Cards (1.0)

Download OpenAPI specification:Download

Cards servicing

List all cards for an account

Returns all cards associated with the account specified in the request URL.

Request
Security:
path Parameters
account_id
required
string
query Parameters
page[number]
integer
Default: 1

The number of results pages to return.

page[size]
integer
Default: 10

The size of each page in the response.

Responses
200

Successful result of the operation

400

Invalid request.

403

You are not authorized to perform this action.

404

The resource could not be found.

500

Internal server error.

default

Unexpected error

get/v1/accounts/{account_id}/cards
Request samples
curl -i -X GET \
  'https://api.solaris-sandbox.de/v1/accounts/{account_id}/cards?page%5Bnumber%5D=1&page%5Bsize%5D=10'
Response samples
application/json
[
  • {
    }
]

List all cards for a business

Returns all cards associated with the business specified in the request URL.

Request
Security:
path Parameters
business_id
required
string
query Parameters
page[number]
integer
Default: 1

The number of results pages to return.

page[size]
integer
Default: 10

The size of each page in the response.

Responses
200

Successful result of the operation

400

Invalid request.

403

You are not authorized to perform this action.

404

The resource could not be found.

500

Internal server error.

default

Unexpected error

get/v1/businesses/{business_id}/cards
Request samples
curl -i -X GET \
  'https://api.solaris-sandbox.de/v1/businesses/{business_id}/cards?page%5Bnumber%5D=1&page%5Bsize%5D=10'
Response samples
application/json
[
  • {
    }
]

Index cards

Returns an array containing all cards belonging to all of your customers.

Request
Security:
query Parameters
page[number]
integer
Default: 1

The number of results pages to return.

page[size]
integer
Default: 10

The size of each page in the response.

filter[business_id]
string

Filter the results by the ID of the business associated with the card.

filter[person_id]
string

Filter the results by the ID of the person associated with the card.

filter[status]
string

Filter the results by the card status.

filter[type]
string

Filter the results by the card type.

filter[masked_pan]
string

Filter the results by the card's masked PAN.

filter[line_1]
string

Filter the cards by the value of their address line 1.

filter[sia_account_number]
string

Filter the results by the SIA account number.

Responses
200

Successful result of the operation

400

Invalid request.

403

You are not authorized to perform this action.

404

The resource could not be found.

500

Internal server error.

default

Unexpected error

get/v1/cards
Request samples
curl -i -X GET \
  'https://api.solaris-sandbox.de/v1/cards?page%5Bnumber%5D=1&page%5Bsize%5D=10&filter%5Bbusiness_id%5D=string&filter%5Bperson_id%5D=string&filter%5Bstatus%5D=string&filter%5Btype%5D=string&filter%5Bmasked_pan%5D=string&filter%5Bline_1%5D=string&filter%5Bsia_account_number%5D=string'
Response samples
application/json
[
  • {
    }
]

Show a card

Returns information about the card specified in the request URL.

Request
Security:
path Parameters
id
required
string
Responses
200

Successful result of the operation

400

Invalid request.

403

You are not authorized to perform this action.

404

The resource could not be found.

500

Internal server error.

default

Unexpected error

get/v1/cards/{id}
Request samples
curl -i -X GET \
  'https://api.solaris-sandbox.de/v1/cards/{id}'
Response samples
application/json
{
  • "id": "8febdba4912a747808ccc6f95f82bbb4",
  • "status": "ACTIVE",
  • "reference": "87285d83-ab15-4906-af87-5763801d9e43",
  • "type": "MASTERCARD_DEBIT",
  • "expiration_date": "2020-12-30",
  • "new_card_ordered": false,
  • "person_id": "5af2ea4271038d5c53e68ccbf4fe43b3cper",
  • "account_id": "a5844f601567db9b59b3531245a58e96cacc",
  • "business_id": "52e6a9b8a559d842ed7d8901b0e1bf4bcbiz",
  • "representation": {
    },
  • "creation_date": "2022-05-01",
  • "sia_account_number": "500001650679"
}

Create a card

Creates a card in the name of the person specified in the request URL and attaches it to the given account.
Please note the following:

  • The cardholder name (i.e., the value of line_1 is not automatically generated. You must enter a value as close to the cardholder's actual name as possible.
  • The value of line_1 may not exceed 21 characters.
  • You must enter a / between the cardholder's first and last name(s). Example: ADAM AARON/SCHMIDT
  • You may only use the following characters in the value of line_1: ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789 -/. Please convert accented characters to their non-accented equivalents (e.g., converting Ö to OE, É to E).
  • Card activation requests are blocked for the first 24 hours after card creation. In order to test on Sandbox with immediate activation, please include the string WITHSTATICTOKEN within the line_1 property. See the request example on the right for information on how to use it.

Request
Security:
path Parameters
person_id
required
string
account_id
required
string
Request Body schema: application/json

The content of the request

line_1
required
string

The cardholder's name as it should be printed on the card. Please note the guidelines for this value as written in the method description above.

type
string

The type of the card. Note The following enum list is not exhaustive but only indicative of some possible values.

Enum: "MASTERCARD_DEBIT" "MASTERCARD_BUSINESS_DEBIT" "VIRTUAL_MASTERCARD_DEBIT" "VIRTUAL_MASTERCARD_BUSINESS_DEBIT" "VIRTUAL_MASTERCARD_FREELANCE_DEBIT" "VISA_DEBIT" "VISA_BUSINESS_DEBIT" "VIRTUAL_VISA_DEBIT" "VIRTUAL_VISA_BUSINESS_DEBIT" "VIRTUAL_VISA_FREELANCE_DEBIT" "VISA_CREDIT" "VIRTUAL_VISA_CREDIT" "VISA_BUSINESS_CREDIT" "VIRTUAL_VISA_BUSINESS_CREDIT"
business_id
string

(For business cards) ID of the business with which to associate the card.

reference
string

A unique reference for the card. This field is mandatory, and the API will check it for uniqueness.

card_configuration_id
string
Deprecated

ID of the card configuration to use with the new card.

Responses
200

Successful result of the operation

400

Invalid request.

403

You are not authorized to perform this action.

404

The resource could not be found.

500

Internal server error.

default

Unexpected error

post/v1/persons/{person_id}/accounts/{account_id}/cards
Request samples
application/json
{
  • "line_1": "MICHAEL WITHSTATICTOKEN/MUSTERMANN",
  • "type": "MASTERCARD_BUSINESS_DEBIT",
  • "business_id": "52e6a9b8a559d842ed7d8901b0e1bf4bcbiz",
  • "reference": "61a50bf05278217a57e5ad15ed259e44"
}
Response samples
application/json
{
  • "id": "8febdba4912a747808ccc6f95f82aaa4",
  • "status": "PROCESSING"
}

Index cards for a person

Returns all cards associated with the person specified in the request URL.

Request
Security:
path Parameters
person_id
required
string
query Parameters
page[number]
integer
Default: 1

The number of results pages to return.

page[size]
integer
Default: 10

The size of each page in the response.

Responses
200

Successful result of the operation

400

Invalid request.

403

You are not authorized to perform this action.

404

The resource could not be found.

500

Internal server error.

default

Unexpected error

get/v1/persons/{person_id}/cards
Request samples
curl -i -X GET \
  'https://api.solaris-sandbox.de/v1/persons/{person_id}/cards?page%5Bnumber%5D=1&page%5Bsize%5D=10'
Response samples
application/json
[
  • {
    }
]

Activate a card

Activates the card with the ID specified in the request URL.
Please note the following preconditions:

  • The card must have a status value of ACTIVE or INACTIVE (if activating a replacement card).
  • The account to which the card is tied must have a blocking_status value of NO_BLOCK.

Note: Card activation requests are blocked for the first 24 hours after card creation. In order to test on Sandbox with immediate activation, please include the string WITHSTATICTOKEN within the line_1 property when creating a card.

