Update a card

Update a linked card and/or resubmit it for verification. If a value is provided for CVV, a new verification ($0 authorization) will be submitted for the card. Updating the expiration date or address will update the information stored on file for the card but will not be verified.
Read our accept card payments guide to learn more. Only use this endpoint if you have provided Moov with a copy of your PCI attestation of compliance.

To use this endpoint from the browser, you’ll need to specify the /accounts/{accountID}/cards.write scope when generating a token.
PATCH
/accounts/{accountID}/cards/{cardID}
cURL
1
2
3
4
5
6
7
8
curl --request PATCH "https://api.moov.io/accounts/{accountID}/cards/{cardID}" \
  -H "Authorization: Bearer {token}" \
  --data-raw '{
    "expiration": {
      "month":"01",
      "year":"28"
    }
  }'\
200 400 404 409 422 429
Card updated.
Describes a card on a Moov account.
{
  "billingAddress": {
    "addressLine1": "123 Main Street",
    "addressLine2": "Apt 302",
    "city": "Boulder",
    "country": "US",
    "postalCode": "80301-1234",
    "stateOrProvince": "CO"
  },
  "bin": "123456",
  "brand": "Discover",
  "cardAccountUpdater": {
    "updateType": "number-update",
    "updatedOn": "2019-08-24T14:15:22Z"
  },
  "cardCategory": "CLASSIC",
  "cardID": "ec7e1848-dc80-4ab0-8827-dd7fc0737b43",
  "cardOnFile": true,
  "cardType": "debit",
  "cardVerification": {
    "accountName": {
      "firstName": "match",
      "fullName": "match",
      "lastName": "match",
      "middleName": "match"
    },
    "addressLine1": "match",
    "cvv": "match",
    "postalCode": "match"
  },
  "commercial": true,
  "domesticPullFromCard": "supported",
  "domesticPushToCard": "fast-funds",
  "expiration": {
    "month": "01",
    "year": "21"
  },
  "fingerprint": "9948962d92a1ce40c9f918cd9ece3a22bde62fb325a2f1fe2e833969de672ba3",
  "holderName": "Jules Jackson",
  "issuer": "GRINGOTTS BANK",
  "issuerCountry": "US",
  "issuerPhone": "8185551212",
  "issuerURL": "HTTPS://WWW.EXAMPLE.COM/",
  "lastFourCardNumber": "1234",
  "merchantAccountID": "50469144-f859-46dc-bdbd-9587c2fa7b42",
  "paymentMethods": [
    {
      "paymentMethodID": "9506dbf6-4208-44c3-ad8a-e4431660e1f2",
      "paymentMethodType": "card-payment"
    },
    {
      "paymentMethodID": "3f9969cf-a1f3-4d83-8ddc-229a506651cf",
      "paymentMethodType": "push-to-card"
    }
  ],
  "regulated": true
}
The request was invalid.
No card with the specified accountID was found.
Attempting to update an existing disabled card.
The supplied card data appeared invalid or was declined by the issuer.
{
  "error": "card re-verification failure: do-not-honor"
}
{
  "error": "issue with information provided"
}
{
  "cardCvv": "must contain digits only"
}
Request was refused due to rate limiting.

Retry-After

number

Path parameters

accountID

string <uuid> required
ID of the Moov account representing the cardholder.

cardID

string <uuid> required
ID of the card.

Body

application/json
Describes properties of a card to update.

billingAddress

object
Provide address fields as necessary to patch the currently saved address. Omit any fields that should not be changed.
right_key Show child attributes

addressLine1

string <=60 characters

addressLine2

string <=32 characters

city

string <=24 characters

country

string <=2 characters

postalCode

string [1 to 10] characters

stateOrProvince

string <=2 characters

cardCvv

string
Provide a CVV to trigger a re-verification of CVV, addressLine1, and postalCode of this card. Omit CVV to update card fields without performing these re-verifications.

cardOnFile

boolean
Indicates cardholder has authorized card to be stored for future payments.

e2ee

object
Optional and only used if planning to use End to End Encryption to pass PCI data through an intermediary. This is the output of using compact serialization of a JWE token that wraps an AES key and uses the public key returned from /end-to-end-keys. Examples of how to create this token can be found on our GitHub. Body for a JWE token following RFC.
right_key Show child attributes

token

string<JWE>

expiration

object
Provide expiration date fields as necessary to patch the currently saved date. Omit any fields that should not be changed.
right_key Show child attributes

month

string 2 characters

year

string 2 characters

holderName

string
The name of the cardholder as it appears on the card. If ‘verifyName’ is not set, the ‘holderName’ will simply be updated. If ‘verifyName’ is set and the card brand is Visa, this value will be submitted for verification. The ‘holderName’ will be updated regardless of the verification result.

merchantAccountID

string
ID of the Moov account acting as a merchant or other entity authorized to store the card. Defaults to your platform account ID if cardOnFile is set to true and no other account is provided.

verifyName

boolean
Indicates whether to submit the cardholder name to a card network for verification. If ‘holderName’ is also in the request, that name will get verified, otherwise the name currently stored with the card will get submitted for verification. Only Visa cards are eligible for cardholder name verification.

