Card management APIs
Use Cross River card management APIs to sign up a new payee card, find out details about a payee card, and to activate or deactivate a card.
The endpoints listed in this table are described in detail in the sections below.
Action |
API Call |
Description |
---|---|---|
Add a card |
|
Signs up a new payee card |
Sign up a card via an iFrame |
|
Renders an iFrame into your website. Then, you can add the payee's card details into the frame. |
Generate an iFrame OTC signup card |
|
Returns the parameters you need to build an iFrame web address (URL). |
Get card information |
|
Returns details about payees' cards |
Get card details by card token |
|
Returns a payee's card details |
Activate and deactivate cards |
|
Turn a payee's card on or off |
Add a card
Signs up a new consumer payment card to the merchant's account.
When you call this endpoint, the card payments API stores the card number and returns a token. The API uses the token to identify the card, in place of the actual card number. Tokens provide a security measure to help prevent criminals from accessing card numbers.
This API call triggers account name inquiry (ANI) and address verification (AVS). These are fraud detection services supported by Cross River.
Request attributes
requestId string Required The GUID that enables the application to link request with response |
firstName string Required Cardholder first name |
lastName string Required Cardholder last name |
sourceSenderId string Required The GUID that identifies the merchant partner |
ownerExternalId string Optional A 4-digit code, assigned by the merchant, to identify the cardholder |
address1 string Optional Primary location details of cardholder. For instance, street name, house or building number, and PO box. Maximum 255 characters. |
address2 string Optional Secondary location details of cardholder. For instance, number of apartment or floor. Maximum 255 characters. |
city string Optional Name of the cardholder's city |
countryCode string Optional 2-letter country code |
state string Optional 2-letter code of the cardholder's state |
zipCode string Optional Cardholder's 5-digit US postal code. |
phoneNumber string Optional Cardholder's phone number; 10 digits, for instance, 2015551234 (no dashes) |
string Optional A valid cardholder email address, for example, me@mailprovider.com |
creditCardNumber string Required The 15- or 16-digit number found on the front or back of a credit card |
expirationMonth string Required Card expiration month, 2-digits, numeric |
expirationYear string Required Card expiration year, 2-digits, numeric |
cvv string Required The personal customer code on the card. Add the CVV to a function call only when you add a card ( |
requestId string The GUID that enables the application to link request with response |
||||||||||||||||||
cardToken string A randomly generated string of characters that relates to the consumer's payment card (15 to 38 alphanumeric characters). Matches the |
||||||||||||||||||
firstName string Cardholder first name |
||||||||||||||||||
lastName string Cardholder last name |
||||||||||||||||||
ownerExternalId string A 4-digit code, assigned by the merchant, to identify the cardholder |
||||||||||||||||||
address1 string Primary location details of cardholder. For instance, street name, house or building number, and PO box. Maximum 255 characters. |
||||||||||||||||||
address2 string Secondary location details of cardholder. For instance, number of apartment or floor. Maximum 255 characters. |
||||||||||||||||||
city string Name of the cardholder's city |
||||||||||||||||||
zipCode string Cardholder's 5-digit US postal code. |
||||||||||||||||||
isAuthorizationSucceeded boolean True if the card was authorized successfully, otherwise false |
||||||||||||||||||
state string 2-letter code of the cardholder's state |
||||||||||||||||||
countryCode string 2-letter country code |
||||||||||||||||||
phoneNumber string Cardholder's phone number; 10 digits, for instance, 2015551234 (no dashes) |
||||||||||||||||||
string A valid cardholder email address, for example, me@mailprovider.com |
||||||||||||||||||
expirationYear string Card expiration year, 2-digits, numeric |
||||||||||||||||||
expirationMonth string Card expiration month, 2-digits, numeric |
||||||||||||||||||
last4Digits string Last 4 digits of the payment card number |
||||||||||||||||||
cardCompany string Name of the payment card network:
|
||||||||||||||||||
isActive boolean True if the card is active, otherwise false |
||||||||||||||||||
deactivatedAt string Date and time card was deactivated, if relevant, in date-time format |
||||||||||||||||||
addedOn string The date and time the card was added to the merchant's account |
||||||||||||||||||
authorizationJson string
child attributes
|
||||||||||||||||||
binNumber string The first 6-to-8 digits on the card. This identification number indicates the card-issuing bank. |
||||||||||||||||||
productType string Cardholder card type:
|
Sample request
curl
-X POST
--header 'Content-Type: application/json'
--header 'Accept: application/json'
--header 'Authorization: Bearer token'
-d '{ \
{
"requestId":"49af65c0-f815-4f49-ba8d-b67bf1b125f4",
"firstName":"Joseph",
"lastName":"Roll",
"sourceSenderId": "n28xlla2-0ja2-9889-s981-gka7f14320ac",
"ownerExternalId":"4444",
"address1":"123 Main Street",
"address2":"Apartment 3",
"city":"Venice",
"state":"CA",
"zipCode":"10989",
"countryCode":"US",
"phoneNumber":"5555559275",
"email":"{youremail}",
"creditCardNumber":"REPLACE WITH CARD NUMBER",
"expirationMonth":"06",
"expirationYear":"20",
"ccv":"420"
}'https://pushtopaystaging.crbnj.net/api/Card'
Sample response
{
{
"requestId":"c811902a-8b8f-48e1-bebf-4b940bc61018",
"cardToken":"9LV0IP374JIKNHOR8B1IMSPXWFBGE7QM3EV1WE",
"firstName":"Joseph",
"lastName":"Roll",
"ownerExternalId":"4444",
"address1":"123 Main Street",
"address2":null,
"city":"Venice",
"isAuthorizationSucceeded":false,
"state":"CA",
"countryCode":"US",
"phoneNumber":"5555559275",
"email":"{youremail}",
"expirationYear":"26",
"expirationMonth":"06",
"last4Digits":"9905",
"cardCompany":"MasterCard",
"isActive":false,
"deactivatedAt":null,
"addedOn":"2019-09-09T10:56:20.4297189-04:00",
"rail":"McSend",
"authorizationJson":"{\r\n \"PushCardID\": \"c811902a-8b8f-48e1-bebf4b940bc61018\",\r\n \"Authorized\": false,\r\n \"ResponseReceived\":
true,\r\n \"ResponseCode\": \"OK\",\r\n \"ResponseDescription\": \"Partner
is not on boarded for the network to reach account.\",\r\n \"Error\": null,\r\n
\"AddressVerified\": false,\r\n \"Rail\": \"mcSend\",\r\n \"CardType\":
\"unknown\"\r\n}"
},
"isSuccessful":true
}
Set up an iFrame on a merchant site
Makes an iFrame display on your merchant website. Once the iFrame is added, you can enter payee card information directly into the iFrame.
This function will be deprecated. See the template-based way of generating iFrame code.
Request attributes
requestId string Required The GUID that enables the application to link request with response |
|
customerReferenceNumber string Required 4-digit code the merchant assigns |
|
domain string Required The name of a valid top-level internet domain where consumers will use the iFrame. For example, myfintech.com. This domain must appear in the Cross River allowlist. |
|
successContinueNavigationPoint string Optional
|
|
failureContinueNavigationPoint string Optional
|
|
sourceSenderId string Optional The GUID that identifies the merchant partner |
|
firstName string Optional Cardholder first name |
|
lastName string Optional Cardholder last name |
|
address1 string Optional Primary location details of cardholder. For instance, street name, house or building number, and PO box. Maximum 255 characters. |
|
address2 string Optional Secondary location details of cardholder. For instance, number of apartment or floor. Maximum 255 characters. |
|
city string Optional Name of the cardholder's city |
|
state string Optional 2-letter code of the cardholder's state |
|
countryCode string Optional 2-letter country code |
|
zipCode string Optional Cardholder's 5-digit US postal code. |
|
string Optional A valid cardholder email address, for example, me@mailprovider.com |
|
phoneNumber string Optional Cardholder's phone number; 10 digits, for instance, 2015551234 (no dashes) |
|
showOptionalFields boolean Optional True if optional fields will appear in the iFrame, otherwise false |
result string Result of attempt to add an iFrame.
