Create a card
Create a new team member card, company card, or auto-issued card.
When using the API, you can create only virtual cards. To create a physical card, use the Revolut Business app.
This feature is available in the UK, US, the EEA, and SG.
This feature is not available in Sandbox.
To use the Cards API, please contact Revolut API Support.
For more information, see the guides: Manage cards.
Access Token
Each Business API request must contain an authorization header in the following format to make a call: Bearer <your_access_token>.
The access token will be obtained the first time you set up your application and has an expiration of 40 minutes.
During setup, a refresh_token will also be obtained which allows to obtain a new access_token.
Never share your client-assertion JWT (JSON web token), access_token and refresh_token with anyone, as these can be used to access your banking data and initiate transactions.
Access tokens can be issued with four security scopes and require a JWT (JSON Web Token) signature to be obtained:
READ: Permissions forGEToperations.WRITE: Permissions to update counterparties, webhooks, and issue payment drafts.PAY: Permissions to initiate or cancel transactions and currency exchanges.READ_SENSITIVE_CARD_DATA: Permissions to retrieve sensitive card details.cautionIf you enable the
READ_SENSITIVE_CARD_DATAscope for your access token, you must set up IP whitelisting. Failing to do so will prevent you from accessing any Business API endpoint.IP whitelisting means that you must specify an IP or a set of IPs which will be the only IPs from which requests to the API will be accepted. To do so:
- Go to the Revolut Business web app settings → APIs → Business API.
- Select the corresponding API certificate.
- In Production IP whitelist, provide the IP(s) which should be whitelisted, and save.
To configure your JWT and obtain the refresh and first access tokens, complete the following steps:
Request
Card to create
Possible length: <= 40 characters
A unique ID of the request that you provide.
There is no strict requirement on the format of this ID, but we suggest using v4 UUIDs.
This ID is used to prevent duplicate card creation requests in case of a lost connection or client error, so make sure you use the same request_id for requests related to the same card.
The deduplication is limited to 24 hours counting from the first request using a given ID.
For more information, see the guides: Manage cards - Idempotency.
The ID of the team member to assign as the holder of the card.
To retrieve a team member's ID, use the GET /team-members operation.
For virtual cards (virtual=true), this field is optional.
If not provided, the type of the issued card depends on contact_ids:
contact_idsprovided → company cardcontact_idsnot specified → auto-issued card
Possible number of items: non-empty and <= 5 items
The list of contacts for the card. Up to 5 team members sharing the card, much like co-holders. Can be edited.
Allowed only for company cards (virtual=true, holder_id not specified).
The card product offered by the card provider for this card. In other words, the program that the card is issued under.
Provided only for virtual cards with no holder ID (virtual=true, and holder_id not specified):
- Required for auto-issued cards (
contact_idsnot specified) - Optional for company cards (
contact_idsspecified)
Not allowed for team member cards (holder_id present).
This property is only available to travel intermediaries using our travel solution. To use it, please contact Revolut API Support.
Example: "MBJ"
The code of the card product.
Possible values: [true]
Specifies the type of the card.
Must be set to true, as with the API, you can create only virtual cards.
To create a physical card, use the Revolut Business app.
Possible length: <= 30 characters
The label for the issued card, displayed in the UI to help distinguish between cards. If not specified, no label will be added.
Possible number of items: non-empty and <= 5 items, unique
Example: [{"name":"PNR","value":"RT12345"},{"name":"Traveller","value":"John Smith"}]
References for the card. Up to 5 name-value pairs assigned to the card for tracking.
Each time the card is used, the references are recorded in the transaction details (card.references), helping track transactions made with this card.
The names must be unique. The references can be amended up to 10 times.
References are only supported for cards owned by the business (i.e. company or auto-issued cards).
They are not supported for team member cards (i.e. with holder_id present).
The references recorded on a transaction are those assigned to the card at the time the transaction took place. If the references are amended, they will only be applied to future transactions. Existing transaction are not affected.
Possible length: non-empty and <= 30 characters
The name of the card reference. Must be unique.
Possible length: non-empty and <= 30 characters
The value for this reference.
Example: {"single":{"amount":200.22,"currency":"GBP"},"week":{"amount":200.44,"currency":"GBP"}}
All spending limits set for the card.
You can have at most 1 periodic (day/week/month/quarter/all-time) and 1 non-periodic (single transaction) limit at a time. If you try to specify 2 periodic limits at a time, it will result in an error.
The limit for a single transaction.
The value of the spending limit.
