Guides Use cases API Changelog
  1. API reference
  2. Money movement
  3. Card issuing

List spending cards

List Moov issued cards existing for the account.

To access this endpoint using an access token you'll need to specify the /accounts/{accountID}/issued-cards.read scope.

GET
/issuing/{accountID}/cards
curl -X GET "https://api.moov.io/issuing/{accountID}/cards" \
  -H "Authorization: Bearer {token}" \
  -H "X-Moov-Version: v2026.04.00"
import { Moov } from "@moovio/sdk";

const moov = new Moov({
  security: {
    username: "",
    password: "",
  },
});

async function run() {
  const result = await moov.cardIssuing.list({
    accountID: "17c958e0-3abe-46e5-8afb-98742f1fb8ac",
    skip: 60,
    count: 20,
  });

  console.log(result);
}

run();
declare(strict_types=1);

require 'vendor/autoload.php';

use Moov\MoovPhp;
use Moov\MoovPhp\Models\Components;

$sdk = MoovPhp\Moov::builder()
    ->setSecurity(
        new Components\Security(
            username: '',
            password: '',
        )
    )
    ->build();



$response = $sdk->cardIssuing->list(
    accountID: '17c958e0-3abe-46e5-8afb-98742f1fb8ac',
    skip: 60,
    count: 20

);

if ($response->issuedCards !== null) {
    // handle response
}
package hello.world;

import io.moov.sdk.Moov;
import io.moov.sdk.models.components.Security;
import io.moov.sdk.models.operations.ListIssuedCardsResponse;
import java.lang.Exception;

public class Application {

    public static void main(String[] args) throws Exception {

        Moov sdk = Moov.builder()
                .security(Security.builder()
                    .username("")
                    .password("")
                    .build())
            .build();

        ListIssuedCardsResponse res = sdk.cardIssuing().list()
                .accountID("17c958e0-3abe-46e5-8afb-98742f1fb8ac")
                .skip(60L)
                .count(20L)
                .call();

        if (res.issuedCards().isPresent()) {
            System.out.println(res.issuedCards().get());
        }
    }
}
from moovio_sdk import Moov
from moovio_sdk.models import components


with Moov(
    security=components.Security(
        username="",
        password="",
    ),
) as moov:

    res = moov.card_issuing.list(account_id="17c958e0-3abe-46e5-8afb-98742f1fb8ac", skip=60, count=20)

    # Handle response
    print(res)
require 'moov_ruby'

Models = ::Moov::Models
s = ::Moov::Client.new(
  security: Models::Components::Security.new(
    username: '',
    password: ''
  )
)
res = s.card_issuing.list(account_id: '17c958e0-3abe-46e5-8afb-98742f1fb8ac', skip: 60, count: 20)

unless res.issued_cards.nil?
  # handle response
end
using Moov.Sdk;
using Moov.Sdk.Models.Components;

var sdk = new MoovClient(security: new Security() {
    Username = "",
    Password = "",
});

var res = await sdk.CardIssuing.ListAsync(
    accountID: "17c958e0-3abe-46e5-8afb-98742f1fb8ac",
    skip: 60,
    count: 20
);

// handle response
200 401 403 429 500 504
The request completed successfully.
application/json
Example
[
  {
    "issuedCardID": "string",
    "brand": "Visa",
    "lastFourCardNumber": "string",
    "expiration": {
      "month": "01",
      "year": "21"
    },
    "fundingWalletID": "string",
    "authorizedUserAccountID": "string",
    "nickname": "string",
    "metadata": {
      "optional": "metadata"
    },
    "billingAddress": {
      "addressLine1": "123 Main Street",
      "addressLine2": "Apt 302",
      "city": "Boulder",
      "stateOrProvince": "CO",
      "postalCode": "80301",
      "country": "US"
    },
    "state": "active",
    "formFactor": "virtual",
    "controls": {
      "singleUse": true,
      "velocityLimits": [
        {
          "amount": 10000,
          "interval": "per-transaction"
        }
      ]
    },
    "createdOn": "2019-08-24T14:15:22Z",
    "updatedOn": "2019-08-24T14:15:22Z"
  }
]

Response headers

x-request-id

string required
A unique identifier used to trace requests.
The request contained missing or expired authentication.

Response headers

x-request-id

string required
A unique identifier used to trace requests.
The user is not authorized to make the request.

Response headers

x-request-id

string required
A unique identifier used to trace requests.
Request was refused due to rate limiting.

Response headers

x-request-id

string required
A unique identifier used to trace requests.
The request failed due to an unexpected error.

Response headers

x-request-id

string required
A unique identifier used to trace requests.
The request failed because a downstream service failed to respond.

Response headers

x-request-id

string required
A unique identifier used to trace requests.

Headers

X-Moov-Version

string
Set this header to v2026.04.00 to use the API described in this specification. When omitted, the server defaults to v2024.01.00, which may not match the behavior documented here.
Possible values: v2026.04.00

Path parameters

accountID

string required
The Moov business account for which the cards have been issued.

Query parameters

skip

integer <int64>

count

integer <int64>
Default: 200

states

array
Optional, comma-separated states to filter the Moov list issued cards response. For example active,pending-verification

Response

application/json

authorizedUserAccountID

string
Identifier for the account of the card's authorized user.

billingAddress

object
Billing address associated with the card.
Show child attributes

addressLine1

string <=60 characters required Pattern

addressLine2

string <=32 characters Pattern

city

string <=32 characters required Pattern

country

string <=2 characters required

postalCode

string <=5 characters required

stateOrProvince

string <=2 characters required

brand

string<enum>
The card brand.
Possible values: American Express, Discover, Mastercard, Visa, Unknown

controls

object
Show child attributes

singleUse

boolean
Indicates if the card is single-use. If true, the card closes after the first authorization.

velocityLimits

array<object>
Sets the spending limit per time interval. Only one limit per interval is supported.
Show child attributes

amount

integer<int64>
The maximum amount in cents that can be spent in a given interval.

interval

string<enum>
Specifies the time frame for the velocity limit. Currently supports only per-transaction limits.
Possible values: per-transaction

createdOn

string<date-time>

expiration

object
The expiration date of the card or token.
Show child attributes

month

string 2 characters required
Two-digit month the card expires.

year

string 2 characters required
Two-digit year the card expires.

formFactor

string<enum>
Specifies the type of spend card to be issued. Presently supports virtual only, providing a digital number without a physical card.
Possible values: virtual

fundingWalletID

string
Unique identifier for the wallet funding the card.

issuedCardID

string

lastFourCardNumber

string

metadata

object
Free-form key-value pair list. Useful for storing information that is not captured elsewhere.

nickname

string
An optional descriptive name for the card.

state

string<enum>

The state represents the operational status of an issued card. A card can only approve incoming authorizations if it is in an active state.

  • active: The card is operational and approves authorizations. Generally becomes active shortly after card creation.
  • inactive: The card cannot approve authorizations. This is currently a temporary state assigned post-creation during the activation process.
  • closed: The card is permanently deactivated and cannot approve authorizations. A card can be closed by request or when it expires.
  • pending-verification: Awaiting additional authorized user verification before the card can be activated.
Possible values: active, inactive, pending-verification, closed

updatedOn

string<date-time>