
PARTNER_SUSPENDEDCard is suspended by Wise temporarily due to e.g. fraud reasons.
EXPIREDCard is expired
PURGEDThe cardholder data (e.g. PAN, PIN) has been purged after the retention period (555 days after the card's expiry date)
Card Resource
{
"token": "ca0c8154-1e14-4464-a1ce-dcea7dc3de52",
"profileId": 123456,
"clientId": "wise_api_docs",
"status": {
"value": "ACTIVE"
},
"cardHolderName": "John Smith",
"expiryDate": "2028-05-31T00:00:00Z",
"lastFourDigits": "6320",
"bankIdentificationNumber": "459661",
"phoneNumber": "+441234567890",
"cardProgram": {
"name": "VISA_DEBIT_BUSINESS_UK_1",
"scheme": "VISA",
"defaultCurrency": "GBP",
"cardType" : "VIRTUAL_NON_UPGRADEABLE"
},
"creationTime": "2022-05-31T01:43:24.596321434Z",
"modificationTime": "2022-05-31T01:43:24.596321825Z"
}

The Permissions resource returns information on the existing permissions that are configured on your user's cards.

typetext

The type of transaction. One of ECOM, POS_CHIP, ATM_WITHDRAWAL, MOBILE_WALLETS, POS_CONTACTLESS or POS_MAGSTRIPE

isEnabledboolean

A flag to indicate if a specific type of permission is enabled

isLockedboolean

A flag to indicate if a specific type of permission is locked. If locked, the permission cannot be enabled

Permissions Resource
{
"type": "ECOM",
"isEnabled": false,
"isLocked": false
}

Wise is a PCI DSS compliant provider, and stores all of your cards' data securely. The scope for PCI compliance depends on your use case and will impact how you integrate with Wise.

Sensitive card details endpoints allows you to retrieve card data such as Primary Account Number, CVV or PIN. You can use it to set a pin if required in the card order flow. For all sensitive card details endpoints, please follow the detailed guide.

Fetch RSA encryption key

This endpoint is used to fetch our RSA public key. This key is required in the sensitive card details flow.

Response

versionnumber

Version of the key

keytext

The RSA public key

Example Request
curl -X GET https://twcard.sandbox.transferwise.tech/twcard-data/v1/clientSideEncryption/fetchEncryptingKey
-H 'Authorization: Bearer <your api token>'
Example Response
{
"version": 1,
"key": "<encryption key>"
}

Get Card Sensitive Details

This endpoint is used to fetch the card Primary Account Number, security code (CVV2), expiry date and cardholder name. It requires an api token and a card token set in the headers.

Request

keyVersionnumber

The version of the key to use. It is always set to 1.

encryptedPayloadtext

Response

noncetext

An arbitrary UUID issued from the cryptographic communication

cvv2text

Your card CVV2

pantext

Your card Primary Account Number

expiryDatetext

Your card expiry date

cardholderNametext

Name on the card

Example Request
curl -X POST https://twcard.sandbox.transferwise.tech/twcard-data/v1/sensitive-card-data/details
-H 'Authorization: Bearer <your api token>'
-H 'x-tw-twcard-card-token: <your card token>'
-d '{
"keyVersion": 1,
"encryptedPayload": <your JWE>
}'
Example Response
{
"nonce": "33d51227-9ad6-4624-b4b7-7853b56076dd",
"cvv2": "111",
"pan": "4396910000012345",
"expiryDate": "10/31",
"cardholderName": "John Smith"
}

Get Card PIN

This endpoint is used to fetch the card PIN. It requires an api token and a card token set in the headers.

