# Cards > Cards may operate on credit, debit, or prepaid BINs. They’ll immediately work for online purchases after you create them. All cards work on a good funds model, and maintain a maximum limit of 100% of the Account’s available balance at the time of transaction. Funds are deducted from the Account upon transaction settlement. [Events](https://increase.com/documentation/events.md) will be generated for this resource. The possible event categories are: `card.created` and `card.updated`. ## The Card object ### Example ```json { "account_id": "account_in71c4amph0vgo2qllky", "authorization_controls": null, "billing_address": { "city": "New York", "line1": "33 Liberty Street", "line2": null, "postal_code": "10045", "state": "NY" }, "created_at": "2020-01-31T23:59:59Z", "description": "Office Expenses", "digital_wallet": { "digital_card_profile_id": "digital_card_profile_s3puplu90f04xhcwkiga", "email": "user@example.com", "phone": "+16505046304" }, "entity_id": null, "expiration_month": 11, "expiration_year": 2028, "id": "card_oubs0hwk5rn6knuecxg2", "idempotency_key": null, "last4": "4242", "status": "active", "type": "card" } ``` ### Attributes - `account_id` (string) The identifier for the account this card belongs to. - `authorization_controls` (dictionary, nullable) Controls that restrict how this card can be used. - `authorization_controls.merchant_acceptor_identifier` (dictionary, nullable) Restricts which Merchant Acceptor IDs are allowed or blocked for authorizations on this card. - `authorization_controls.merchant_acceptor_identifier.allowed` (array of objects, nullable) The Merchant Acceptor IDs that are allowed for authorizations on this card. - `authorization_controls.merchant_acceptor_identifier.allowed.identifier` (string) The Merchant Acceptor ID. - `authorization_controls.merchant_acceptor_identifier.blocked` (array of objects, nullable) The Merchant Acceptor IDs that are blocked for authorizations on this card. - `authorization_controls.merchant_acceptor_identifier.blocked.identifier` (string) The Merchant Acceptor ID. - `authorization_controls.merchant_category_code` (dictionary, nullable) Restricts which Merchant Category Codes are allowed or blocked for authorizations on this card. - `authorization_controls.merchant_category_code.allowed` (array of objects, nullable) The Merchant Category Codes that are allowed for authorizations on this card. - `authorization_controls.merchant_category_code.allowed.code` (string) The Merchant Category Code (MCC). - `authorization_controls.merchant_category_code.blocked` (array of objects, nullable) The Merchant Category Codes that are blocked for authorizations on this card. - `authorization_controls.merchant_category_code.blocked.code` (string) The Merchant Category Code (MCC). - `authorization_controls.merchant_country` (dictionary, nullable) Restricts which merchant countries are allowed or blocked for authorizations on this card. - `authorization_controls.merchant_country.allowed` (array of objects, nullable) The merchant countries that are allowed for authorizations on this card. - `authorization_controls.merchant_country.allowed.country` (string) The ISO 3166-1 alpha-2 country code. - `authorization_controls.merchant_country.blocked` (array of objects, nullable) The merchant countries that are blocked for authorizations on this card. - `authorization_controls.merchant_country.blocked.country` (string) The ISO 3166-1 alpha-2 country code. - `authorization_controls.usage` (dictionary, nullable) Controls how many times this card can be used. - `authorization_controls.usage.category` (enum) Whether the card is for a single use or multiple uses. Cases: * `single_use` (The card can only be used for a single authorization.) * `multi_use` (The card can be used for multiple authorizations.) - `authorization_controls.usage.multi_use` (dictionary, nullable) Controls for multi-use cards. Required if and only if `category` is `multi_use`. - `authorization_controls.usage.multi_use.spending_limits` (array of objects, nullable) Spending limits for this card. The most restrictive limit applies if multiple limits match. - `authorization_controls.usage.multi_use.spending_limits.interval` (enum) The interval at which the spending limit is enforced. Cases: * `all_time` (The spending limit applies over the lifetime of the card.) * `per_transaction` (The spending limit applies per transaction.) * `per_day` (The spending limit applies per day. Resets nightly at midnight UTC.) * `per_week` (The spending limit applies per week. Resets weekly