Card management APIs

Use Cross River card management APIs to sign up a new payee card, find out details about a payee card, and to activate or deactivate a card.

The endpoints listed in this table are described in detail in the sections below.

Action

API Call

Description
Add a card

POST /api/Card

Signs up a new payee card
Sign up a card via an iFrame

POST /api/iFrameConfiguration
BuildSignupCardUrl

Renders an iFrame into your website. Then, you can add the payee's card details into the frame.
Generate an iFrame OTC signup card

POST /api/iFrameConfiguration
GenerateOtcSignupCard

Returns the parameters you need to build an iFrame web address (URL).
Get card information

GET  /api/Card

Returns details about payees' cards
Get card details by card token

GET /api/Card/{cardToken}

Returns a payee's card details
Activate and deactivate cards

PUT /api/Card

Turn a payee's card on or off

Add a card

/api/Card

Signs up a new consumer payment card to the merchant's account.

When you call this endpoint, the card payments API stores the card number and returns a token. The API uses the token to identify the card, in place of the actual card number. Tokens provide a security measure to help prevent criminals from accessing card numbers.

Note

This API call triggers account name inquiry (ANI) and address verification (AVS). These are fraud detection services supported by Cross River.

Request attributes

requestId

string

Required  

The GUID that enables the application to link request with response

firstName

string

Required  

Cardholder first name

lastName

string

Required  

Cardholder last name

sourceSenderId

string

Required  

The GUID that identifies the merchant partner

ownerExternalId

string

Optional 

A 4-digit code, assigned by the merchant, to identify the cardholder

address1

string

Optional 

Primary location details of cardholder. For instance, street name, house or building number, and PO box. Maximum 255 characters.

address2

string

Optional 

Secondary location details of cardholder. For instance, number of apartment or floor. Maximum 255 characters.

city

string

Optional 

Name of the cardholder's city

countryCode

string

Optional 

2-letter country code

state

string

Optional 

2-letter code of the cardholder's state

zipCode

string

Optional 

Cardholder's 5-digit US postal code.

phoneNumber

string

Optional 

Cardholder's phone number; 10 digits, for instance, 2015551234 (no dashes)

email

string

Optional 

A valid cardholder email address, for example, me@mailprovider.com

creditCardNumber

string

Required  

The 15- or 16-digit number found on the front or back of a credit card

expirationMonth

string

Required  

Card expiration month, 2-digits, numeric

expirationYear

string

Required  

Card expiration year, 2-digits, numeric

cvv

string

Required  

The personal customer code on the card. Add the CVV to a function call only when you add a card (POST /api/Card). The API never returns the CVV when you perform a GET or PUT call.

Response attributes

requestId

string

The GUID that enables the application to link request with response

cardToken

string

A randomly generated string of characters that relates to the consumer's payment card (15 to 38 alphanumeric characters). Matches the creditCardToken.

firstName

string

Cardholder first name

lastName

string

Cardholder last name

ownerExternalId

string

A 4-digit code, assigned by the merchant, to identify the cardholder

address1

string

Primary location details of cardholder. For instance, street name, house or building number, and PO box. Maximum 255 characters.

address2

string

Secondary location details of cardholder. For instance, number of apartment or floor. Maximum 255 characters.

city

string

Name of the cardholder's city

zipCode

string

Cardholder's 5-digit US postal code.

isAuthorizationSucceeded

boolean

True if the card was authorized successfully, otherwise false

state

string

2-letter code of the cardholder's state

countryCode

string

2-letter country code

phoneNumber

string

Cardholder's phone number; 10 digits, for instance, 2015551234 (no dashes)

email

string

A valid cardholder email address, for example, me@mailprovider.com

expirationYear

string

Card expiration year, 2-digits, numeric

expirationMonth

string

Card expiration month, 2-digits, numeric

last4Digits

string

Last 4 digits of the payment card number

cardCompany

string

Name of the payment card network:

  1. Visa

  2. Mastercard

isActive

boolean

True if the card is active, otherwise false

deactivatedAt

string

Date and time card was deactivated, if relevant, in date-time format

addedOn

string

The date and time the card was added to the merchant's account

authorizationJson

string

The JSON authorization response received for this card from the card payments API

requestId

string

The GUID that enables the application to link request with response

authorized

boolean

Determines whether a card is authorized for any financial activity by the Cross River/card network and issuing bank

responseReceived

boolean

True if P2C received a response from the external processor, otherwise false

responseCode

string

A 2-digit code signifying the transaction result (approved or decline). For example, 00 means successful.

ResponseDescription

string

A string describing the transaction result. For example, Approved.

