Create a spending card
Request a virtual card be issued.
To access this endpoint using an access token
you'll need to specify the /accounts/{accountID}/issued-cards.write scope.
POST
/issuing/{accountID}/cards
curl -X POST "https://api.moov.io/issuing/{accountID}/cards" \
-H "Authorization: Bearer {token}" \
-H "X-Moov-Version: v2026.04.00"import { Moov } from "@moovio/sdk";
const moov = new Moov({
security: {
username: "",
password: "",
},
});
async function run() {
const result = await moov.cardIssuing.request({
accountID: "d9ac71ae-fccb-4dfc-9fed-710ca654e3ed",
requestCard: {
metadata: {
"optional": "metadata",
},
billingAddress: {
addressLine1: "123 Main Street",
addressLine2: "Apt 302",
city: "Boulder",
stateOrProvince: "CO",
postalCode: "80301",
country: "US",
},
expiration: {
month: "01",
year: "21",
},
controls: {
velocityLimits: [
{
amount: 10000,
interval: "per-transaction",
},
],
},
},
});
console.log(result);
}
run();declare(strict_types=1);
require 'vendor/autoload.php';
use Moov\MoovPhp;
use Moov\MoovPhp\Models\Components;
$sdk = MoovPhp\Moov::builder()
->setSecurity(
new Components\Security(
username: '',
password: '',
)
)
->build();
$requestCard = new Components\RequestCard(
metadata: [
'optional' => 'metadata',
],
billingAddress: new Components\Address(
addressLine1: '123 Main Street',
addressLine2: 'Apt 302',
city: 'Boulder',
stateOrProvince: 'CO',
postalCode: '80301',
country: 'US',
),
expiration: new Components\CardExpiration(
month: '01',
year: '21',
),
controls: new Components\IssuingControls(
velocityLimits: [
new Components\IssuingVelocityLimit(
amount: 10000,
interval: Components\IssuingIntervalLimit::PerTransaction,
),
],
),
);
$response = $sdk->cardIssuing->request(
accountID: 'd9ac71ae-fccb-4dfc-9fed-710ca654e3ed',
requestCard: $requestCard
);
if ($response->issuedCard !== null) {
// handle response
}package hello.world;
import io.moov.sdk.Moov;
import io.moov.sdk.models.components.*;
import io.moov.sdk.models.errors.GenericError;
import io.moov.sdk.models.errors.RequestCardError;
import io.moov.sdk.models.operations.RequestCardResponse;
import java.lang.Exception;
import java.util.List;
import java.util.Map;
public class Application {
public static void main(String[] args) throws GenericError, RequestCardError, Exception {
Moov sdk = Moov.builder()
.security(Security.builder()
.username("")
.password("")
.build())
.build();
RequestCardResponse res = sdk.cardIssuing().request()
.accountID("d9ac71ae-fccb-4dfc-9fed-710ca654e3ed")
.requestCard(RequestCard.builder()
.metadata(Map.ofEntries(
Map.entry("optional", "metadata")))
.billingAddress(Address.builder()
.addressLine1("123 Main Street")
.city("Boulder")
.stateOrProvince("CO")
.postalCode("80301")
.country("US")
.addressLine2("Apt 302")
.build())
.expiration(CardExpiration.builder()
.month("01")
.year("21")
.build())
.controls(IssuingControls.builder()
.velocityLimits(List.of(
IssuingVelocityLimit.builder()
.amount(10000L)
.interval(IssuingIntervalLimit.PER_TRANSACTION)
.build()))
.build())
.build())
.call();
if (res.issuedCard().isPresent()) {
System.out.println(res.issuedCard().get());
}
}
}from moovio_sdk import Moov
from moovio_sdk.models import components
with Moov(
security=components.Security(
username="",
password="",
),
) as moov:
res = moov.card_issuing.request(account_id="d9ac71ae-fccb-4dfc-9fed-710ca654e3ed", metadata={
"optional": "metadata",
}, billing_address={
"address_line1": "123 Main Street",
"address_line2": "Apt 302",
"city": "Boulder",
"state_or_province": "CO",
"postal_code": "80301",
"country": "US",
}, expiration={
"month": "01",
"year": "21",
}, controls={
"velocity_limits": [
{
"amount": 10000,
"interval": components.IssuingIntervalLimit.PER_TRANSACTION,