Request
Security:
path Parameters
id
required
string
Responses
200

Successful result of the operation

400

Invalid request.

403

You are not authorized to perform this action.

404

The resource could not be found.

500

Internal server error.

default

Unexpected error

post/v1/cards/{id}/activate
Request samples
curl -i -X POST \
  'https://api.solaris-sandbox.de/v1/cards/{id}/activate'
Response samples
application/json
{
  • "id": "8febdba4912a747808ccc6f95f82bbb4",
  • "status": "ACTIVE",
  • "reference": "87285d83-ab15-4906-af87-5763801d9e43",
  • "type": "MASTERCARD_DEBIT",
  • "expiration_date": "2020-12-30",
  • "new_card_ordered": false,
  • "person_id": "5af2ea4271038d5c53e68ccbf4fe43b3cper",
  • "account_id": "a5844f601567db9b59b3531245a58e96cacc",
  • "business_id": "52e6a9b8a559d842ed7d8901b0e1bf4bcbiz",
  • "representation": {
    },
  • "sia_account_number": "500001650679"
}

Block a card

Blocks the card with the ID specified in the request URL. Note that the card must have a status value of ACTIVE in order to be blocked.

Request
Security:
path Parameters
id
required
string
Responses
200

Successful result of the operation

400

Invalid request.

403

You are not authorized to perform this action.

404

The resource could not be found.

500

Internal server error.

default

Unexpected error

post/v1/cards/{id}/block
Request samples
curl -i -X POST \
  'https://api.solaris-sandbox.de/v1/cards/{id}/block'
Response samples
application/json
{
  • "id": "8febdba4912a747808ccc6f95f82bbb4",
  • "status": "ACTIVE",
  • "reference": "87285d83-ab15-4906-af87-5763801d9e43",
  • "type": "MASTERCARD_DEBIT",
  • "expiration_date": "2020-12-30",
  • "new_card_ordered": false,
  • "person_id": "5af2ea4271038d5c53e68ccbf4fe43b3cper",
  • "account_id": "a5844f601567db9b59b3531245a58e96cacc",
  • "business_id": "52e6a9b8a559d842ed7d8901b0e1bf4bcbiz",
  • "representation": {
    }
}

Unblock a card

Unblocks the card specified in the request URL. Please note that the card must have the status of BLOCKED in order for you to unblock it with this method. If the card has the status BLOCKED_BY_SOLARIS, then you cannot unblock it with this method.

Request
Security:
path Parameters
id
required
string
Responses
200

Successful result of the operation

400

Invalid request.

403

You are not authorized to perform this action.

404

The resource could not be found.

500

Internal server error.

default

Unexpected error

post/v1/cards/{id}/unblock
Request samples
curl -i -X POST \
  'https://api.solaris-sandbox.de/v1/cards/{id}/unblock'
Response samples
application/json
{
  • "id": "8febdba4912a747808ccc6f95f82bbb4",
  • "status": "ACTIVE",
  • "reference": "87285d83-ab15-4906-af87-5763801d9e43",
  • "type": "MASTERCARD_DEBIT",
  • "expiration_date": "2020-12-30",
  • "new_card_ordered": false,
  • "person_id": "5af2ea4271038d5c53e68ccbf4fe43b3cper",
  • "account_id": "a5844f601567db9b59b3531245a58e96cacc",
  • "business_id": "52e6a9b8a559d842ed7d8901b0e1bf4bcbiz",
  • "representation": {
    }
}

Close a card

Closes the card with the ID specified in the request URL.
Note: this action cannot be undone.
In order to be closed, the card must have one of the following statuses:

  • ACTIVE
  • BLOCKED
  • COUNTERFEIT_CARD
  • FRAUD
  • INACTIVE
  • LOST
  • NEVER_RECEIVED
  • STOLEN

Request
Security:
path Parameters
id
required
string
Responses
200

Successful result of the operation

400

Invalid request.

403

You are not authorized to perform this action.

404

The resource could not be found.

500

Internal server error.

default

Unexpected error

post/v1/cards/{id}/close
Request samples
curl -i -X POST \
  'https://api.solaris-sandbox.de/v1/cards/{id}/close'
Response samples
application/json
{
  • "id": "8febdba4912a747808ccc6f95f82bbb4",
  • "status": "ACTIVE",
  • "reference": "87285d83-ab15-4906-af87-5763801d9e43",
  • "type": "MASTERCARD_DEBIT",
  • "expiration_date": "2020-12-30",
  • "new_card_ordered": false,
  • "person_id": "5af2ea4271038d5c53e68ccbf4fe43b3cper",
  • "account_id": "a5844f601567db9b59b3531245a58e96cacc",
  • "business_id": "52e6a9b8a559d842ed7d8901b0e1bf4bcbiz",
  • "representation": {
    }
}

Report a card as lost or stolen

Reports the card specified in the request URL as lost or stolen. The card will be immediately blacklisted. Please note the following:

  • This endpoint only works for physical cards.
  • Only use this endpoint in the event that the physical card is lost or stolen. If the card is damaged, please use the POST Replace a card endpoint.
  • You can order a replacement card in the same API call by setting the value of order_replacement to true.
  • When a card has been reported as lost or stolen, it immediately stops working. This action cannot be undone.
  • If the customer has added their card to Google Pay or Apple Pay, reports it lost or stolen, and requests a replacement at the same time, then the lost/stolen card will continue to work. If the cardholder believes that their card and phone were both compromised, then you should not order them a replacement card in the same API call. Instead, use the POST Create a card endpoint to order them a new one.
  • For sandbox testing, you must set the value of lost_at to 2021-06-03T18:31:09+00:00.

Request
Security:
path Parameters
id
required
string
Request Body schema: application/json

The content of the request

loss_reason
required
string

The customer's reason for reporting the card as lost or stolen.

Enum: "COUNTERFEIT_PLASTIC" "HOME_INVASION" "LEFT_AT_MERCHANT" "LOST" "MAIL_ORDER" "MAILBOX_THEFT" "MISSING_AT_HOME" "PICK_POCKET" "PREVENTIVE_BLOCK" "SUSPECTED_MERCHANT_FRAUD"
lost_at
required
string <date-time>

Timestamp from when the card was lost (ISO 8601 format).

order_replacement
boolean

Boolean to indicate whether or not to order the customer a replacement card in the same API request. Note that you can set this to false and order the customer a new card in a separate API call, e.g., if they lost a tokenized card.

retain_pin
boolean

(If ordering a replacement card right away) Boolean to indicate whether the new card should retain the same PIN.

Responses
200

Successful result of the operation

400

Invalid request.

403

You are not authorized to perform this action.

404

The resource could not be found.

500

Internal server error.

default

Unexpected error

post/v1/cards/{id}/lost_stolen_incidents
Request samples
application/json
{
  • "loss_reason": "HOME_INVASION",
  • "lost_at": "2020-01-13T09:56:24.000Z",
  • "order_replacement": false,
  • "retain_pin": false
}
Response samples
application/json
{
  • "id": "a2f0129cb1194a688dace3b678a85268",
  • "card_id": "8febdba4912a747808ccc6f95f82aaa4",
  • "loss_reason": "MAILBOX_THEFT",
  • "lost_at": "2017-08-22T12:56:45+00:00",
  • "card_status": "STOLEN"
}

Replace a card

Issues a replacement for the card specified in the request URL. Please note the following:

  • The new card will have the same card number, but it will have a new CVV and expiry date.
  • This method only works with physical cards.
  • Only use this method if the card has been damaged. If the card was lost or stolen, then please use the POST Report a card as lost or stolen method.
  • In order to use this method, the card must have one of the following status values: BLOCKED, ACTIVE, INACTIVE
  • Once you call this method, the card's status will change to PROCESSING, then ACTIVE or BLOCKED depending on the card's status prior to ordering. The value of the new_card_ordered property on the card resource will change to true.
  • The customer can still use the old card until they activate the new one. Once they do so, the old one will no longer be authorized and the value of new_card_ordered will change to false.
  • On Sandbox, you can only use this method once per card.