Timestamp

string

The actual time the request was sent to the card networks

Error

string

A code value returned if the network call fails

AddressVerified

boolean

The result of the check by the address verification service (AVS).

rail

string

The processor that communicates with the card network:

  • McSend

  • TabaPay

  • VisaDirect

Note

CR will deprecate this attribute in Q1 2024.

CardType

string

The kind of payment card:

  • Credit

  • Debit

  • Prepaid

  • Combo

  • ChargeCard

  • DeferredDebit

isFastFundsSupported

boolean

Fast funds are immediate payments. True if fast funds is supported, otherwise false.

pushEnabled

boolean

True if push payment to card is enabled, otherwise false

pullEnabled

boolean

True if pull payment from card is enabled, otherwise false

issuerCountryCode

string

A 2-letter code indicating the country where the card was issued

nameVerificationUsed

string

Indicates if Cross River tried to contact the account name inquiry (ANI) service:

  • Used

  • Not used

  • Not supported

If the merchant isn't configured for the ANI service, this response lets you know. In that case, contact your Cross River relationship manager for information on connecting to ANI.

nameVerificationResult

string

This is the result of the account name inquiry (ANI) service check:

  • Full match

  • Partial match

  • No match

  • Unknown

binNumber

string

The first 6-to-8 digits on the card. This identification number indicates the card-issuing bank.

productType

string

Cardholder card type:

  • Consumer

  • Commercial

  • Government

  • Business

  • Unknown

Back to top

 

Copy

Sample request

curl 
-X POST 
--header 'Content-Type: application/json' 
--header 'Accept: application/json' 
--header 'Authorization: Bearer token' 
-d '{ \
{
"requestId":"49af65c0-f815-4f49-ba8d-b67bf1b125f4",
"firstName":"Joseph",
"lastName":"Roll",
"sourceSenderId": "n28xlla2-0ja2-9889-s981-gka7f14320ac",
"ownerExternalId":"4444",
"address1":"123 Main Street",
"address2":"Apartment 3",
"city":"Venice",
"state":"CA",
"zipCode":"10989",
"countryCode":"US",
"phoneNumber":"5555559275",
"email":"{youremail}",
"creditCardNumber":"REPLACE WITH CARD NUMBER",
"expirationMonth":"06",
"expirationYear":"20",
"ccv":"420"
}'https://pushtopaystaging.crbnj.net/api/Card'
Copy

Sample response

{
    {
    "requestId":"c811902a-8b8f-48e1-bebf-4b940bc61018",
    "cardToken":"9LV0IP374JIKNHOR8B1IMSPXWFBGE7QM3EV1WE",
    "firstName":"Joseph",
    "lastName":"Roll",
    "ownerExternalId":"4444",
    "address1":"123 Main Street",
    "address2":null,
    "city":"Venice",
    "isAuthorizationSucceeded":false,
    "state":"CA",
    "countryCode":"US",
    "phoneNumber":"5555559275",
    "email":"{youremail}",
    "expirationYear":"26",
    "expirationMonth":"06",
    "last4Digits":"9905",
    "cardCompany":"MasterCard",
    "isActive":false,
    "deactivatedAt":null,
    "addedOn":"2019-09-09T10:56:20.4297189-04:00",
    "rail":"McSend",
    "authorizationJson":"{\r\n \"PushCardID\": \"c811902a-8b8f-48e1-bebf4b940bc61018\",\r\n \"Authorized\": false,\r\n \"ResponseReceived\":
    true,\r\n \"ResponseCode\": \"OK\",\r\n \"ResponseDescription\": \"Partner
    is not on boarded for the network to reach account.\",\r\n \"Error\": null,\r\n
    \"AddressVerified\": false,\r\n \"Rail\": \"mcSend\",\r\n \"CardType\":
    \"unknown\"\r\n}"
    },
    "isSuccessful":true
}

Set up an iFrame on a merchant site

/api/iFrameConfiguration/BuildSignupCardUrl

Makes an iFrame display on your merchant website. Once the iFrame is added, you can enter payee card information directly into the iFrame.

Important

This function will be deprecated. See the template-based way of generating iFrame code.

