Manage authentication for your users.
- Create a managed card
Get all managed cards
Get a managed card
Update a managed card
Block a managed card
Unblock a managed card
Remove a managed card
Get a managed card statement
Get all spend rules for a managed card
Create spend rules for a managed card
Update spend rules for a managed card
Delete all spend rules for a managed card
Upgrade a card to physical
Activate a physical card
Get PIN for a physical card
Unblock PIN for a physical card
Replace a damaged physical card
Report a physical card as lost
Report a physical card as stolen
Replace a lost or stolen physical card
Reset contactless limit for a physical card
Authorisation Forwarding
Create a managed card
Weavr Multi Product API (3.63.5)
Weavr Multi API provides a simple and flexible way to issue cards and accounts to your customers.
By integrating Weavr Multi API in your application you can embed banking capabilities within your app and provide a seamless experience for your customers.
Authentication
Each request to the Multi API must include an api-key that represents your account. You can obtain an API Key by registering for a Multi account here.
Almost all endpoints require a secondary authentication token auth_token that represents the user for whom the request is being executed.
Download OpenAPI description
Overview
URL
Languages
Servers
Mock server
https://api.weavr.io/_mock/products/multi/openapi
Weavr Sandbox Environment
https://sandbox.weavr.io/multi
Managed Accounts are a type of financial instrument offered by Weavr.
They hold funds for their owner, and can be upgraded to IBANs so as to receive and send funds to instruments outside of the Weavr Platform, via Wire Transfers.
Managed accounts can also be used as source and destination instruments in the transfer and send transactions.
Operations
Managed Cards are a type of financial instrument offered by Weavr.
You can create virtual or physical cards that are issued to the consumer or corporate identity.
A card created in prepaid mode has its own balance, whereas a card created in debit mode does not have its own balance but taps into the balance of its parent managed account.
Operations
Request
Creates a managed card for the consumer or corporate identity. The Managed Card Profile (configured in the Multi Portal) specified determines the behaviour and restrictions that the managed card will have.
Security
auth_token and api-key
The profile Id which a specific identity, instrument or transaction type is linked to.
Profiles contain configuration and determine behavioral aspects of the newly created transaction, for example, fees that may apply.
You can have one or more profiles linked to your application, and these can be used to drive different behaviors according to your product's needs.
Profile Ids can be found in the Multi Portal, in the API Credentials page.
The tag field is a custom field that can be used to search and filter.
The card holder's name for the card.
This may be verified by merchants when the card is used online. For Physical cards, this field will be printed on the card. The maximum characters allowed will depend on the design chosen and will be provided to you by Weavr when setting up your plastic cards.
Line 2 of the 'name on card' field. For Physical cards, this field will be printed on the card. The maximum characters allowed will depend on the design chosen and will be provided to you by Weavr when setting up your plastic cards.
The billing address set for the card holder. This may be verified by merchants when the card is used online.
The post code associated with the address.
Default decision for auth forwarding on timeout
Enum"APPROVE""DECLINE"
The card can be created in prepaid mode or debit mode.
- A prepaid mode card has its own balance and can have funds transferred to or from it.
- A debit mode card does not have its own balance but will be able to spend funds belonging to its parent managed account, subject to a configurable spend limit.
Discriminator
External data fields, as provided and managed by the caller that are to be stored and associated with a Managed Card instance. This information is not processed or used by Weavr but some of the values could be shown in specific reports and used as filters
Indicates how the card will be handled once it is close to expiring.
- RENEW: The card will be automatically renewed, keeping the same card number but with a new expiry date and CVV.
- NO_RENEW: Once the expiry date is reached, the card is destroyed.
Enum"RENEW""NO_RENEW"
The Authorised User to be linked to the card, whose authentication details will be used for actions such as 3DS authentication, or manual provisioning to a digital wallet. This field can be used instead of threeDSecureAuthConfig as it better describes the wider scope of possible uses.
The currency expressed in ISO-4217 code. Example: GBP, EUR, USD.
The mobile number including country code of the card holder.
For transactions that require a 3DS challenge, an SMS with a code will be sent on this number, to be entered during an online purchase.
