API Documentation

Integrate with our card issuing platform. All API requests should be sent with the `Content-Type: application/json` header.

Authentication: All API requests must include your publickey and secretkey in the request headers.

Visa Card API

Create Visa Card

Creates a new virtual Visa card.

Endpoint: POST /api/visacard/createcard

curl -X POST https://pagocards.com/api/visacard/createcard \
-H "Content-Type: application/json" \
-H "publickey: YOUR_PUBLIC_KEY" \
-H "secretkey: YOUR_SECRET_KEY" \
-d '{
  "nameoncard": "John Doe",
  "email": "user@example.com"
}'

{
  "nameoncard": "John Doe",
  "email": "user@example.com"
}

Get Sensitive Card Info

Retrieves sensitive details (e.g., full card number, CVV) for a specific Visa card.

Endpoint: POST /api/visacard/getsensitive

curl -X POST https://pagocards.com/api/visacard/getsensitive \
-H "Content-Type: application/json" \
-H "publickey: YOUR_PUBLIC_KEY" \
-H "secretkey: YOUR_SECRET_KEY" \
-d '{
  "email": "user@example.com",
  "cardid": "visac_xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
}'

{
  "email": "user@example.com",
  "cardid": "visac_xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
}

Get Card Details

Retrieves non-sensitive details and balance for a specific Visa card.

Endpoint: POST /api/visacard/getcard

curl -X POST https://pagocards.com/api/visacard/getcard \
-H "Content-Type: application/json" \
-H "publickey: YOUR_PUBLIC_KEY" \
-H "secretkey: YOUR_SECRET_KEY" \
-d '{
  "email": "user@example.com",
  "cardid": "visac_xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
}'

{
  "email": "user@example.com",
  "cardid": "visac_xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
}

Get Card Transactions

Retrieves a list of transactions for a specific Visa card.

Endpoint: POST /api/visacard/gettransaction

curl -X POST https://pagocards.com/api/visacard/gettransaction \
-H "Content-Type: application/json" \
-H "publickey: YOUR_PUBLIC_KEY" \
-H "secretkey: YOUR_SECRET_KEY" \
-d '{
  "email": "user@example.com",
  "cardid": "visac_xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
}'

{
  "email": "user@example.com",
  "cardid": "visac_xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
}

Get All Cards

Retrieves a list of all Visa cards for a specific user email.

Endpoint: POST /api/visacard/getallcards

curl -X POST https://pagocards.com/api/visacard/getallcards \
-H "Content-Type: application/json" \
-H "publickey: YOUR_PUBLIC_KEY" \
-H "secretkey: YOUR_SECRET_KEY" \
-d '{
  "email": "user@example.com"
}'

{
  "email": "user@example.com"
}

Get OTP

Retrieves the latest OTP for a specific card, if available within the last 3 minutes.

Endpoint: POST /api/visacard/getotp

curl -X POST https://pagocards.com/api/visacard/getotp \
-H "Content-Type: application/json" \
-H "publickey: YOUR_PUBLIC_KEY" \
-H "secretkey: YOUR_SECRET_KEY" \
-d '{
  "email": "user@example.com",
  "cardid": "visac_xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
}'

{
  "email": "user@example.com",
  "cardid": "visac_xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
}

Mastercard API

Create Mastercard

Creates a new virtual Mastercard.

Endpoint: POST /api/mastercard/createcard

curl -X POST https://pagocards.com/api/mastercard/createcard \
-H "Content-Type: application/json" \
-H "publickey: YOUR_PUBLIC_KEY" \
-H "secretkey: YOUR_SECRET_KEY" \
-d '{
  "firstname": "Jane",
  "lastname": "Doe",
  "email": "jane.doe@example.com"
}'

{
  "firstname": "Jane",
  "lastname": "Doe",
  "email": "jane.doe@example.com"
}

Fund Mastercard

Funds a Mastercard from your funding wallet. A topup fee of $1 + 1% applies.

Endpoint: POST /api/mastercard/fundcard

curl -X POST https://pagocards.com/api/mastercard/fundcard \
-H "Content-Type: application/json" \
-H "publickey: YOUR_PUBLIC_KEY" \
-H "secretkey: YOUR_SECRET_KEY" \
-d '{
  "cardid": "card_yyyyyyyyyyyy",
  "email": "jane.doe@example.com",
  "amount": 25
}'

{
  "cardid": "card_yyyyyyyyyyyy",
  "email": "jane.doe@example.com",
  "amount": 25
}

Get Card Details

Retrieves details for a specific Mastercard.

Endpoint: POST /api/mastercard/getcarddetails

curl -X POST https://pagocards.com/api/mastercard/getcarddetails \
-H "Content-Type: application/json" \
-H "publickey: YOUR_PUBLIC_KEY" \
-H "secretkey: YOUR_SECRET_KEY" \
-d '{
  "email": "jane.doe@example.com",
  "cardid": "card_yyyyyyyyyyyy"
}'

{
  "email": "jane.doe@example.com",
  "cardid": "card_yyyyyyyyyyyy"
}

Get All Cards

Retrieves a list of all Mastercards for a specific user email.