Request
Security:
path Parameters
id
required
string
Request Body schema: application/json

The content of the request

line_1
required
string

The name to print on the new card.

reason
string
Default: "CARDHOLDER_REQUEST"

The reason why the customer is requesting a replacement card.

Enum: "AUTOMATIC_REPLACEMENT_FOR_EXPIRED_CARD" "CARDHOLDER_REQUEST" "DEFECTIVE_CARD"
reference
string
Default: "718578ca-fb20-4c3e-9f07-c86b21711b2f"

Randomly generated UUID that acts as an idempotency key.

retain_pin
boolean
Default: true

Indicates whether or not the new card should use the same PIN as the old one.

Responses
200

Successful result of the operation

400

Invalid request.

403

You are not authorized to perform this action.

404

The resource could not be found.

500

Internal server error.

default

Unexpected error

post/v1/cards/{id}/replace
Request samples
application/json
{
  • "line_1": "JOHN/DOE",
  • "reason": "DEFECTIVE_CARD",
  • "reference": "61a50bf05278217a57e5ad15ed259e44",
  • "retain_pin": true
}
Response samples
application/json
{
  • "id": "947634769326dkfvbmdbcaksdjbc",
  • "status": "PROCESSING"
}

Create a secure view for card details

Retrieves the card number, expiry date, and CVV for the card specified in the request URL. The response is encrypted; your customer must decrypt it using a bound device.
Please note the following prerequisites:

  • Your customer's device must have a supported operating system (Android: 4.3 or higher; iOS: iPhone 5 or newer, not jailbroken or rooted).
  • The customer must have already verified their device using the device binding process. You will need to supply the device_id in this request.

Never store or log decrypted card details on a customer's device. This information may never leave the device. You may only make clean PAN details available in the device's temporary memory.

Request
Security:
path Parameters
id
required
string
Request Body schema: application/json

The content of the request

device_id
required
string

ID of the customer's bound device.

device_data
string

Encoded device fingerprint generated using the Seon SDK. See the device monitoring guide for more information about generating this value.

signature
required
string

The device signature obtained during the device binding process. The signature must be generated using the device's restricted key.
Follow these steps to generate the key:

  1. Generate the RSA key pair using HSM. This results in an RSA_KEY.
  2. Create a JWK JSON representation of the public part of the RSA_KEY. This results in a jwk_key.
  3. Generate a single string from the jwk_key that consists of the key-value pairs sorted alphabetically by name. This results in a key_string.
  4. Sign the key_string using the EC_KEY. This results in the signature value.

required
object

JSON Web Key (JWK) data that will be used to encrypt the card details. Click here to learn more about this algorithm.

required
object

JSON Web Encryption attributes.

Responses
200

Successful result of the operation

400

Invalid request.

403

You are not authorized to perform this action.

404

The resource could not be found.

500

Internal server error.