- Mock serverhttps://api.weavr.io/_mock/products/multi/openapi/managed_cards
- Weavr Sandbox Environmenthttps://sandbox.weavr.io/multi/managed_cards
- curl
- JavaScript
- Node.js
- Python
- Java
- C#
- PHP
- Go
- Ruby
- R
- Payload
- PREPAID_MODE
- DEBIT_MODE
curl -i -X POST \
https://api.weavr.io/_mock/products/multi/openapi/managed_cards \
-H 'Authorization: Bearer <YOUR_JWT_HERE>' \
-H 'Content-Type: application/json' \
-H 'api-key: YOUR_API_KEY_HERE' \
-H 'idempotency-ref: string' \
-d '{
"profileId": "string",
"tag": "string",
"friendlyName": "string",
"nameOnCard": "string",
"nameOnCardLine2": "string",
"cardholderMobileNumber": "string",
"billingAddress": {
"addressLine1": "string",
"addressLine2": "string",
"city": "string",
"postCode": "string",
"state": "string",
"country": "st"
},
"digitalWallets": {
"pushProvisioningEnabled": true,
"walletsEnabled": true,
"artworkReference": "string"
},
"authForwardingDefaultTimeoutDecision": "APPROVE",
"threeDSecureAuthConfig": {
"linkedUserId": "string",
"primaryChannel": "OTP_SMS",
"fallbackChannel": "OTP_SMS"
},
"mode": "PREPAID_MODE",
"externalData": [
{
"name": "string",
"value": "string"
}
],
"renewalType": "RENEW",
"userId": "string",
"currency": "str"
}'Success
Bodyapplication/json
The profile Id which a specific identity, instrument or transaction type is linked to.
Profiles contain configuration and determine behavioral aspects of the newly created transaction, for example, fees that may apply.
You can have one or more profiles linked to your application, and these can be used to drive different behaviors according to your product's needs.
Profile Ids can be found in the Multi Portal, in the API Credentials page.
A uniquely generated code used to identify a card.
This code is to be used instead of the sensitive card number in order to refer to a card when opening a support ticket.
The tag field is a custom field that can be used to search and filter.
The currency expressed in ISO-4217 code. Example: GBP, EUR, USD.
The state of the instrument indicating what it can and cannot do as follows:
- ACTIVE: The instrument is in an active state and can be used in transactions.
- BLOCKED: The instrument is temporarily blocked and cannot be used. Any funds on the instrument are also frozen. The
blockedReasonprovides more information as to why it was blocked. - DESTROYED: The instrument has been permanently destroyed. The
destroyReasonprovides more information as to why it was destroyed.
Enum"ACTIVE""BLOCKED""DESTROYED"
The reason why the instrument has been blocked:
- USER: The root, or an authorised user, of the identity owning the instrument has temporarily blocked the instrument.
- SYSTEM: The platform or an administrator of the platform has temporarily blocked the instrument.
- LOST: The instrument has been blocked because it was marked as lost.
Enum"USER""SYSTEM""LOST"
The reason why the instrument has been destroyed:
- SYSTEM: The platform or an administrator of the platform has destroyed the instrument.
- USER: The root, or an authorised user, of the identity owning the instrument has destroyed the instrument.
- LOST: The instrument was automatically destroyed as it was marked as lost.
- STOLEN: The instrument was automatically destroyed as it was marked as stolen.
- EXPIRED: The instrument was automatically destroyed as it expired.
- COMPROMISED: The instrument was automatically destroyed as it was marked as compromised.
Enum"SYSTEM""USER""LOST""STOLEN""EXPIRED""COMPROMISED"
The type of card:
- VIRTUAL: Not a printed or embedded card. The card can be used online or added to digital wallets.
- PHYSICAL: A physical card that can be printed and shipped to your customers or embedded in a Wearable device. It can be used at physical terminals.
Enum"VIRTUAL""PHYSICAL"
The full card number of the card.
Unless you are PCI-DSS compliant and have opted to switch off Weavr's security model, the card number will be tokenised.
To show the full unredacted card number to your user, you need to embed the Card number UI Component in your application. This accepts the tokenised card number and shows the unredacted card number to the user on screen.
The CVV of the card.
Unless you are PCI-DSS compliant and have opted to switch off Weavr's security model, the card's CVV will be tokenised.
To show the card's CVV to your user, you need to embed the CVV UI Component in your application. This accepts the tokenised CVV and shows the plain text CVV number to the user on screen.
The card holder’s name for the card. This may be verified by merchants when the card is used online. For Physical cards, this field will be printed on the card. The maximum characters allowed will depend on the design chosen and will be provided to you by Weavr when setting up your plastic cards.
Line 2 of the 'name on card' field. For Physical cards, this field will be printed on the card. The maximum characters allowed will depend on the design chosen and will be provided to you by Weavr when setting up your plastic cards.
The card classification determines whether the card is from Consumer or Corporate BINs.
Enum"CONSUMER""CORPORATE"
Indicates how the card will be handled once it is close to expiring.
- RENEW: The card will be automatically renewed, keeping the same card number but with a new expiry date and CVV.
