Card payments

P2C is the Cross River payment-to-card disbursement solution. P2C allows merchants to transfer funds to debit card accounts. These transfers happen through participating debit card networks. P2C has comprehensive APIs which are separate from other Cross River APIs.

As a Cross River merchant partner, there are 4 objects you can call for P2C:

  • Cards

  • iFrame

  • Transactions

  • Webhooks


When accessing card payments APIs, specify the following scope: crbapi.

Using a card token to call APIs

Cross River takes precautions to secure debit card numbers. After signing-up the card in P2C, the card token provided in the response is how you should identify the debit card in your API calls. The card token is the identifier you will use between your system and Cross River.

Webhook events

P2C uses webhooks to update you on the status of your cards with real-time notifications when an event happens. Register the callback URL once for all webhook events. When an event occurs, a webhook is triggered and sends the updates to your system. This eliminates the need to poll the API to discover changes. The full event details are included and are sent to your system.

Status updates

To monitor current API status, view incident reports, or get notified of scheduled maintenance, go to our status page and subscribe to alerts.

Access our sandbox



Push APIs

Pull APIs


To access the sandbox, see the Get started page and follow the instructions to register, authenticate, and start working.

Base URLs




Card issuer response codes

Card networks return response codes to approve or decline a transaction. They follow the standards set by the International Organization for Standardization (ISO) 8583, which defines a specific message format so that different systems can communicate. Every network can adapt the standard for it's own use.

Error codes

Error code Description
1000 validation A field in the message didn't pass validation. See the description for more information.
2000 application The message format is incorrect.
3000 security A security issue occurred.
9999 system An internal server system error occurred.