Setting card restrictions

How to set and manage card restrictions, for example the maximum transaction amount.

Set a transaction restriction

You can place a restriction on the maximum transaction amount for a card.

To place a restriction on a card, use the POST /cards/{card_id}/restrictions and provide the parameters shown in the table below.

ParameterTypeDescription
restriction_type
required
stringCurrently only amount is supported.
max_amount
required
stringValue of the transaction restriction in decimal format with two decimal places, maximum value 100,000.00, for example 175.00.

📘

Note

Restrictions can be placed at the program level or at the card level. To place restrictions at the program level, contact Bond.

An example of a request to restrict the transaction amount on a card to $175.00 is shown below.

curl --request POST \
     --url https://sandbox.bond.tech/api/v0.1/cards/card_id/restrictions/ \
     --header 'Authorization: YOUR-AUTHORIZATION' \
     --header 'Content-Type: application/json' \
     --header 'Identity: YOUR-IDENTITY' \
     --data '
{
     "restriction_type": "amount",
     "max_amount": "175.00"
}
require 'uri'
require 'net/http'
require 'openssl'

url = URI("https://sandbox.bond.tech/api/v0.1/cards/card_id/restrictions/")

http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true

request = Net::HTTP::Post.new(url)
request["Content-Type"] = 'application/json'
request["Identity"] = 'YOUR-IDENTITY'
request["Authorization"] = 'YOUR-AUTHORIZATION'
request.body = "{\"restriction_type\":\"amount\",\"max_amount\":\"175.00\"}"

response = http.request(request)
puts response.read_body
const options = {
  method: 'POST',
  headers: {
    'Content-Type': 'application/json',
    Identity: 'YOUR-IDENTITY',
    Authorization: 'YOUR-AUTHORIZATION'
  },
  body: JSON.stringify({restriction_type: 'amount', max_amount: '175.00'})
};

fetch('https://sandbox.bond.tech/api/v0.1/cards/card_id/restrictions/', options)
  .then(response => response.json())
  .then(response => console.log(response))
  .catch(err => console.error(err));
import requests

url = "https://sandbox.bond.tech/api/v0.1/cards/card_id/restrictions/"

payload = {
    "restriction_type": "amount",
    "max_amount": "175.00"
}
headers = {
    "Content-Type": "application/json",
    "Identity": "YOUR-IDENTITY",
    "Authorization": "YOUR-AUTHORIZATION"
}

response = requests.request("POST", url, json=payload, headers=headers)

print(response.text)
var client = new RestClient("https://sandbox.bond.tech/api/v0.1/cards/card_id/restrictions/");
var request = new RestRequest(Method.POST);
request.AddHeader("Content-Type", "application/json");
request.AddHeader("Identity", "YOUR-IDENTITY");
request.AddHeader("Authorization", "YOUR-AUTHORIZATION");
request.AddParameter("application/json", "{\"restriction_type\":\"amount\",\"max_amount\":\"175.00\"}", ParameterType.RequestBody);
IRestResponse response = client.Execute(request);
OkHttpClient client = new OkHttpClient();

MediaType mediaType = MediaType.parse("application/json");
RequestBody body = RequestBody.create(mediaType, "{\"restriction_type\":\"amount\",\"max_amount\":\"175.00\"}");
Request request = new Request.Builder()
  .url("https://sandbox.bond.tech/api/v0.1/cards/card_id/restrictions/")
  .post(body)
  .addHeader("Content-Type", "application/json")
  .addHeader("Identity", "YOUR-IDENTITY")
  .addHeader("Authorization", "YOUR-AUTHORIZATION")
  .build();

Response response = client.newCall(request).execute();

A response to a successful request to place a transaction restriction is shown below.

{
  "uuid": "b7492825-adce-4164-b8ba-5676943b6237",
  "card_id": "dab45fde-3450-4fbf-b671-9605756c1c8c",
  "restriction_type": "amount",
  "max_amount": "string",
  "date_created": "2020-06-29T14:59:38.386930",
  "date_updated": "2020-06-30T14:59:38.386930"
}

📘

Note

Cards can only have one amount restriction. When you set a new card restriction, any existing restriction is overwritten.

For a complete specification and interactive examples, see Creating a card restriction in the Bond API Reference.

