API Documentation — PrivCards Virtual Card API

Authentication

API Keys & Authentication

All API requests require a Bearer token. Generate your API key from Dashboard → Settings → API Keys.

API Key Security

Never expose your key in client-side code. Use environment variables. Keys prefixed with sk_live_ are production, sk_test_ are sandbox.

request-headers

Authorization: Bearer sk_live_your_api_key_here
Content-Type: application/json
X-Idempotency-Key: optional-unique-key-for-safe-retries

Rate Limits

1,000

Requests / Minute

Card Creates / Minute

10,000

Requests / Hour

Error Codes

error-response.json

{
  "error": "insufficient_funds",
  "message": "Your wallet balance is too low to fund this card.",
  "code": 400,
  "request_id": "req_7f8a9b2c3d4e"
}

200

Request succeeded

201

Resource created

400

Invalid request parameters

401

Missing or invalid API key

404

Resource not found

429

Rate limit exceeded

Cards

Card Management

Create, manage, and control virtual Visa & Mastercard cards. Each card is isolated with its own balance, limits, and lifecycle.

Request Body

Parameter	Type		Description
bin_id	string	required	BIN identifier (e.g. `491653`). Use `GET /bins` to list available BINs.
amount	number	required	Initial funding amount in USD. Min: $1.00, Max: $5,000.00
label	string	optional	Custom label for the card (max 64 chars)
spending_limit	number	optional	Monthly spending limit in USD. Defaults to BIN maximum.
allowed_categories	string[]	optional	MCC categories to whitelist (e.g. `["advertising", "software"]`)
auto_freeze_at	number	optional	Auto-freeze when balance drops below this amount
metadata	object	optional	Key-value pairs for your internal tracking (max 20 keys)

Example Request

curl

curl -X POST https://api.privcards.com/v1/cards \
  -H "Authorization: Bearer sk_live_..." \
  -H "Content-Type: application/json" \
  -d '{
    "bin_id": "491653",
    "amount": 500,
    "label": "Meta Ads Campaign #12",
    "spending_limit": 2000,
    "allowed_categories": ["advertising"],
    "metadata": {"campaign": "spring_2026"}
  }'

Response 201 Created

response.json

{
  "id": "card_8xK2m9Lp4q",
  "bin_id": "491653",
  "network": "visa",
  "last4": "2039",
  "status": "active",
  "balance": 500.00,
  "spending_limit": 2000.00,
  "label": "Meta Ads Campaign #12",
  "allowed_categories": ["advertising"],
  "auto_freeze_at": null,
  "metadata": { "campaign": "spring_2026" },
  "created_at": "2026-04-15T12:00:00Z",
  "expires_at": "2029-04-15T23:59:59Z"
}

Query Parameters

Parameter	Type		Description
status	string	optional	`active`, `frozen`, `terminated`
bin_id	string	optional	Filter by BIN
page	integer	optional	Page number. Default: `1`
per_page	integer	optional	Items per page (1-100). Default: `25`

apiDocs.cards.getDesc

Sensitive Endpoint

Returns full card PAN, CVV, and expiry. PCI-sensitive — never log or store unencrypted. Rate limited to 30 req/min.

Suspends all transactions. Balance is preserved. Card can be unfrozen later.

Re-enables transactions on a frozen card. Returns the card object with status: "active".

Irreversible Action

Terminating a card is permanent. Remaining balance is returned to your wallet instantly.

Funding

Card Funding

Add or withdraw funds from individual cards. Funds come from your wallet balance.

Request Body

Parameter	Type		Description
amount	number	required	Amount in USD to add. Min: $1.00, Max: $5,000.00

Returns updated card and wallet balances.

Transactions

Transaction History

View all transactions across your cards. Includes authorizations, settlements, refunds, and declines.

Query Parameters

Parameter	Type		Description
card_id	string	optional	Filter by card
type	string	optional	`authorization`, `settlement`, `refund`, `decline`
from	string	optional	Start date (ISO 8601)
to	string	optional	End date (ISO 8601)
page	integer	optional	Page number. Default: `1`

Wallet

Wallet & Deposits

Manage your account wallet. Deposit crypto, check balances, and track incoming deposits.

