Ask Moov Beta
Generative AI is experimental and can make mistakes.
Guides Use cases API Changelog
  1. API reference
  2. Sources
  3. Cards

List cards

List all the active cards associated with a Moov account.

Read our accept card payments guide to learn more.

To access this endpoint using an access token you'll need to specify the /accounts/{accountID}/cards.read scope.

GET
/accounts/{accountID}/cards
cURL Go TypeScript PHP Java Python Ruby .NET 
curl -X GET "https://api.moov.io/accounts/{accountID}/cards" \
  -H "Authorization: Bearer {token}" \
  -H "X-Moov-Version: v2026.01.00"
mc, _ := moov.NewClient()

var accountID string

mc.ListCards(ctx, accountID)

import { Moov } from "@moovio/sdk";

const moov = new Moov({
  security: {
    username: "",
    password: "",
  },
});

async function run() {
  const result = await moov.cards.list({
    accountID: "b902712f-8ab9-47ba-b39f-5ccfbcac528c",
  });

  console.log(result);
}

run();
declare(strict_types=1);

require 'vendor/autoload.php';

use Moov\MoovPhp;
use Moov\MoovPhp\Models\Components;

$sdk = MoovPhp\Moov::builder()
    ->setSecurity(
        new Components\Security(
            username: '',
            password: '',
        )
    )
    ->build();



$response = $sdk->cards->list(
    accountID: 'b902712f-8ab9-47ba-b39f-5ccfbcac528c'
);

if ($response->cards !== null) {
    // handle response
}
package hello.world;

import io.moov.sdk.Moov;
import io.moov.sdk.models.components.Security;
import io.moov.sdk.models.operations.ListCardsResponse;
import java.lang.Exception;

public class Application {

    public static void main(String[] args) throws Exception {

        Moov sdk = Moov.builder()
                .security(Security.builder()
                    .username("")
                    .password("")
                    .build())
            .build();

        ListCardsResponse res = sdk.cards().list()
                .accountID("b902712f-8ab9-47ba-b39f-5ccfbcac528c")
                .call();

        if (res.cards().isPresent()) {
            System.out.println(res.cards().get());
        }
    }
}
from moovio_sdk import Moov
from moovio_sdk.models import components


with Moov(
    security=components.Security(
        username="",
        password="",
    ),
) as moov:

    res = moov.cards.list(account_id="b902712f-8ab9-47ba-b39f-5ccfbcac528c")

    # Handle response
    print(res)
require 'moov_ruby'

Models = ::Moov::Models
s = ::Moov::Client.new(
  security: Models::Components::Security.new(
    username: '',
    password: ''
  )
)
res = s.cards.list(account_id: 'b902712f-8ab9-47ba-b39f-5ccfbcac528c')

unless res.cards.nil?
  # handle response
end
using Moov.Sdk;
using Moov.Sdk.Models.Components;

var sdk = new MoovClient(security: new Security() {
    Username = "",
    Password = "",
});

var res = await sdk.Cards.ListAsync(accountID: "b902712f-8ab9-47ba-b39f-5ccfbcac528c");

// handle response
200 401 403 429 500 504
The request completed successfully.
application/json
Example
[
  {
    "cardID": "01234567-89ab-cdef-0123-456789abcdef",
    "fingerprint": "9948962d92a1ce40c9f918cd9ece3a22bde62fb325a2f1fe2e833969de672ba3",
    "brand": "Visa",
    "cardType": "credit",
    "cardCategory": "CLASSIC",
    "lastFourCardNumber": "1111",
    "bin": "411111",
    "expiration": {
      "month": "01",
      "year": "21"
    },
    "holderName": "Jules Jackson",
    "billingAddress": {
      "addressLine1": "123 Main Street",
      "addressLine2": "Apt 302",
      "city": "Boulder",
      "stateOrProvince": "CO",
      "postalCode": "80301",
      "country": "US"
    },
    "cardVerification": {
      "cvv": "match",
      "addressLine1": "match",
      "postalCode": "match",
      "accountName": {
        "firstName": "match",
        "lastName": "match",
        "middleName": "match",
        "fullName": "match"
      }
    },
    "issuer": "GRINGOTTS BANK",
    "issuerCountry": "US",
    "issuerURL": "HTTPS://WWW.EXAMPLE.COM/",
    "issuerPhone": "8185551212",
    "commercial": false,
    "regulated": false,
    "cardOnFile": true,
    "merchantAccountID": "01234567-89ab-cdef-0123-456789abcdef",
    "cardAccountUpdater": {
      "updatedOn": "2024-05-06T12:20:38.184Z",
      "updateType": "number-update"
    },
    "domesticPushToCard": "standard",
    "domesticPullFromCard": "supported"
  }
]

Response headers

x-request-id

string required
A unique identifier used to trace requests.
The request contained missing or expired authentication.

Response headers

x-request-id

string required
A unique identifier used to trace requests.
The user is not authorized to make the request.

Response headers

x-request-id

string required
A unique identifier used to trace requests.
Request was refused due to rate limiting.

Response headers

x-request-id

string required
A unique identifier used to trace requests.
The request failed due to an unexpected error.

Response headers

x-request-id

string required
A unique identifier used to trace requests.
The request failed because a downstream service failed to respond.