Response

application/json
Describes a card on a Moov account.

billingAddress

object
right_key Show child attributes

addressLine1

string <=60 characters required

city

string <=24 characters required

country

string <=2 characters required

postalCode

string [1 to 10] characters required

stateOrProvince

string <=2 characters required

addressLine2

string <=32 characters

bin

string
The first six to eight digits of the card number, which identifies the financial institution that issued the card.

brand

string
The card brand.
Possible values: American Express, Discover, Mastercard, Visa

cardAccountUpdater

object
The results of the most recent card update request.
right_key Show child attributes

updateType

string<enum>
The results of the card update request.
Possible values: unspecified, account-closed, contact-cardholder, expiration-update, no-change, no-match, number-update

updatedOn

string<date-time> <=24 characters

cardCategory

string
The category or level of the card defined by the issuer. Examples include, but not limited to “REWARDS”, “TRADITIONAL REWARDS”, “CLASSIC”, and “CORPORATE PURCHASING”.

cardID

string<uuid> <=36 characters
UUID

cardOnFile

boolean
Indicates cardholder has authorized card to be stored for future payments.

cardType

string<enum>
The type of the card.
Possible values: debit, credit, prepaid, unknown

cardVerification

object
The results of submitting cardholder data to a card network for verification.
right_key Show child attributes

accountName

object
The results of submitting cardholder name to a card network for verification.
right_key Show child attributes

firstName

string
Possible values: noMatch, match, notChecked, unavailable, partialMatch

fullName

string
Possible values: noMatch, match, notChecked, unavailable, partialMatch

lastName

string
Possible values: noMatch, match, notChecked, unavailable, partialMatch

middleName

string
Possible values: noMatch, match, notChecked, unavailable, partialMatch

addressLine1

string
Possible values: noMatch, match, notChecked, unavailable, partialMatch

cvv

string
Possible values: noMatch, match, notChecked, unavailable, partialMatch

postalCode

string
Possible values: noMatch, match, notChecked, unavailable, partialMatch

commercial

boolean
If true, the card is for commercial use, or associated with a business. If false, the card is associated with a general consumer.

domesticPullFromCard

string
Indicates if the card supports domestic pull-from-card transfer.
Possible values: not-supported, supported, unknown

domesticPushToCard

string
Indicates which level of domestic push-to-card transfer is supported by the card, if any.
Possible values: not-supported, standard, fast-funds, unknown

expiration

object
The expiration date of the card or token.
right_key Show child attributes

month

string 2 characters

year

string 2 characters

fingerprint

string <=100 characters
Uniquely identifies a linked payment card or token. For Apple Pay, the fingerprint is based on the tokenized card number and may vary based on the user’s device. This field can be used to identify specific payment methods across multiple accounts on your platform.

holderName

string
The name of the cardholder as it appears on the card.

issuer

string
Financial institution that issued the card.

issuerCountry

string
Country where the card was issued.

issuerPhone

string
Phone number of the issuer.

issuerURL

string
URL of the issuer.

lastFourCardNumber

string
Last four digits of the card number

merchantAccountID

string<uuid>
ID of the Moov account acting as a merchant or other entity authorized to store the card. Defaults to your platform account ID if cardOnFile is set to true and no other account is provided.

paymentMethods

array

Includes any payment methods generated for a newly linked card, removing the need to call the List Payment Methods endpoint following a successful Link Card request.

NOTE: This field is only populated for Link Card requests made with the X-Wait-For header.

right_key Show child attributes

paymentMethodID

string<uuid> <=36 characters
UUID

paymentMethodType

string<enum>
The payment method type that represents a payment rail and directionality
Possible values: moov-wallet, ach-debit-fund, ach-debit-collect, ach-credit-standard, ach-credit-same-day, rtp-credit, card-payment, apple-pay, push-to-card, pull-from-card

regulated

boolean
If true, the card issuing bank is regulated, and the scheme fees for debit transactions will be limited based on the Durbin Amendment. If false, the card issuing bank is not regulated, and the scheme fees will not be limited.