|
|
message string
|
|
isSuccessful string True if a unique URL was built successfully, otherwise false |
Sample request
curl
-X POST
--header 'Content-Type: application/json'
--header 'Accept: application/json'
--header 'Authorization: Bearer token'
-d '{ \
"requestId": "A2996348-159D-4C53-89E2-2EE89CE71E7C", \
"customerReferenceNumber": "4457", \
"domain": "https://myfintech.com", \
"successContinueNavigationPoint": "string", \
"failureContinueNavigationPoint": "string", \
"sourceSenderId": "23a02763-f976-48f9-8b60-938209bfbf30", \
"firstName": "string", \
"lastName": "string", \
"address1": "string", \
"address2": "string", \
"city": "string", \
"state": "string", \
"countryCode": "string", \
"zipCode": "string", \
"email": "string", \
"phoneNumber": "string", \
"showOptionalFields": true \
}' 'https://pushtopaystaging.crbnj.net/api/IFrameConfiguration/BuildSignupCardUrl'
Sample response
{
"version": "1.0.0.0",
"result": "Success"
[
{
"code": 200,
"message": "iFrame successfully authorized for merchant website."
}
],
"isSuccessful": true
}
Generate an iFrame OTC signup card
Returns the parameters you need to build an iFrame web address (URL). This endpoint generates the iFrame code snippet dynamically. It does this based on a merchant's specific template and card payments environment. The OTC is a one-time code.
For details on how to customize and embed an iFrame into your merchant website, see the iFrame instructions page.
Request attributes
requestId string Required The GUID that enables the application to link request with response |
|
customerReferenceNumber string Required 4-digit code the merchant assigns |
|
templateId string Required The GUID that identifies the template |
|
domain string Required The name of a valid top-level internet domain where consumers will use the iFrame. For example, myfintech.com. This domain must appear in the Cross River allowlist. |
|
sourceSenderId string Optional The GUID that identifies the merchant partner |
Response attributes
The response attributes for this call are the same as for Set up an iFrame on a merchant site.
Sample request
curl
-X POST
--header 'Content-Type: application/json'
--header 'Accept: application/json'
--header 'Authorization: Bearer token'
-d '{ \
"requestId": "A2996348-159D-4C53-89E2-2EE89CE71E7C", \
"customerReferenceNumber": "4457", \
"domain": "https://myfintech.com", \
"successContinueNavigationPoint": "string", \
"failureContinueNavigationPoint": "string", \
"sourceSenderId": "23a02763-f976-48f9-8b60-938209bfbf30", \
"firstName": "string", \
"lastName": "string", \
"address1": "string", \
"address2": "string", \
"city": "string", \
"state": "string", \
"countryCode": "string", \
"zipCode": "string", \
"email": "string", \
"phoneNumber": "string", \
"showOptionalFields": true \
}' 'https://pushtopaystaging.crbnj.net/api/IFrameConfiguration/BuildSignupCardUrl'
Sample response
{
"version": "1.0.0.0",
"result": "Success"
[
{
"code": 200,
"message": "iFrame successfully authorized for merchant website."
}
],
"isSuccessful": true
}
Get card information
Returns information about payment cards of consumers signed up to the merchant's account.
Add query parameters to filter the response the API returns to all GET calls.
Use pagination to control presentation of your results.