Pattern: Value must match regular expression ^[A-Z]{3}$
The currency of the spending limit, provided as ISO 4217 code in upper case.
The daily limit for transactions.
The value of the spending limit.
Pattern: Value must match regular expression ^[A-Z]{3}$
The currency of the spending limit, provided as ISO 4217 code in upper case.
The weekly limit for transactions.
The value of the spending limit.
Pattern: Value must match regular expression ^[A-Z]{3}$
The currency of the spending limit, provided as ISO 4217 code in upper case.
The monthly limit for transactions.
The value of the spending limit.
Pattern: Value must match regular expression ^[A-Z]{3}$
The currency of the spending limit, provided as ISO 4217 code in upper case.
The quarterly limit for transactions.
The value of the spending limit.
Pattern: Value must match regular expression ^[A-Z]{3}$
The currency of the spending limit, provided as ISO 4217 code in upper case.
The yearly limit for transactions.
The value of the spending limit.
Pattern: Value must match regular expression ^[A-Z]{3}$
The currency of the spending limit, provided as ISO 4217 code in upper case.
The all-time limit for transactions.
The value of the spending limit.
Pattern: Value must match regular expression ^[A-Z]{3}$
The currency of the spending limit, provided as ISO 4217 code in upper case.
The controls for the card's spending period.
They let you set the dates when the card becomes available or unavailable for spending, and define what happens after the end date.
If specified, you must provide at least one of these:
start_dateend_datetogether withend_date_action
The dates provided must be in the future.
Example: "2025-09-26"
The start date (inclusive) of the spending period, in ISO 8601 format (YYYY-MM-DD).
Uses the timezone set by the business, or defaults to Europe/London.
Example: "2030-12-31"
The end date (inclusive) of the spending period, in ISO 8601 format (YYYY-MM-DD).
Uses the timezone set by the business, or defaults to Europe/London.
Possible values: [lock, terminate]
The action to take after the end date of the spending period.
Possible values: [health, general, services, airlines, transport, accommodation, utilities, shopping, financial, furniture, hardware, groceries, fuel, entertainment, software, restaurants, advertising, cash, education, government]
The list of merchant categories to be available for card spending. If not specified, all categories will be allowed.
The categories and merchant_controls parameters have the following restrictions:
- If you set
categories, you cannot setmerchant_controls.control_typetoallow. - You can set
merchant_controls.control_typetoblock. - You may also set either
categoriesormerchant_controlsindependently, or set neither. - Both parameters can be used together only if
merchant_controls.control_typeisblock.
The merchant-level controls for card spending.
They let you block or allow the card to only transact with specific merchants:
allow: permits only the specified merchants (cannot be used if thecategoriesparameter is set)block: blocks the specified merchants (can be used with or withoutcategories)
Possible values: [block, allow]
The type of control to apply.
Possible number of items: non-empty and <= 20 items
The list of IDs of merchants to which the control applies.
To find merchant IDs, check transaction details (→ merchant.id).
You can fetch transaction details for a specific transaction or for all transactions.
Pattern: Value must match regular expression ^[A-Z]{2}$
Example: "GB"
Restricts card use to specified countries, provided as 2-letter ISO 3166 codes.
The list of accounts to link to the card.
If not specified, all accounts will be linked.
To retrieve account IDs, use the GET /accounts operation.
Response
Information about the created card
The ID of the card.
The ID of the team member who is the holder of the card. If the card belongs to the business, this will be empty.
For more information, see the guides: Manage Cards - Create a virtual card.
Possible number of items: non-empty and <= 5 items, unique
The list of contacts for a company card.
The date and time the card was created in ISO 8601 format.
The date and time the card was last updated in ISO 8601 format.
The card product offered by the card provider for this card. In other words, the program that the card was issued under.
This property is only available to travel intermediaries using our travel solution. To use it, please contact Revolut API Support.
The code of the card product.
Specifies whether the card is virtual (true) or physical (false).
Pattern: Value must match regular expression ^[0-9]{4}$
The last 4 digits of the card's PAN.
Pattern: Value must match regular expression ^[0-9]{2}/[0-9]{4}$
The card expiration date.
The label of the card.
Possible number of items: non-empty and <= 5 items, unique
Example: [{"name":"PNR","value":"RT12345"},{"name":"Traveller","value":"John Smith"}]
References for the card. Up to 5 name-value pairs assigned to the card for tracking.
Each time the card is used, the references are recorded in the transaction details (card.references), helping track transactions made with this card.
