Skip to main content
POST
/
v1
/
issuing
/
cards
Create Card
curl --request POST \
  --url https://api-sandbox.uqpaytech.com/api/v1/issuing/cards \
  --header 'Content-Type: application/json' \
  --header 'x-auth-token: <api-key>' \
  --header 'x-idempotency-key: <x-idempotency-key>' \
  --data '
{
  "card_currency": "USD",
  "card_product_id": "7c4ff2cd-1bf6-4aaa-bf16-266771425011",
  "card_limit": 2100.02,
  "name_on_card": "MARSHALL HU",
  "cardholder_id": "7c4ff2cd-1bf6-4aaa-bf16-266771425011",
  "spending_controls": [
    {
      "amount": 100.03,
      "interval": "PER_TRANSACTION"
    }
  ],
  "risk_controls": {
    "enable_3ds": "Y",
    "allow_3ds_transactions": "Y",
    "allowed_mcc": null,
    "blocked_mcc": [
      "5999",
      "6011"
    ]
  },
  "metadata": {
    "key1": "value1",
    "key2": "value2"
  },
  "usage_type": "NORMAL",
  "auto_cancel_trigger": "ON_AUTH",
  "expiry_at": "2026-03-19T18:46:43+08:00",
  "cardholder_required_fields": {
    "email": "demo@example.com",
    "first_name": "Emily",
    "last_name": "Toy",
    "country_code": "SG",
    "phone_number": "86683306",
    "date_of_birth": "1990-01-01",
    "gender": "MALE",
    "nationality": "SG"
  }
}
'
{
  "card_id": "c0cef051-29c5-4796-b86a-cd5b684bfad7",
  "card_order_id": "c0cef051-29c5-4796-b86a-cd5ee34bfad7",
  "create_time": "2024-03-21T17:17:32+08:00",
  "card_status": "ACTIVE",
  "order_status": "PENDING",
  "risk_controls": {
    "enable_3ds": "Y",
    "allow_3ds_transactions": "Y",
    "allowed_mcc": null,
    "blocked_mcc": [
      "5999",
      "6011"
    ]
  },
  "cardholder_id": "7c4ff2cd-1bf6-4aaa-bf16-266771425011",
  "cardholder_created": true,
  "cardholder_status": "SUCCESS",
  "verification_status": "UNDER_REVIEW",
  "kyc_method": "SUMSUB_REDIRECT",
  "idv_verification_url": "https://in.sumsub.com/websdk/p/sbx_4dwsbDuDbpJsMgou",
  "idv_url_expires_at": "2026-04-25T17:26:50+08:00",
  "message": "<string>"
}

Documentation Index

Fetch the complete documentation index at: https://developers-sandbox.uqpaytech.com/llms.txt

Use this file to discover all available pages before exploring further.

Authorizations

x-auth-token
string
header
required

The API token for login provided by UQPay.

Headers

x-on-behalf-of
string

Specifies the sub-account on whose behalf the request is made. This should be set to the account_id, which can be retrieved via the List Connected Accounts endpoint. If omitted or empty, the request is executed using the master account. More information at Connected Accounts.

x-idempotency-key
string<uuid>
required

A unique identifier (UUID) used to maintain operation idempotency, ensuring that repeated executions of the same operation do not result in unintended effects or duplication. It helps preserve data consistency in the face of network errors, retries, or failures.

Body

application/json
card_currency
enum<string>
required

The card currency.

Available options:
SGD,
USD,
XUSD
Example:

"USD"

card_product_id
string
required

The card product's unique identifier.

Example:

"7c4ff2cd-1bf6-4aaa-bf16-266771425011"

card_limit
number

The total credit limit assigned to the card, currency refer to card_currency. This is not a cumulative balance, but a fixed credit limit similar to that of a credit card.

Field Behavior by Card BIN:

  • For the following BINs, card_limit is required during card creation and must be greater than or equal to 0.01:

    • 527735
    • 555071
    • 555243

  • For all other BINs, card_limit is optional:

    • If omitted, the system will default card_limit to 0.
    • If provided, the value must be greater than or equal to 0, with up to two decimal places. Negative values are not allowed.
Required range: x >= 0
Example:

2100.02

name_on_card
string

The cardholder name shown on the card. When the Secure Iframe renders the cardholder name (cardholder_name=true), this value is used as the default; if omitted, the iframe falls back to first_name + last_name from the cardholder record.

Maximum string length: 26
Example:

"MARSHALL HU"

cardholder_id
string<uuid>

The unique identifier of the cardholder to issue the card to.

Either cardholder_id or a complete cardholder_required_fields block must be provided. When cardholder_id is omitted, the system creates a new cardholder inline using the values in cardholder_required_fields. See One-Step Card Issuance.

Example:

"7c4ff2cd-1bf6-4aaa-bf16-266771425011"

spending_controls
object[]

Rules that control spending for this card.

risk_controls
object

User-customized risk control settings.