default

Unexpected error

post/v1/cards/{id}/virtual_card_requests
Request samples
application/json
{
  • "device_id": "ZtzhX7M96stcA2LzDpX1Lg8dev",
  • "device_data": "Web;179ac83968ab42f79e960c1753a4078fdcon;jVl14emA+OcyALb9F+CMFg==;NU7aFh0jdzM15wj8hQtqbA5LbzEFWDI1bUwZf/zbau0P2MIEUE+LsifBKvxjCYNUyz647bpSjnQ6Tu8IK22sxFlTGEFaHKBigzmP8Nc8FvVSWKzslmSWTFJM5AYc+EGTZLprlcdrLldsZLS5PpHfPMmvtqCXVTnGhYV7GvutI1w5/67yK7pCQDxDicKjqlMg1naMiwCuqP1U1lUtf+lTdmJ1T1lXMPARffTn4XAr66vUxN++sy7qytkdcOeCsaxZnLspUEvqu+2ILHF8pOJFG7gYC11rqWOyHG3Ns1E1dZ57ybrgGTKfctFOdx2IMXnz1/i/pDC5QokRr2BTIZZ/9Tj+xXzWpzNwHtRWWK5VEufyVRPyMXQdmry7UYKrouAzlLCYSMv7GcPwOZz+gDjCkrNia7/DGBBFLOvtlufDztPpvkH2jmN32/oJHl1Qu6zpxG3Lyl8RNdyukuNYfiPw0ECoXsXObwQc7Ja8R+V5S7QZeV1VV9aavlH1+Xl9v0OlOJ1XujO7izWESMIfzAuaL6ACYhdkmkC3kicjOWUjaY3OJYrrXxQ+MScnJOQ9neMRWij7YqNxP8F259zVjqqyaL6hN8EZU/pi+cZUVkfFvMYT5ugE9JXjkFfyy4UQeSmNRjDXRzu40LyweqUns8u3GOIFzfZ9eVOv+q7OV+RpVLOJLz1Za8RPIh3UKltCzOTmO8OpDz2aGoqNdL4zAaLl4EKRoarEiSG9K2/GoyHchi6xdHYA6DqQg5xQM4s50RUySGwWLxBB3ZlMpZpdZAVBrLSyl1SWqYTosdyURtiiX0So+kdik5XJ5Vsh0v75rNP5Yrv3t5/u94wx51zKlpDH8Uiap7kP0eibRmmN196kxMcOf8Q50JM1Yt8cJiawTWdGHzGRcNtEkpon5VLp/kwDU+4IPwlW976hKsom0PTB/EVxo5CWuL6kPiaEWUrWOL7BZ2jkuebHT2jBAJuFBaeac7IYnrAMoLgfY33Vs3EtVk8H12iDX3O9JmGsDGXP0/vBx0uFEgrTt6HjwabWGRHpPPPCorSrjfuySwKlnZtp1KkeNrOso8K8DBW6e+6j1YYaxTjBUZSLl1qgzd1dpz85vB/trWdyS3i+APHw/AsP/Y4cmu/CFZqpe1Sgye1+YNP3Hs3LpxJKM3prnAoaCmrHp5aUKo5KdicAnilBTzBAV2zGBWHrBwWLWHl+RDQpncyWD2/ZCswxtXbQAhlmVD7FvBXnT0Yyg5gaFo5GVBcURzBYtwbdl3+6sqKtR3XC22GBw0OOqZ9/QvMHmCO/K89rEjfLEaVX4eKhrdzjxOwOxmE5lXrLqfscV90Yo9Uj1awvpF5TL5vW85asT2iVHYjZ1JsQ5oLp3VUfIAqTNmpcjRk763hMsTUIrn3VfpLkGajZbtxD2FuNNMoRZQBfiOAxPUDFmspxWagNSbmUZ8FqPX/6asQIJIyvAk4cvzgV9OjzdkoEcFP2OGjFnddZtLmBh9BZDWtS3VOL98lp+cH/JAn8pDab2l6zIwHRccePbuBcGZZgU39FOVpI+sbHZJ6QEhiUA8SdT7SLcTf4P1tBbdN5+dpjaWfTph1cgZyW8EsAIFc81vR6tBqSSpxmS164ADWZW+PYz4b4SRVklT3Cs2tJ/TTMM240pnkNJUd3G/0PbBGVPea5+XUs1bF5cT0fiHWA032Dm87biMEU89fdPkvnSlIsN/MbLT2kj2tPZqhOrqTxCg26jimd+2kNdZ2fwvT8JQfO0hVidnPDPLXH5aA6T6+bKqfpvJE6USAif8fPQ0rW4+315LKH5wG8Qj0omO2Ynii0IE6cR0lAGrtoLsXMf3kDqFms+Z2h79pYQrnhUSntZ3tjt3pwgejJ8ZKXdN7kYWT8UiQnLnkfLJnh1e8a4UURe7GU9UwnqqFXeHrstb8XXxiIX7syFG5iLdN9IExi5BefYnAikCTU+ssMWnnhppX6jFV43u+KEaa1/7AqibMc3Kt+kUxHlQsAo2TCg+u/39rsgNs5eWym7YptvBCN6L4Q4QRoKNFo8CJerS4dTxksD2zeGL4BLIsvMbcm6rlHrKCR5PeWRiFpK8QwwaOyiTGL5NN2Xl6F0M4vf5gnWikZTrppv7bLUYZhrU1uGiv968ZGEq+A7w2oLvbZS7l+DZuN4rPF5SzPWq94jC1NiYjaPrGyTQIISRiBLXil5puqCobYHAIeVQzHBgki3/N+Pwk4iCrxf3pqnUSNmtrmvphmo9Vp3xAaPSFsUYfIyOPiO5gcNUoGQ1kHZ3Yoksqh6U1hRCzlkMSbX6kzDYUNEgc47t2AKxLM5IpYCWAv+uefNAAb/4+f7Qh4sMqtXHc5lGK3GN8ABTIVeFphtJg36Y6xg8OTrBR5ItS/tdy6zyfTLfZFocRbfjsLfoiCeHJO0sEZIWgHsu80FVZmo4G84N6zNZkdjnFDZkgRYP9OSqMbPCXyb5Xj1H6g67rNjtY67B3613uGJ0pHCQpl0Lmz2apUMq9EVRz5tZT+RA8sCRcK4mkBEWzdC7ngI5+dfX2dEqu157rsc0yU4OWNElLWC3F1TXOsB2/n1+LBHpjKLIMok2afui1H9+eof1zLAba4hrnYEFI4WjvEAvcsyPI/eONNdxk7liVNNaD7j6vvwYKOxTZoriKwvGxeNApC+Z8xQ8HpnEaRIUqb2Eh1SfpyDta8J1dXnRF1HTq2pOvfitomb701g0diB7+StEpCxiRLCx3TEJcroqBiCE3szXdc9VSVyfklkHmbJE33CY8tGm1YEvaXAY7a5yWLHWHzqQvNuZkQ1DNbJAkP9dt1t8Fv3njG2lXFmAOJkZwpvm9qEHZTmuUmflIMhu9nMsgZd5VMjalTmHqZdy7zmnAz8LhYiUDMbPDNOd4UTehvTanDEBBYTJB6CYv6QnBYwuAPsZwRnZdHbpl6lIXStmgsxV3DLtKAUy8eoqCdDOMyep9L4ArSWEJstEBNkZ5zgk7bOspvF1V8HrhFzJCiwR7WC+GHJTHLH1S8FfmHFTXJHecvq6tpMncaJFbo4jSfm9ozBAVAAN2mCn/yBbmX9tPmXdGEsTSpdp6vVWKEdHZ1rjCqmgDENxh75H5uT9DeZ0mAKwkP5Ai+bN3hT0y1XGE44b/aJ7PEObogYAioej/Z690zKx+fHxP50juTgt+UIQ+l/mpcYnbcYe4lkXrqGpwxFU8OrRzzfJX/s90VVlzrQVAPNW/mvYkt+MqSVwI1EP62faXlXnDqbmVFUmMGeoquP58cwqSBaNL/oi2Rg7GVvdvus+i2Qpm1SHtnPVUhTwWFigiWw/T2ZZeUs4nk+Q/xOFa/",
  • "signature": "UoEXx7C4eptKgM88EN4D3ObqA9Nig5rk9FY795kA3S3sYvz4uo8ywuM/FXSa42zA9DTqm37aepvC54jGrvtEy7bFQKTlyFZjzS/WuEr+IFdJJ/gISxNzqTQvZ0wC+9HnoKz6DpPrU7iVWGjbk0W6eItcc1/WvTt/9YMKrkuAPnIBkJtBksrThxgV+1icaUX+C+BoAijdTJ1Mw7tbOpUoLhbW9/Ii6w25tDrIN3VJafDnocNR483TiYUh8+p49Fp4s9YqCHrP2p9YYakQ1UyVsDF5PKEYkuxJ/zyy33Gyhg2tMTsCR8GkyYevH7/1s52G+lsW0HuOYzL6N2ITBklfmA==",
  • "jwk": {
    },
  • "jwe": {
    }
}
Response samples
application/json
{
  • "data": "W2QvzqY368QQMicAtaSqzs8KJZgnYb9c7d0zgdAZHzu6qMQvRL5hajrn1n91CbOpbISD08qNLyrdkt-bFTWhAI4vMQFh6WeZu0fM4lFd2NcRwr3XPksINHaQ-G_xBniIqbw0Ls1jF44-csFCur-kEgU8awaW2QvzqY368QQMicAtaSqzs8KJZgnYb9c7d0zgdAZHzu6qMQvRL5hajrn1n91CbOpbISD08qNLyrdkt-bFTWhAI4vMQFh6WeZu0fM4lFd2NcRwr3XPksINHaQ-G_xBniIqbw0Ls1jF44-csFCur-kEgU8awaW2QvzqY368QQMicAtaSqzs8KJZgnYb9c7d0zgdAZHzu6qMQvRL5hajrn1n91CbOpbISD08qNLyrdkt-bFTWhAI4vMQFh6WeZu0fM4lFd2NcRwr3XPksINHaQ-G_xBniIqbw0Ls1jF44-csFCur-kEgU8awaW2QvzqY368QQMicAtaSqzs8KJZgnYb9c7d0zgdAZHzu6qMQvRL5hajrn1n91CbOpbISD08qNLyrdkt-bFTWhAI4vMQFh6WeZu0fM4lFd2NcRwr3XPksINHaQ-G_xBniIqbw0Ls1jF44-csFCur-kEgU8awaW2QvzqY368QQMicAtaSqzs8KJZgnYb9c7d0zgdAZHzu6qMQvRL5hajrn1n91CbOpbISD08qNLyrdkt-bFTWhAI4vMQFh6WeZu0fM4lFd2NcRwr3XPksINHaQ-G_xBniIqbw0Ls1jF44-csFCur-kEgU8awaW2QvzqY368QQMicAtaSqzs8KJZgnYb9c7d0zgdAZHzu6qMQvRL5hajrn1n91CbOpbISD08qNLyrdkt-bFTWhAI4vMQFh6WeZu0fM4lFd2NcRwr3XPksINHaQ-G_xBniIqbw0Ls1jF44-csFCur-kEgU8awa"
}

(Sandbox only) Create test 3DS transaction

This endpoint simulates a test 3DS transaction for the card_id specified in the request URL.
Calling this endpoint will begin the 3DS transaction process. The API will return a JSON schema containing the HTML for the 3DS challenge screen.
This endpoint is only available on Sandbox.

Request
Security:
path Parameters
card_id
required
string
Request Body schema: application/json
merchant_name
required
string

The name of the merchant.

purchase_currency
required
string

The currency used for the purchase.

purchase_amount
required
integer

The purchase amount (in Euro cents).

Responses
200

Successful result of the operation

400

Endpoint not available for production environment

404

The resource could not be found

500

Internal server error.

post/v1/cards/{card_id}/test_3ds_authentication
Request samples
application/json
{
  • "merchant_name": "Merchant Name",
  • "purchase_currency": "EUR",
  • "purchase_amount": 1000
}
Response samples
application/json
{
  • "html": "<html>...</html>"
}

Encrypted PIN Change

Retrieve latest public key

Returns the latest Solaris public RSA key in JWK format. Call this method every time before you call the POST Change card PIN method to ensure you have the latest key. See RFC7517 for more information on JWKs.

