Skip to main content

Issuing cards

Core API


Only Blue or Orange Programs have the permissions to create cardholders through the Core API and for compliance reasons, only approved customers can issue cards with the Core API.

Card issuance using the Core API is a single-step process that creates a cardholder object, conducts KYC (Know Your Customer) on the data provided, and issues a card for the cardholder. It is a single request that returns the cardholder data and the cardholder’s KYC status. This is in contrast to the Mobile API, which requires that you first authenticate the applicant using 2FA to secure a session token before proceeding.

To issue a card in the Core API, submit a POST request to the /cardholders endpoint with cardholder data. For example:

"first_name": "Josh",
"last_name": "Wilson",
"email": "",
"phone_number": "+16508881111",
"date_of_birth": "1982-06-20",
"address": {
"street_one": "1800 Gates Ave",
"street_two": "2L",
"locality": "Ridgewood",
"region": "NY",
"postal_code": "11385",
"country": "USA"
"document": {
"type": "ssn",
"value": "490940000"

The response to this request includes the cardholder state, cardholder data, card type, and card state.

"cardholder": {
"id": "crdhldr_1cd68f70917cb5ed",
"email": "",
"kyc_passed_at": "2016-10-19T23:20:21.034Z",
"kyc_status": "PASSED",
// ...
"first_name": "Josh",
"last_name": "Wilson",
"phone": 6157915911,
"cards": [
"card": {
"id": "crd_fde2d61d233455b9",
"program_id": "Apto_GPR",
"design_key": "blue",
"devices": [
"name": "Wilson*s iPhone",
"type": "iPhone",
"status": "ACTIVE"
"last_four": "5542",
"status": "CREATED",
"dda_number": "9990000267938",
"aba_routing_number": "121182810"
// ...
"created_at": "2016-10-19T23:20:17.000Z"

The cardholder state refers to the cardholder’s KYC status and whether it is “passed”, “not passed”, or “pending”. The card type refers to whether the issued card is digital or physical.

Card state refers to the card’s lifecycle, shown here:

CreatedCards that have been created, but not yet activated. This state only applies to physical cards.
ActivatedCards that are activated can be used to conduct transactions.
DeactivatedCardholders can freeze their cards temporarily. In this state, incoming transactions for this card are rejected by our transaction authorization module. Cardholders can activate deactivated cards at any time.
ClosedCards can be closed by our customer support team for a variety of reasons: lost or stolen cards, cards expired, etc. Incoming transactions for closed cards are rejected by our transaction authorization module. Closed cards cannot be reopened.

Mobile API

Issuing cards with the Mobile API is explained in depth in the corresponding section of the getting started guide.

Take in account that in that guide the example API calls are made against the sandbox environment. In case you're targeting production, make sure you point your API calls to the right URL:



To issue cards through our Mobile SDKs refer to the corresponding sections on their docs: