Update a card
Update a linked card and/or resubmit it for verification.
If a value is provided for CVV, a new verification ($0 authorization) will be submitted for the card. Updating the expiration date or address will update the information stored on file for the card but will not be verified.
Read our accept card payments guide to learn more.
Only use this endpoint if you have provided Moov with a copy of your PCI attestation of compliance.
To access this endpoint using an access token
you'll need to specify the /accounts/{accountID}/cards.write scope.
PATCH
/accounts/{accountID}/cards/{cardID}
|
|
|
|
|
|
|
|
|
|
The request completed successfully.
{
"billingAddress": {
"addressLine1": "123 Main Street",
"addressLine2": "Apt 302",
"city": "Boulder",
"country": "US",
"postalCode": "80301",
"stateOrProvince": "CO"
},
"bin": "411111",
"brand": "Visa",
"cardAccountUpdater": {
"updateType": "number-update",
"updatedOn": "2024-05-06T12:20:38.184Z"
},
"cardCategory": "CLASSIC",
"cardID": "01234567-89ab-cdef-0123-456789abcdef",
"cardOnFile": true,
"cardType": "credit",
"cardVerification": {
"accountName": {
"firstName": "match",
"fullName": "match",
"lastName": "match",
"middleName": "match"
},
"addressLine1": "match",
"cvv": "match",
"postalCode": "match"
},
"commercial": false,
"domesticPullFromCard": "supported",
"domesticPushToCard": "standard",
"expiration": {
"month": "01",
"year": "21"
},
"fingerprint": "9948962d92a1ce40c9f918cd9ece3a22bde62fb325a2f1fe2e833969de672ba3",
"holderName": "Jules Jackson",
"issuer": "GRINGOTTS BANK",
"issuerCountry": "US",
"issuerPhone": "8185551212",
"issuerURL": "HTTPS://WWW.EXAMPLE.COM/",
"lastFourCardNumber": "1111",
"merchantAccountID": "01234567-89ab-cdef-0123-456789abcdef",
"regulated": false
}Response headers
x-request-id
string
<uuid>
required
A unique identifier used to trace requests.
The server could not understand the request due to invalid syntax.
{
"error": "string"
}Response headers
x-request-id
string
<uuid>
required
A unique identifier used to trace requests.
The request contained missing or expired authentication.
Response headers
x-request-id
string
<uuid>
required
A unique identifier used to trace requests.
The user is not authorized to make the request.
Response headers
x-request-id
string
<uuid>
required
A unique identifier used to trace requests.
The requested resource was not found.
Response headers
x-request-id
string
<uuid>
required
A unique identifier used to trace requests.
The request conflicted with the current state of the target resource.
{
"error": "string"
}Response headers
x-request-id
string
<uuid>
required
A unique identifier used to trace requests.
The request was well-formed, but the contents failed validation. Check the request for missing or invalid fields.
{
"e2ee": {
"token": "string"
},
"billingAddress": "string",
"expiration": "string",
"cardCvv": "string",
"cardOnFile": "string",
"merchantAccountID": "string",
"verifyName": "string",
"holderName": "string"
}Response headers
x-request-id
string
<uuid>
required
A unique identifier used to trace requests.
Request was refused due to rate limiting.
Response headers
x-request-id
string
<uuid>
required
A unique identifier used to trace requests.
The request failed due to an unexpected error.
Response headers
x-request-id
string
<uuid>
required
A unique identifier used to trace requests.
The request failed because a downstream service failed to respond.
Response headers
x-request-id
string
<uuid>
required
A unique identifier used to trace requests.
Headers
x-moov-version
string
API version
Specify an API version.
API versioning follows the format vYYYY.QQ.BB, where
YYYYis the yearQQis the two-digit month for the first month of the quarter (e.g., 01, 04, 07, 10)BBis the build number, starting at.01, for subsequent builds in the same quarter.- For example,
v2024.01.00is the initial release of the first quarter of 2024.
- For example,
The latest version represents the most recent development state. It may include breaking changes and should be treated as a beta release.
Default:
v2024.01.00Path parameters
accountID
string
<uuid>
required
cardID
string
<uuid>
required
Body
application/json
billingAddress
object
Show child attributes
addressLine1
string
<=60 characters
addressLine2
string
<=32 characters
city
string
<=32 characters
country
string
<=2 characters
postalCode
string
<=10 characters
stateOrProvince
string
<=2 characters
cardCvv
string
cardOnFile
boolean
e2ee
object
Wraps a compact-serialized JSON Web Encryption (JWE) token used for secure transmission of sensitive data (e.g., PCI information) through intermediaries.
