Business API
Create a card
api
post
/cards

Create a card

Create a new card for an existing member of your Revolut Business team.

When using the API, you can create only virtual cards. To create a physical card, use the Revolut Business app.

note

This feature is available in the UK, US, the EEA, and SG.

This feature is not available in Sandbox.

To use the Cards API, please contact Revolut API Support.

For more information, see the guides: Manage cards.

Access Token

Each Business API request must contain an authorization header in the following format to make a call: Bearer <your_access_token>.

The access token will be obtained the first time you set up your application and has an expiration of 40 minutes. During setup, a refresh_token will also be obtained which allows to obtain a new access_token.

danger

Never share your client-assertion JWT (JSON web token), access_token and refresh_token with anyone, as these can be used to access your banking data and initiate transactions.

Access tokens can be issued with four security scopes and require a JWT (JSON Web Token) signature to be obtained:

  • READ: Permissions for GET operations.

  • WRITE: Permissions to update counterparties, webhooks, and issue payment drafts.

  • PAY: Permissions to initiate or cancel transactions and currency exchanges.

  • READ_SENSITIVE_CARD_DATA: Permissions to retrieve sensitive card details.

    caution

    If you enable the READ_SENSITIVE_CARD_DATA scope for your access token, you must set up IP whitelisting. Failing to do so will prevent you from accessing any Business API endpoint.

    IP whitelisting means that you must specify an IP or a set of IPs which will be the only IPs from which requests to the API will be accepted. To do so:

    1. Go to the Revolut Business web app settingsAPIsBusiness API.
    2. Select the corresponding API certificate.
    3. In Production IP whitelist, provide the IP(s) which should be whitelisted, and save.

To configure your JWT and obtain the refresh and first access tokens, complete the following steps:

  1. Sign up for a Revolut Business account
  2. Prepare your Sandbox environment
  3. Make your first API request

Request

Request body
Body object 

Possible length: <= 40 characters

A unique ID of the request that you provide.

There is no strict requirement on the format of this ID, but we suggest using v4 UUIDs.

caution

This ID is used to prevent duplicate card creation requests in case of a lost connection or client error, so make sure you use the same request_id for requests related to the same card. The deduplication is limited to 24 hours counting from the first request using a given ID. For more information, see the guides: Manage cards - Idempotency.

Possible values: [true]

Specifies the type of the card. Must be set to true, as with the API, you can create only virtual cards.

tip

To create a physical card, use the Revolut Business app.

The ID of the team member who will be the holder of the card. To retrieve the holder's ID, use the GET /team-members operation.

Possible length: <= 30 characters

The label for the issued card, displayed in the UI to help distinguish between cards. If not specified, no label will be added.

The list of accounts to link to the card. If not specified, all accounts will be linked. To retrieve account IDs, use the GET /accounts operation.

Possible values: [health, general, services, airlines, transport, accommodation, utilities, shopping, financial, furniture, hardware, groceries, fuel, entertainment, software, restaurants, advertising, cash, education, government]

The list of merchant categories to be available for card spending. If not specified, all categories will be allowed.

note

The categories and merchant_controls parameters have the following restrictions:

  • If you set categories, you cannot set merchant_controls.control_type to allow.
  • You can set merchant_controls.control_type to block.
  • You may also set either categories or merchant_controls independently, or set neither.
  • Both parameters can be used together only if merchant_controls.control_type is block.

Example: {"single":{"amount":200.22,"currency":"GBP"},"week":{"amount":200.44,"currency":"GBP"}}

All spending limits set for the card.

You can have at most 1 periodic (day/week/month/quarter/all-time) and 1 non-periodic (single transaction) limit at a time. If you try to specify 2 periodic limits at a time, it will result in an error.

The limit for a single transaction.

The value of the spending limit.

Pattern: Value must match regular expression ^[A-Z]{3}$

The currency of the spending limit, provided as ISO 4217 code in upper case.

The daily limit for transactions.

The value of the spending limit.

Pattern: Value must match regular expression ^[A-Z]{3}$

The currency of the spending limit, provided as ISO 4217 code in upper case.

The weekly limit for transactions.

The value of the spending limit.

Pattern: Value must match regular expression ^[A-Z]{3}$

The currency of the spending limit, provided as ISO 4217 code in upper case.

The monthly limit for transactions.

The value of the spending limit.

Pattern: Value must match regular expression ^[A-Z]{3}$

The currency of the spending limit, provided as ISO 4217 code in upper case.

The quarterly limit for transactions.

The value of the spending limit.

Pattern: Value must match regular expression ^[A-Z]{3}$

The currency of the spending limit, provided as ISO 4217 code in upper case.

The yearly limit for transactions.

The value of the spending limit.