Endpoint: POST /api/mastercard/getallcards

curl -X POST https://pagocards.com/api/mastercard/getallcards \
-H "Content-Type: application/json" \
-H "publickey: YOUR_PUBLIC_KEY" \
-H "secretkey: YOUR_SECRET_KEY" \
-d '{
  "email": "jane.doe@example.com"
}'

{
  "email": "jane.doe@example.com"
}

Block / Unblock Card

Blocks or unblocks a specific Mastercard.

Endpoints:

POST /api/mastercard/blockdigital
POST /api/mastercard/unblockdigital

curl -X POST https://pagocards.com/api/mastercard/blockdigital \
-H "Content-Type: application/json" \
-H "publickey: YOUR_PUBLIC_KEY" \
-H "secretkey: YOUR_SECRET_KEY" \
-d '{
  "email": "jane.doe@example.com",
  "cardid": "card_yyyyyyyyyyyy"
}'

{
  "email": "jane.doe@example.com",
  "cardid": "card_yyyyyyyyyyyy"
}

3DS Secure Management

Checks for pending 3DS transactions and approves them.

Endpoints:

POST /api/mastercard/check3ds
POST /api/mastercard/approve3ds

// For check3ds
curl -X POST https://pagocards.com/api/mastercard/check3ds \
-H "Content-Type: application/json" \
-H "publickey: YOUR_PUBLIC_KEY" \
-H "secretkey: YOUR_SECRET_KEY" \
-d '{
  "email": "jane.doe@example.com",
  "cardid": "card_yyyyyyyyyyyy"
}'

// For approve3ds
curl -X POST https://pagocards.com/api/mastercard/approve3ds \
-H "Content-Type: application/json" \
-H "publickey: YOUR_PUBLIC_KEY" \
-H "secretkey: YOUR_SECRET_KEY" \
-d '{
  "email": "jane.doe@example.com",
  "cardid": "card_yyyyyyyyyyyy",
  "eventId": "event_zzzzzzzzzzzz"
}'

// For check3ds
{
  "email": "jane.doe@example.com",
  "cardid": "card_yyyyyyyyyyyy"
}

// For approve3ds
{
  "email": "jane.doe@example.com",
  "cardid": "card_yyyyyyyyyyyy",
  "eventId": "event_zzzzzzzzzzzz"
}

Get GPay/Apple Pay OTP

Retrieves a One-Time Password (OTP) for adding a card to a mobile wallet like Google Pay or Apple Pay.

Endpoint: POST /api/mastercard/checkwallet

curl -X POST https://pagocards.com/api/mastercard/checkwallet \
-H "Content-Type: application/json" \
-H "publickey: YOUR_PUBLIC_KEY" \
-H "secretkey: YOUR_SECRET_KEY" \
-d '{
  "email": "jane.doe@example.com",
  "cardid": "card_yyyyyyyyyyyy"
}'

{
  "email": "jane.doe@example.com",
  "cardid": "card_yyyyyyyyyyyy"
}

Spend Control

Create spending controls on a Mastercard.

Endpoint: POST /api/mastercard/spendcontrol

curl -X POST https://pagocards.com/api/mastercard/spendcontrol \
-H "Content-Type: application/json" \
-H "publickey: YOUR_PUBLIC_KEY" \
-H "secretkey: YOUR_SECRET_KEY" \
-d '{
  "email": "jane.doe@example.com",
  "cardid": "card_yyyyyyyyyyyy",
  "description": "Daily online spending",
  "type": "purchase", //Enum: purchase | blockedMcc
  "period": "daily", //Enum: daily | monthly | yearly
  "limit": 100
}'

{
  "email": "jane.doe@example.com",
  "cardid": "card_yyyyyyyyyyyy",
  "description": "Daily online spending",
  "type": "velocity_limit",
  "period": "daily",
  "limit": 100
}

Delete Spend Control

Delete an existing spending control from a Mastercard.

Endpoint: POST /api/mastercard/deletespendcontrol

curl -X POST https://pagocards.com/api/mastercard/deletespendcontrol \
-H "Content-Type: application/json" \
-H "publickey: YOUR_PUBLIC_KEY" \
-H "secretkey: YOUR_SECRET_KEY" \
-d '{
  "email": "jane.doe@example.com",
  "cardid": "card_yyyyyyyyyyyy",
  "controlid": "ctrl_xxxxxxxxxxxx"
}'

{
  "email": "jane.doe@example.com",
  "cardid": "card_yyyyyyyyyyyy",
  "controlid": "ctrl_xxxxxxxxxxxx"
}