> ## Documentation Index
> Fetch the complete documentation index at: https://docs.slash.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Retrieve card

> Fetch details for a single card by card ID

To reveal the full PAN or CVV of the card, you must:

1. Set the query params `include_pan=true` and/or `include_cvv=true`.
2. Set the base URL of the request to `https://vault.slash.com`.

```bash theme={null}
curl --request GET \
  --url "https://vault.slash.com/card/<cardId>?include_pan=true&include_cvv=true" \
  --header 'X-API-Key: <x-api-key>'
```


## OpenAPI

````yaml get /card/{cardId}
openapi: 3.1.0
info:
  title: Slash Public API
  description: API description
  version: 0.0.1
  contact: {}
servers:
  - url: https://api.slash.com
    description: production
security:
  - api_key: []
  - partner_api_key: []
  - bearer: []
  - developer_application: []
paths:
  /card/{cardId}:
    parameters:
      - name: cardId
        in: path
        schema:
          type: string
        required: true
    get:
      description: Fetch details for a single card by card ID
      parameters:
        - in: query
          name: include_pan
          schema:
            type: string
            enum:
              - 'true'
              - 'false'
          required: false
        - in: query
          name: include_cvv
          schema:
            type: string
            enum:
              - 'true'
              - 'false'
          required: false
      responses:
        '200':
          description: OK
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/Card'
                x-entrypoint:
                  virtualPath: schemas/Card
                  sourcePath: schemas/Card.yaml
                  title: Card
                  origin: ./src/publicApi
        '401':
          description: Unauthorized
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/Error'
        '403':
          description: Forbidden
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/Error'
        '429':
          description: TooManyRequests
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/Error'
        '500':
          description: Internal Error
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/Error'
      security:
        - api_key: []
        - bearer: []
components:
  schemas:
    Card:
      type: object
      properties:
        id:
          type: string
        accountId:
          type: string
          description: The account that this card is associated with
        virtualAccountId:
          type: string
          description: The virtual account that this card is associated with
        last4:
          type: string
          description: The last 4 digits of the card number
        name:
          type: string
          description: The name assigned to the card that appears on the user dashboard
        expiryMonth:
          type: string
          description: The month the card expires formatted as MM (01, 02, ..., 12)
        expiryYear:
          type: string
          description: The year the card expires formatted as YYYY (2024, 2025, ...)
        status:
          allOf:
            - $ref: '#/components/schemas/CardStatus'
              x-entrypoint:
                virtualPath: schemas/CardStatus
                sourcePath: schemas/CardStatus.yaml
                title: CardStatus
                origin: ./src/publicApi
            - description: The status of the card
        isPhysical:
          type: boolean
          description: >-
            When true, a physical card has been issued. Otherwise, this is a
            virtual card.
        isSingleUse:
          type: boolean
          description: >-
            When true, the card will be automatically closed after a single
            authorization attempt. Note that the card will be closed even if the
            authorization declines or drops
        pan:
          type: string
          description: >-
            This field contains the full PAN which will only be sent on a
            request for a single card when you set the query param "include_pan"
            to "true"
        cvv:
          type: string
          description: >-
            This field will contain full CVV which will only be sent on a
            request for a single card when you set the query param "include_pan"
            to "true"
        cardGroupId:
          type: string
          description: The card group the card belongs to.
        cardGroupName:
          type: string
          description: The name of the card group the card belongs to.
        createdAt:
          type: string
          format: date-time
        spendingConstraint:
          $ref: '#/components/schemas/SpendingConstraint'
          description: The spending constraint applied to the card
          x-entrypoint:
            virtualPath: schemas/SpendingConstraint
            sourcePath: schemas/SpendingConstraint.yaml
            title: SpendingConstraint
            origin: ./src/publicApi
        userData:
          type: object
          description: >-
            Arbitrary information that can be attached to the card. See the
            [`PATCH /card/{cardId}`](api-reference/card-patch) endpoint for more
            details on how to add user data.
        cardProductId:
          type: string
          description: The ID of the card product this card was created with.