- NO_RENEW: Once the expiry date is reached, the card is destroyed.
Enum"RENEW""NO_RENEW"
The timestamp when the card will be renewed, expressed in Epoch timestamp using millisecond precision.
The timestamp when the card was created, expressed in Epoch timestamp using millisecond precision.
The billing address set for the cardholder. This can be checked by the merchant during online purchases.
The post code associated with the address.
Indicates whether the card is enabled for push provisioning in a digital wallet.
Indicates whether the card is enabled for tokenisation in a digital wallet.
Default decision for auth forwarding on timeout
Enum"APPROVE""DECLINE"
The mode with which this card was created:
- A prepaid mode card has its own balance and can have funds transferred to or from it.
- A debit mode card does not have its own balance but will be able to spend funds belonging to its parent managed account, subject to a configurable spend limit.
Discriminator
External data fields, as provided and managed by the caller that are to be stored and associated with a Managed Card instance. This information is not processed or used by Weavr but some of the values could be shown in specific reports and used as filters
The Authorised User to be linked to the card, whose authentication details will be used for actions such as 3DS authentication, or manual provisioning to a digital wallet. This field can be used instead of threeDSecureAuthConfig as it better describes the wider scope of possible uses.
Instruments with funds have 2 balances, the availableBalance indicating the funds that are available for transactions such as purchases, and the actualBalance indicating the funds that are actually on the instrument.
The mobile number including country code of the card holder, needed for 3DS challenge.
Response
application/json
- PREPAID_MODE
- DEBIT_MODE
{ "id": "string", "profileId": "string", "externalHandle": "string", "tag": "string", "friendlyName": "string", "currency": "str", "state": { "state": "ACTIVE", "blockedReason": "USER", "destroyedReason": "SYSTEM" }, "type": "VIRTUAL", "cardBrand": "MASTERCARD", "cardNumber": { "value": "string" }, "cvv": { "value": "str" }, "cardNumberFirstSix": "string", "cardNumberLastFour": "string", "nameOnCard": "string", "nameOnCardLine2": "string", "startMmyy": "stri", "expiryMmyy": "stri", "cardLevelClassification": "CONSUMER", "expiryPeriodMonths": 1, "renewalType": "RENEW", "renewalTimestamp": 0, "creationTimestamp": 0, "cardholderMobileNumber": "string", "billingAddress": { "addressLine1": "string", "addressLine2": "string", "city": "string", "postCode": "string", "state": "string", "country": "st" }, "physicalCardDetails": { "bulkDelivery": true, "productReference": "string", "carrierType": "string", "pendingActivation": true, "pinBlocked": true, "manufacturingState": "REQUESTED", "replacement": { … }, "deliveryAddress": { … }, "deliveryMethod": "STANDARD_DELIVERY", "deliveryTrackingCode": "string", "deliveryTrackingMethod": "string", "deliveryTrackingUrl": "string", "nameOnCardLine2": "string" }, "digitalWallets": { "pushProvisioningEnabled": true, "walletsEnabled": true, "artworkReference": "string" }, "authForwardingDefaultTimeoutDecision": "APPROVE", "threeDSecureAuthConfig": { "linkedUserId": "string", "primaryChannel": "OTP_SMS", "fallbackChannel": "OTP_SMS" }, "mode": "PREPAID_MODE", "externalData": [ { … } ], "userId": "string", "replacement": { "id": "string", "reason": "DAMAGED" }, "balances": { "availableBalance": 0, "actualBalance": 0 } }
Query
The offset value for paging, indicating the initial item number to be returned from the data set satisfying the given criteria. Leave out to fetch the first page of results.
The limit of the results for paging, starting at the offset. Limit is always capped at 100.
Filter by the managed account/card profile. Leave out to fetch all managed accounts/card.
Filter by the managed account/card friendly name. Leave out to fetch all managed accounts/card.
The exact name must be provided, as wildcards are not supported.
Items Enum"SYSTEM""USER""LOST""STOLEN""EXPIRED""COMPROMISED"
Filter by the managed account/card currency.
Currencies are expressed as an ISO 4217 code. Leave out to fetch all managed accounts/card.
Filter for managed accounts/cards created after createdFrom timestamp. Timestamp is expressed in Epoch timestamp using millisecond precision. Leave out to fetch all managed accounts/cards.
Filter for managed accounts/cards created before createdTo timestamp. Timestamp is expressed in Epoch timestamp using millisecond precision. Leave out to fetch all managed accounts/cards.
Filter by the managed account/card tag. The exact tag must be provided, as wildcards are not supported. Leave out to fetch all managed accounts/card.
Filter by the Id of the parent managed account associated with the card. This is applicable only for debit mode cards.
