# Get all managed cards Fetch cards matching the search criteria provided. Endpoint: GET /managed_cards Version: 3.63.5 Security: auth_token, api-key ## Query parameters: - `offset` (integer) The offset value for paging, indicating the initial item number to be returned from the data set satisfying the given criteria. Leave out to fetch the first page of results. - `limit` (integer) The limit of the results for paging, starting at the offset. Limit is always capped at 100. - `profileId` (string) Filter by the managed account/card profile. Leave out to fetch all managed accounts/card. - `friendlyName` (string) Filter by the managed account/card friendly name. Leave out to fetch all managed accounts/card. The exact name must be provided, as wildcards are not supported. - `state` (array) Enum: "ACTIVE", "BLOCKED", "DESTROYED" - `state.blockedReason` (array) Enum: "USER", "SYSTEM", "LOST" - `state.destroyedReason` (array) Enum: "SYSTEM", "USER", "LOST", "STOLEN", "EXPIRED", "COMPROMISED" - `currency` (string) Filter by the managed account/card currency. Currencies are expressed as an ISO 4217 code. Leave out to fetch all managed accounts/card. - `type` (string) Filter by the type of the card. Enum: "VIRTUAL", "PHYSICAL" - `renewalType` (string) Filter by the renewal type of the card. Enum: "RENEW", "NO_RENEW" - `externalHandle` (string) Search by the card's externalHandle. - `cardNumberFirstSix` (string) Filter by first six digits of the card. - `cardNumberLastFour` (string) Filter by last four digits of the card. - `createdFrom` (integer) Filter for managed accounts/cards created after createdFrom timestamp. Timestamp is expressed in Epoch timestamp using millisecond precision. Leave out to fetch all managed accounts/cards. - `createdTo` (integer) Filter for managed accounts/cards created before createdTo timestamp. Timestamp is expressed in Epoch timestamp using millisecond precision. Leave out to fetch all managed accounts/cards. - `mode` (string) Filter by card mode (prepaid mode or debit mode). Enum: "DEBIT_MODE", "PREPAID_MODE" - `tag` (string) Filter by the managed account/card tag. The exact tag must be provided, as wildcards are not supported. Leave out to fetch all managed accounts/card. - `parentManagedAccountId` (string) Filter by the Id of the parent managed account associated with the card. This is applicable only for debit mode cards. - `manufacturingState` (array) Enum: "REQUESTED", "SENT_FOR_FULFILLMENT", "DISPATCHED", "DELIVERED" - `userId` (string) The unique identifier for the user. ## Response 200 fields (application/json): - `cards` (array) - `cards.id` (string, required) The unique identifier of the card. - `cards.profileId` (string, required) The profile Id which a specific identity, instrument or transaction type is linked to. Profiles contain configuration and determine behavioral aspects of the newly created transaction, for example, fees that may apply. You can have one or more profiles linked to your application, and these can be used to drive different behaviors according to your product's needs. Profile Ids can be found in the Multi Portal, in the API Credentials page. - `cards.externalHandle` (string, required) A uniquely generated code used to identify a card. This code is to be used instead of the sensitive card number in order to refer to a card when opening a support ticket. - `cards.tag` (string) The tag field is a custom field that can be used to search and filter. - `cards.friendlyName` (string, required) The friendly name given to the card. - `cards.currency` (string, required) The currency expressed in ISO-4217 code. Example: GBP, EUR, USD. - `cards.state` (object, required) - `cards.state.state` (string, required) The state of the instrument indicating what it can and cannot do as follows: - ACTIVE: The instrument is in an active state and can be used in transactions. - BLOCKED: The instrument is temporarily blocked and cannot be used. Any funds on the instrument are also frozen. The blockedReason provides more information as to why it was blocked. - DESTROYED: The instrument has been permanently destroyed. The destroyReason provides more information as to why it was destroyed. Enum: "ACTIVE", "BLOCKED", "DESTROYED" - `cards.state.blockedReason` (string) The