Response headers

x-request-id

string required
A unique identifier used to trace requests.

Headers

X-Moov-Version

string
Set this header to v2026.01.00 to use the API described in this specification. When omitted, the server defaults to v2024.01.00, which may not match the behavior documented here.
Possible values: v2026.01.00

Path parameters

accountID

string required

Response

application/json

billingAddress

object
The billing address associated with the card.
Show child attributes

addressLine1

string <=60 characters
Street address line 1.

addressLine2

string <=32 characters
Street address line 2 (e.g., apartment or suite number).

city

string <=32 characters
City name.

country

string <=2 characters
Two-letter ISO 3166-1 country code.

postalCode

string <=10 characters required
Postal or ZIP code.

stateOrProvince

string <=2 characters
Two-letter state or province code.

bin

string [6 to 8] characters
The first six to eight digits of the card number, which identifies the financial institution that issued the card.

brand

string<enum>
The card brand.
Possible values: American Express, Discover, Mastercard, Visa, Unknown

cardAccountUpdater

object
The results of the most recent card update request.
Show child attributes

updateType

string<enum>
The results of the card update request.
Possible values: unspecified, account-closed, contact-cardholder, expiration-update, no-change, no-match, number-update

updatedOn

string<date-time>
Timestamp from the card network indicating when the card update was processed.

cardCategory

string
The category or level of the card defined by the issuer. Examples include, but not limited to, "REWARDS", "TRADITIONAL REWARDS", "CLASSIC", and "CORPORATE PURCHASING".

cardID

string
ID of the card.

cardOnFile

boolean
Indicates cardholder has authorized card to be stored for future payments.

cardType

string<enum>
The type of the card.
Possible values: debit, credit, prepaid, unknown

cardVerification

object
The results of submitting cardholder data to a card network for verification.
Show child attributes

addressLine1

string required
Verification result of the billing address line 1. Derived from the same AVS code as postalCode; the card network returns a single code covering both address fields.
The result of a card verification check.
Possible values: noMatch, match, notChecked, unavailable, partialMatch

cvv

string required
Verification result of the card's CVV.
The result of a card verification check.
Possible values: noMatch, match, notChecked, unavailable, partialMatch

postalCode

string required
Verification result of the billing address postal code. Derived from the same AVS code as addressLine1; the card network returns a single code covering both address fields.
The result of a card verification check.
Possible values: noMatch, match, notChecked, unavailable, partialMatch

accountName

object
Verification results of the cardholder's name, broken down by name component.
The results of submitting cardholder name to a card network for verification.
Show child attributes

firstName

string
Verification result of the cardholder's first name.
The result of a card verification check.
Possible values: noMatch, match, notChecked, unavailable, partialMatch

fullName

string
Verification result of the cardholder's full name.
The result of a card verification check.
Possible values: noMatch, match, notChecked, unavailable, partialMatch

lastName

string
Verification result of the cardholder's last name.
The result of a card verification check.
Possible values: noMatch, match, notChecked, unavailable, partialMatch

middleName

string
Verification result of the cardholder's middle name.
The result of a card verification check.
Possible values: noMatch, match, notChecked, unavailable, partialMatch

commercial

boolean
If true, the card is for commercial use, or associated with a business. If false, the card is associated with a general consumer.

domesticPullFromCard

string<enum>
Indicates if the card supports domestic pull-from-card transfer.
Possible values: not-supported, supported, unknown

domesticPushToCard

string<enum>
Indicates which level of domestic push-to-card transfer is supported by the card, if any.
Possible values: not-supported, standard, fast-funds, unknown

expiration

object
The expiration date of the card or token.
Show child attributes

month

string 2 characters required
Two-digit month the card expires.

year

string 2 characters required
Two-digit year the card expires.

fingerprint

string <=100 characters
Uniquely identifies a linked payment card or token. For Apple Pay, the fingerprint is based on the tokenized card number and may vary based on the user's device. This field can be used to identify specific payment methods across multiple accounts on your platform.

holderName

string
The name of the cardholder as it appears on the card.

issuer

string
Financial institution that issued the card.

issuerCountry

string
Country where the card was issued.

issuerPhone

string
Phone number of the issuer.

issuerURL

string<uri>
URL of the issuer.

lastFourCardNumber

string 4 characters
Last four digits of the card number

merchantAccountID

string
Merchant account whose details (statement descriptor, address, etc.) are used for the card verification authorization. If omitted, the partner account's details are used instead.

paymentMethods

array<object>

Includes any payment methods created as a result of linking a card with the x-wait-for header set to payment-method.

Only returned by the link card endpoint; not included when getting or listing cards.

Show child attributes

paymentMethodID

string
ID of the payment method.

paymentMethodType

string<enum>
The payment method type that represents a payment rail and directionality
Possible values: moov-wallet, ach-debit-fund, ach-debit-collect, ach-credit-standard, ach-credit-same-day, rtp-credit, card-payment, push-to-card, pull-from-card, apple-pay, card-present-payment, instant-bank-credit

regulated

boolean
If true, the card issuing bank is regulated, and the scheme fees for debit transactions will be limited based on the Durbin Amendment. If false, the card issuing bank is not regulated, and the scheme fees will not be limited.