Setting card restrictions

You can place a restriction on the maximum transaction amount for a card.

To place a restriction on a card, use the POST /cards/{card_id}/restrictions/ and provide the parameters shown in the table below.

Parameter

Type

Description

restriction_type
required

String

Currently only amount is supported.

max_amount
required

String

Value of the transaction restriction in decimal format with two decimal places, maximum value 100,000.00, for example 175.00.

📘

Note

Restrictions can be placed at the program level or at the card level. To place restrictions at the program level, contact Bond Studio.

Set a transaction restriction

An example of a request to restrict the transaction amount on a card to $175.00 is shown below.

curl --request POST \
     --url https://sandbox.bond.tech/api/v0/cards/card_id/restrictions/ \
     --header 'Authorization: YOUR-AUTHORIZATION' \
     --header 'Content-Type: application/json' \
     --header 'Identity: YOUR-IDENTITY' \
     --data '
{
     "restriction_type": "amount",
     "max_amount": "175.00"
}
require 'uri'
require 'net/http'
require 'openssl'

url = URI("https://sandbox.bond.tech/api/v0/cards/card_id/restrictions/")

http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true

request = Net::HTTP::Post.new(url)
request["Content-Type"] = 'application/json'
request["Identity"] = 'YOUR-IDENTITY'
request["Authorization"] = 'YOUR-AUTHORIZATION'
request.body = "{\"restriction_type\":\"amount\",\"max_amount\":\"175.00\"}"

response = http.request(request)
puts response.read_body
const options = {
  method: 'POST',
  headers: {
    'Content-Type': 'application/json',
    Identity: 'YOUR-IDENTITY',
    Authorization: 'YOUR-AUTHORIZATION'
  },
  body: JSON.stringify({restriction_type: 'amount', max_amount: '175.00'})
};

fetch('https://sandbox.bond.tech/api/v0/cards/card_id/restrictions/', options)
  .then(response => response.json())
  .then(response => console.log(response))
  .catch(err => console.error(err));
import requests

url = "https://sandbox.bond.tech/api/v0/cards/card_id/restrictions/"

payload = {
    "restriction_type": "amount",
    "max_amount": "175.00"
}
headers = {
    "Content-Type": "application/json",
    "Identity": "YOUR-IDENTITY",
    "Authorization": "YOUR-AUTHORIZATION"
}

response = requests.request("POST", url, json=payload, headers=headers)

print(response.text)
var client = new RestClient("https://sandbox.bond.tech/api/v0/cards/card_id/restrictions/");
var request = new RestRequest(Method.POST);
request.AddHeader("Content-Type", "application/json");
request.AddHeader("Identity", "YOUR-IDENTITY");
request.AddHeader("Authorization", "YOUR-AUTHORIZATION");
request.AddParameter("application/json", "{\"restriction_type\":\"amount\",\"max_amount\":\"175.00\"}", ParameterType.RequestBody);
IRestResponse response = client.Execute(request);
OkHttpClient client = new OkHttpClient();

MediaType mediaType = MediaType.parse("application/json");
RequestBody body = RequestBody.create(mediaType, "{\"restriction_type\":\"amount\",\"max_amount\":\"175.00\"}");
Request request = new Request.Builder()
  .url("https://sandbox.bond.tech/api/v0/cards/card_id/restrictions/")
  .post(body)
  .addHeader("Content-Type", "application/json")
  .addHeader("Identity", "YOUR-IDENTITY")
  .addHeader("Authorization", "YOUR-AUTHORIZATION")
  .build();

Response response = client.newCall(request).execute();

A response to a successful request to place a transaction restriction is shown below.

{
    "uuid": "da4ab5b1-77d4-4c25-b791-1f01ff7bce27",
    "card_id": "8d8b0aa0-5eec-4eab-923d-2bd777c9a07d",
    "restriction_type": "amount",
    "max_amount": "175.00",
    "date_created": "2020-05-29T14:59:38.386850",
    "date_updated": "2020-06-29T14:59:38.386930"
}

📘

Note

Cards can only have one amount restriction. When you set a new card restriction, any existing restriction is overwritten.

For a complete specification and interactive examples, see Creating a card restriction in the Bond API Reference.

Retrieving card restrictions

To retrieve a specific restriction on a card, use the GET /cards/{card_id}/restrictions/{restriction_id} operation with no further parameters.