},
],
})
# Handle response
print(res)require 'moov_ruby'
Models = ::Moov::Models
s = ::Moov::Client.new(
security: Models::Components::Security.new(
username: '',
password: ''
)
)
res = s.card_issuing.request(account_id: '4d9ac71a-efcc-4bdf-bcfe-d710ca654e3e', request_card: Models::Components::RequestCard.new(
metadata: {
'optional' => 'metadata',
},
billing_address: Models::Components::Address.new(
address_line1: '123 Main Street',
address_line2: 'Apt 302',
city: 'Boulder',
state_or_province: 'CO',
postal_code: '80301',
country: 'US'
),
expiration: Models::Components::CardExpiration.new(
month: '01',
year: '21'
),
controls: Models::Components::IssuingControls.new(
velocity_limits: [
Models::Components::IssuingVelocityLimit.new(
amount: 10_000,
interval: Models::Components::IssuingIntervalLimit::PER_TRANSACTION
),
]
)
))
unless res.issued_card.nil?
# handle response
endusing Moov.Sdk;
using Moov.Sdk.Models.Components;
using System.Collections.Generic;
var sdk = new MoovClient(security: new Security() {
Username = "",
Password = "",
});
var res = await sdk.CardIssuing.RequestAsync(
accountID: "4d9ac71a-efcc-4bdf-bcfe-d710ca654e3e",
body: new RequestCard() {
Metadata = new Dictionary<string, string>() {
{ "optional", "metadata" },
},
BillingAddress = new Address() {
AddressLine1 = "123 Main Street",
AddressLine2 = "Apt 302",
City = "Boulder",
StateOrProvince = "CO",
PostalCode = "80301",
Country = "US",
},
Expiration = new CardExpiration() {
Month = "01",
Year = "21",
},
Controls = new IssuingControls() {
VelocityLimits = new List<IssuingVelocityLimit>() {
new IssuingVelocityLimit() {
Amount = 10000,
Interval = IssuingIntervalLimit.PerTransaction,
},
},
},
}
);
// handle responseThe request completed successfully.
{
"issuedCardID": "string",
"brand": "Visa",
"lastFourCardNumber": "string",
"expiration": {
"month": "01",
"year": "21"
},
"fundingWalletID": "string",
"authorizedUserAccountID": "string",
"nickname": "string",
"metadata": {
"optional": "metadata"
},
"billingAddress": {
"addressLine1": "123 Main Street",
"addressLine2": "Apt 302",
"city": "Boulder",
"stateOrProvince": "CO",
"postalCode": "80301",
"country": "US"
},
"state": "active",
"formFactor": "virtual",
"controls": {
"singleUse": true,
"velocityLimits": [
{
"amount": 10000,
"interval": "per-transaction"
}
]
},
"createdOn": "2019-08-24T14:15:22Z",
"updatedOn": "2019-08-24T14:15:22Z"
}Response headers
x-request-id
string
required
A unique identifier used to trace requests.
The server could not understand the request due to invalid syntax.
{
"error": "string"
}Response headers
x-request-id
string
required
A unique identifier used to trace requests.
The request contained missing or expired authentication.
Response headers
x-request-id
string
required
A unique identifier used to trace requests.
The user is not authorized to make the request.
Response headers
x-request-id
string
required
A unique identifier used to trace requests.
The requested resource was not found.
Response headers
x-request-id
string
required
A unique identifier used to trace requests.
The request was well-formed, but the contents failed validation. Check the request for missing or invalid fields.
{
"authorizedUserAccountID": "string",
"nickname": "string",
"metadata": "string",
"billingAddress": {
"addressLine1": "string",
"addressLine2": "string",
"city": "string",
"stateOrProvince": "string",
"postalCode": "string",
"country": "string"
},
"expiration": {
"month": "string",
"year": "string"
},
"controls": {
"velocityLimits": {
"0": {
"amount": "must be no less than 1",
"interval": "must be a valid value"
}
}
}
}Response headers
x-request-id
string
required
A unique identifier used to trace requests.