on Mondays at midnight UTC.) * `per_month` (The spending limit applies per month. Resets on the first of the month, midnight UTC.) - `authorization_controls.usage.multi_use.spending_limits.merchant_category_codes` (array of objects, nullable) The Merchant Category Codes (MCCs) this spending limit applies to. If not set, the limit applies to all transactions. - `authorization_controls.usage.multi_use.spending_limits.merchant_category_codes.code` (string) The Merchant Category Code (MCC). - `authorization_controls.usage.multi_use.spending_limits.settlement_amount` (integer) The maximum settlement amount permitted in the given interval. - `authorization_controls.usage.single_use` (dictionary, nullable) Controls for single-use cards. Required if and only if `category` is `single_use`. - `authorization_controls.usage.single_use.settlement_amount` (dictionary) The settlement amount constraint for this single-use card. - `authorization_controls.usage.single_use.settlement_amount.comparison` (enum) The operator used to compare the settlement amount. Cases: * `equals` (The settlement amount must be exactly the specified value.) * `less_than_or_equals` (The settlement amount must be less than or equal to the specified value.) - `authorization_controls.usage.single_use.settlement_amount.value` (integer) The settlement amount value. - `billing_address` (dictionary) The Card's billing address. - `billing_address.city` (string, nullable) The city of the billing address. - `billing_address.line1` (string, nullable) The first line of the billing address. - `billing_address.line2` (string, nullable) The second line of the billing address. - `billing_address.postal_code` (string, nullable) The postal code of the billing address. - `billing_address.state` (string, nullable) The US state of the billing address. - `created_at` (string) The [ISO 8601](https://en.wikipedia.org/wiki/ISO_8601) date and time at which the Card was created. - `description` (string, nullable) The card's description for display purposes. - `digital_wallet` (dictionary, nullable) The contact information used in the two-factor steps for digital wallet card creation. At least one field must be present to complete the digital wallet steps. - `digital_wallet.digital_card_profile_id` (string, nullable) The digital card profile assigned to this digital card. Card profiles may also be assigned at the program level. - `digital_wallet.email` (string, nullable) An email address that can be used to verify the cardholder via one-time passcode over email. - `digital_wallet.phone` (string, nullable) A phone number that can be used to verify the cardholder via one-time passcode over SMS. - `entity_id` (string, nullable) The identifier for the entity associated with this card. - `expiration_month` (integer) The month the card expires in M format (e.g., August is 8). - `expiration_year` (integer) The year the card expires in YYYY format (e.g., 2025). - `id` (string) The card identifier. - `idempotency_key` (string, nullable) The idempotency key you chose for this object. This value is unique across Increase and is used to ensure that a request is only processed once. Learn more about [idempotency](https://increase.com/documentation/idempotency-keys). - `last4` (string) The last 4 digits of the Card's Primary Account Number. - `status` (enum) This indicates if payments can be made with the card. Cases: * `active` (The card is active.) * `disabled` (The card is temporarily disabled.) * `canceled` (The card is permanently canceled.) - `type` (string) A constant representing the object's type. For this resource it will always be `card`. ## List Cards GET /cards ### Example ```curl curl \ --url "${INCREASE_URL}/cards?account_id=account_in71c4amph0vgo2qllky" \ -H "Authorization: Bearer ${INCREASE_API_KEY}" ``` ### Query Parameters - `cursor` (string, optional) Return the page of entries after this one. - `limit` (integer, optional) Limit the size of the list that is returned. The default (and maximum) is 100 objects. - `account_id` (string, optional) Filter Cards to ones belonging to the specified Account. - `created_at.after` (string, optional) Return results after this [ISO 8601](https://en.wikipedia.org/wiki/ISO_8601) timestamp. - `created_at.before` (string, optional) Return results before this [ISO 8601](https://en.wikipedia.org/wiki/ISO_8601) timestamp. - `created_at.on_or_after` (string, optional) Return results on or after this [ISO 8601](https://en.wikipedia.org/wiki/ISO_8601) timestamp. - `created_at.on_or_before` (string, optional) Return