Request

keyVersionnumber

The version of the key to use. It is always set to 1.

encryptedPayloadtext

Response

noncetext

An arbitrary UUID issued from the cryptographic communication

pintext

Your card pin

Example Request
curl -X POST https://twcard.sandbox.transferwise.tech/twcard-data/v1/sensitive-card-data/pin
-H 'Authorization: Bearer <your api token>'
-H 'x-tw-twcard-card-token: <your card token>'
-d '{
"keyVersion": 1,
"encryptedPayload": <your JWE>
}'
Example Response
{
"nonce": "33d51227-9ad6-4624-b4b7-7853b56076dd",
"pin": "1234",
}

POST /v3/spend/profiles/{{profileId}}/cards/{{cardToken}}/reset-pin-count

If the wrong PIN have been entered more that 3 times, future transactions on the card will be blocked with PIN_ENTRY_TRIES_EXCEEDED error message.

To unblock your transactions, use this endpoint to reset the PIN count to 0.

Additionally, there are instances where you will also need to reset the PIN count directly at the ATM.

Response

200 - No Content

Example Request
curl -X POST https://api.sandbox.transferwise.tech/v3/spend/profiles/{{profileId}}/cards/{{cardToken}}/reset-pin-count \
-H 'Authorization: Bearer <your api token>' \
-H 'Content-Type: application/json' \

GET /v3/spend/profiles/{{profileId}}/cards?pageSize=10&pageNumber=1

Returns a list of cards that belong to a specific profileId.

Request
pageSize (optional)integer

The maximum number of cards to return per page. This number can be between 10 - 100, and will default to 10

pageNumber (optional)integer

The page number to retrieve the next set of cards. The number has to be greater than 1, and will default to 1

Example Request
curl -X GET https://api.sandbox.transferwise.tech/v3/spend/profiles/{{profileId}}/cards?pageSize=10&pageNumber=1 \
-H 'Authorization: Bearer <your api token>'

Response

Request
totalCountinteger

The total number of cards for this profileId

cardslist of cards

A collection of Cards for this profileId

Example Response
{
"cards": [
{
"token": "ca0c8154-1e14-4464-a1ce-dcea7dc3de52",
"profileId": 123456,
"clientId": "wise_api_docs",
"status": {
"value": "ACTIVE"
},
"cardHolderName": "John Smith",
"expiryDate": "2028-05-31T00:00:00Z",
"lastFourDigits": "6320",
"bankIdentificationNumber": "459661",
"phoneNumber": "+441234567890",
"cardProgram": {
"name": "VISA_DEBIT_BUSINESS_UK_1",
"scheme": "VISA",
"defaultCurrency": "GBP",
"cardType": "VIRTUAL_NON_UPGRADEABLE"
},
"creationTime": "2022-05-31T01:43:24.596321434Z",
"modificationTime": "2022-05-31T01:43:24.596321825Z"
}
],
"totalCount": 1
}

GET /v3/spend/profiles/{{profileId}}/cards/{{cardToken}}

Retrieves a card based on the cardToken provided.

Example Request
curl -X GET https://api.sandbox.transferwise.tech/v3/spend/profiles/{{profileId}}/cards/{{cardToken}} \
-H 'Authorization: Bearer <your api token>'

Response

Returns a Card resource.

Example Response
{
"token": "ca0c8154-1e14-4464-a1ce-dcea7dc3de52",
"profileId": 123456,
"clientId": "wise_api_docs",
"status": {
"value": "ACTIVE"
},
"cardHolderName": "John Smith",
"expiryDate": "2028-05-31T00:00:00Z",
"lastFourDigits": "6320",
"bankIdentificationNumber": "459661",
"phoneNumber": "+441234567890",
"cardProgram": {
"name": "VISA_DEBIT_BUSINESS_UK_1",
"scheme": "VISA",
"defaultCurrency": "GBP",
"cardType" : "VIRTUAL_NON_UPGRADEABLE"
},
"creationTime": "2022-05-31T01:43:24.596321434Z",
"modificationTime": "2022-05-31T01:43:24.596321825Z"
}

PUT /v3/spend/profiles/{{profileId}}/cards/{{cardToken}}/status

Update the status of a card based on its cardToken.

