Get card metadata
Look up metadata for a card without linking it to a Moov account.
Only use this endpoint if you have provided Moov with a copy of your PCI attestation of compliance.
To access this endpoint using an access token
you'll need to specify the /card-metadata.read scope.
POST
/card-metadata
curl -X POST "https://api.moov.io/card-metadata" \
-H "Authorization: Bearer {token}" \
-H "X-Moov-Version: v2026.07.00" \
-d '{
"cardNumber": "4111111111111111"
}'import { Moov } from "@moovio/sdk";
const moov = new Moov({
security: {
username: "",
password: "",
},
});
async function run() {
const result = await moov.cards.getMetadata({
cardNumber: "4111111111111111",
});
console.log(result);
}
run();declare(strict_types=1);
require 'vendor/autoload.php';
use Moov\MoovPhp;
use Moov\MoovPhp\Models\Components;
$sdk = MoovPhp\Moov::builder()
->setSecurity(
new Components\Security(
username: '',
password: '',
)
)
->build();
$request = new Components\CardMetadataRequest(
cardNumber: '4111111111111111',
);
$response = $sdk->cards->getMetadata(
request: $request
);
if ($response->cardMetadata !== null) {
// handle response
}package hello.world;
import io.moov.sdk.Moov;
import io.moov.sdk.models.components.CardMetadataRequest;
import io.moov.sdk.models.components.Security;
import io.moov.sdk.models.errors.CardMetadataRequestError;
import io.moov.sdk.models.errors.GenericError;
import io.moov.sdk.models.operations.GetCardMetadataResponse;
import java.lang.Exception;
public class Application {
public static void main(String[] args) throws GenericError, CardMetadataRequestError, Exception {
Moov sdk = Moov.builder()
.security(Security.builder()
.username("")
.password("")
.build())
.build();
CardMetadataRequest req = CardMetadataRequest.builder()
.cardNumber("4111111111111111")
.build();
GetCardMetadataResponse res = sdk.cards().getMetadata()
.request(req)
.call();
if (res.cardMetadata().isPresent()) {
System.out.println(res.cardMetadata().get());
}
}
}from moovio_sdk import Moov
from moovio_sdk.models import components
with Moov(
security=components.Security(
username="",
password="",
),
) as moov:
res = moov.cards.get_metadata(e2ee={
"token": "eyJhbGciOiJFQ0RILUVTK0EyNTZLVyIsImVuYyI6IkEyNTZHQ00iLCJlcGsiOnsia3R5IjoiRUMiLCJjcnYiOiJQLTUyMSIsIngiOiJBS0NYVDM1WVdvTm8wbzExNy1SU0dqUGg3alN1NjFmLUhnYkx1dW0xVG1ueTRlcW5yX2hyU0hpY0w1d3gwODRCWDBRZjVTdEtkRUoydzY2ZUJqWHprRV9OIiwieSI6IkFIMEJfT2RaYTQtbG43dGJ4M3VBdlc1NDNQRE9HUXBCTDloRFFNWjlTQXNfOW05UWN3dnhRd1hrb1VrM3VzT1FnVV9ySVFrNFRoZ1NTUzV4UlhKcm5ZaTkifSwia2lkIjoiYmRvV3pLekpKUGw0TVFIaENDa05WYTZlZ1dmYi02V1haSjZKTFZqQ0hWMD0ifQ.HalyoHsfufBJEODd2lD9ThQvvVWw3b2kgWDLHGxmHhMv8rODyLL_Ug.rpQP178t8Ed_pUU2.Sn9UFeVoegAxiMUv11q7l3M0y9YHSLYi2n_JB7n7Pc777_47-icfaxstJemT0IC81w.akkq1EBxzWkBr4vEomSpWA",
}, card_number="4111111111111111")
# Handle response
print(res)require 'moov_ruby'
Models = ::Moov::Models
s = ::Moov::Client.new(
security: Models::Components::Security.new(
username: '',
password: ''
)
)
req = Models::Components::CardMetadataRequest.new(
card_number: '4111111111111111'
)
res = s.cards.get_metadata(request: req)
unless res.card_metadata.nil?