results on or before this [ISO 8601](https://en.wikipedia.org/wiki/ISO_8601) timestamp. - `status.in` (array of enums, optional) Filter Cards by status. For GET requests, this should be encoded as a comma-delimited string, such as `?in=one,two,three`. Cases: * `active` (The card is active.) * `disabled` (The card is temporarily disabled.) * `canceled` (The card is permanently canceled.) - `idempotency_key` (string, optional) Filter records to the one with the specified `idempotency_key` you chose for that object. This value is unique across Increase and is used to ensure that a request is only processed once. Learn more about [idempotency](https://increase.com/documentation/idempotency-keys). ### Returns a Card List object: ```json { "data": [ { "account_id": "account_in71c4amph0vgo2qllky", "authorization_controls": null, "billing_address": { "city": "New York", "line1": "33 Liberty Street", "line2": null, "postal_code": "10045", "state": "NY" }, "created_at": "2020-01-31T23:59:59Z", "description": "Office Expenses", "digital_wallet": { "digital_card_profile_id": "digital_card_profile_s3puplu90f04xhcwkiga", "email": "user@example.com", "phone": "+16505046304" }, "entity_id": null, "expiration_month": 11, "expiration_year": 2028, "id": "card_oubs0hwk5rn6knuecxg2", "idempotency_key": null, "last4": "4242", "status": "active", "type": "card" } ], "next_cursor": "v57w5d" } ``` ## Create a Card POST /cards ### Example ```curl curl -X "POST" \ --url "${INCREASE_URL}/cards" \ -H "Authorization: Bearer ${INCREASE_API_KEY}" \ -H "Content-Type: application/json" \ -d $'{ "account_id": "account_in71c4amph0vgo2qllky", "description": "Card for Ian Crease" }' ``` ### Body Parameters - `account_id` (string, required) The Account the card should belong to. - `authorization_controls` (dictionary, optional) Controls that restrict how this card can be used. - `authorization_controls.merchant_acceptor_identifier` (dictionary, optional) Restricts which Merchant Acceptor IDs are allowed or blocked for authorizations on this card. - `authorization_controls.merchant_acceptor_identifier.allowed` (array of objects, optional) The Merchant Acceptor IDs that are allowed for authorizations on this card. Authorizations with Merchant Acceptor IDs not in this list will be declined. - `authorization_controls.merchant_acceptor_identifier.allowed.identifier` (string, required) The Merchant Acceptor ID. - `authorization_controls.merchant_acceptor_identifier.blocked` (array of objects, optional) The Merchant Acceptor IDs that are blocked for authorizations on this card. Authorizations with Merchant Acceptor IDs in this list will be declined. - `authorization_controls.merchant_acceptor_identifier.blocked.identifier` (string, required) The Merchant Acceptor ID. - `authorization_controls.merchant_category_code` (dictionary, optional) Restricts which Merchant Category Codes are allowed or blocked for authorizations on this card. - `authorization_controls.merchant_category_code.allowed` (array of objects, optional) The Merchant Category Codes that are allowed for authorizations on this card. Authorizations with Merchant Category Codes not in this list will be declined. - `authorization_controls.merchant_category_code.allowed.code` (string, required) The Merchant Category Code. - `authorization_controls.merchant_category_code.blocked` (array of objects, optional) The Merchant Category Codes that are blocked for authorizations on this card. Authorizations with Merchant Category Codes in this list will be declined. - `authorization_controls.merchant_category_code.blocked.code` (string, required) The Merchant Category Code. - `authorization_controls.merchant_country` (dictionary, optional) Restricts which merchant countries are allowed or blocked for authorizations on this card. - `authorization_controls.merchant_country.allowed` (array of objects, optional) The merchant countries that are allowed for authorizations on this card. Authorizations with merchant countries not in this list will be declined. - `authorization_controls.merchant_country.allowed.country` (string, required) The ISO 3166-1 alpha-2 country code. - `authorization_controls.merchant_country.blocked` (array of objects, optional) The merchant countries that are blocked for authorizations on this card. Authorizations with merchant countries in this list will be declined. - `authorization_controls.merchant_country.blocked.country` (string, required) The ISO 3166-1 alpha-2 country code. - `authorization_controls.usage` (dictionary, optional) Controls