reason why the instrument has been blocked: - USER: The root, or an authorised user, of the identity owning the instrument has temporarily blocked the instrument. - SYSTEM: The platform or an administrator of the platform has temporarily blocked the instrument. - LOST: The instrument has been blocked because it was marked as lost. Enum: "USER", "SYSTEM", "LOST" - `cards.state.destroyedReason` (string) The reason why the instrument has been destroyed: - SYSTEM: The platform or an administrator of the platform has destroyed the instrument. - USER: The root, or an authorised user, of the identity owning the instrument has destroyed the instrument. - LOST: The instrument was automatically destroyed as it was marked as lost. - STOLEN: The instrument was automatically destroyed as it was marked as stolen. - EXPIRED: The instrument was automatically destroyed as it expired. - COMPROMISED: The instrument was automatically destroyed as it was marked as compromised. Enum: "SYSTEM", "USER", "LOST", "STOLEN", "EXPIRED", "COMPROMISED" - `cards.type` (string, required) The type of card: - VIRTUAL: Not a printed or embedded card. The card can be used online or added to digital wallets. - PHYSICAL: A physical card that can be printed and shipped to your customers or embedded in a Wearable device. It can be used at physical terminals. Enum: "VIRTUAL", "PHYSICAL" - `cards.cardBrand` (string, required) The card scheme, or brand of the card. Enum: "MASTERCARD", "VISA" - `cards.cardNumber` (object, required) The full card number of the card. Unless you are PCI-DSS compliant and have opted to switch off Weavr's security model, the card number will be tokenised. To show the full unredacted card number to your user, you need to embed the Card number UI Component in your application. This accepts the tokenised card number and shows the unredacted card number to the user on screen. - `cards.cardNumber.value` (string) - `cards.cvv` (object, required) The CVV of the card. Unless you are PCI-DSS compliant and have opted to switch off Weavr's security model, the card's CVV will be tokenised. To show the card's CVV to your user, you need to embed the CVV UI Component in your application. This accepts the tokenised CVV and shows the plain text CVV number to the user on screen. - `cards.cardNumberFirstSix` (string, required) The first six digits of the card number. - `cards.cardNumberLastFour` (string, required) The last four digits of the card number. - `cards.nameOnCard` (string, required) The card holder’s name for the card. This may be verified by merchants when the card is used online. For Physical cards, this field will be printed on the card. The maximum characters allowed will depend on the design chosen and will be provided to you by Weavr when setting up your plastic cards. - `cards.nameOnCardLine2` (string) Line 2 of the 'name on card' field. For Physical cards, this field will be printed on the card. The maximum characters allowed will depend on the design chosen and will be provided to you by Weavr when setting up your plastic cards. - `cards.startMmyy` (string, required) The start date of this card, in MMYY format. - `cards.expiryMmyy` (string, required) The end date of this card, in MMYY format. - `cards.cardLevelClassification` (string, required) The card classification determines whether the card is from Consumer or Corporate BINs. Enum: "CONSUMER", "CORPORATE" - `cards.expiryPeriodMonths` (integer, required) The validity timeframe of the card, in months. - `cards.renewalType` (string, required) Indicates how the card will be handled once it is close to expiring. - RENEW: The card will be automatically renewed, keeping the same card number but with a new expiry date and CVV. - NO_RENEW: Once the expiry date is reached, the card is destroyed. Enum: "RENEW", "NO_RENEW" - `cards.renewalTimestamp` (integer) The timestamp when the card will be renewed, expressed in Epoch timestamp using millisecond precision. - `cards.creationTimestamp` (integer, required) The timestamp when the card was created, expressed in Epoch timestamp using millisecond precision. - `cards.billingAddress` (object, required) The billing address set for the cardholder. This can be checked by the merchant during online