Request
Security:
path Parameters
card_account_id
required
string

Unique identifier of the card whose PIN you wish to change.

Example: 1fe8caa4bf1f49d87b2d63c14bb565f0mcrd
Responses
200

The public key was fetched successfully.

401

Invalid/missing OAuth token.

403

Unauthorized action.

404

The card could not be found.

500

Internal server error.

get/v1/cards/{card_account_id}/pin_keys/latest
Request samples
curl -i -X GET \
  'https://api.solaris-sandbox.de/v1/cards/{card_account_id}/pin_keys/latest'
Response samples
application/json
{
  • "kid": "0dce6f4d-b5d0-4c7b-a7d8-cfe231a1f385",
  • "kty": "RSA",
  • "use": "enc",
  • "alg": "RS256",
  • "n": "ielfymjYSKEeeai7pFBhJrr0aR-B5_T0snVgQSm8K-SsFv3MFofkeWxWT3PCBId8kovdI-gfKabCyhuQDaYbXP1opyEkB9-gyG4zqmWoW9ddmWo-wxaW08KiruNl09IjWJR0w93tM0i8Pn2qpCSM3h0CdgfO9-VjLn1BpYFKjuJ1apZQ3TG1YYIfGSymghUl0JWLu0s5J2BrvEz91E0K4aF-VY4oSnlrTilq3FrCOgF8IopUvqJWIsz-hKagNAP1K4AXoSVX7Kc4MxUcZEIlkeMKj05YF3zoFhOzfQCa5kcYdPFNlEOpuZwuMidYw8LNBFdvV4VeKYUXZrvaW-SKUQ",
  • "e": "AQAB"
}

Change card PIN

Changes the PIN of the card specified in the request URL. Follow these instructions to use this endpoint:

  1. In your backend, retrieve the encryption key in JWK format with the GET Retrieve latest public key method and make it available to the customer's device.
  2. On the customer's device, collect the customer's desired PIN through a text input in your frontend and store it as string containing a JSON-formatted object {"pin": "<NEW_PIN>"}.
  3. On the customer's device, parse the received encryption key JWK from the first step (you may want to use a suitable library of your choice, e.g. JOSESwift for iOS or Nimbus JOSE for Android).
  4. On the customer's device, encrypt the string containing the new PIN from step 2 into a JWE using the previously received encryption key and the following properties:
    1. Algorithm: RSA-OAEP-256
    2. Encryption method: A256CBC-HS512
    3. Key ID: kid property from the encryption key JWK
  5. On the customer's device, generate the compact serialization of the JWE created in the previous step—this will be used as the encrypted_pin parameter.
  6. On the customer's device, sign the serialized JWE of the previous step using the cardholder's private key from their bound device — this is the signature parameter. Note that you must use the restricted key.
  7. Transfer the values generated in the previous two steps (serialized JWE and created signature) to your backend.
  8. Call this endpoint from your backend.
Request
Security:
path Parameters
card_account_id
required
string

Unique identifier of the card whose PIN you wish to change.

Example: 1fe8caa4bf1f49d87b2d63c14bb565f0mcrd
Request Body schema: application/json
device_id
required
string

ID of the customer's previously bound device.

device_data
string

Encoded device fingerprint generated using the Seon SDK. See the device monitoring guide for more information about generating this value.

encrypted_pin
required
string

The encrypted PIN value (JWE in compact serialization). See the description of this method for instructions on how to produce this value.

key_id
required
string

Solaris' public RSA key ID. Returned as the kid property by the GET Retrieve latest public key endpoint.

signature
required
string

The signature of the encrypted_pin created with the device binding key.

Responses
200

The card's PIN was successfully changed.

400

Validation error.

403

Unauthorized action.

404

The card could not be found.

500

Internal server error.