how many times this card can be used. - `authorization_controls.usage.category` (enum, required) Whether the card is for a single use or multiple uses. Cases: * `single_use` (The card can only be used for a single authorization.) * `multi_use` (The card can be used for multiple authorizations.) - `authorization_controls.usage.multi_use` (dictionary, optional) Controls for multi-use cards. Required if and only if `category` is `multi_use`. - `authorization_controls.usage.multi_use.spending_limits` (array of objects, optional) Spending limits for this card. The most restrictive limit applies if multiple limits match. - `authorization_controls.usage.multi_use.spending_limits.interval` (enum, required) The interval at which the spending limit is enforced. Cases: * `all_time` (The spending limit applies over the lifetime of the card.) * `per_transaction` (The spending limit applies per transaction.) * `per_day` (The spending limit applies per day. Resets nightly at midnight UTC.) * `per_week` (The spending limit applies per week. Resets weekly on Mondays at midnight UTC.) * `per_month` (The spending limit applies per month. Resets on the first of the month, midnight UTC.) - `authorization_controls.usage.multi_use.spending_limits.merchant_category_codes` (array of objects, optional) The Merchant Category Codes this spending limit applies to. If not set, the limit applies to all transactions. - `authorization_controls.usage.multi_use.spending_limits.merchant_category_codes.code` (string, required) The Merchant Category Code. - `authorization_controls.usage.multi_use.spending_limits.settlement_amount` (integer, required) The maximum settlement amount permitted in the given interval. - `authorization_controls.usage.single_use` (dictionary, optional) Controls for single-use cards. Required if and only if `category` is `single_use`. - `authorization_controls.usage.single_use.settlement_amount` (dictionary, required) The settlement amount constraint for this single-use card. - `authorization_controls.usage.single_use.settlement_amount.comparison` (enum, required) The operator used to compare the settlement amount. Cases: * `equals` (The settlement amount must be exactly the specified value.) * `less_than_or_equals` (The settlement amount must be less than or equal to the specified value.) - `authorization_controls.usage.single_use.settlement_amount.value` (integer, required) The settlement amount value. - `billing_address` (dictionary, optional) The card's billing address. - `billing_address.city` (string, required) The city of the billing address. - `billing_address.line1` (string, required) The first line of the billing address. - `billing_address.line2` (string, optional) The second line of the billing address. - `billing_address.postal_code` (string, required) The postal code of the billing address. - `billing_address.state` (string, required) The US state of the billing address. - `description` (string, optional) The description you choose to give the card. - `digital_wallet` (dictionary, optional) The contact information used in the two-factor steps for digital wallet card creation. To add the card to a digital wallet, you may supply an email or phone number with this request. Otherwise, subscribe and then action a Real Time Decision with the category `digital_wallet_token_requested` or `digital_wallet_authentication_requested`. - `digital_wallet.digital_card_profile_id` (string, optional) The digital card profile assigned to this digital card. - `digital_wallet.email` (string, optional) An email address that can be used to contact and verify the cardholder via one-time passcode over email. - `digital_wallet.phone` (string, optional) A phone number that can be used to contact and verify the cardholder via one-time passcode over SMS. - `entity_id` (string, optional) The Entity the card belongs to. You only need to supply this in rare situations when the card is not for the Account holder. ## Retrieve a Card GET /cards/{card_id} ### Example ```curl curl \ --url "${INCREASE_URL}/cards/card_oubs0hwk5rn6knuecxg2" \ -H "Authorization: Bearer ${INCREASE_API_KEY}" ``` ### Path Parameters - `card_id` (string, required) The identifier of the Card. ## Update a Card PATCH /cards/{card_id} ### Example ```curl curl -X "PATCH" \ --url "${INCREASE_URL}/cards/card_oubs0hwk5rn6knuecxg2" \ -H "Authorization: Bearer ${INCREASE_API_KEY}" \ -H "Content-Type: application/json" \ -d $'{ "description": "New description" }' ``` ### Path Parameters - `card_id` (string, required) The card identifier. ### Body