Request
statustext

The status that you want to update the card to. One of ACTIVE, FROZEN or BLOCKED

The definition for the status values are:

  • ACTIVE - the card is active and usable
  • FROZEN - the card is temporarily frozen resulting in all authorisation requests to be declined
  • BLOCKED - the card is irreversibly blocked and is no longer usable
Example Request
curl -X PUT https://api.sandbox.transferwise.tech/v3/spend/profiles/{{profileId}}/cards/{{cardToken}}/status \
-H 'Authorization: Bearer <your api token>' \
-H 'Content-Type: application/json' \
-d '{
"status": "ACTIVE"
}'

Response

Returns a Card object.

Example Response
{
"token": "ca0c8154-1e14-4464-a1ce-dcea7dc3de52",
"profileId": 123456,
"clientId": "wise_api_docs",
"status": {
"value": "ACTIVE"
},
"cardHolderName": "John Smith",
"expiryDate": "2028-05-31T00:00:00Z",
"lastFourDigits": "6320",
"bankIdentificationNumber": "459661",
"phoneNumber": "+441234567890",
"cardProgram": {
"name": "VISA_DEBIT_BUSINESS_UK_1",
"scheme": "VISA",
"defaultCurrency": "GBP",
"cardType" : "VIRTUAL_NON_UPGRADEABLE"
},
"creationTime": "2022-05-31T01:43:24.596321434Z",
"modificationTime": "2022-05-31T01:43:24.596321825Z"
}

GET /v3/spend/profiles/{{profileId}}/cards/{{cardToken}}/spending-permissions

Retrieves permissions for a card.

Response

Request
permissionslist of permissions

A collection of Permissions

Example Request
curl -X GET https://api.sandbox.transferwise.tech/v3/spend/profiles/{{profileId}}/cards/{{cardToken}}/spending-permissions \
-H 'Authorization: Bearer <your api token>'
Example Response
{
"permissions": [
{
"type": "ECOM",
"isEnabled": false,
"isLocked": false
},
{
"type": "POS_CHIP",
"isEnabled": true,
"isLocked": false
},
{
"type": "ATM_WITHDRAWAL",
"isEnabled": false,
"isLocked": false
},
{
"type": "MOBILE_WALLETS",
"isEnabled": true,
"isLocked": false
},
{
"type": "POS_CONTACTLESS",
"isEnabled": false,
"isLocked": true
},
{
"type": "POS_MAGSTRIPE",
"isEnabled": false,
"isLocked": true
}
]
}

PATCH /v3/spend/profiles/{{profileId}}/cards/{{cardToken}}/spending-permissions

Enable or disable permissions on a card.

Request
typetext

One of ECOM, POS_CHIP, POS_MAGSTRIPE,ATM_WITHDRAWAL, POS_CONTACTLESS,MOBILE_WALLETS

isEnabledboolean

A flag indicating if the permissions for a specific type are enabled

Response

Returns a 200 - No Content

Example Request
curl -X PATCH https://api.sandbox.transferwise.tech/v3/spend/profiles/{{profileId}}/cards/{{cardToken}}/spending-permissions \
-H 'Authorization: Bearer <your api token>'
--d '{
"type": <permission type>,
"isEnabled": <true or false>
}'

PUT /v3/spend/profiles/{{profileId}}/cards/{{cardToken}}/phone-number

Update the phone number of a card. The new phone number must be a valid phone number.

Request
phoneNumbertext

Must be a valid phone number prefixed with + and country code. An example of a valid phone number would be +6588888888

Example Request
curl -X PUT 'https://api.sandbox.transferwise.tech/v3/spend/profiles/{{profileId}}/cards/{{cardToken}}/phone-number' \
--H 'Authorization: Bearer <your api token>' \
--d '{
"phoneNumber": "+6588888888
}'

Response

Request
tokentext

The card token that you are modifying

profileIdtext

The profile ID that the card is linked to

phoneNumbertext

The new phone number associated with the card

Example Response
{
"token": "12345-12345-12345-12345",
"profileId": 30000000,
"phoneNumber": "+6588888888"
}