post/v1/cards/{card_account_id}/pin_update_requests
Request samples
application/json
{
  • "encrypted_pin": "Web;179ac83968ab42f79e960c1753a4078fdcon;jVl14emA+OcyALb9F+CMFg==;NU7aFh0jdzM15wj8hQtqbA5LbzEFWDI1bUwZf/zbau0P2MIEUE+LsifBKvxjCYNUyz647bpSjnQ6Tu8IK22sxFlTGEFaHKBigzmP8Nc8FvVSWKzslmSWTFJM5AYc+EGTZLprlcdrLldsZLS5PpHfPMmvtqCXVTnGhYV7GvutI1w5/67yK7pCQDxDicKjqlMg1naMiwCuqP1U1lUtf+lTdmJ1T1lXMPARffTn4XAr66vUxN++sy7qytkdcOeCsaxZnLspUEvqu+2ILHF8pOJFG7gYC11rqWOyHG3Ns1E1dZ57ybrgGTKfctFOdx2IMXnz1/i/pDC5QokRr2BTIZZ/9Tj+xXzWpzNwHtRWWK5VEufyVRPyMXQdmry7UYKrouAzlLCYSMv7GcPwOZz+gDjCkrNia7/DGBBFLOvtlufDztPpvkH2jmN32/oJHl1Qu6zpxG3Lyl8RNdyukuNYfiPw0ECoXsXObwQc7Ja8R+V5S7QZeV1VV9aavlH1+Xl9v0OlOJ1XujO7izWESMIfzAuaL6ACYhdkmkC3kicjOWUjaY3OJYrrXxQ+MScnJOQ9neMRWij7YqNxP8F259zVjqqyaL6hN8EZU/pi+cZUVkfFvMYT5ugE9JXjkFfyy4UQeSmNRjDXRzu40LyweqUns8u3GOIFzfZ9eVOv+q7OV+RpVLOJLz1Za8RPIh3UKltCzOTmO8OpDz2aGoqNdL4zAaLl4EKRoarEiSG9K2/GoyHchi6xdHYA6DqQg5xQM4s50RUySGwWLxBB3ZlMpZpdZAVBrLSyl1SWqYTosdyURtiiX0So+kdik5XJ5Vsh0v75rNP5Yrv3t5/u94wx51zKlpDH8Uiap7kP0eibRmmN196kxMcOf8Q50JM1Yt8cJiawTWdGHzGRcNtEkpon5VLp/kwDU+4IPwlW976hKsom0PTB/EVxo5CWuL6kPiaEWUrWOL7BZ2jkuebHT2jBAJuFBaeac7IYnrAMoLgfY33Vs3EtVk8H12iDX3O9JmGsDGXP0/vBx0uFEgrTt6HjwabWGRHpPPPCorSrjfuySwKlnZtp1KkeNrOso8K8DBW6e+6j1YYaxTjBUZSLl1qgzd1dpz85vB/trWdyS3i+APHw/AsP/Y4cmu/CFZqpe1Sgye1+YNP3Hs3LpxJKM3prnAoaCmrHp5aUKo5KdicAnilBTzBAV2zGBWHrBwWLWHl+RDQpncyWD2/ZCswxtXbQAhlmVD7FvBXnT0Yyg5gaFo5GVBcURzBYtwbdl3+6sqKtR3XC22GBw0OOqZ9/QvMHmCO/K89rEjfLEaVX4eKhrdzjxOwOxmE5lXrLqfscV90Yo9Uj1awvpF5TL5vW85asT2iVHYjZ1JsQ5oLp3VUfIAqTNmpcjRk763hMsTUIrn3VfpLkGajZbtxD2FuNNMoRZQBfiOAxPUDFmspxWagNSbmUZ8FqPX/6asQIJIyvAk4cvzgV9OjzdkoEcFP2OGjFnddZtLmBh9BZDWtS3VOL98lp+cH/JAn8pDab2l6zIwHRccePbuBcGZZgU39FOVpI+sbHZJ6QEhiUA8SdT7SLcTf4P1tBbdN5+dpjaWfTph1cgZyW8EsAIFc81vR6tBqSSpxmS164ADWZW+PYz4b4SRVklT3Cs2tJ/TTMM240pnkNJUd3G/0PbBGVPea5+XUs1bF5cT0fiHWA032Dm87biMEU89fdPkvnSlIsN/MbLT2kj2tPZqhOrqTxCg26jimd+2kNdZ2fwvT8JQfO0hVidnPDPLXH5aA6T6+bKqfpvJE6USAif8fPQ0rW4+315LKH5wG8Qj0omO2Ynii0IE6cR0lAGrtoLsXMf3kDqFms+Z2h79pYQrnhUSntZ3tjt3pwgejJ8ZKXdN7kYWT8UiQnLnkfLJnh1e8a4UURe7GU9UwnqqFXeHrstb8XXxiIX7syFG5iLdN9IExi5BefYnAikCTU+ssMWnnhppX6jFV43u+KEaa1/7AqibMc3Kt+kUxHlQsAo2TCg+u/39rsgNs5eWym7YptvBCN6L4Q4QRoKNFo8CJerS4dTxksD2zeGL4BLIsvMbcm6rlHrKCR5PeWRiFpK8QwwaOyiTGL5NN2Xl6F0M4vf5gnWikZTrppv7bLUYZhrU1uGiv968ZGEq+A7w2oLvbZS7l+DZuN4rPF5SzPWq94jC1NiYjaPrGyTQIISRiBLXil5puqCobYHAIeVQzHBgki3/N+Pwk4iCrxf3pqnUSNmtrmvphmo9Vp3xAaPSFsUYfIyOPiO5gcNUoGQ1kHZ3Yoksqh6U1hRCzlkMSbX6kzDYUNEgc47t2AKxLM5IpYCWAv+uefNAAb/4+f7Qh4sMqtXHc5lGK3GN8ABTIVeFphtJg36Y6xg8OTrBR5ItS/tdy6zyfTLfZFocRbfjsLfoiCeHJO0sEZIWgHsu80FVZmo4G84N6zNZkdjnFDZkgRYP9OSqMbPCXyb5Xj1H6g67rNjtY67B3613uGJ0pHCQpl0Lmz2apUMq9EVRz5tZT+RA8sCRcK4mkBEWzdC7ngI5+dfX2dEqu157rsc0yU4OWNElLWC3F1TXOsB2/n1+LBHpjKLIMok2afui1H9+eof1zLAba4hrnYEFI4WjvEAvcsyPI/eONNdxk7liVNNaD7j6vvwYKOxTZoriKwvGxeNApC+Z8xQ8HpnEaRIUqb2Eh1SfpyDta8J1dXnRF1HTq2pOvfitomb701g0diB7+StEpCxiRLCx3TEJcroqBiCE3szXdc9VSVyfklkHmbJE33CY8tGm1YEvaXAY7a5yWLHWHzqQvNuZkQ1DNbJAkP9dt1t8Fv3njG2lXFmAOJkZwpvm9qEHZTmuUmflIMhu9nMsgZd5VMjalTmHqZdy7zmnAz8LhYiUDMbPDNOd4UTehvTanDEBBYTJB6CYv6QnBYwuAPsZwRnZdHbpl6lIXStmgsxV3DLtKAUy8eoqCdDOMyep9L4ArSWEJstEBNkZ5zgk7bOspvF1V8HrhFzJCiwR7WC+GHJTHLH1S8FfmHFTXJHecvq6tpMncaJFbo4jSfm9ozBAVAAN2mCn/yBbmX9tPmXdGEsTSpdp6vVWKEdHZ1rjCqmgDENxh75H5uT9DeZ0mAKwkP5Ai+bN3hT0y1XGE44b/aJ7PEObogYAioej/Z690zKx+fHxP50juTgt+UIQ+l/mpcYnbcYe4lkXrqGpwxFU8OrRzzfJX/s90VVlzrQVAPNW/mvYkt+MqSVwI1EP62faXlXnDqbmVFUmMGeoquP58cwqSBaNL/oi2Rg7GVvdvus+i2Qpm1SHtnPVUhTwWFigiWw/T2ZZeUs4nk+Q/xOFa/",
  • "key_id": "0dce6f4d-b5d0-4c7b-a7d8-cfe231a1f385",
  • "device_id": "d3768ef3-b26b-4746-9ee0-94f527184830",
  • "device_data": "Web;179ac83968ab42f79e960c1753a4078fdcon;jVl14emA+OcyALb9F+CMFg==;NU7aFh0jdzM15wj8hQtqbA5LbzEFWDI1bUwZf/zbau0P2MIEUE+LsifBKvxjCYNUyz647bpSjnQ6Tu8IK22sxFlTGEFaHKBigzmP8Nc8FvVSWKzslmSWTFJM5AYc+EGTZLprlcdrLldsZLS5PpHfPMmvtqCXVTnGhYV7GvutI1w5/67yK7pCQDxDicKjqlMg1naMiwCuqP1U1lUtf+lTdmJ1T1lXMPARffTn4XAr66vUxN++sy7qytkdcOeCsaxZnLspUEvqu+2ILHF8pOJFG7gYC11rqWOyHG3Ns1E1dZ57ybrgGTKfctFOdx2IMXnz1/i/pDC5QokRr2BTIZZ/9Tj+xXzWpzNwHtRWWK5VEufyVRPyMXQdmry7UYKrouAzlLCYSMv7GcPwOZz+gDjCkrNia7/DGBBFLOvtlufDztPpvkH2jmN32/oJHl1Qu6zpxG3Lyl8RNdyukuNYfiPw0ECoXsXObwQc7Ja8R+V5S7QZeV1VV9aavlH1+Xl9v0OlOJ1XujO7izWESMIfzAuaL6ACYhdkmkC3kicjOWUjaY3OJYrrXxQ+MScnJOQ9neMRWij7YqNxP8F259zVjqqyaL6hN8EZU/pi+cZUVkfFvMYT5ugE9JXjkFfyy4UQeSmNRjDXRzu40LyweqUns8u3GOIFzfZ9eVOv+q7OV+RpVLOJLz1Za8RPIh3UKltCzOTmO8OpDz2aGoqNdL4zAaLl4EKRoarEiSG9K2/GoyHchi6xdHYA6DqQg5xQM4s50RUySGwWLxBB3ZlMpZpdZAVBrLSyl1SWqYTosdyURtiiX0So+kdik5XJ5Vsh0v75rNP5Yrv3t5/u94wx51zKlpDH8Uiap7kP0eibRmmN196kxMcOf8Q50JM1Yt8cJiawTWdGHzGRcNtEkpon5VLp/kwDU+4IPwlW976hKsom0PTB/EVxo5CWuL6kPiaEWUrWOL7BZ2jkuebHT2jBAJuFBaeac7IYnrAMoLgfY33Vs3EtVk8H12iDX3O9JmGsDGXP0/vBx0uFEgrTt6HjwabWGRHpPPPCorSrjfuySwKlnZtp1KkeNrOso8K8DBW6e+6j1YYaxTjBUZSLl1qgzd1dpz85vB/trWdyS3i+APHw/AsP/Y4cmu/CFZqpe1Sgye1+YNP3Hs3LpxJKM3prnAoaCmrHp5aUKo5KdicAnilBTzBAV2zGBWHrBwWLWHl+RDQpncyWD2/ZCswxtXbQAhlmVD7FvBXnT0Yyg5gaFo5GVBcURzBYtwbdl3+6sqKtR3XC22GBw0OOqZ9/QvMHmCO/K89rEjfLEaVX4eKhrdzjxOwOxmE5lXrLqfscV90Yo9Uj1awvpF5TL5vW85asT2iVHYjZ1JsQ5oLp3VUfIAqTNmpcjRk763hMsTUIrn3VfpLkGajZbtxD2FuNNMoRZQBfiOAxPUDFmspxWagNSbmUZ8FqPX/6asQIJIyvAk4cvzgV9OjzdkoEcFP2OGjFnddZtLmBh9BZDWtS3VOL98lp+cH/JAn8pDab2l6zIwHRccePbuBcGZZgU39FOVpI+sbHZJ6QEhiUA8SdT7SLcTf4P1tBbdN5+dpjaWfTph1cgZyW8EsAIFc81vR6tBqSSpxmS164ADWZW+PYz4b4SRVklT3Cs2tJ/TTMM240pnkNJUd3G/0PbBGVPea5+XUs1bF5cT0fiHWA032Dm87biMEU89fdPkvnSlIsN/MbLT2kj2tPZqhOrqTxCg26jimd+2kNdZ2fwvT8JQfO0hVidnPDPLXH5aA6T6+bKqfpvJE6USAif8fPQ0rW4+315LKH5wG8Qj0omO2Ynii0IE6cR0lAGrtoLsXMf3kDqFms+Z2h79pYQrnhUSntZ3tjt3pwgejJ8ZKXdN7kYWT8UiQnLnkfLJnh1e8a4UURe7GU9UwnqqFXeHrstb8XXxiIX7syFG5iLdN9IExi5BefYnAikCTU+ssMWnnhppX6jFV43u+KEaa1/7AqibMc3Kt+kUxHlQsAo2TCg+u/39rsgNs5eWym7YptvBCN6L4Q4QRoKNFo8CJerS4dTxksD2zeGL4BLIsvMbcm6rlHrKCR5PeWRiFpK8QwwaOyiTGL5NN2Xl6F0M4vf5gnWikZTrppv7bLUYZhrU1uGiv968ZGEq+A7w2oLvbZS7l+DZuN4rPF5SzPWq94jC1NiYjaPrGyTQIISRiBLXil5puqCobYHAIeVQzHBgki3/N+Pwk4iCrxf3pqnUSNmtrmvphmo9Vp3xAaPSFsUYfIyOPiO5gcNUoGQ1kHZ3Yoksqh6U1hRCzlkMSbX6kzDYUNEgc47t2AKxLM5IpYCWAv+uefNAAb/4+f7Qh4sMqtXHc5lGK3GN8ABTIVeFphtJg36Y6xg8OTrBR5ItS/tdy6zyfTLfZFocRbfjsLfoiCeHJO0sEZIWgHsu80FVZmo4G84N6zNZkdjnFDZkgRYP9OSqMbPCXyb5Xj1H6g67rNjtY67B3613uGJ0pHCQpl0Lmz2apUMq9EVRz5tZT+RA8sCRcK4mkBEWzdC7ngI5+dfX2dEqu157rsc0yU4OWNElLWC3F1TXOsB2/n1+LBHpjKLIMok2afui1H9+eof1zLAba4hrnYEFI4WjvEAvcsyPI/eONNdxk7liVNNaD7j6vvwYKOxTZoriKwvGxeNApC+Z8xQ8HpnEaRIUqb2Eh1SfpyDta8J1dXnRF1HTq2pOvfitomb701g0diB7+StEpCxiRLCx3TEJcroqBiCE3szXdc9VSVyfklkHmbJE33CY8tGm1YEvaXAY7a5yWLHWHzqQvNuZkQ1DNbJAkP9dt1t8Fv3njG2lXFmAOJkZwpvm9qEHZTmuUmflIMhu9nMsgZd5VMjalTmHqZdy7zmnAz8LhYiUDMbPDNOd4UTehvTanDEBBYTJB6CYv6QnBYwuAPsZwRnZdHbpl6lIXStmgsxV3DLtKAUy8eoqCdDOMyep9L4ArSWEJstEBNkZ5zgk7bOspvF1V8HrhFzJCiwR7WC+GHJTHLH1S8FfmHFTXJHecvq6tpMncaJFbo4jSfm9ozBAVAAN2mCn/yBbmX9tPmXdGEsTSpdp6vVWKEdHZ1rjCqmgDENxh75H5uT9DeZ0mAKwkP5Ai+bN3hT0y1XGE44b/aJ7PEObogYAioej/Z690zKx+fHxP50juTgt+UIQ+l/mpcYnbcYe4lkXrqGpwxFU8OrRzzfJX/s90VVlzrQVAPNW/mvYkt+MqSVwI1EP62faXlXnDqbmVFUmMGeoquP58cwqSBaNL/oi2Rg7GVvdvus+i2Qpm1SHtnPVUhTwWFigiWw/T2ZZeUs4nk+Q/xOFa/",
  • "signature": "3045022100ef4f8ede9999e1338a2af0ecd5c183c306fc1d134302895aa813bd0434b0a5d90220567e1c5d16d6be0f3a8553fcfdd765e8fefb169532fbf6932d96075358b46328"
}
Response samples
application/json
{
  • "errors": [
    ]
}