# handle response
endusing Moov.Sdk;
using Moov.Sdk.Models.Components;
var sdk = new MoovClient(security: new Security() {
Username = "",
Password = "",
});
CardMetadataRequest req = new CardMetadataRequest() {
CardNumber = "4111111111111111",
};
var res = await sdk.Cards.GetMetadataAsync(req);
// handle responseThe request completed successfully.
{
"bin": "411111",
"brand": "Visa",
"cardCategory": "CLASSIC",
"cardType": "credit",
"commercial": false,
"domesticPullFromCard": "supported",
"domesticPushToCard": "standard",
"issuer": "GRINGOTTS BANK",
"issuerCountry": "US",
"issuerPhone": "8185551212",
"issuerURL": "HTTPS://WWW.EXAMPLE.COM/",
"regulated": false
}Response headers
x-request-id
string
required
A unique identifier used to trace requests.
The server could not understand the request due to invalid syntax.
{
"error": "string"
}Response headers
x-request-id
string
required
A unique identifier used to trace requests.
The request contained missing or expired authentication.
Response headers
x-request-id
string
required
A unique identifier used to trace requests.
The user is not authorized to make the request.
Response headers
x-request-id
string
required
A unique identifier used to trace requests.
The requested resource was not found.
Response headers
x-request-id
string
required
A unique identifier used to trace requests.
The request conflicted with the current state of the target resource.
{
"error": "string"
}Response headers
x-request-id
string
required
A unique identifier used to trace requests.
The request was well-formed, but the contents failed validation. Check the request for missing or invalid fields.
{
"error": "string",
"e2ee": {
"token": "string"
},
"cardNumber": "string"
}Response headers
x-request-id
string
required
A unique identifier used to trace requests.
Request was refused due to rate limiting.
Response headers
x-request-id
string
required
A unique identifier used to trace requests.
The request failed due to an unexpected error.
Response headers
x-request-id
string
required
A unique identifier used to trace requests.
The request failed because a downstream service failed to respond.
Response headers
x-request-id
string
required
A unique identifier used to trace requests.
Headers
X-Moov-Version
string
Set this header to v2026.07.00 to use the API described in this specification. When omitted, the server defaults to v2024.01.00, which may not match the behavior documented here.
Possible values:
v2026.07.00
Body
application/json
cardNumber
string
The full card number (PAN).
e2ee
object
Wraps a compact-serialized JSON Web Encryption (JWE) token used for secure transmission of sensitive data (e.g., PCI information) through intermediaries.
This token is encrypted using the public key from /end-to-end-keys and wraps an AES key. For details and examples, refer to our
GitHub repository.
Show child attributes
token
string<jwe>
required
An RFC compact-serialized JSON Web Encryption (JWE) token.
Response
bin
string
[6 to 8] characters
required
The first six to eight digits of the card number, which identifies the financial institution that issued the card.
brand
string<enum>
required
The card brand.
Possible values:
American Express,
Discover,
Mastercard,
Visa,
Unknown
cardType
string<enum>
required
The type of the card.
Possible values:
debit,
credit,
prepaid,
unknown
cardCategory
string
The category or level of the card defined by the issuer.
Examples include, but not limited to, "REWARDS", "TRADITIONAL REWARDS", "CLASSIC", and "CORPORATE PURCHASING".
commercial
boolean
If true, the card is for commercial use, or associated with a business.
If false, the card is associated with a general consumer.
domesticPullFromCard
string<enum>
Indicates if the card supports domestic pull-from-card transfer.
Possible values:
not-supported,
supported,
unknown
domesticPushToCard
string<enum>
Indicates which level of domestic push-to-card transfer is supported by the card, if any.
Possible values:
not-supported,
standard,
fast-funds,
unknown
issuer
string
Financial institution that issued the card.
issuerCountry
string
Country where the card was issued.
issuerPhone
string
Phone number of the issuer.
issuerURL
string<uri>
URL of the issuer.
regulated
boolean
If true, the card issuing bank is regulated, and the scheme fees for debit transactions will be limited based on the Durbin Amendment.
If false, the card issuing bank is not regulated, and the scheme fees will not be limited.