5. Creating a card

This page describes how to create a new card for your customer.

You can create a debit or a credit card for customers who have passed either the KYC verification or the KBAKBA - Knowledge Based Authentication. A form of identity validation done by prompting the user to answer questions based on their private information. Performed in the event that the KYC process fails. Generally KBA is interchangeable with OOW. For example, "Out of these 4 addresses, in which have you resided previously?". process. The card creation process automatically generates a card account at the same time. The card account is closely coupled to the card, but is logically distinct.

The card contains information relating to the physical or virtual card, while the card account contains broader information, such as what bank accounts it's connected to.

You specify whether a card is a debit or credit card when you make the API request to create the card.

Upon creation, your customer can immediately use the virtual card. If they've been issued with a physical card, they can only use it once it's been activated. See activating a physical card.

Creating a card and card account

A card and card account are simultaneously created from a single POST request that must contain both the program_id and customer_id. The program ID references the details about your card program with Bond Studio.

program_id is a primary key reference to all information related to your brand’s card program. It is visible in Bond Studio OS and contains information such as:

  1. The KYC provider
  2. Whether it is a debit/credit program
  3. The card processor
  4. The BINBIN - Bank Identification Number. An identification number consisting of a two-part code assigned to banks and savings associations; the first part shows the location and the second identifies the bank itself. provider

To create a card and card account, use the POST /cards operation and provide the customer_idandcard_program_id` as detailed in the cards API.

curl --request POST \
  --url https://sandbox.bond.tech/api/v0/cards \
  --header 'Identity: YOUR-IDENTITY' \
  --header 'Authorization: YOUR-AUTHORIZATION' \
  --header 'Content-Type: application/json' \
  --data '{"customer_id":"094cd49b-6412-429f-a396-314097a6c3b9", 
import requests

url = "https://sandbox.bond.tech/api/v0/core/card"

payload = {
headers = {
  "Content-Type": "application/json",
  "Identity": YOUR-IDENTITY,
  "Authorization": YOUR-AUTHORIZATION

response = requests.request("POST", url, json=payload, headers=headers)

require 'uri'
require 'net/http'
require 'openssl'

url = URI("https://sandbox.bond.tech/api/v0/core/card")

http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true
http.verify_mode = OpenSSL::SSL::VERIFY_NONE

request = Net::HTTP::Post.new(url)
request["Content-Type"] = 'application/json'
request["Identity"] = YOUR-IDENTITY
request["Authorization"] = YOUR-AUTHORIZATION
request.body = "{\"customer_id\":\"094cd49b-6412-429f-a396-314097a6c3b9\",\"program_id\":\"2742ff6a-7455-4066-8b45-ae12d3acca34\"}"

response = http.request(request)
puts response.read_body
const data = JSON.stringify({

const xhr = new XMLHttpRequest();

xhr.addEventListener("readystatechange", function () {
  if (this.readyState === this.DONE) {

xhr.open("POST", "https://sandbox.bond.tech/api/v0/core/card");
xhr.setRequestHeader("Content-Type", "application/json");
xhr.setRequestHeader("Identity", YOUR-IDENTITY);
xhr.setRequestHeader("Authorization", YOUR-AUTHORIZATION);

var client = new RestClient("https://sandbox.bond.tech/api/v0/core/card");
var request = new RestRequest(Method.POST);
request.AddHeader("Content-Type", "application/json");
request.AddHeader("Identity", YOUR-IDENTITY);
request.AddHeader("Authorization", YOUR-AUTHORIZATION);
request.AddParameter("application/json", "{\"customer_id\":\"094cd49b-6412-429f-a396-314097a6c3b9\",\"program_id\":\"2742ff6a-7455-4066-8b45-ae12d3acca34\"}", ParameterType.RequestBody);
IRestResponse response = client.Execute(request);
OkHttpClient client = new OkHttpClient();

MediaType mediaType = MediaType.parse("application/json");
RequestBody body = RequestBody.create(mediaType, "{\"customer_id\":\"094cd49b-6412-429f-a396-314097a6c3b9\",\"program_id\":\"2742ff6a-7455-4066-8b45-ae12d3acca34\"}");
Request request = new Request.Builder()
  .addHeader("Content-Type", "application/json")
  .addHeader("Identity", YOUR-IDENTITY)
  .addHeader("Authorization", YOUR-AUTHORIZATION)

Response response = client.newCall(request).execute();

A successful response returns the card_id and card_account_id similar to the example shown below.

    "card_id": "2742ff6a-7455-4066-8b45-ae12d3acca34",
    "last_four": 6169,
    "status": "Inactive",
    "card_account_id": "8d8b0aa0-5eec-4eab-923d-2bd777c9a07d",
    "customer_id": "094cd49b-6412-429f-a396-314097a6c3b9"

Did this page help you?