Items Enum"REQUESTED""SENT_FOR_FULFILLMENT""DISPATCHED""DELIVERED"
- Mock serverhttps://api.weavr.io/_mock/products/multi/openapi/managed_cards
- Weavr Sandbox Environmenthttps://sandbox.weavr.io/multi/managed_cards
- curl
- JavaScript
- Node.js
- Python
- Java
- C#
- PHP
- Go
- Ruby
- R
- Payload
curl -i -X GET \
'https://api.weavr.io/_mock/products/multi/openapi/managed_cards?offset=0&limit=1&profileId=string&friendlyName=string&state=ACTIVE&state.blockedReason=USER&state.destroyedReason=SYSTEM¤cy=str&type=VIRTUAL&renewalType=RENEW&externalHandle=string&cardNumberFirstSix=string&cardNumberLastFour=string&createdFrom=0&createdTo=0&mode=DEBIT_MODE&tag=string&parentManagedAccountId=string&manufacturingState=REQUESTED&userId=string' \
-H 'Authorization: Bearer <YOUR_JWT_HERE>' \
-H 'api-key: YOUR_API_KEY_HERE'Response
application/json
{ "cards": [ { … } ], "count": 0, "responseCount": 0 }
Security
auth_token and api-key
- Mock serverhttps://api.weavr.io/_mock/products/multi/openapi/managed_cards/{id}
- Weavr Sandbox Environmenthttps://sandbox.weavr.io/multi/managed_cards/{id}
- curl
- JavaScript
- Node.js
- Python
- Java
- C#
- PHP
- Go
- Ruby
- R
- Payload
curl -i -X GET \
'https://api.weavr.io/_mock/products/multi/openapi/managed_cards/{id}' \
-H 'Authorization: Bearer <YOUR_JWT_HERE>' \
-H 'api-key: YOUR_API_KEY_HERE'Success
Bodyapplication/json
The profile Id which a specific identity, instrument or transaction type is linked to.
Profiles contain configuration and determine behavioral aspects of the newly created transaction, for example, fees that may apply.
You can have one or more profiles linked to your application, and these can be used to drive different behaviors according to your product's needs.
Profile Ids can be found in the Multi Portal, in the API Credentials page.
A uniquely generated code used to identify a card.
This code is to be used instead of the sensitive card number in order to refer to a card when opening a support ticket.
The tag field is a custom field that can be used to search and filter.
The currency expressed in ISO-4217 code. Example: GBP, EUR, USD.
The state of the instrument indicating what it can and cannot do as follows:
- ACTIVE: The instrument is in an active state and can be used in transactions.
- BLOCKED: The instrument is temporarily blocked and cannot be used. Any funds on the instrument are also frozen. The
blockedReasonprovides more information as to why it was blocked. - DESTROYED: The instrument has been permanently destroyed. The
destroyReasonprovides more information as to why it was destroyed.
Enum"ACTIVE""BLOCKED""DESTROYED"
The reason why the instrument has been blocked:
- USER: The root, or an authorised user, of the identity owning the instrument has temporarily blocked the instrument.
- SYSTEM: The platform or an administrator of the platform has temporarily blocked the instrument.
- LOST: The instrument has been blocked because it was marked as lost.
Enum"USER""SYSTEM""LOST"
The reason why the instrument has been destroyed:
- SYSTEM: The platform or an administrator of the platform has destroyed the instrument.
- USER: The root, or an authorised user, of the identity owning the instrument has destroyed the instrument.
- LOST: The instrument was automatically destroyed as it was marked as lost.
- STOLEN: The instrument was automatically destroyed as it was marked as stolen.
- EXPIRED: The instrument was automatically destroyed as it expired.
- COMPROMISED: The instrument was automatically destroyed as it was marked as compromised.
Enum"SYSTEM""USER""LOST""STOLEN""EXPIRED""COMPROMISED"
The type of card:
- VIRTUAL: Not a printed or embedded card. The card can be used online or added to digital wallets.
- PHYSICAL: A physical card that can be printed and shipped to your customers or embedded in a Wearable device. It can be used at physical terminals.
Enum"VIRTUAL""PHYSICAL"
The full card number of the card.
Unless you are PCI-DSS compliant and have opted to switch off Weavr's security model, the card number will be tokenised.
To show the full unredacted card number to your user, you need to embed the Card number UI Component in your application. This accepts the tokenised card number and shows the unredacted card number to the user on screen.
The CVV of the card.
Unless you are PCI-DSS compliant and have opted to switch off Weavr's security model, the card's CVV will be tokenised.