Request attributes

requestId

string

Required  

The GUID that enables the application to link request with response

customerReferenceNumber

string

Required  

4-digit code the merchant assigns

domain

string

Required  

The name of a valid top-level internet domain where consumers will use the iFrame. For example, myfintech.com. This domain must appear in the Cross River allowlist.

successContinueNavigationPoint

string

Optional 

The landing page you are directed to if the sign up was successful

failureContinueNavigationPoint

string

Optional 

The landing page you are directed if the sign-up wasn't succeessful

sourceSenderId

string

Optional 

The GUID that identifies the merchant partner

firstName

string

Optional 

Cardholder first name

lastName

string

Optional 

Cardholder last name

address1

string

Optional 

Primary location details of cardholder. For instance, street name, house or building number, and PO box. Maximum 255 characters.

address2

string

Optional 

Secondary location details of cardholder. For instance, number of apartment or floor. Maximum 255 characters.

city

string

Optional 

Name of the cardholder's city

state

string

Optional 

2-letter code of the cardholder's state

countryCode

string

Optional 

2-letter country code

zipCode

string

Optional 

Cardholder's 5-digit US postal code.

email

string

Optional 

A valid cardholder email address, for example, me@mailprovider.com

phoneNumber

string

Optional 

Cardholder's phone number; 10 digits, for instance, 2015551234 (no dashes)

showOptionalFields

boolean

Optional 

True if optional fields will appear in the iFrame, otherwise false

Response attributes

result

string

Result of attempt to add an iFrame.

  • Success

  • Authorization failed

message

string

The message returned by the API call.

isSuccessful

string

True if a unique URL was built successfully, otherwise false

Back to top

Copy

Sample request

curl 
-X POST 
--header 'Content-Type: application/json' 
--header 'Accept: application/json' 
--header 'Authorization: Bearer token' 
-d '{ \ 
    "requestId": "A2996348-159D-4C53-89E2-2EE89CE71E7C", \ 
    "customerReferenceNumber": "4457", \ 
    "domain": "https://myfintech.com", \ 
    "successContinueNavigationPoint": "string", \ 
    "failureContinueNavigationPoint": "string", \ 
    "sourceSenderId": "23a02763-f976-48f9-8b60-938209bfbf30", \ 
    "firstName": "string", \ 
    "lastName": "string", \ 
    "address1": "string", \ 
    "address2": "string", \ 
    "city": "string", \ 
    "state": "string", \ 
    "countryCode": "string", \ 
    "zipCode": "string", \ 
    "email": "string", \ 
    "phoneNumber": "string", \ 
    "showOptionalFields": true
    }' 'https://pushtopaystaging.crbnj.net/api/IFrameConfiguration/BuildSignupCardUrl'
Copy

Sample response

{
"version": "1.0.0.0",
"result": "Success" 
    [
        {
        "code": 200,
        "message": "iFrame successfully authorized for merchant website." 
        }
    ],
    "isSuccessful": true
}

Generate an iFrame OTC signup card

/api/iFrameConfiguration/GenerateOtcSignupCard

Returns the parameters you need to build an iFrame web address (URL). This endpoint generates the iFrame code snippet dynamically. It does this based on a merchant's specific template and card payments environment. The OTC is a one-time code.

Note

For details on how to customize and embed an iFrame into your merchant website, see the iFrame instructions page.

Request attributes

requestId

string

Required  

The GUID that enables the application to link request with response

customerReferenceNumber

string

Required  

4-digit code the merchant assigns

templateId

string

Required  

The GUID that identifies the template

domain

string

Required  

The name of a valid top-level internet domain where consumers will use the iFrame. For example, myfintech.com. This domain must appear in the Cross River allowlist.

sourceSenderId

string

Optional 

The GUID that identifies the merchant partner

Response attributes

The response attributes for this call are the same as for Set up an iFrame on a merchant site.

Back to top

Copy

Sample request

curl 
-X POST 
--header 'Content-Type: application/json' 
--header 'Accept: application/json' 
--header 'Authorization: Bearer token' 
-d '{ \ 
    "requestId": "A2996348-159D-4C53-89E2-2EE89CE71E7C", \ 
    "customerReferenceNumber": "4457", \ 
    "domain": "https://myfintech.com", \ 
    "successContinueNavigationPoint": "string", \ 
    "failureContinueNavigationPoint": "string", \ 
    "sourceSenderId": "23a02763-f976-48f9-8b60-938209bfbf30", \ 
    "firstName": "string", \ 
    "lastName": "string", \ 
    "address1": "string", \ 
    "address2": "string", \ 
    "city": "string", \ 
    "state": "string", \ 
    "countryCode": "string", \ 
    "zipCode": "string", \ 
    "email": "string", \ 
    "phoneNumber": "string", \ 
    "showOptionalFields": true
    }' 'https://pushtopaystaging.crbnj.net/api/IFrameConfiguration/BuildSignupCardUrl'
Copy

Sample response

{
"version": "1.0.0.0",
"result": "Success" 
    [
        {
        "code": 200,
        "message": "iFrame successfully authorized for merchant website." 
        }
    ],
    "isSuccessful": true
}

Get card information

/api/Card

Returns information about payment cards of consumers signed up to the merchant's account.