Retrieving card restrictions

To retrieve a list of all restrictions set on a card, use the GET /cards/{card_id}/restrictions method with no further parameters as shown in the example below.

curl --request GET \
     --url https://sandbox.bond.tech/api/v0.1/cards/a593e8c1-bcd3-4747-a903-2a829fa4e3fe/restrictions \
     --header 'Accept: application/json' \
     --header 'Authorization: YOUR-AUTHENTICATION' \
     --header 'Identity: YOUR-IDENTITY'
require 'uri'
require 'net/http'
require 'openssl'

url = URI("https://sandbox.bond.tech/api/v0.1/cards/a593e8c1-bcd3-4747-a903-2a829fa4e3fe/restrictions")

http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true

request = Net::HTTP::Get.new(url)
request["Accept"] = 'application/json'
request["Identity"] = 'YOUR-IDENTITY'
request["Authorization"] = 'YOUR-AUTHENTICATION'

response = http.request(request)
puts response.read_body
const options = {
  method: 'GET',
  headers: {
    Accept: 'application/json',
    Identity: 'YOUR-IDENTITY',
    Authorization: 'YOUR-AUTHENTICATION'
  }
};

fetch('https://sandbox.bond.tech/api/v0.1/cards/a593e8c1-bcd3-4747-a903-2a829fa4e3fe/restrictions', options)
  .then(response => response.json())
  .then(response => console.log(response))
  .catch(err => console.error(err));
import requests

url = "https://sandbox.bond.tech/api/v0.1/cards/a593e8c1-bcd3-4747-a903-2a829fa4e3fe/restrictions"

headers = {
    "Accept": "application/json",
    "Identity": "YOUR-IDENTITY",
    "Authorization": "YOUR-AUTHENTICATION"
}

response = requests.get(url, headers=headers)

print(response.text)
var client = new RestClient("https://sandbox.bond.tech/api/v0.1/cards/a593e8c1-bcd3-4747-a903-2a829fa4e3fe/restrictions");
var request = new RestRequest(Method.GET);
request.AddHeader("Accept", "application/json");
request.AddHeader("Identity", "YOUR-IDENTITY");
request.AddHeader("Authorization", "YOUR-AUTHENTICATION");
IRestResponse response = client.Execute(request);
OkHttpClient client = new OkHttpClient();

Request request = new Request.Builder()
  .url("https://sandbox.bond.tech/api/v0.1/cards/a593e8c1-bcd3-4747-a903-2a829fa4e3fe/restrictions")
  .get()
  .addHeader("Accept", "application/json")
  .addHeader("Identity", "YOUR-IDENTITY")
  .addHeader("Authorization", "YOUR-AUTHENTICATION")
  .build();

Response response = client.newCall(request).execute();

An example of a successful request to retrieve all restrictions is shown below.

{
  "card": "string",
  "restrictions": [
    {
      "uuid": "846b9f2a-0e34-4783-ac74-83bb89781a05",
      "card_id": "a593e8c1-bcd3-4747-a903-2a829fa4e3fe",
      "restriction_type": "amount",
      "max_amount": "100.00",
      "date_created": "2020-06-29T14:59:38.386930",
      "date_updated": "2020-06-29T14:59:38.386930"
    }
  ]
}

For a complete specification and interactive examples, see Retrieving card restrictions in the Bond API Reference.

Retrieving a specific card restriction

To retrieve a specific restriction on a card, use the GET /cards/{card_id}/restrictions/{restriction_id} operation with no further parameters.

curl --request GET \
     --url https://sandbox.bond.tech/api/v0.1/cards/dab45fde-3450-4fbf-b671-9605756c1c8c/restrictions/b7492825-adce-4164-b8ba-5676943b6237 \
     --header 'Accept: application/json' \
     --header 'Authorization: YOUR-AUTHENTICATION' \
     --header 'Identity: YOUR-IDENTITY'
require 'uri'
require 'net/http'
require 'openssl'

url = URI("https://sandbox.bond.tech/api/v0.1/cards/dab45fde-3450-4fbf-b671-9605756c1c8c/restrictions/b7492825-adce-4164-b8ba-5676943b6237")

http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true

request = Net::HTTP::Get.new(url)
request["Accept"] = 'application/json'
request["Identity"] = 'YOUR-IDENTITY'
request["Authorization"] = 'YOUR-AUTHENTICATION'

response = http.request(request)
puts response.read_body
const options = {
  method: 'GET',
  headers: {
    Accept: 'application/json',
    Identity: 'YOUR-IDENTITY',
    Authorization: 'YOUR-AUTHENTICATION'
  }
};

fetch('https://sandbox.bond.tech/api/v0.1/cards/dab45fde-3450-4fbf-b671-9605756c1c8c/restrictions/b7492825-adce-4164-b8ba-5676943b6237', options)
  .then(response => response.json())
  .then(response => console.log(response))
  .catch(err => console.error(err));
import requests