Parameters - `authorization_controls` (dictionary, optional) Controls that restrict how this card can be used. - `authorization_controls.merchant_acceptor_identifier` (dictionary, optional) Restricts which Merchant Acceptor IDs are allowed or blocked for authorizations on this card. - `authorization_controls.merchant_acceptor_identifier.allowed` (array of objects, optional) The Merchant Acceptor IDs that are allowed for authorizations on this card. Authorizations with Merchant Acceptor IDs not in this list will be declined. - `authorization_controls.merchant_acceptor_identifier.allowed.identifier` (string, required) The Merchant Acceptor ID. - `authorization_controls.merchant_acceptor_identifier.blocked` (array of objects, optional) The Merchant Acceptor IDs that are blocked for authorizations on this card. Authorizations with Merchant Acceptor IDs in this list will be declined. - `authorization_controls.merchant_acceptor_identifier.blocked.identifier` (string, required) The Merchant Acceptor ID. - `authorization_controls.merchant_category_code` (dictionary, optional) Restricts which Merchant Category Codes are allowed or blocked for authorizations on this card. - `authorization_controls.merchant_category_code.allowed` (array of objects, optional) The Merchant Category Codes that are allowed for authorizations on this card. Authorizations with Merchant Category Codes not in this list will be declined. - `authorization_controls.merchant_category_code.allowed.code` (string, required) The Merchant Category Code. - `authorization_controls.merchant_category_code.blocked` (array of objects, optional) The Merchant Category Codes that are blocked for authorizations on this card. Authorizations with Merchant Category Codes in this list will be declined. - `authorization_controls.merchant_category_code.blocked.code` (string, required) The Merchant Category Code. - `authorization_controls.merchant_country` (dictionary, optional) Restricts which merchant countries are allowed or blocked for authorizations on this card. - `authorization_controls.merchant_country.allowed` (array of objects, optional) The merchant countries that are allowed for authorizations on this card. Authorizations with merchant countries not in this list will be declined. - `authorization_controls.merchant_country.allowed.country` (string, required) The ISO 3166-1 alpha-2 country code. - `authorization_controls.merchant_country.blocked` (array of objects, optional) The merchant countries that are blocked for authorizations on this card. Authorizations with merchant countries in this list will be declined. - `authorization_controls.merchant_country.blocked.country` (string, required) The ISO 3166-1 alpha-2 country code. - `authorization_controls.usage` (dictionary, optional) Controls how many times this card can be used. - `authorization_controls.usage.category` (enum, required) Whether the card is for a single use or multiple uses. Cases: * `single_use` (The card can only be used for a single authorization.) * `multi_use` (The card can be used for multiple authorizations.) - `authorization_controls.usage.multi_use` (dictionary, optional) Controls for multi-use cards. Required if and only if `category` is `multi_use`. - `authorization_controls.usage.multi_use.spending_limits` (array of objects, optional) Spending limits for this card. The most restrictive limit applies if multiple limits match. - `authorization_controls.usage.multi_use.spending_limits.interval` (enum, required) The interval at which the spending limit is enforced. Cases: * `all_time` (The spending limit applies over the lifetime of the card.) * `per_transaction` (The spending limit applies per transaction.) * `per_day` (The spending limit applies per day. Resets nightly at midnight UTC.) * `per_week` (The spending limit applies per week. Resets weekly on Mondays at midnight UTC.) * `per_month` (The spending limit applies per month. Resets on the first of the month, midnight UTC.) - `authorization_controls.usage.multi_use.spending_limits.merchant_category_codes` (array of objects, optional) The Merchant Category Codes this spending limit applies to. If not set, the limit applies to all transactions. - `authorization_controls.usage.multi_use.spending_limits.merchant_category_codes.code` (string, required) The Merchant Category Code. - `authorization_controls.usage.multi_use.spending_limits.settlement_amount` (integer, required) The maximum settlement amount permitted in the given interval. - `authorization_controls.usage.single_use` (dictionary, optional) Controls