# Get card spending permissions

Retrieves the current spending permissions configured for a card.

Endpoint: GET /v3/spend/profiles/{profileId}/cards/{cardToken}/spending-permissions
Security: UserToken

## Path parameters:

  - `profileId` (integer, required)
    The ID of the profile that owns the card.
    Example: 123456

  - `cardToken` (string, required)
    The unique token identifying the card.
    Example: "ca0c8154-1e14-4464-a1ce-dcea7dc3de52"

## Header parameters:

  - `X-External-Correlation-Id` (string)
    Optional UUID for correlating requests across systems. If provided, Wise echoes it back in the response. Maximum 36 characters. Learn more.
    Example: "f47ac10b-58cc-4372-a567-0e02b2c3d479"

## Response 200 fields (application/json):

  - `permissions` (array)
    List of spending permissions for this card.

  - `permissions.type` (string)
    The type of transaction this permission controls:
- ECOM - Online transactions
- POS_CHIP - Physical point-of-sale transactions with chip
- POS_MAGSTRIPE - Physical point-of-sale transactions with magnetic stripe
- POS_CONTACTLESS - Physical point-of-sale contactless transactions
- ATM_WITHDRAWAL - ATM withdrawals
- MOBILE_WALLETS - Digital wallet payments (Apple Pay, Google Pay)
    Enum: "ECOM", "POS_CHIP", "POS_MAGSTRIPE", "POS_CONTACTLESS", "ATM_WITHDRAWAL", "MOBILE_WALLETS"

  - `permissions.isEnabled` (boolean)
    Indicates if this permission type is enabled.

  - `permissions.isLocked` (boolean)
    Indicates if this permission is locked. If locked, the permission cannot be enabled.