The names must be unique. The references can be amended up to 10 times.
References are only supported for cards owned by the business (i.e. company or auto-issued cards).
They are not supported for team member cards (i.e. with holder_id present).
The references recorded on a transaction are those assigned to the card at the time the transaction took place. If the references are amended, they will only be applied to future transactions. Existing transaction are not affected.
Possible length: non-empty and <= 30 characters
The name of the card reference. Must be unique.
Possible length: non-empty and <= 30 characters
The value for this reference.
Possible values: [created, pending, active, frozen, locked]
The state that the card is in.
Possible values:
active: The card is available for spending. Newly created cards typically go intoactiveunless subject to certain conditions, for example, spending period starting in the future.frozen: The card has been frozen and is temporarily unavailable for spending.locked: The card is locked, typically due to an admin lock or spending period settings, i.e. when itsspending_period.start_dateis in the future orspending_period.end_dateis in the past. A locked card is unavailable for spending until it's unlocked and active.tipTo see if the card can be unlocked, check the
can_be_unlockedparameter. Note that you'll still need the necessary scope or permission to unlock it.created: The card has been created but is not yet active. Used only for a specific type of cards.pending: This status is currently not in use.
Returned for locked cards (state=locked).
Indicates whether the card can be unlocked manually (via API or in-app).
If true, you'll still need the necessary scope or permission to unlock the card.
Cards can be locked for various reasons. For example, a card can be locked by the user, due to spending period settings, or automatically by the system. Only certain types of lock can be lifted manually.
Example: {"single":{"amount":200.22,"currency":"GBP"},"week":{"amount":200.44,"currency":"GBP"}}
All spending limits set for the card.
The limit for a single transaction.
The value of the spending limit.
Pattern: Value must match regular expression ^[A-Z]{3}$
The currency of the spending limit, provided as ISO 4217 code in upper case.
The daily limit for transactions.
The value of the spending limit.
Pattern: Value must match regular expression ^[A-Z]{3}$
The currency of the spending limit, provided as ISO 4217 code in upper case.
The weekly limit for transactions.
The value of the spending limit.
Pattern: Value must match regular expression ^[A-Z]{3}$
The currency of the spending limit, provided as ISO 4217 code in upper case.
The monthly limit for transactions.
The value of the spending limit.
Pattern: Value must match regular expression ^[A-Z]{3}$
The currency of the spending limit, provided as ISO 4217 code in upper case.
The quarterly limit for transactions.
The value of the spending limit.
Pattern: Value must match regular expression ^[A-Z]{3}$
The currency of the spending limit, provided as ISO 4217 code in upper case.
The yearly limit for transactions.
The value of the spending limit.
Pattern: Value must match regular expression ^[A-Z]{3}$
The currency of the spending limit, provided as ISO 4217 code in upper case.
The all-time limit for transactions.
The value of the spending limit.
Pattern: Value must match regular expression ^[A-Z]{3}$
The currency of the spending limit, provided as ISO 4217 code in upper case.
The controls for the card's spending period.
They specify the dates when the card becomes available or unavailable for spending, and define what happens after the end date.
Example: "2025-09-26"
The start date (inclusive) of the spending period, in ISO 8601 format (YYYY-MM-DD).
Uses the timezone set by the business, or defaults to Europe/London.
Example: "2030-12-31"
The end date (inclusive) of the spending period, in ISO 8601 format (YYYY-MM-DD).
Uses the timezone set by the business, or defaults to Europe/London.
Possible values: [lock, terminate]
The action to take after the end date of the spending period.
Possible values: [health, general, services, airlines, transport, accommodation, utilities, shopping, financial, furniture, hardware, groceries, fuel, entertainment, software, restaurants, advertising, cash, education, government]
The list of merchant categories that are available for card spending.
If this parameter is not specified, categories are not restricted.
The merchant-level controls for card spending.
They block or allow the card to only transact with specific merchants:
allow: permits only the specified merchants (cannot be used if thecategoriesparameter is set)block: blocks the specified merchants (can be used with or withoutcategories)
Possible values: [block, allow]
The type of control to apply.
Possible number of items: non-empty and <= 20 items
The list of IDs of merchants to which the control applies.
To find merchant IDs, check transaction details (→ merchant.id).
You can fetch transaction details for a specific transaction or for all transactions.
Pattern: Value must match regular expression ^[A-Z]{2}$
Example: "GB"
The list of countries where the card can be used, specified as 2-letter ISO 3166 codes.
The list of linked accounts.