Best practice

Add query parameters to filter the response the API returns to all GET calls.

Use pagination to control presentation of your results.

Request attributes

dateAddedFrom

date-time

Optional 

Date and time from which cards were added (for the beginning of a date range query). Format: YYYY-MM-DDThh:mm:ss, for example, 2022-10-01T01:30:00.

dateAddedTo

date-time

Optional 

Date and time up to which cards were added (for the end of a date range query). Format: YYYY-MM-DDThh:mm:ss, for example, 2022-10-01T01:30:00.

sourceSenderId

string

Optional 

The GUID that identifies the merchant partner

firstName

string

Optional 

Cardholder first name

lastName

string

Optional 

Cardholder last name

isActive

boolean

Optional 

True if the card is active, otherwise false

cardCompany

string

Optional 

Name of the payment card network:

  1. Visa

  2. Mastercard

Response attributes

The response attributes for this call are the same as for Add a card.

Back to top

Copy

Sample request

curl --location --request 
GET 'https://pushtopaystaging.crbnj.net/api/card/'
--header 'Accept: application/json'
--header 'Authorization: Bearer /{xxx}' https://pushtopaystaging.crbnj.net/api/Card'
Copy

Sample response

{
"version": "1.0.0.0",
"result": {
        "results": [
            {
            "requestId": "f64e6290-243f-4dd0-8e29-ea2cb61c2c6b",
            "cardToken": "C4QU9LG2YRMETOAI49KUNJHVQR6JXDNC2J6635",
            "firstName": "Dina",
            "lastName": "Jones",
            "ownerExternalId": "807720673",
            "address1": "0798_Maximilian_Stream",
            "address2": "",
            "city": "Port Albertha",
            "zipCode": "10033",
            "isAuthorizationSucceeded": true,
            "state": "NY",
            "countryCode": "US",
            "phoneNumber": "611-885-5815",
            "email": "Madison.Kuhlman@hotmail.com",
            "expirationYear": "22",
            "expirationMonth": "12",
            "last4Digits": "9912",
            "cardCompany": "Visa",
            "isActive": true,
            "deactivatedAt": null,
            "addedOn": "2022-08-03T17:03:07.467",
            "authorizationJson": "{\r\n  \"RequestId\": \"ff0643a0-8140-4ea0-b34e-a71a38805e18\",\r\n  \"Authorized\": true,\r\n  \"ResponseReceived\": true,\r\n  \"ResponseCode\": \"00\",\r\n  \"ResponseDescription\": \"Approved and completed successfullly\",\r\n  \"Timestamp\": \"2022-08-03T17:03:07.4653119Z\",\r\n  \"Error\": null,\r\n  \"AddressVerified\": false,\r\n  \"Rail\": \"rS2\",\r\n  \"CardType\": \"debit\",\r\n  \"IsFastFundsSupported\": true,\r\n  \"PushEnabled\": true,\r\n  \"PullEnabled\": true,\r\n  \"IssuerCountryCode\": \"840\"\r\n}",
            "isFastFundsSupported": true,
            "rail": "RS2",
            "pushEnabled": true,
            "pullEnabled": true,
            "issuerCountryCode": "US",
            "binNumber": "400758"
            }
            <DETAILS ON MULTIPLE CARDS RETURNED VIA REQUEST>
                ],
                "pageNumber": 1,
                "pageSize": 10,
                "hasPreviousPage": false,
                "hasNextPage": false
            },
            "isSuccessfull": true,
            "isSuccessful": true
            }

Get card details by card token

/api/Card/{cardToken}

Returns the parameter values defining a card authorized for transactions with a merchant partner. You get card details using the cardToken attribute.

Request attributes

cardToken

string

Required  

A randomly generated character string that relates to the consumer's payment card (15 to 38 alphanumeric characters). Matches the creditCardToken in the response.

Response attributes

The response attributes for this call are the same as for Add a card.