To show the card's CVV to your user, you need to embed the CVV UI Component in your application. This accepts the tokenised CVV and shows the plain text CVV number to the user on screen.
The card holder’s name for the card. This may be verified by merchants when the card is used online. For Physical cards, this field will be printed on the card. The maximum characters allowed will depend on the design chosen and will be provided to you by Weavr when setting up your plastic cards.
Line 2 of the 'name on card' field. For Physical cards, this field will be printed on the card. The maximum characters allowed will depend on the design chosen and will be provided to you by Weavr when setting up your plastic cards.
The card classification determines whether the card is from Consumer or Corporate BINs.
Enum"CONSUMER""CORPORATE"
Indicates how the card will be handled once it is close to expiring.
- RENEW: The card will be automatically renewed, keeping the same card number but with a new expiry date and CVV.
- NO_RENEW: Once the expiry date is reached, the card is destroyed.
Enum"RENEW""NO_RENEW"
The timestamp when the card will be renewed, expressed in Epoch timestamp using millisecond precision.
The timestamp when the card was created, expressed in Epoch timestamp using millisecond precision.
The billing address set for the cardholder. This can be checked by the merchant during online purchases.
The post code associated with the address.
Indicates whether the card is enabled for push provisioning in a digital wallet.
Indicates whether the card is enabled for tokenisation in a digital wallet.
Default decision for auth forwarding on timeout
Enum"APPROVE""DECLINE"
The mode with which this card was created:
- A prepaid mode card has its own balance and can have funds transferred to or from it.
- A debit mode card does not have its own balance but will be able to spend funds belonging to its parent managed account, subject to a configurable spend limit.
Discriminator
External data fields, as provided and managed by the caller that are to be stored and associated with a Managed Card instance. This information is not processed or used by Weavr but some of the values could be shown in specific reports and used as filters
The Authorised User to be linked to the card, whose authentication details will be used for actions such as 3DS authentication, or manual provisioning to a digital wallet. This field can be used instead of threeDSecureAuthConfig as it better describes the wider scope of possible uses.
Instruments with funds have 2 balances, the availableBalance indicating the funds that are available for transactions such as purchases, and the actualBalance indicating the funds that are actually on the instrument.
The mobile number including country code of the card holder, needed for 3DS challenge.
Response
application/json
- PREPAID_MODE
- DEBIT_MODE
{ "id": "string", "profileId": "string", "externalHandle": "string", "tag": "string", "friendlyName": "string", "currency": "str", "state": { "state": "ACTIVE", "blockedReason": "USER", "destroyedReason": "SYSTEM" }, "type": "VIRTUAL", "cardBrand": "MASTERCARD", "cardNumber": { "value": "string" }, "cvv": { "value": "str" }, "cardNumberFirstSix": "string", "cardNumberLastFour": "string", "nameOnCard": "string", "nameOnCardLine2": "string", "startMmyy": "stri", "expiryMmyy": "stri", "cardLevelClassification": "CONSUMER", "expiryPeriodMonths": 1, "renewalType": "RENEW", "renewalTimestamp": 0, "creationTimestamp": 0, "cardholderMobileNumber": "string", "billingAddress": { "addressLine1": "string", "addressLine2": "string", "city": "string", "postCode": "string", "state": "string", "country": "st" }, "physicalCardDetails": { "bulkDelivery": true, "productReference": "string", "carrierType": "string", "pendingActivation": true, "pinBlocked": true, "manufacturingState": "REQUESTED", "replacement": { … }, "deliveryAddress": { … }, "deliveryMethod": "STANDARD_DELIVERY", "deliveryTrackingCode": "string", "deliveryTrackingMethod": "string", "deliveryTrackingUrl": "string", "nameOnCardLine2": "string" }, "digitalWallets": { "pushProvisioningEnabled": true, "walletsEnabled": true, "artworkReference": "string" }, "authForwardingDefaultTimeoutDecision": "APPROVE", "threeDSecureAuthConfig": { "linkedUserId": "string", "primaryChannel": "OTP_SMS", "fallbackChannel": "OTP_SMS" }, "mode": "PREPAID_MODE", "externalData": [ { … } ], "userId": "string", "replacement": { "id": "string", "reason": "DAMAGED" }, "balances": { "availableBalance": 0, "actualBalance": 0 } }
Linked Accounts are external bank accounts that users connect to their profiles within the Weavr Platform.
These accounts allow users to link their existing bank accounts, held at external financial institutions, to the Weavr Platform, enabling secure and efficient transfer of funds between their own accounts.
Linked Accounts are designed to streamline the process of moving money between a user’s various bank accounts, providing a convenient and integrated way to manage personal finances across different financial institutions.
Operations