Pattern: Value must match regular expression ^[A-Z]{3}$

The currency of the spending limit, provided as ISO 4217 code in upper case.

The all-time limit for transactions.

The value of the spending limit.

Pattern: Value must match regular expression ^[A-Z]{3}$

The currency of the spending limit, provided as ISO 4217 code in upper case.

The merchant-level controls for card spending.

They let you block or allow the card to only transact with specific merchants:

  • allow: permits only the specified merchants (cannot be used if the categories parameter is set)
  • block: blocks the specified merchants (can be used with or without categories)

Possible values: [block, allow]

The type of control to apply.

Possible number of items: non-empty and <= 20 items

The list of IDs of merchants to which the control applies.

The controls for the card's spending period.

They let you set dates after which the card becomes available or unavailable for spending and define what happens when the end date is reached.

If specified, you must provide at least one of these:

  • start_date
  • end_date together with end_date_action

The start date of the spending period in ISO 8601 format (YYYY-MM-DD).

The end date of the spending period in in ISO 8601 format (YYYY-MM-DD).

Possible values: [lock, terminate]

The action to take when the end date is reached.

Pattern: Value must match regular expression ^[A-Z]{2}$
Example: "GB"

Restricts card use to specified countries, provided as 2-letter ISO 3166 codes.

Response

Information about the card

Response body
Body object 

The ID of the card.

Pattern: Value must match regular expression ^[0-9]{4}$

The last 4 digits of the card's PAN.

Pattern: Value must match regular expression ^[0-9]{2}/[0-9]{4}$

The card expiration date.

Possible values: [created, pending, active, frozen, locked]

The state that the card is in.

The label of the card.

Specifies whether the card is virtual (true) or physical (false).

The card product offered by the card provider for this card. In other words, the program that the card was issued under.

note

To use this property, please contact Revolut API Support.

The code of the card product.

The list of linked accounts.

Possible values: [health, general, services, airlines, transport, accommodation, utilities, shopping, financial, furniture, hardware, groceries, fuel, entertainment, software, restaurants, advertising, cash, education, government]

The list of merchant categories that are available for card spending.
If this parameter is not specified, categories are not restricted.

Example: {"single":{"amount":200.22,"currency":"GBP"},"week":{"amount":200.44,"currency":"GBP"}}

All spending limits set for the card.

The limit for a single transaction.

The value of the spending limit.

Pattern: Value must match regular expression ^[A-Z]{3}$

The currency of the spending limit, provided as ISO 4217 code in upper case.

The daily limit for transactions.

The value of the spending limit.

Pattern: Value must match regular expression ^[A-Z]{3}$

The currency of the spending limit, provided as ISO 4217 code in upper case.

The weekly limit for transactions.

The value of the spending limit.

Pattern: Value must match regular expression ^[A-Z]{3}$

The currency of the spending limit, provided as ISO 4217 code in upper case.

The monthly limit for transactions.

The value of the spending limit.

Pattern: Value must match regular expression ^[A-Z]{3}$

The currency of the spending limit, provided as ISO 4217 code in upper case.

The quarterly limit for transactions.

The value of the spending limit.

Pattern: Value must match regular expression ^[A-Z]{3}$

The currency of the spending limit, provided as ISO 4217 code in upper case.

The yearly limit for transactions.

The value of the spending limit.

Pattern: Value must match regular expression ^[A-Z]{3}$

The currency of the spending limit, provided as ISO 4217 code in upper case.

The all-time limit for transactions.

The value of the spending limit.

Pattern: Value must match regular expression ^[A-Z]{3}$

The currency of the spending limit, provided as ISO 4217 code in upper case.

The merchant-level controls for card spending.

They block or allow the card to only transact with specific merchants:

  • allow: permits only the specified merchants (cannot be used if the categories parameter is set)
  • block: blocks the specified merchants (can be used with or without categories)

Possible values: [block, allow]

The type of control to apply.

Possible number of items: non-empty and <= 20 items

The list of IDs of merchants to which the control applies.

The controls for the card's spending period.

They specify dates after which the card becomes available or unavailable for spending and define what happens when the end date is reached.

The start date of the spending period in ISO 8601 format (YYYY-MM-DD).

The end date of the spending period in in ISO 8601 format (YYYY-MM-DD).

Possible values: [lock, terminate]

The action to take when the end date is reached.

Pattern: Value must match regular expression ^[A-Z]{2}$
Example: "GB"

The list of countries where the card can be used, specified as 2-letter ISO 3166 codes.

The ID of the team member who is the holder of the card. If the card belongs to the business, this will be empty.

For more information, see the guides: Manage Cards - Create a virtual card.

The date and time the card was created in ISO 8601 format.

The date and time the card was last updated in ISO 8601 format.

Was this page helpful?
Loading...