Business API
Retrieve a list of cards
api
get
/cards

Retrieve a list of cards

Get the list of all cards in your organisation.

The results are paginated and sorted by the created_at date in reverse chronological order.

note

This feature is available in the UK, US and the EEA.

This feature is not available in Sandbox.

To use the Cards API, please contact Revolut API Support.

For more information, see the guides: Manage cards.

Access Token

Each Business API request must contain an authorization header in the following format to make a call: Bearer <your_access_token>.

The access token will be obtained the first time you set up your application and has an expiration of 40 minutes. During setup, a refresh_token will also be obtained which allows to obtain a new access_token.

danger

Never share your client-assertion JWT (JSON web token), access_token and refresh_token with anyone, as these can be used to access your banking data and initiate transactions.

Access tokens can be issued with four security scopes and require a JWT (JSON Web Token) signature to be obtained:

  • READ: Permissions for GET operations.

  • WRITE: Permissions to update counterparties, webhooks, and issue payment drafts.

  • PAY: Permissions to initiate or cancel transactions and currency exchanges.

  • READ_SENSITIVE_CARD_DATA: Permissions to retrieve sensitive card details.

    caution

    If you enable the READ_SENSITIVE_CARD_DATA scope for your access token, you must set up IP whitelisting. Failing to do so will prevent you from accessing any Business API endpoint.

    IP whitelisting means that you must specify an IP or a set of IPs which will be the only IPs from which requests to the API will be accepted. To do so:

    1. Go to the Revolut Business web app settings -> APIs -> Business API.
    2. Select the corresponding API certificate.
    3. In Production IP whitelist, provide the IP(s) which should be whitelisted, and save.

To configure your JWT and obtain the refresh and first access tokens, complete the following steps:

  1. Sign up for a Revolut Business account
  2. Prepare your Sandbox environment
  3. Make your first API request

Request

Query Parameters
Query Parameters

Default value: the date-time at which the request is made

Retrieves cards with created_at < created_before. The default value is the current date and time at which you are calling the endpoint.

Provided in ISO 8601 format.

Possible values: >= 1 and <= 100

Default value: 100

The maximum number of cards returned per page.

To get to the next page, make a new request and use the created_at date of the last card returned in the previous response as the value for created_before.

Response

List of cards of the business

Response body
Body array

The ID of the card.

Possible values: Value must match regular expression ^[0-9]{4}$

The last 4 digits of the card's PAN.

Possible values: Value must match regular expression ^[0-9]{2}/[0-9]{4}$

The card expiration date.

Possible values: [created, pending, active, frozen, locked]

The state that the card is in.

The label of the card.

Specifies whether the card is virtual (true) or physical (false).

The card product offered by the card provider for this card. In other words, the program that the card was issued under.

note

To use this property, please contact Revolut API Support.

The code of the card product.

The list of linked accounts.

Possible values: [health, general, services, airlines, transport, accommodation, utilities, shopping, financial, furniture, hardware, groceries, fuel, entertainment, software, restaurants, advertising, cash, education, government]

The list of merchant categories that are available for card spending. If not specified, all categories will be allowed.

The spend program assigned to the card.

note

To use this property, please contact Revolut API Support.

Possible values: <= 30 characters

The name of the spend program.

All spending limits set for the card.

The limit for a single transaction.

The value of the spending limit.

Possible values: Value must match regular expression ^[A-Z]{3}$

The currency of the spending limit, provided as the ISO 4217 code in upper case.

The daily limit for transactions.

The value of the spending limit.

Possible values: Value must match regular expression ^[A-Z]{3}$

The currency of the spending limit, provided as the ISO 4217 code in upper case.

The weekly limit for transactions.

The value of the spending limit.

Possible values: Value must match regular expression ^[A-Z]{3}$

The currency of the spending limit, provided as the ISO 4217 code in upper case.

The monthly limit for transactions.

The value of the spending limit.

Possible values: Value must match regular expression ^[A-Z]{3}$

The currency of the spending limit, provided as the ISO 4217 code in upper case.

The quarterly limit for transactions.

The value of the spending limit.

Possible values: Value must match regular expression ^[A-Z]{3}$

The currency of the spending limit, provided as the ISO 4217 code in upper case.

The yearly limit for transactions.

The value of the spending limit.

Possible values: Value must match regular expression ^[A-Z]{3}$

The currency of the spending limit, provided as the ISO 4217 code in upper case.

The all-time limit for transactions.

The value of the spending limit.

Possible values: Value must match regular expression ^[A-Z]{3}$

The currency of the spending limit, provided as the ISO 4217 code in upper case.

The ID of the team member who is the holder of the card. If the card belongs to the business, this will be empty.

For more information, see the guides: Manage Cards - Create a virtual card.

The date and time the card was created in ISO 8601 format.

The date and time the card was last updated in ISO 8601 format.

Was this page helpful?
Loading...