Request attributes
dateAddedFrom date-time Optional Date and time from which cards were added (for the beginning of a date range query). Format: YYYY-MM-DDThh:mm:ss, for example, 2022-10-01T01:30:00. |
|
dateAddedTo date-time Optional Date and time up to which cards were added (for the end of a date range query). Format: YYYY-MM-DDThh:mm:ss, for example, 2022-10-01T01:30:00. |
|
sourceSenderId string Optional The GUID that identifies the merchant partner |
|
firstName string Optional Cardholder first name |
|
lastName string Optional Cardholder last name |
|
isActive boolean Optional True if the card is active, otherwise false |
|
cardCompany string Optional Name of the payment card network:
|
Response attributes
The response attributes for this call are the same as for Add a card.
Sample request
curl --location --request
GET 'https://pushtopaystaging.crbnj.net/api/card/'
--header 'Accept: application/json'
--header 'Authorization: Bearer /{xxx}' https://pushtopaystaging.crbnj.net/api/Card'
Sample response
{
"version": "1.0.0.0",
"result": {
"results": [
{
"requestId": "f64e6290-243f-4dd0-8e29-ea2cb61c2c6b",
"cardToken": "C4QU9LG2YRMETOAI49KUNJHVQR6JXDNC2J6635",
"firstName": "Dina",
"lastName": "Jones",
"ownerExternalId": "807720673",
"address1": "0798_Maximilian_Stream",
"address2": "",
"city": "Port Albertha",
"zipCode": "10033",
"isAuthorizationSucceeded": true,
"state": "NY",
"countryCode": "US",
"phoneNumber": "611-885-5815",
"email": "Madison.Kuhlman@hotmail.com",
"expirationYear": "22",
"expirationMonth": "12",
"last4Digits": "9912",
"cardCompany": "Visa",
"isActive": true,
"deactivatedAt": null,
"addedOn": "2022-08-03T17:03:07.467",
"authorizationJson": "{\r\n \"RequestId\": \"ff0643a0-8140-4ea0-b34e-a71a38805e18\",\r\n \"Authorized\": true,\r\n \"ResponseReceived\": true,\r\n \"ResponseCode\": \"00\",\r\n \"ResponseDescription\": \"Approved and completed successfullly\",\r\n \"Timestamp\": \"2022-08-03T17:03:07.4653119Z\",\r\n \"Error\": null,\r\n \"AddressVerified\": false,\r\n \"Rail\": \"rS2\",\r\n \"CardType\": \"debit\",\r\n \"IsFastFundsSupported\": true,\r\n \"PushEnabled\": true,\r\n \"PullEnabled\": true,\r\n \"IssuerCountryCode\": \"840\"\r\n}",
"isFastFundsSupported": true,
"rail": "RS2",
"pushEnabled": true,
"pullEnabled": true,
"issuerCountryCode": "US",
"binNumber": "400758"
}
<DETAILS ON MULTIPLE CARDS RETURNED VIA REQUEST>
],
"pageNumber": 1,
"pageSize": 10,
"hasPreviousPage": false,
"hasNextPage": false
},
"isSuccessfull": true,
"isSuccessful": true
}
Get card details by card token
Returns the parameter values defining a card authorized for transactions with a merchant partner. You get card details using the cardToken
attribute.
Request attributes
cardToken string Required A randomly generated character string that relates to the consumer's payment card (15 to 38 alphanumeric characters). Matches the creditCardToken in the response. |
Response attributes
The response attributes for this call are the same as for Add a card.