Back to top

Copy

Sample request

curl 
--location 
--request 
--header 'Accept: application/json'
--header 'Authorization: Bearer /{xxx}' 'https://pushtopaystaging.crbnj.net/api/Card'
Copy

Sample response

{
"version": "1.0.0.0",
"result": {
        "requestId": "d019f27b-0318-489a-8a70-fd5fdc76b39e",
        "cardToken": "C4QU9LG2YRMETOAI49KUNJHVQR6JXDNC2J6635",
        "firstName": "Dina",
        "lastName": "Jones",
        "ownerExternalId": "807720673",
        "address1": "0798_Maximilian_Stream",
        "address2": "",
        "city": "Port Albertha",
        "zipCode": "10033",
        "isAuthorizationSucceeded": true,
        "state": "NY",
        "countryCode": "US",
        "phoneNumber": "611-885-5815",
        "email": "Madison.Kuhlman@hotmail.com",
        "expirationYear": "22",
        "expirationMonth": "12",
        "last4Digits": "9912",
        "cardCompany": "Visa",
        "isActive": true,
        "deactivatedAt": null,
        "addedOn": "2022-08-03T17:03:07.467",
        "authorizationJson": "{\r\n  \"RequestId\": \"ff0643a0-8140-4ea0-b34e-a71a38805e18\",\r\n  \"Authorized\": true,\r\n  \"ResponseReceived\": true,\r\n  \"ResponseCode\": \"00\",\r\n  \"ResponseDescription\": \"Approved and completed successfullly\",\r\n  \"Timestamp\": \"2022-08-03T17:03:07.4653119Z\",\r\n  \"Error\": null,\r\n  \"AddressVerified\": false,\r\n  \"Rail\": \"rS2\",\r\n  \"CardType\": \"debit\",\r\n  \"IsFastFundsSupported\": true,\r\n  \"PushEnabled\": true,\r\n  \"PullEnabled\": true,\r\n  \"IssuerCountryCode\": \"840\"\r\n}",
        "isFastFundsSupported": true,
        "rail": "RS2",
        "pushEnabled": true,
        "pullEnabled": true,
        "issuerCountryCode": "US",
        "binNumber": "400758"
            },
            "isSuccessfull": true,
            "isSuccessful": true
}

Deactivate or reactivate a card

/api/Card

Deactivates a consumer's payment card, for instance, if the card is lost or stolen. Reactivates the card, for example, if the card is found.

Request attributes

requestId

string

Required  

The GUID that enables the application to link request with response

sourceSenderId

string

Optional 

The GUID that identifies the merchant partner

cardToken

string

Required  

A randomly generated character string that relates to the consumer's payment card (15 to 38 alphanumeric characters). Matches the creditCardToken in the response.

isActive

boolean

Required  

True if it is active, otherwise false

Response attributes

The response attributes for this call are the same as for Add a card.

Back to top

Copy

Sample request

curl 
-X POST 
--header 'Content-Type: application/json' 
--header 'Accept: application/json' 
--header 'Authorization: Bearer token' 
-d '{ \
{
  "requestId": "987gka31-0012-97sa-8756-0192mskx0n3x",
  "sourceSenderId": "n28xlla2-0ja2-9889-s981-gka7f14320ac",
  "cardToken": "XYZL7S29X87AX887ZB9A",
  "isActive": true
}'https://pushtopaystaging.crbnj.net/api/Card/'
Copy

Sample response

{
         {
            "requestId":"75390185-f4c4-4220-817a-2095fb3b2be5",
            "cardToken":"GXA2L4WIQOCIQMGFFLWMQRC02SZI7WO06JQKU6",
            "firstName":"Joseph",
            "lastName":"Roll",
            "ownerExternalId":null,
            "address1":"123 Main Street",
            "address2":null,
            "city":"Venice",
            "isAuthorizationSucceeded":false,
            "state":"CA",
            "countryCode":"US",
            "phoneNumber":"5553455679",
            "email":"{youremail}",
            "expirationYear":"26",
            "expirationMonth":"05",
            "last4Digits":"1111",
            "cardCompany":"Visa",
            "isActive":false,
            "deactivatedAt":null,
            "addedOn":"2019-09-01T13:18:10.913",
            "rail":"RS2",
            "authorizationJson":"{\r\n \"PushCardID\": \"b2eee733-80c4-4507-acd5-
c2826c8e4135\",\r\n \"Authorized\": false,\r\n \"ResponseReceived\": true,\r\n
\"ResponseCode\": \"15\",\r\n \"ResponseDescription\": null,\r\n \"Error\": null,\r\n
\"AddressVerified\": false,\r\n \"Rail\": \"rS2\",\r\n \"CardType\":
\"unknown\"\r\n}"
         },         
    "isSuccessful":true
}

Related topics

Card payments overview

Account-to-account (A2A) payments

OFAC screening overview

Foreign Exchange Rates

API References

Transaction management APIs

OFAC screening APIs

Foreign exchange rates APIs

Tutorials

How to originate a Push to Card transaction

How to originate an Account Funding Transaction (AFT)