url = "https://sandbox.bond.tech/api/v0.1/cards/dab45fde-3450-4fbf-b671-9605756c1c8c/restrictions/b7492825-adce-4164-b8ba-5676943b6237"

headers = {
    "Accept": "application/json",
    "Identity": "YOUR-IDENTITY",
    "Authorization": "YOUR-AUTHENTICATION"
}

response = requests.get(url, headers=headers)

print(response.text)
var client = new RestClient("https://sandbox.bond.tech/api/v0.1/cards/dab45fde-3450-4fbf-b671-9605756c1c8c/restrictions/b7492825-adce-4164-b8ba-5676943b6237");
var request = new RestRequest(Method.GET);
request.AddHeader("Accept", "application/json");
request.AddHeader("Identity", "YOUR-IDENTITY");
request.AddHeader("Authorization", "YOUR-AUTHENTICATION");
IRestResponse response = client.Execute(request);
OkHttpClient client = new OkHttpClient();

Request request = new Request.Builder()
  .url("https://sandbox.bond.tech/api/v0.1/cards/dab45fde-3450-4fbf-b671-9605756c1c8c/restrictions/b7492825-adce-4164-b8ba-5676943b6237")
  .get()
  .addHeader("Accept", "application/json")
  .addHeader("Identity", "YOUR-IDENTITY")
  .addHeader("Authorization", "YOUR-AUTHENTICATION")
  .build();

Response response = client.newCall(request).execute();

An example of a successful request to retrieve a specific card restriction is shown below.

{
  "uuid": "b7492825-adce-4164-b8ba-5676943b6237",
  "card_id": "dab45fde-3450-4fbf-b671-9605756c1c8c",
  "restriction_type": "amount",
  "max_amount": "string",
  "date_created": "2020-06-29T14:59:38.386930",
  "date_updated": "2020-06-30T14:59:38.386930"
}

For a complete specification and interactive examples, see Retrieving card restriction by ID in the Bond API Reference.

Editing a card restriction

To edit a specific card restriction, use the PATCH /cards/{card_id}/restrictions/{restriction_id} operation and provide the parameters shown in the table below.

ParameterTypeDescription
restriction_type
required
stringCurrently only amount is supported.
max_amount
required
stringValue of the transaction restriction in decimal format with two decimal places, for example 175.00.
Maximum amount is 100,000.00.

For a complete specification and interactive examples, see Editing a card restriction in the Bond API Reference.

Removing a card restriction

To remove a specific card restriction, use the DELETE /cards/{card_id}/restrictions/{restriction_id} method with no other parameters.

An example of a request to remove a card restriction is shown below.

curl --request DELETE \
  --url https://sandbox.bond.tech/api/v0.1/cards/card_id/restrictions/restriction_id \
  --header 'Authorization: YOUR-AUTHORIZATION' \
  --header 'Identity: YOUR-IDENTITY'
require 'uri'
require 'net/http'
require 'openssl'

url = URI("https://sandbox.bond.tech/api/v0.1/cards/card_id/restrictions/restriction_id")

http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true

request = Net::HTTP::Delete.new(url)
request["Identity"] = 'YOUR-IDENTITY'
request["Authorization"] = 'YOUR-AUTHORIZATION'

response = http.request(request)
puts response.read_body
const options = {
  method: 'DELETE',
  headers: {
    Identity: 'YOUR-IDENTITY',
    Authorization: 'YOUR-AUTHORIZATION'
  }
};

fetch('https://sandbox.bond.tech/api/v0.1/cards/card_id/restrictions/restriction_id', options)
  .then(response => response.json())
  .then(response => console.log(response))
  .catch(err => console.error(err));
import requests

url = "https://sandbox.bond.tech/api/v0.1/cards/card_id/restrictions/restriction_id"

headers = {
    "Identity": "YOUR-IDENTITY",
    "Authorization": "YOUR-AUTHORIZATION"
}

response = requests.request("DELETE", url, headers=headers)

print(response.text)
var client = new RestClient("https://sandbox.bond.tech/api/v0.1/cards/card_id/restrictions/restriction_id");
var request = new RestRequest(Method.DELETE);
request.AddHeader("Identity", "YOUR-IDENTITY");
request.AddHeader("Authorization", "YOUR-AUTHORIZATION");
IRestResponse response = client.Execute(request);
OkHttpClient client = new OkHttpClient();

Request request = new Request.Builder()
  .url("https://sandbox.bond.tech/api/v0.1/cards/card_id/restrictions/restriction_id")
  .delete(

An example of a successful response to a request to remove a card restriction is shown below.

{
    "Status": "Card Restriction Removed"
}

For a complete specification and interactive examples, see Removing a card restriction in the Bond API Reference.


Next Steps