Response 200 OK

response.json

{
  "balance": 1312.50,
  "currency": "USD",
  "pending_deposits": 500.00,
  "total_deposited": 15000.00,
  "total_spent": 13687.50,
  "cards_active": 8,
  "cards_total_balance": 2450.00
}

Query Parameters

Parameter	Type		Description
currency	string	optional	`btc`, `eth`, `sol`, `usdt`. Omit to get all.

BINs

BIN Selection

List available BIN ranges with their capabilities, limits, and acceptance rates.

Response 200 OK

response.json

{
  "data": [
    {
      "id": "491653",
      "network": "visa",
      "type": "advertising",
      "3ds": true,
      "apple_pay": true,
      "google_pay": true,
      "max_transaction": 5000.00,
      "max_monthly": 50000.00,
      "acceptance_rate": 97.2,
      "best_for": ["meta_ads", "google_ads", "tiktok_ads"]
    }
  ]
}

3D Secure

3D Secure Authentication

Retrieve 3DS challenges and OTP codes. All cards are enrolled in 3DS 2.0 automatically.

Response 200 OK

response.json

{
  "data": [
    {
      "id": "3ds_m4n5o6p7",
      "card_id": "card_8xK2m9Lp4q",
      "merchant": "SPOTIFY",
      "amount": 9.99,
      "otp": "847291",
      "status": "pending",
      "expires_at": "2026-04-15T15:05:00Z"
    }
  ]
}

Webhooks

Webhooks & Events

Receive real-time notifications when events occur. Payloads are signed with HMAC-SHA256.

Available Events

card.createdA new card was issued

card.frozenA card was frozen

card.unfrozenA card was unfrozen

card.terminatedA card was terminated

card.fundedFunds added to a card

transaction.authorizedTransaction authorized

transaction.settledTransaction settled

transaction.declinedTransaction declined

transaction.refundedRefund processed

3ds.challenge3DS verification required

deposit.pendingCrypto deposit detected

deposit.confirmedCrypto deposit confirmed

Signature Verification

verify-webhook.py

import hmac, hashlib

def verify_webhook(payload, signature, secret):
    expected = hmac.new(
        secret.encode(),
        payload.encode(),
        hashlib.sha256
    ).hexdigest()
    return hmac.compare_digest(expected, signature)

Request Body

Parameter	Type		Description
url	string	required	HTTPS endpoint URL to receive events
events	string[]	required	Event types to subscribe. Use `["*"]` for all.
secret	string	optional	Custom signing secret. Auto-generated if omitted.

SDKs

SDKs & Libraries

Official client libraries for your stack. All SDKs support live and sandbox environments.

Python

pip install privcards

Node.js

npm i privcards

Go

go get privcards

Quick Start — Python

quickstart.py

from privcards import Client

client = Client("sk_live_your_api_key")

# Create a card
card = client.cards.create(
    bin_id="491653",
    amount=500,
    label="Ad Spend"
)
print(card.id, card.last4)

# Get full card details (PAN, CVV)
details = client.cards.details(card.id)
print(details.pan, details.cvv)

# Fund the card
client.cards.fund(card.id, amount=200)

# List transactions
txns = client.transactions.list(card_id=card.id)
for t in txns.data:
    print(t.merchant.name, t.amount)

Quick Start — Node.js

quickstart.js

const { privcards } = require('privcards');

const client = new privcards('sk_live_your_api_key');

// Create a card
const card = await client.cards.create({
  binId: '491653',
  amount: 500,
  label: 'Ad Spend',
});

// Get 3DS OTPs
const challenges = await client.threeds.list({
  cardId: card.id,
  status: 'pending',
});

// Set up webhooks
await client.webhooks.create({
  url: 'https://yourapp.com/hooks',
  events: ['transaction.authorized', '3ds.challenge'],
});

API Reference

API Keys & Authentication

API Key Security

Card Management

Sensitive Endpoint

Irreversible Action

Card Funding

Transaction History

Wallet & Deposits

BIN Selection

3D Secure Authentication

Webhooks & Events

SDKs & Libraries

Python

Node.js

Go