Change card PIN with Change Request

Changes the PIN of the card specified in the request URL using the Change Request process. Follow these instructions to use this endpoint:

  1. Retrieve the encryption key in JWK format with the GET Retrieve latest public key method and make it available.
  2. Collect the customer's desired PIN through a text input in your frontend and store it as string containing a JSON-formatted object {"pin": "<NEW_PIN>"}.
  3. Parse the received encryption key JWK from the first step (you may want to use a suitable library of your choice, e.g. JOSESwift for iOS or Nimbus JOSE for Android).
  4. Encrypt the string containing the new PIN from step 2 into a JWE using the previously received encryption key and the following properties:
    1. Algorithm: RSA-OAEP-256
    2. Encryption method: A256CBC-HS512
    3. Key ID: kid property from the encryption key JWK
  5. On the customer's device, generate the compact serialization of the JWE created in the previous step—this will be used as the encrypted_pin parameter.
  6. Call this endpoint from your backend.
Request
Security:
path Parameters
card_account_id
required
string

Unique identifier of the card whose PIN you wish to change.

Example: 1fe8caa4bf1f49d87b2d63c14bb565f0mcrd
Request Body schema: application/json
encrypted_pin
required
string

The encrypted PIN value (JWE in compact serialization). See the description of this method for instructions on how to produce this value.

key_id
required
string

Solaris' public RSA key ID. Returned as the kid property by the GET Retrieve latest public key endpoint.

Responses
200

The request was accepted, and now the customer must confirm the change request.

400

Validation error.

403

Unauthorized action.

404

The card could not be found.

500

Internal server error.

post/v1/cards/{card_account_id}/sca_pin_update_requests
Request samples
application/json
{
  • "encrypted_pin": "eyJhbGciOiJSU0EtT0FFUC0yNTYiLCJlbmMiOiJBMjU2Q0JDLUhTNTEyIiwia2lkIjoiN2FkOTFjYWQtODU0NC00ZmQyLWJlNDgtNDcyOTU3MGEzOTRhIn0.bDPrZvlJ9slqZ9WDy_PDCZrKCvFyLanAeDItyDFdaiRvQbsTdoDE5Y-etWN--y25HkMKzpbC0CIJHdN7kLa225Ax2O6SPaxDkGGNSQPKzkxXmimpv9zaRYNCVQ67KdVTK6WOVLjOVRBKZDba9zvzfKvXlBYqj51WyQR_yvxrXTPftX3IQkDo8RjdaB6tr9HugdimbqOiMgiNSOHAn0G-Zi6tkwL0TLlA5_8xzUec40vaBvEoTBc_OZjZy7s7ebKzS8Hhg6NF9CemeMIEwes8ZzO1s1385PCxLhce0KEekVUoCjrLP9QhoYSjQUTUNrxkn4h0ZnicF5ycbW36Ivt8mQ.sAtSq_rfcxxlQiQc2qZ0Kg.bW53DScq6C8vnqD620Lnuw.MYGA-87sfGrFupu2FqC3Ick_EvwCA5vO2tPktS1yJPg",
  • "key_id": "7ad91cad-8544-4fd2-be48-4729570a394a"
}
Response samples
application/json
{
  • "id": "d6c778822b2d7bd3b778935bcfd0d1d3csc",
  • "status": "CONFIRMATION_REQUIRED",
  • "updated_at": "2022-04-21T13:59:52+00:00",
  • "url": "https://example.com/authorize"
}

Push provisioning

Add card to Apple Pay wallet

Adds the card specified in the request URL to the customer's Apple Pay wallet using Strong Customer Authentication.
Note: This endpoint will trigger the change request process. The customer will receive a 2FA challenge to confirm the request.