Supported configurations depend on the card BIN. See [Supported BINs for Risk Control Configurations](/card-issuance/v1.6/guide/Supported BINs for Risk Control Configurations) for details.

metadata
object

Any key-value object. Max length = 3200 bytes. This must be valid JSON data.

Example:
{ "key1": "value1", "key2": "value2" }
usage_type
enum<string>
default:NORMAL

Indicates whether the card is a standard reusable card or a one-time-use card.

  • NORMAL - A standard card that can be used for multiple transactions.
  • ONE_TIME - A one-time-use card that is automatically cancelled after the first transaction event defined by auto_cancel_trigger.
Available options:
NORMAL,
ONE_TIME
Example:

"NORMAL"

auto_cancel_trigger
enum<string>

Defines the transaction event that triggers automatic cancellation of a ONE_TIME card. Required when usage_type is ONE_TIME.

  • ON_AUTH - The card is cancelled immediately after the first authorization is approved. Subsequent authorization requests on the same card will be declined.
  • ON_CAPTURE - The card is cancelled after the first transaction's capture (settlement) succeeds, allowing a full authorization and capture cycle to complete.
Available options:
ON_AUTH,
ON_CAPTURE
Example:

"ON_AUTH"

expiry_at
string<date-time>

The absolute expiry date and time of the card. If the card has not been cancelled by a first-transaction event before this time, it is automatically cancelled and any unused balance is released.

Example:

"2026-03-19T18:46:43+08:00"

cardholder_required_fields
object

Cardholder information supplied at card creation time.

  • In traditional mode (cardholder_id provided): optional; fields supplied here are used to supplement missing cardholder data before the card is issued.
  • In one-step mode (cardholder_id omitted): required and must contain a complete set of cardholder-creation fields (email, first_name, last_name, country_code, phone_number). The system creates the cardholder inline.

Response

200 - application/json

Card creation successfully.

card_id
string
required

Unique identifier for the card.

Example:

"c0cef051-29c5-4796-b86a-cd5b684bfad7"

card_order_id
string
required

ID of the card order.

Example:

"c0cef051-29c5-4796-b86a-cd5ee34bfad7"

create_time
string
required

Create time at which the object was created.

Example:

"2024-03-21T17:17:32+08:00"

card_status
enum<string>
required

Card status enum. See the Card lifecycle and statuses guide for more information.

Available options:
PENDING,
ACTIVE,
FROZEN,
BLOCKED,
CANCELLED,
LOST,
STOLEN,
FAILED
Example:

"ACTIVE"

order_status
enum<string>
required

This field will contain the status of the request after processing.

  • PENDING -The initial status of the order request.
  • PROCESSING - If this status shall be subject to webhooks notification.
  • SUCCESS - The final status of the order request is successful.
  • FAILED - The final status of the order request is failed.
Available options:
PENDING,
PROCESSING,
SUCCESS,
FAILED
risk_controls
object

The risk control settings applied to the card. Echoed from the request, or populated from the card product defaults when not supplied.

cardholder_id
string<uuid>

The cardholder's unique identifier. In one-step mode, this is the newly-created cardholder — save this value to reference the cardholder later.

Example:

"7c4ff2cd-1bf6-4aaa-bf16-266771425011"

cardholder_created
boolean

true when a new cardholder was created inline as part of this request. Omitted otherwise.

Example:

true

cardholder_status
enum<string>
default:SUCCESS

The cardholder's status.

Available options:
FAILED,
PENDING,
SUCCESS,
INCOMPLETE
verification_status
enum<string>

The KYC verification outcome for the cardholder. Returned when supplement fields triggered KYC processing.

Available options:
VERIFIED,
UNDER_REVIEW,
ACTION_REQUIRED
Example:

"UNDER_REVIEW"

kyc_method
enum<string>

Echoes the KYC verification method that was applied. Returned when cardholder_required_fields.kyc_verification was supplied in the request.

  • THIRD_PARTY - Merchant-supplied KYC proof was used.
  • SUMSUB_REDIRECT - The cardholder is redirected to Sumsub to complete IDV.
Available options:
THIRD_PARTY,
SUMSUB_REDIRECT
Example:

"SUMSUB_REDIRECT"

idv_verification_url
string<uri>

The IDV verification URL the cardholder must visit to complete identity verification. Returned only when kyc_method is SUMSUB_REDIRECT.

Example:

"https://in.sumsub.com/websdk/p/sbx_4dwsbDuDbpJsMgou"

idv_url_expires_at
string<date-time>

The expiry time of idv_verification_url. Returned only when kyc_method is SUMSUB_REDIRECT.

Example:

"2026-04-25T17:26:50+08:00"

message
string

Informational message when card creation is blocked or pending due to KYC requirements (e.g., insufficient KYC, missing fields).