Card payments
P2C is the Cross River payment-to-card disbursement solution. P2C allows merchants to transfer funds to debit card accounts. These transfers happen through participating debit card networks. P2C has comprehensive APIs which are separate from other Cross River APIs.
As a Cross River merchant partner, there are 4 objects you can call for P2C:
-
Cards
-
iFrame
-
Transactions
-
Webhooks
When accessing card payments APIs, specify the following scope: crbapi.
Using a card token to call APIs
Cross River takes precautions to secure debit card numbers. After signing-up the card in P2C, the card token provided in the response is how you should identify the debit card in your API calls. The card token is the identifier you will use between your system and Cross River.

P2C processing complies with PCI standards. We use only encrypted token information throughout our system. Any card number that we use to transfer funds is meant for temporary access only during a transaction request.
Sign up
After signing the card up in P2C, the card token provided in the response is how you should identify the debit card in your API calls. This facilitates the safe transfer of funds to the card holder.
Receiving a card token
When you call POST /api/Card
to sign up a card, P2C stores the debit card number and returns a token to you.
Using a card token to perform transactions
When you POST a pull or push transaction, send the cardToken
, amount
, and RequestId
in the request body.
When P2C receives the POST request, it uses the token to retrieve the debit card number and performs the transaction. The API response includes the card token, amount transferred, and a transaction status which indicates success/failure.
Verifying a token
To confirm that communication with an application and the API is working, call GET /api/SignupCard/TestOauth
. This verifies that there aren't any allowlist or network issues between systems. If it is working, a simple message is returned.
Webhook events
P2C uses webhooks to update you on the status of your cards with real-time notifications when an event happens. Register the callback URL once for all webhook events. When an event occurs, a webhook is triggered and sends the updates to your system. This eliminates the need to poll the API to discover changes. The full event details are included and are sent to your system.
Status updates
To monitor current API status, view incident reports, or get notified of scheduled maintenance, go to our status page and subscribe to alerts.
Access our sandbox
URL |
Description |
---|---|
https://pushtopaystaging.crbnj.net/swagger/ui/index#/ |
Push APIs |
https://pullfromcardapistg.crbnj.net/swagger/ui/index#/ |
Pull APIs |
To access the sandbox, see the Get started page and follow the instructions to register, authenticate, and start working.
Base URLs
Environment |
URL |
---|---|
Sandbox | https://pushtopaystaging.crbnj.net/api/ |
Production | https://pushtopay.crbnj.net/api/ |
Card issuer response codes
Card networks return response codes to approve or decline a transaction. They follow the standards set by the International Organization for Standardization (ISO) 8583, which defines a specific message format so that different systems can communicate. Every network can adapt the standard for it's own use.

Reason code | Description |
---|---|
00 |
Approved |
01 |
Refer to card issuer |
02 |
Refer to card issuers special conditions |
03 |
Invalid merchant |
04 |
Pickup |
05 |
Do not honor |
06 |
General error |
07 |
Pickup card, special conditions |
08 |
Honor with identification |
09 |
Request in progress |
10 |
Partial amount approved |
11 |
VIP approval |
12 |
Invalid transaction |
13 |
Invalid amount (currency conversion field overflow) or amount exceeds maximum for card program |
14 |
Invalid account number (no such number) |
15 |
No such issuer |
16 |
Approved, update track 3 |
17 |
Customer cancellation |
18 |
Customer dispute |
19 |
Re-enter transaction |
20 |
Invalid response |
21 |
No action taken |
22 |
Suspected malfunction |
23 |
Unacceptable transaction fee |
24 |
File update not supported by receiver |
25 |
Unable to locate record on file |
26 |
Duplicate file update record, old record replaced |
27 |
File update field edit error |
28 |
File is temporarily unavailable |
29 |
File update not successful, contact acquirer |
30 |
Format error |
31 |
Bank not supported |
32 |
Completed partially |
33 |
Expired card |
34 |
Suspected fraud |
35 |
Card acceptor, contact acquirer |
36 |
Restricted card |
37 |
Card acceptor, call acquirer security |
38 |
Allowed PIN - tries exceeded |
39 |
No credit account |
40 |
Requested function not supported |
41 |
Merchant should retain card (card reported lost) |
42 |
No universal account |
43 |
Merchant should retain card (card reported stolen) |
51 |
Insufficient funds |
52 |
No checking account |
53 |
No savings account |
54 |
Expired card |
55 |
Incorrect PIN |
56 |
No card record |
57 |
Transaction not permitted for cardholder |
58 |
Transaction not allowed at terminal |
59 |
Suspected fraud |
61 |
Activity amount limit exceeded |
62 |
Restricted card - for example, in country exclusion table |
63 |
Security violation |
65 |
Activity count limit exceeded |
68 |
Response received too late |
75 |
Allowable number of PIN entry tries exceeded |
76 |
Unable to locate previous message (no match on retrieval reference) |
77 |
Previous message located for a repeat or reversal, but data is inconsistent with original message |
78 |
"Blocked, first used" (transaction is from a new card and the card wasn't properly unblocked) |
80 |
Visa transactions: credit issuer unavailable - private label and check acceptance: invalid date |
81 |
PIN cryptographic error found (error found by VIC security module during PIN decryption) |
82 |
Negative CAM, dCVV, iCVV, or CVV results |
83 |
Unable to verify PIN |
85 |
No reason to decline a request for account number verification, address verification, CVV2 verification or a credit voucher or merchandise return |
91 |
Issuer unavailable or switch inoperative (STIP not applicable or available for this transaction) |
92 |
Destination can't be found for routing |
93 |
Transaction can't be completed, violation of law |
94 |
Duplicate transmission |
95 |
Reconcile error |
96 |
System malfunction, or certain field error conditions |
B1 |
Surcharge amount not permitted on Visa cards (US acquirers only) |
N0 |
Force STIP |
N3 |
Cash service not available |
N4 |
Cashback request exceeds issuer limit |
N7 |
Decline for CVV2 failure |
P2 |
Invalid biller information |
P5 |
PIN change/unblock request declined |
P6 |
Unsafe PIN |
Q1 |
Card authentication failed |
R0 |
Stop payment order |
R1 |
Revocation of authorization order |
R3 |
Revocation of all authorization orders |
XA |
Forward to issuer |
XD |
Forward to issuer |
Z3 |
Unable to go online |
Error codes
Error code | Description |
---|---|
1000 validation | A field in the message didn't pass validation. See the description for more information. |
2000 application | The message format is incorrect. |
3000 security | A security issue occurred. |
9999 system | An internal server system error occurred. |