This token is encrypted using the public key from /end-to-end-keys and wraps an AES key. For details and examples, refer to our
GitHub repository.
Show child attributes
token
string<jwe>
An RFC compact-serialized JSON Web Encryption (JWE) token.
expiration
object
Show child attributes
month
string
year
string
holderName
string
merchantAccountID
string
verifyName
boolean
Response
application/json
billingAddress
object
required
Show child attributes
postalCode
string
<=10 characters
required
addressLine1
string
<=60 characters
addressLine2
string
<=32 characters
city
string
<=32 characters
country
string
<=2 characters
stateOrProvince
string
<=2 characters
bin
string
[6 to 8] characters
required
The first six to eight digits of the card number, which identifies the financial institution that issued the card.
brand
string<enum>
required
The card brand.
Possible values:
American Express,
Discover,
Mastercard,
Visa,
Unknown
cardID
string<uuid>
required
ID of the card.
cardType
string<enum>
required
The type of the card.
Possible values:
debit,
credit,
prepaid,
unknown
cardVerification
object
required
The results of submitting cardholder data to a card network for verification.
Show child attributes
addressLine1
string<enum>
required
Possible values:
noMatch,
match,
notChecked,
unavailable,
partialMatch
cvv
string<enum>
required
Possible values:
noMatch,
match,
notChecked,
unavailable,
partialMatch
postalCode
string<enum>
required
Possible values:
noMatch,
match,
notChecked,
unavailable,
partialMatch
accountName
object
The results of submitting cardholder name to a card network for verification.
Show child attributes
firstName
string<enum>
Possible values:
noMatch,
match,
notChecked,
unavailable,
partialMatch
fullName
string<enum>
Possible values:
noMatch,
match,
notChecked,
unavailable,
partialMatch
lastName
string<enum>
Possible values:
noMatch,
match,
notChecked,
unavailable,
partialMatch
middleName
string<enum>
Possible values:
noMatch,
match,
notChecked,
unavailable,
partialMatch
expiration
object
required
The expiration date of the card or token.
Show child attributes
month
string
2 characters
required
year
string
2 characters
required
fingerprint
string
<=100 characters
required
Uniquely identifies a linked payment card or token.
For Apple Pay, the fingerprint is based on the tokenized card number and may vary based on the user's device.
This field can be used to identify specific payment methods across multiple accounts on your platform.
lastFourCardNumber
string
4 characters
required
Last four digits of the card number
cardAccountUpdater
object
The results of the most recent card update request.
Show child attributes
updateType
string<enum>
The results of the card update request.
Possible values:
unspecified,
account-closed,
contact-cardholder,
expiration-update,
no-change,
no-match,
number-update
updatedOn
string<date-time>
cardCategory
string
The category or level of the card defined by the issuer.
Examples include, but not limited to, "REWARDS", "TRADITIONAL REWARDS", "CLASSIC", and "CORPORATE PURCHASING".
cardOnFile
boolean
Indicates cardholder has authorized card to be stored for future payments.
commercial
boolean
If true, the card is for commercial use, or associated with a business.
If false, the card is associated with a general consumer.
domesticPullFromCard
string<enum>
Indicates if the card supports domestic pull-from-card transfer.
Possible values:
not-supported,
supported,
unknown
domesticPushToCard
string<enum>
Indicates which level of domestic push-to-card transfer is supported by the card, if any.
Possible values:
not-supported,
standard,
fast-funds,
unknown
holderName
string
The name of the cardholder as it appears on the card.
issuer
string
Financial institution that issued the card.
issuerCountry
string
Country where the card was issued.
issuerPhone
string
Phone number of the issuer.
issuerURL
string<uri>
URL of the issuer.
merchantAccountID
string<uuid>
paymentMethods
array
Includes any payment methods created as a result of linking a card with the x-wait-for header set to payment-method.
Only returned by the link card endpoint; not included when getting or listing cards.
Show child attributes
paymentMethodID
string<uuid>
ID of the payment method.
paymentMethodType
string<enum>
The payment method type that represents a payment rail and directionality
Possible values:
moov-wallet,
ach-debit-fund,
ach-debit-collect,
ach-credit-standard,
ach-credit-same-day,
rtp-credit,
card-payment,
push-to-card,
pull-from-card,
apple-pay,
card-present-payment
regulated
boolean
If true, the card issuing bank is regulated, and the scheme fees for debit transactions will be limited based on the Durbin Amendment.
If false, the card issuing bank is not regulated, and the scheme fees will not be limited.