Sample request
curl
--location
--request
--header 'Accept: application/json'
--header 'Authorization: Bearer /{xxx}' 'https://pushtopaystaging.crbnj.net/api/Card'
Sample response
{
"version": "1.0.0.0",
"result": {
"requestId": "d019f27b-0318-489a-8a70-fd5fdc76b39e",
"cardToken": "C4QU9LG2YRMETOAI49KUNJHVQR6JXDNC2J6635",
"firstName": "Dina",
"lastName": "Jones",
"ownerExternalId": "807720673",
"address1": "0798_Maximilian_Stream",
"address2": "",
"city": "Port Albertha",
"zipCode": "10033",
"isAuthorizationSucceeded": true,
"state": "NY",
"countryCode": "US",
"phoneNumber": "611-885-5815",
"email": "Madison.Kuhlman@hotmail.com",
"expirationYear": "22",
"expirationMonth": "12",
"last4Digits": "9912",
"cardCompany": "Visa",
"isActive": true,
"deactivatedAt": null,
"addedOn": "2022-08-03T17:03:07.467",
"authorizationJson": "{\r\n \"RequestId\": \"ff0643a0-8140-4ea0-b34e-a71a38805e18\",\r\n \"Authorized\": true,\r\n \"ResponseReceived\": true,\r\n \"ResponseCode\": \"00\",\r\n \"ResponseDescription\": \"Approved and completed successfullly\",\r\n \"Timestamp\": \"2022-08-03T17:03:07.4653119Z\",\r\n \"Error\": null,\r\n \"AddressVerified\": false,\r\n \"Rail\": \"rS2\",\r\n \"CardType\": \"debit\",\r\n \"IsFastFundsSupported\": true,\r\n \"PushEnabled\": true,\r\n \"PullEnabled\": true,\r\n \"IssuerCountryCode\": \"840\"\r\n}",
"isFastFundsSupported": true,
"rail": "RS2",
"pushEnabled": true,
"pullEnabled": true,
"issuerCountryCode": "US",
"binNumber": "400758"
},
"isSuccessfull": true,
"isSuccessful": true
}
Deactivate or reactivate a card
Deactivates a consumer's payment card, for instance, if the card is lost or stolen. Reactivates the card, for example, if the card is found.
Request attributes
requestId string Required The GUID that enables the application to link request with response |
|
sourceSenderId string Optional The GUID that identifies the merchant partner |
|
cardToken string Required A randomly generated character string that relates to the consumer's payment card (15 to 38 alphanumeric characters). Matches the creditCardToken in the response. |
|
isActive boolean Required True if it is active, otherwise false |
Response attributes
The response attributes for this call are the same as for Add a card.
Sample request
curl
-X POST
--header 'Content-Type: application/json'
--header 'Accept: application/json'
--header 'Authorization: Bearer token'
-d '{ \
{
"requestId": "987gka31-0012-97sa-8756-0192mskx0n3x",
"sourceSenderId": "n28xlla2-0ja2-9889-s981-gka7f14320ac",
"cardToken": "XYZL7S29X87AX887ZB9A",
"isActive": true
}'https://pushtopaystaging.crbnj.net/api/Card/'
Sample response
{
{
"requestId":"75390185-f4c4-4220-817a-2095fb3b2be5",
"cardToken":"GXA2L4WIQOCIQMGFFLWMQRC02SZI7WO06JQKU6",
"firstName":"Joseph",
"lastName":"Roll",
"ownerExternalId":null,
"address1":"123 Main Street",
"address2":null,
"city":"Venice",
"isAuthorizationSucceeded":false,
"state":"CA",
"countryCode":"US",
"phoneNumber":"5553455679",
"email":"{youremail}",
"expirationYear":"26",
"expirationMonth":"05",
"last4Digits":"1111",
"cardCompany":"Visa",
"isActive":false,
"deactivatedAt":null,
"addedOn":"2019-09-01T13:18:10.913",
"rail":"RS2",
"authorizationJson":"{\r\n \"PushCardID\": \"b2eee733-80c4-4507-acd5-
c2826c8e4135\",\r\n \"Authorized\": false,\r\n \"ResponseReceived\": true,\r\n
\"ResponseCode\": \"15\",\r\n \"ResponseDescription\": null,\r\n \"Error\": null,\r\n
\"AddressVerified\": false,\r\n \"Rail\": \"rS2\",\r\n \"CardType\":
\"unknown\"\r\n}"
},
"isSuccessful":true
}
Related topics
Account-to-account (A2A) payments