for single-use cards. Required if and only if `category` is `single_use`. - `authorization_controls.usage.single_use.settlement_amount` (dictionary, required) The settlement amount constraint for this single-use card. - `authorization_controls.usage.single_use.settlement_amount.comparison` (enum, required) The operator used to compare the settlement amount. Cases: * `equals` (The settlement amount must be exactly the specified value.) * `less_than_or_equals` (The settlement amount must be less than or equal to the specified value.) - `authorization_controls.usage.single_use.settlement_amount.value` (integer, required) The settlement amount value. - `billing_address` (dictionary, optional) The card's updated billing address. - `billing_address.city` (string, required) The city of the billing address. - `billing_address.line1` (string, required) The first line of the billing address. - `billing_address.line2` (string, optional) The second line of the billing address. - `billing_address.postal_code` (string, required) The postal code of the billing address. - `billing_address.state` (string, required) The US state of the billing address. - `description` (string, optional) The description you choose to give the card. - `digital_wallet` (dictionary, optional) The contact information used in the two-factor steps for digital wallet card creation. At least one field must be present to complete the digital wallet steps. - `digital_wallet.digital_card_profile_id` (string, optional) The digital card profile assigned to this digital card. - `digital_wallet.email` (string, optional) An email address that can be used to verify the cardholder via one-time passcode over email. - `digital_wallet.phone` (string, optional) A phone number that can be used to verify the cardholder via one-time passcode over SMS. - `entity_id` (string, optional) The Entity the card belongs to. You only need to supply this in rare situations when the card is not for the Account holder. - `status` (enum, optional) The status to update the Card with. Cases: * `active` (The card is active.) * `disabled` (The card is temporarily disabled.) * `canceled` (The card is permanently canceled.) ## Create a Card details iframe POST /cards/{card_id}/create_details_iframe > Create an iframe URL for a Card to display the card details. More details about styling and usage can be found in the [documentation](/documentation/embedded-card-component). ### Example ```curl curl -X "POST" \ --url "${INCREASE_URL}/cards/card_oubs0hwk5rn6knuecxg2/create_details_iframe" \ -H "Authorization: Bearer ${INCREASE_API_KEY}" \ -H "Content-Type: application/json" \ -d $'{}' ``` ### Path Parameters - `card_id` (string, required) The identifier of the Card to create an iframe for. ### Body Parameters - `physical_card_id` (string, optional) The identifier of the Physical Card to create an iframe for. This will inform the appearance of the card rendered in the iframe. ### Returns a Card iframe URL object: ```json { "expires_at": "2020-01-31T23:59:59Z", "iframe_url": "https://increase.com/card_details_iframe/index.html?token=0", "type": "card_iframe_url" } ``` ## Retrieve sensitive details for a Card GET /cards/{card_id}/details > Sensitive details for a Card include the primary account number, expiry, card verification code, and PIN. ### Example ```curl curl \ --url "${INCREASE_URL}/cards/card_oubs0hwk5rn6knuecxg2/details" \ -H "Authorization: Bearer ${INCREASE_API_KEY}" ``` ### Path Parameters - `card_id` (string, required) The identifier of the Card to retrieve details for. ### Returns a Card Details object: ```json { "card_id": "card_oubs0hwk5rn6knuecxg2", "expiration_month": 7, "expiration_year": 2025, "pin": "1234", "primary_account_number": "4242424242424242", "type": "card_details", "verification_code": "123" } ``` ## Update a Card's PIN POST /cards/{card_id}/update_pin ### Example ```curl curl -X "POST" \ --url "${INCREASE_URL}/cards/card_oubs0hwk5rn6knuecxg2/update_pin" \ -H "Authorization: Bearer ${INCREASE_API_KEY}" \ -H "Content-Type: application/json" \ -d $'{ "pin": "1234" }' ``` ### Path Parameters - `card_id` (string, required) The identifier of the Card to update the PIN for. ### Body Parameters - `pin` (string, required) The 4-digit PIN for the card, for use with ATMs. ### Returns a Card Details object: ```json { "card_id": "card_oubs0hwk5rn6knuecxg2", "expiration_month": 7, "expiration_year": 2025, "pin": "1234", "primary_account_number": "4242424242424242", "type": "card_details", "verification_code": "123" } ```