To retrieve a list of all restrictions set on a card, use the GET /cards/{card_id}/restrictions method with no further parameters as shown in the example below.

curl --request GET \
  --url https://sandbox.bond.tech/api/v0/cards/card_id/restrictions \
  --header 'Authorization: YOUR-AUTHORIZATION' \
  --header 'Identity: YOUR-IDENTITY'
require 'uri'
require 'net/http'
require 'openssl'

url = URI("https://sandbox.bond.tech/api/v0/cards/card_id/restrictions")

http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true

request = Net::HTTP::Get.new(url)
request["Identity"] = 'YOUR-IDENTITY'
request["Authorization"] = 'YOUR-AUTHORIZATION'

response = http.request(request)
puts response.read_body
const options = {
  method: 'GET',
  headers: {
    Identity: 'YOUR-IDENTITY',
    Authorization: 'YOUR-AUTHORIZATION'
  }
};

fetch('https://sandbox.bond.tech/api/v0/cards/card_id/restrictions', options)
  .then(response => response.json())
  .then(response => console.log(response))
  .catch(err => console.error(err));
import requests

url = "https://sandbox.bond.tech/api/v0/cards/card_id/restrictions"

headers = {
    "Identity": "YOUR-IDENTITY",
    "Authorization": "YOUR-AUTHORIZATION"
}

response = requests.request("GET", url, headers=headers)

print(response.text)
var client = new RestClient("https://sandbox.bond.tech/api/v0/cards/card_id/restrictions");
var request = new RestRequest(Method.GET);
request.AddHeader("Identity", "YOUR-AUTHORIZATION");
request.AddHeader("Authorization", "YOUR-AUTHORIZATION");
IRestResponse response = client.Execute(request);
OkHttpClient client = new OkHttpClient();

Request request = new Request.Builder()
  .url("https://sandbox.bond.tech/api/v0/cards/card_id/restrictions")
  .get()
  .addHeader("Identity", "YOUR-AUTHORIZATION")
  .addHeader("Authorization", "YOUR-AUTHORIZATION")
  .build();

Response response = client.newCall(request).execute();

An example of a successful request to retrieve all restrictions is shown below.

{
    "card": "8d8b0aa0-5eec-4eab-923d-2bd777c9a07d",
    "restrictions": [
        {
        "uuid": "5fb767a2-f3f7-4a9b-9f5f-63bf87a8553a",
        "card_id": "8d8b0aa0-5eec-4eab-923d-2bd777c9a07d",
        "restriction_type": "amount",
        "max_amount": "100.00",
        "date_created": "2020-05-29T14:59:38.386850",
        "date_updated": "2020-06-29T14:59:38.386930"
        }
    ],
}

For a complete specification and interactive examples, see Retrieving card restrictions in the Bond API Reference.

Editing a card restriction

To edit a specific card restriction, use the PATCH /cards/{card_id}/restrictions/{restriction_id} operation and provide the parameters shown in the table below.

Parameter

Type (* Required)

Description

amount
required

String

Currently only amount is supported.

max_amount
required

String

Value of the transaction restriction in decimal format with two decimal places, for example 175.00.
Maximum amount is 100,000.00.

For a complete specification and interactive examples, see Editing a card restriction in the Bond API Reference.

Removing a card restriction

To remove a specific card restriction, use the DELETE /cards/{card_id}/restrictions/{restriction_id} method with no other parameters.

An example of a request to remove a card restriction is shown below.

curl --request DELETE \
  --url https://sandbox.bond.tech/api/v0/cards/card_id/restrictions/restriction_id \
  --header 'Authorization: YOUR-AUTHORIZATION' \
  --header 'Identity: YOUR-IDENTITY'
require 'uri'
require 'net/http'
require 'openssl'

url = URI("https://sandbox.bond.tech/api/v0/cards/card_id/restrictions/restriction_id")

http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true

request = Net::HTTP::Delete.new(url)
request["Identity"] = 'YOUR-IDENTITY'
request["Authorization"] = 'YOUR-AUTHORIZATION'

response = http.request(request)
puts response.read_body
const options = {
  method: 'DELETE',
  headers: {
    Identity: 'YOUR-IDENTITY',
    Authorization: 'YOUR-AUTHORIZATION'
  }
};

fetch('https://sandbox.bond.tech/api/v0/cards/card_id/restrictions/restriction_id', options)
  .then(response => response.json())
  .then(response => console.log(response))
  .catch(err => console.error(err));
import requests

url = "https://sandbox.bond.tech/api/v0/cards/card_id/restrictions/restriction_id"

headers = {
    "Identity": "YOUR-IDENTITY",
    "Authorization": "YOUR-AUTHORIZATION"
}

response = requests.request("DELETE", url, headers=headers)

print(response.text)
var client = new RestClient("https://sandbox.bond.tech/api/v0/cards/card_id/restrictions/restriction_id");
var request = new RestRequest(Method.DELETE);
request.AddHeader("Identity", "YOUR-IDENTITY");
request.AddHeader("Authorization", "YOUR-AUTHORIZATION");
IRestResponse response = client.Execute(request);
OkHttpClient client = new OkHttpClient();

Request request = new Request.Builder()
  .url("https://sandbox.bond.tech/api/v0/cards/card_id/restrictions/restriction_id")
  .delete(

An example of a successful response to a request to remove a card restriction is shown below.

{
    "Status": "Card Restriction Removed"
}

For a complete specification and interactive examples, see Removing a card restriction in the Bond API Reference.


Did this page help you?