Request was refused due to rate limiting.
Response headers
x-request-id
string
required
A unique identifier used to trace requests.
The request failed due to an unexpected error.
Response headers
x-request-id
string
required
A unique identifier used to trace requests.
The request failed because a downstream service failed to respond.
Response headers
x-request-id
string
required
A unique identifier used to trace requests.
Headers
X-Moov-Version
string
Set this header to v2026.04.00 to use the API described in this specification. When omitted, the server defaults to v2024.01.00, which may not match the behavior documented here.
Possible values:
v2026.04.00
Path parameters
accountID
string
required
The Moov business account for which the card is to be issued.
Body
application/json
authorizedUserAccountID
string
billingAddress
object
Show child attributes
addressLine1
string
<=60 characters
required
Pattern
city
string
<=32 characters
required
Pattern
country
string
<=2 characters
required
postalCode
string
<=5 characters
required
stateOrProvince
string
<=2 characters
required
addressLine2
string
<=32 characters
Pattern
controls
object
Show child attributes
singleUse
boolean
Indicates if the card is single-use. If true, the card closes after the first authorization.
velocityLimits
array<object>
Sets the spending limit per time interval. Only one limit per interval is supported.
Show child attributes
amount
integer<int64>
The maximum amount in cents that can be spent in a given interval.
interval
string<enum>
Specifies the time frame for the velocity limit. Currently supports only per-transaction limits.
Possible values:
per-transaction
expiration
object
The expiration date of the card or token.
Show child attributes
month
string
2 characters
required
Two-digit month the card expires.
year
string
2 characters
required
Two-digit year the card expires.
metadata
object
Free-form key-value pair list. Useful for storing information that is not captured elsewhere.
nickname
string
Response
brand
string<enum>
required
The card brand.
Possible values:
American Express,
Discover,
Mastercard,
Visa,
Unknown
createdOn
string<date-time>
required
expiration
object
required
The expiration date of the card or token.
Show child attributes
month
string
2 characters
required
Two-digit month the card expires.
year
string
2 characters
required
Two-digit year the card expires.
formFactor
string<enum>
required
Specifies the type of spend card to be issued. Presently supports virtual only, providing a digital number without a physical card.
Possible values:
virtual
fundingWalletID
string
required
Unique identifier for the wallet funding the card.
issuedCardID
string
required
lastFourCardNumber
string
required
state
string<enum>
required
The state represents the operational status of an issued card. A card can only approve incoming authorizations if it is in an active state.
active: The card is operational and approves authorizations. Generally becomes active shortly after card creation.inactive: The card cannot approve authorizations. This is currently a temporary state assigned post-creation during the activation process.closed: The card is permanently deactivated and cannot approve authorizations. A card can be closed by request or when it expires.pending-verification: Awaiting additional authorized user verification before the card can be activated.
Possible values:
active,
inactive,
pending-verification,
closed
updatedOn
string<date-time>
required
authorizedUserAccountID
string
Identifier for the account of the card's authorized user.
billingAddress
object
Billing address associated with the card.
Show child attributes
addressLine1
string
<=60 characters
required
Pattern
addressLine2
string
<=32 characters
Pattern
city
string
<=32 characters
required
Pattern
country
string
<=2 characters
required
postalCode
string
<=5 characters
required
stateOrProvince
string
<=2 characters
required
controls
object
Show child attributes
singleUse
boolean
Indicates if the card is single-use. If true, the card closes after the first authorization.
velocityLimits
array<object>
Sets the spending limit per time interval. Only one limit per interval is supported.
Show child attributes
amount
integer<int64>
The maximum amount in cents that can be spent in a given interval.
interval
string<enum>
Specifies the time frame for the velocity limit. Currently supports only per-transaction limits.
Possible values:
per-transaction
metadata
object
Free-form key-value pair list. Useful for storing information that is not captured elsewhere.
nickname
string
An optional descriptive name for the card.