        modifiers:
          type: array
          items:
            $ref: '#/components/schemas/CardModifier'
            x-entrypoint:
              virtualPath: schemas/CardModifier
              sourcePath: schemas/CardModifier.yaml
              title: CardModifier
              origin: ./src/publicApi
          description: >-
            The modifiers applied to this card. Modifiers control card behavior
            like restricting to recurring payments only.
      required:
        - id
        - accountId
        - last4
        - name
        - expiryMonth
        - expiryYear
        - status
        - isPhysical
      x-entrypoint:
        virtualPath: schemas/Card
        sourcePath: schemas/Card.yaml
        title: Card
        origin: ./src/publicApi
      title: Card
    Error:
      type: object
      properties:
        message:
          type: string
        name:
          type: string
        identifier:
          type: string
        rawStatus:
          type: number
        meta:
          type: object
          additionalProperties: true
      required:
        - message
        - name
        - identifier
        - rawStatus
      x-entrypoint:
        origin: ./src/publicApi
        sourcePath: ./src/publicApi/main.yaml
        title: Error
        virtualPath: components/Error
      title: Error
    CardStatus:
      type: string
      enum:
        - active
        - paused
        - inactive
        - closed
      x-entrypoint:
        virtualPath: schemas/CardStatus
        sourcePath: schemas/CardStatus.yaml
        title: CardStatus
        origin: ./src/publicApi
      title: CardStatus
    SpendingConstraint:
      type: object
      description: A constraint that can be applied to a CardGroupSpendingRule
      properties:
        merchantCategoryRule:
          type: object
          nullable: true
          properties:
            merchantCategories:
              type: array
              items:
                type: string
            restriction:
              $ref: '#/components/schemas/Restriction'
              x-entrypoint:
                virtualPath: schemas/Restriction
                sourcePath: schemas/Restriction.yaml
                title: Restriction
                origin: ./src/publicApi
          required:
            - merchantCategories
            - restriction
        merchantRule:
          type: object
          nullable: true
          properties:
            merchants:
              type: array
              items:
                type: string
            restriction:
              $ref: '#/components/schemas/Restriction'
              x-entrypoint:
                virtualPath: schemas/Restriction
                sourcePath: schemas/Restriction.yaml
                title: Restriction
                origin: ./src/publicApi
          required:
            - merchants
            - restriction
        spendingRule:
          type: object
          nullable: true
          properties:
            utilizationLimit:
              type: object
              properties:
                timezone:
                  type: string
                  description: >-
                    IANA timezone string. Limits always reset at midnight of the
                    timezone specified. If no timezone is specified, then UTC
                    time is used.
                limitAmount:
                  $ref: '#/components/schemas/Money'
                  x-entrypoint:
                    virtualPath: schemas/Money
                    sourcePath: schemas/Money.yaml
                    title: Money
                    origin: ./src/publicApi
                preset:
                  type: string
                  enum:
                    - daily
                    - weekly
                    - monthly
                    - yearly
                    - collective
                startDate:
                  type: string
                  description: >-
                    Format ISO-8601. A day that equals today or the past. This
                    is optional.If the `preset` is "daily", this value is
                    ignored. If the `preset` is "weekly", "monthly" or "yearly",
                    then the this value is used to compute when the limit should
                    start limit.
              required:
                - limitAmount
                - preset
            utilizationLimitV2:
              type: array
              items:
                type: object
                properties:
                  timezone:
                    type: string
                    description: >-
                      IANA timezone string. Limits always reset at midnight of
                      the timezone specified. If no timezone is specified, then
                      UTC time is used.
                  limitAmount:
                    $ref: '#/components/schemas/Money'
                    x-entrypoint:
                      virtualPath: schemas/Money
                      sourcePath: schemas/Money.yaml
                      title: Money
                      origin: ./src/publicApi
                  preset:
                    type: string
                    enum:
                      - daily
                      - weekly
                      - monthly
                      - yearly
                      - collective
                  startDate:
                    type: string
                    description: >-
                      Format ISO-8601. A day that equals today or the past. This
                      is optional.If the `preset` is "daily", this value is
                      ignored. If the `preset` is "weekly", "monthly" or
                      "yearly", then the this value is used to compute when the
                      limit should start limit.
                required:
                  - limitAmount
                  - preset
            transactionSizeLimit:
              type: object
              properties:
                minimum:
                  $ref: '#/components/schemas/Money'
                  x-entrypoint:
                    virtualPath: schemas/Money
                    sourcePath: schemas/Money.yaml
                    title: Money
                    origin: ./src/publicApi
                maximum:
                  $ref: '#/components/schemas/Money'
                  x-entrypoint:
                    virtualPath: schemas/Money
                    sourcePath: schemas/Money.yaml
                    title: Money
                    origin: ./src/publicApi
        countryRule:
          type: object
          nullable: true
          properties:
            countries:
              description: A 2 digit country code
              type: array
              items:
                type: string
            restriction:
              $ref: '#/components/schemas/Restriction'
              x-entrypoint:
                virtualPath: schemas/Restriction
                sourcePath: schemas/Restriction.yaml
                title: Restriction
                origin: ./src/publicApi
          required:
            - countries
            - restriction
        merchantCategoryCodeRule:
          type: object
          nullable: true
          properties:
            merchantCategoryCodes:
              type: array
              items:
                type: string
            restriction:
              $ref: '#/components/schemas/Restriction'
              x-entrypoint:
                virtualPath: schemas/Restriction
                sourcePath: schemas/Restriction.yaml
                title: Restriction
                origin: ./src/publicApi
          required:
            - merchantCategoryCodes
            - restriction
      x-entrypoint:
        virtualPath: schemas/SpendingConstraint
        sourcePath: schemas/SpendingConstraint.yaml
        title: SpendingConstraint
        origin: ./src/publicApi
      title: SpendingConstraint
    CardModifier:
      oneOf:
        - type: object
          required:
            - name
            - value
          properties:
            name:
              type: string
              enum:
                - only_allow_recurring_payments
            value:
              description: >-
                Whether to only allow recurring payments. The default value for
                newly created cards is false.
              type: boolean
      x-entrypoint:
        virtualPath: schemas/CardModifier
        sourcePath: schemas/CardModifier.yaml
        title: CardModifier
        origin: ./src/publicApi
      title: CardModifier
    Restriction:
      type: string
      enum:
        - allowlist
        - blacklist
      x-entrypoint:
        virtualPath: schemas/Restriction
        sourcePath: schemas/Restriction.yaml
        title: Restriction
        origin: ./src/publicApi
      title: Restriction
    Money:
      type: object
      description: Represents a monetary value
      properties:
        amountCents:
          type: integer
          description: The amount in cents
      required:
        - amountCents
      x-entrypoint:
        virtualPath: schemas/Money
        sourcePath: schemas/Money.yaml
        title: Money
        origin: ./src/publicApi
      title: Money
  securitySchemes:
    api_key:
      type: apiKey
      description: |
        API key authentication for public API requests.

        Keys come in two flavors:

        - *Legal-entity-scoped keys* are pinned to a single legal entity.
          Minted via the dashboard under a specific entity; every request
          acts on that entity.
        - *User-scoped keys* are pinned to a user and span every legal
          entity that user has access to. Every request made with a
          user-scoped key (except `GET /legal-entity`, which lists the
          legal entities the user can access) must include an
          `x-legal-entity` header naming the legal entity the request is
          operating on. Requests without the header are rejected with
          `400`. The authenticated user must have an active permission
          role on the supplied legal entity, otherwise the request is
          rejected with `403`.
      name: X-API-Key
      in: header
    partner_api_key:
      type: apiKey
      description: |
        Partner-program API key authentication.

        Keys are minted in the partner dashboard (Developers → API Keys),
        are scoped to a single partner program, and are prefixed with
        `sk_partner_`. Partner keys are only accepted by routes that
        declare this scheme; they are rejected by `api_key` routes and
        vice versa.
      name: X-API-Key
      in: header
    bearer:
      type: http
      scheme: bearer
    developer_application:
      type: http
      scheme: basic

````