Create card - Slash

curl --request POST \ --url https://api.slash.com/card \ --header 'Content-Type: application/json' \ --header 'X-API-Key: <api-key>' \ --data ' { "name": "<string>", "accountId": "<string>", "virtualAccountId": "<string>", "spendingConstraint": { "merchantCategoryRule": { "merchantCategories": [ "<string>" ] }, "merchantRule": { "merchants": [ "<string>" ] }, "spendingRule": { "utilizationLimitV2": [ { "limitAmount": { "amountCents": 123 }, "timezone": "<string>", "startDate": "<string>" } ], "transactionSizeLimit": {} }, "countryRule": { "countries": [ "<string>" ] }, "merchantCategoryCodeRule": { "merchantCategoryCodes": [ "<string>" ] } }, "isSingleUse": true, "userData": {}, "cardGroupId": "<string>", "cardProductId": "<string>" } '

{ "id": "<string>", "accountId": "<string>", "last4": "<string>", "name": "<string>", "expiryMonth": "<string>", "expiryYear": "<string>", "isPhysical": true, "virtualAccountId": "<string>", "isSingleUse": true, "pan": "<string>", "cvv": "<string>", "cardGroupId": "<string>", "cardGroupName": "<string>", "createdAt": "2023-11-07T05:31:56Z", "spendingConstraint": { "merchantCategoryRule": { "merchantCategories": [ "<string>" ] }, "merchantRule": { "merchants": [ "<string>" ] }, "spendingRule": { "utilizationLimit": { "limitAmount": { "amountCents": 123 }, "timezone": "<string>", "startDate": "<string>" }, "utilizationLimitV2": [ { "limitAmount": { "amountCents": 123 }, "timezone": "<string>", "startDate": "<string>" } ], "transactionSizeLimit": { "minimum": { "amountCents": 123 }, "maximum": { "amountCents": 123 } } }, "countryRule": { "countries": [ "<string>" ] }, "merchantCategoryCodeRule": { "merchantCategoryCodes": [ "<string>" ] } }, "userData": {}, "cardProductId": "<string>", "modifiers": [ { "value": true } ] }

Authorizations

X-API-Key

string

header

required

API key authentication for public API requests.

Keys come in two flavors:

Legal-entity-scoped keys are pinned to a single legal entity. Minted via the dashboard under a specific entity; every request acts on that entity.
User-scoped keys are pinned to a user and span every legal entity that user has access to. Every request made with a user-scoped key (except GET /legal-entity, which lists the legal entities the user can access) must include an x-legal-entity header naming the legal entity the request is operating on. Requests without the header are rejected with 400. The authenticated user must have an active permission role on the supplied legal entity, otherwise the request is rejected with 403.

Body

application/json

type

enum<string>

required

Specify the type of card you'd like to create. At the moment, only virtual cards are supported.

Available options:

virtual

name

string

required

accountId

string

The ID of the account to create the card under. You can get this by calling GET /account. This field is required unless you are authenticating via API key, in which case it will default to your first commercial account. We recommend supplying this even if you are authenticating via API key.

virtualAccountId

string

The ID of the virtual account to create the card under. Virtual accounts can be retrieved by calling GET /virtual-account.

spendingConstraint

SpendingConstraint · object

A constraint that can be applied to a CardGroupSpendingRule

Show child attributes

isSingleUse

boolean

Defaults to false. When set to true, the card will be automatically closed after a single authorization attempt. Note that the card will be closed even if the authorization declines or drops

userData

object

Arbitrary information that can be attached to the card. This should be a JSON object and cannot exceed 4kb.

cardGroupId

string

cardProductId

string

The ID of the card product to use when creating this card, if not specified a random card product will be chosen.

Response

string

required

accountId

string

required

The account that this card is associated with

last4

string

required

The last 4 digits of the card number

name

string

required

The name assigned to the card that appears on the user dashboard

expiryMonth

string

required

The month the card expires formatted as MM (01, 02, ..., 12)

expiryYear

string

required

The year the card expires formatted as YYYY (2024, 2025, ...)

status

enum<string>

required

The status of the card

Available options:

active,

paused,

inactive,

closed

isPhysical

boolean

required

When true, a physical card has been issued. Otherwise, this is a virtual card.

virtualAccountId

string

The virtual account that this card is associated with

isSingleUse

boolean

When true, the card will be automatically closed after a single authorization attempt. Note that the card will be closed even if the authorization declines or drops

pan

string

This field contains the full PAN which will only be sent on a request for a single card when you set the query param "include_pan" to "true"

cvv

string

This field will contain full CVV which will only be sent on a request for a single card when you set the query param "include_pan" to "true"

cardGroupId

string

The card group the card belongs to.

cardGroupName

string

The name of the card group the card belongs to.

createdAt

string<date-time>

spendingConstraint

SpendingConstraint · object

The spending constraint applied to the card

Show child attributes

userData

object

Arbitrary information that can be attached to the card. See the PATCH /card/{cardId} [blocked] endpoint for more details on how to add user data.

cardProductId

string

The ID of the card product this card was created with.

modifiers

CardModifier · object[]

The modifiers applied to this card. Modifiers control card behavior like restricting to recurring payments only.

Show child attributes

Documentation Index

Authorizations

Body

Response