purchases. - `cards.billingAddress.addressLine1` (string, required) The first line of the address. - `cards.billingAddress.addressLine2` (string) The second line of the address. - `cards.billingAddress.city` (string, required) The city of the address. - `cards.billingAddress.postCode` (string, required) The post code associated with the address. - `cards.billingAddress.state` (string) The state of the address. - `cards.billingAddress.country` (string, required) The country of the address expressed in ISO 3166 alpha-2 format. - `cards.physicalCardDetails` (object) - `cards.physicalCardDetails.bulkDelivery` (boolean) Bulk delivery is available for deliveryMethods REGISTERED_MAIL or COURIER. All cards marked as bulk and ordered within the fulfilment centre’s dispatch window will be sent in bulk. Delivery address must be identical for all orders. contactNumber in the deliveryAddress object is mandatory when bulk is selected. Maximum number of cards delivered in a single box/packet is REGISTERED_MAIL = 90, COURIER = 200. - `cards.physicalCardDetails.productReference` (string) The unique reference indicating the configuration of the physical card. Example the card design. - `cards.physicalCardDetails.carrierType` (string) - `cards.physicalCardDetails.pendingActivation` (boolean, required) Indicates if the physical card is activated for physical usage such as with physical terminals. - `cards.physicalCardDetails.pinBlocked` (boolean) Indicates if the physical card is blocked due to providing incorrect PINs. - `cards.physicalCardDetails.manufacturingState` (string) Information on the manufacturing of the physical card, as follows: - REQUESTED: The upgrade of the card to physical has been requested. - SENT_FOR_FULFILLMENT - The card has been sent for printing. - DISPATCHED: The card has been manufactured and dispatched. You may receive a second DISPATCHED event when the manufacturer provides a tracking code. - DELIVERED: The card has been received and activated by the recipient. Enum: "REQUESTED", "SENT_FOR_FULFILLMENT", "DISPATCHED", "DELIVERED" - `cards.physicalCardDetails.deliveryAddress` (object) The delivery address where the physical card is delivered. - `cards.physicalCardDetails.deliveryAddress.name` (string, required) - `cards.physicalCardDetails.deliveryAddress.surname` (string, required) - `cards.physicalCardDetails.deliveryAddress.addressLine1` (string, required) - `cards.physicalCardDetails.deliveryAddress.addressLine2` (string) - `cards.physicalCardDetails.deliveryAddress.city` (string, required) - `cards.physicalCardDetails.deliveryAddress.postCode` (string, required) - `cards.physicalCardDetails.deliveryAddress.country` (string, required) Country of the identity in ISO 3166 alpha-2 format. - `cards.physicalCardDetails.deliveryAddress.contactNumber` (string) Mandatory when bulk delivery is selected. Will be printed on the box/packet to assist delivery. - `cards.physicalCardDetails.deliveryMethod` (string) The delivery methods supported for delivering printed physical cards. If not specified, the STANDARD_DELIVERY method will be used. Enum: "STANDARD_DELIVERY", "REGISTERED_MAIL", "COURIER", "FIRST_CLASS_MAIL" - `cards.physicalCardDetails.deliveryTrackingCode` (string) The delivery tracking code for tracking the physical card's delivery status. This may not always be available on the first dispatched event, and so you will receive an additional dispatched notification with the delivery tracking code populated as soon as it is available. - `cards.physicalCardDetails.deliveryTrackingMethod` (string) The delivery tracking method for tracking the physical card's delivery status. - `cards.physicalCardDetails.deliveryTrackingUrl` (string) The delivery tracking URL for tracking the physical card's delivery status. - `cards.physicalCardDetails.replacement` (object) Indicates if the physical card is replaced by another card. - `cards.physicalCardDetails.replacement.replacementReason` (string) The reason why the physical card was replaced. - DAMAGED: The physical card was damaged and cannot be used at a physical terminal. - LOST_STOLEN: The physical card was either lost or stolen and cannot be used. - EXPIRED: The physical card expired. Enum: "DAMAGED", "LOST_STOLEN", "EXPIRED" - `cards.physicalCardDetails.replacement.replacementId` (string) The unique identifier of the new card that replaces this card. - `cards.physicalCardDetails.nameOnCardLine2` (string) Line 2 of the 'name on card' field. For Physical cards, this field will be printed on the card. The maximum characters allowed will depend on the design chosen and will be provided to you by Weavr when setting up your plastic cards. This field is deprecated - `cards.digitalWallets` (object, required) - `cards.digitalWallets.pushProvisioningEnabled` (boolean) Indicates whether the card is enabled for push provisioning in a digital wallet. - `cards.digitalWallets.walletsEnabled` (boolean) Indicates whether the card is enabled for tokenisation in a digital wallet. - `cards.digitalWallets.artworkReference` (string) The artwork reference that will be used if the card is enabled for tokenisation in a digital wallet. - `cards.authForwardingDefaultTimeoutDecision` (string) Default decision for auth forwarding on timeout Enum: "APPROVE", "DECLINE" - `cards.mode` (string, required) The mode with which this card was created: - A prepaid mode card has its own balance and can have funds transferred to or from it. - A debit mode card does not have its own balance but will be able to spend funds belonging to its parent managed account, subject to a configurable spend limit. - `cards.externalData` (array) External data fields, as provided and managed by the caller that are to be stored and associated with a Managed Card instance. This information is not processed or used by Weavr but some of the values could be shown in specific reports and used as filters - `cards.userId` (string) The Authorised User to be linked to the card, whose authentication details will be used for actions such as 3DS authentication, or manual provisioning to a digital wallet. This field can be used instead of threeDSecureAuthConfig as it better describes the wider scope of possible uses. - `cards.replacement` (object) Indicates if the card is replaced by another card. - `cards.replacement.id` (string, required) The id of the replacement card - `cards.replacement.reason` (string, required) The reason why the card was replaced. - DAMAGED: The physical card was damaged and cannot be used at a physical terminal. - LOST_STOLEN: The physical card was either lost or stolen and cannot be used. - EXPIRED: The card expired. - COMPROMISED: The virtual card was compromised; the virtual card details have been exposed or accessed without authorization. Enum: "DAMAGED", "LOST_STOLEN", "EXPIRED", "COMPROMISED" - `cards.cardholderMobileNumber` (string) The mobile number including country code of the card holder, needed for 3DS challenge. - `cards.threeDSecureAuthConfig` (object) - `cards.threeDSecureAuthConfig.primaryChannel` (string, required) Primary Authentication Method Enum: "OTP_SMS", "BIOMETRICS", "TWILIO_AUTHY" - `cards.threeDSecureAuthConfig.fallbackChannel` (string) Fallback Authentication Method Enum: "OTP_SMS" - `cards.threeDSecureAuthConfig.linkedUserId` (string, required) The Authorised user whose authentication / billing details will be reflected on the card for verification purposes such as 3ds. - `count` (integer) The total number of records (excluding the paging limit). - `responseCount` (integer) The total number of records returned in this response (always capped at 100). ## Response 400 fields (application/json): - `message` (string) When present helps to identify and fix the problem. - `syntaxErrors` (object) Is returned as part of an HTTP error response whenever a syntax error is detected. A list of the fields together with their syntax error will be provided. - `syntaxErrors.invalidFields` (array) - `syntaxErrors.invalidFields.params` (array) - `syntaxErrors.invalidFields.fieldName` (string) - `syntaxErrors.invalidFields.error` (string) Enum: "REQUIRED", "HAS_TEXT", "REQUIRES", "SIZE", "RANGE", "IN", "NOT_IN", "REGEX", "EXACTLY", "AT_LEAST", "AT_MOST", "ALL_OR_NONE" ## Response 403 fields (application/json): - `errorCode` (string) Enum: "STEP_UP_REQUIRED", "ACCESS_TOKEN_REQUIRED" ## Response default fields (application/json): - `code` (string) - `message` (string) ## Response 401 fields ## Response 429 fields ## Response 500 fields ## Response 503 fields