Get the card details for the card token stored in the Afterpay backend.

This interface could only be accessed by the Merchant host. All other access will be blocked. IP whitelisting will ensure only traffic from Merchant could access this endpoint.

The interface provided is an HTTP Get Request and JSON response

HTTP Request

POST https://<env>/v1/cards/details

Request body

Name	Type	Mandatory	Description	Comment
token	string	yes	The unique identifier for the customer's payment card stored in Afterpay side referred to as card token
risk	Risk	yes	Information to enable risk assessment process.	Refer Risk Object
requestor	string	yes	Who requested the card details	phone number, employee number etc.

Request headers

Parameter	Mandatory	Description
Content-Type	yes	application/json
Accept	yes	application/json
Authorization	yes	Bearer Access-admin-oauth-token (Refer Authentication)
User-Agent	yes	All requests must include information about the Afterpay Merchant, Platform, Channel and Service. For example `Merchant/ABC; Platform/Digital; MerchantId/ABC123; Channel/sms; CountryCode/AU; System Information/Java/8.3; Service/Activation
Request-Id	yes	unique identifier for card details request provided by the merchant

Sample Example

curl -v -X POST https://<env>/v1/cards/details \
-H "Content-Type: application/json" \
-H "Accept: application/json" \
-H "Authorization: Bearer eryJghjhkhkhkjhjkhWErtyuuj" \
-H "User-Agent: Merchant/ABC; Platform/Digital; MerchantId/ABC123; Channel/sms; CountryCode/AU System Information/Java/8.3; Service/Recharge"\
-H "Request-Id: 8456732415666565656565656565656" \
-d '{
  "token": "6966af4975984c30ae2e2c18985bc21c",
  "risk": {...},
  "requestor": "61402223333"
}'

Response body

Name	Type	Mandatory	Description	Comment
id	string	yes	Uniquely identifies each transaction. This is generated by the APT and is included in the response
receiptId	string	yes	Identifier for card details request generated by Afterpay
last4Digits	string	no	The last 4 digits of the payment card may be used for visual identification of the payment card	It could be the last 4, 3 or 2 digits depending on what is stored in the Afterpay system due to PCI compliance – eg.,'1254', '324', '65'
cardBrand	string	no	The scheme issuing the card e.g. Visa, Mastercard, American Express
cardType	string	no	Indicates the payment card type and whether it is associated with a credit or debit account
cardSubType	string	no	Indicates the non-standardised, marketing sub-classification of the card
issuingBank	string	no	The name of the institution issuing the payment card
country	string	no	The country in which the card was issued	ISO 3166-1 alpha-2
requestor	string	no	Who requested the card details	phone number, employee number etc.

Sample Example

Status: 200 OK

{
  "id": "13e753e2e4a4b2f692b573e5fbe98b7b5523586a",
  "receiptId": "32432",
  "last4Digits": "1111",
  "creditLimit": 123,
  "cardBrand": "VISA",
  "cardType": "DEBIT",
  "cardSubType": "pre-paid giftcard",
  "issuingBank": "Commonwealth Bank of Australia",
  "country":"AU"
}