Request
Security:
path Parameters
card_id
required
string

card_id

Request Body schema: application/json
certificates
Array of strings

An array of leaf and sub-CA certificates provided by Apple. Each object contains a DER-encoded X.509 certificate, starting with the leaf and followed by the sub-CA. You must encode this value in Base64 format before providing it to the API.

nonce
string

A single-use nonce provided by Apple. You must hex-encode this value before providing it to the API.

nonce_signature
string

Nonce signature provided by Apple. You must hex-encode this value before providing it to the API.

Responses
200

The request was accepted, and now the customer must confirm the change request.

201

The change request was successfully confirmed, and the card has been added to the customer's Apple Pay wallet.

400

Validation Error

401

Invalid or missing auth token.

403

Forbidden

404

The card could not be found.

500

Internal server error.

post/v1/cards/{card_id}/sca_push_provision/apple_encrypted
Request samples
application/json
{
  • "certificates": [
    ],
  • "nonce": "boviUg==",
  • "nonce_signature": "QJ9R/xEhXaWmcGqGewoumiXJdcl0vS+CLuBXASGR0eFCWApAZUy/RLpx8R9H/IdlCtGD+G1yQi14oLBEeONSOB3sxcQj1ZJKrRrxkyt6LVU/"
}
Response samples
application/json
{
  • "id": "d6c778822b2d7bd3b778935bcfd0d1d3csc",
  • "status": "CONFIRMATION_REQUIRED",
  • "updated_at": "2022-04-21T13:59:52+00:00",
  • "url": "https://example.com/authorize"
}

Add card to Google Pay wallet

Adds the card specified in the request URL to the customer's Google Pay wallet using Strong Customer Authentication.
Note: This endpoint will trigger the change request process. The customer will receive a 2FA challenge to confirm the request.

Request
Security:
path Parameters
card_id
required
string

card_id

Request Body schema: application/json
client_app_id
string

Unique identifier for the client application. Use the value SolarisPushProvisioning.

Value: "SolarisPushProvisioning"
client_device_id
string

Stable identifier for a physical Android device. Google refers to this attribute as a Stable hardware ID in their SDK documentation. Use the getStableHardwareId method to retrieve this value.

client_wallet_account_id
string

Unique 24-byte identifier for each instance of a [Android user, Google account] pair. Google computes the ID as a keyed hash of the Android user ID and the Google account ID. The key to this hash lives on Google's servers; the wallet ID is created during user setup as an RPC.

Responses
200

The request was accepted, and now the customer must confirm the change request.

201

The change request was successfully confirmed, and the card has been added to the customer's Google Pay wallet.

400

Validation Error

401

Invalid or missing auth token.

403

Forbidden

404

The card could not be found.

500

Internal server error.

post/v1/cards/{card_id}/sca_push_provision/google
Request samples
application/json
{
  • "client_app_id": "SolarisPushProvisioning",
  • "client_device_id": "DeviceIDZIiG3a0DgF4mQfkC",
  • "client_wallet_account_id": "Rwt3tJek_k1JxivcwbPHjKDk"
}
Response samples
application/json
{
  • "id": "d6c778822b2d7bd3b778935bcfd0d1d3csc",
  • "status": "CONFIRMATION_REQUIRED",
  • "updated_at": "2022-04-21T13:59:52+00:00",
  • "url": "https://example.com/authorize"
}

Add card to Samsung Pay wallet

Adds the card specified in the request URL to the customer's Samsung Pay wallet using Strong Customer Authentication.
Note: This endpoint will trigger the change request process. The customer will receive a 2FA challenge to confirm the request.

Request
Security:
path Parameters
card_id
required
string

card_id

Request Body schema: application/json
client_app_id
string

Unique identifier for the client application. Use the value SolarisPushProvisioning.

Value: "SolarisPushProvisioning"
client_device_id
string

Stable identifier for a physical Android device. Samsung refers to this attribute as a Stable hardware ID in their SDK documentation. Use the getStableHardwareId method to retrieve this value.

client_wallet_account_id
string

Unique 24-byte identifier for each instance of a [Android user, Samsung account] pair. Samsung computes the ID as a keyed hash of the Android user ID and the Samsung account ID. The key to this hash lives on Samsung's servers; the wallet ID is created during user setup as an RPC.

Responses
201

The change request was successfully confirmed, and the card has been added to the customer's Samsung Pay wallet.

202

The request was accepted, and now the customer must confirm the change request.

400

Validation Error

401

Invalid or missing auth token.

403

Forbidden

404

The card could not be found.

500

Internal server error.

post/v1/cards/{card_id}/sca_push_provision/samsung
Request samples
application/json
{
  • "client_app_id": "SolarisPushProvisioning",
  • "client_device_id": "DeviceIDZIiG3a0DgF4mQfkC",
  • "client_wallet_account_id": "Rwt3tJek_k1JxivcwbPHjKDk"
}
Response samples
application/json
{
  • "wallet_payload": "eyJhbGciOiJBMjU2R0NNS1ciLCJjaGFubmVsU2VjdXJpdHlDb250ZXh0IjoiU0hBUkVEX1NFQ1JFVCIsImVuYyI6IkEyNTZHQ00iLCJpYXQiOjE1NjYzMDUyNDIsIml2IjoiLVpMMGF4M0J2b1dRQjJhZyIsImtpZCI6IjhTTU5BWkRZTVFIQUFNNFU3S1ZZMTNDN0NlajVqdEVZbFI1MFhGRTdJd0R4RG9idE0iLCJ0YWciOiJDUW1DaWRFRkdFYkFyV3ViOU5IdkdRIiwidHlwIjoiSk9TRSJ9"
}

(Deprecated) Add a card to an Apple Pay walletDeprecated

This endpoint is deprecated; please use POST /v1/cards/{card_id}/sca_push_provision/apple_encrypted instead.

Request
Security:
path Parameters
card_id
required
string

card_id

Request Body schema: application/json
certificates
Array of strings

An array of leaf and sub-CA certificates provided by Apple. Each object contains a DER-encoded X.509 certificate, starting with the leaf and followed by the sub-CA. You must encode this value in Base64 format before providing it to the API.

nonce
string

A single-use nonce provided by Apple. You must hex-encode this value before providing it to the API.

nonce_signature
string

Nonce signature provided by Apple. You must hex-encode this value before providing it to the API.

Responses
201

Successful result of the operation.

401

Invalid or missing auth token.

403

Forbidden

404

The card could not be found.

500

Internal server error.

post/v1/cards/{card_id}/push_provision/apple_encrypted
Request samples
application/json
{
  • "certificates": [
    ],
  • "nonce": "boviUg==",
  • "nonce_signature": "QJ9R/xEhXaWmcGqGewoumiXJdcl0vS+CLuBXASGR0eFCWApAZUy/RLpx8R9H/IdlCtGD+G1yQi14oLBEeONSOB3sxcQj1ZJKrRrxkyt6LVU/"
}
Response samples
application/json
{
  • "wallet_payload": {
    }
}

(Deprecated) Add a card to a Google Pay walletDeprecated

This endpoint is deprecated; please use POST /v1/cards/{card_id}/sca_push_provision/google instead.

Request
Security:
path Parameters
card_id
required
string

card_id

Request Body schema: application/json
client_app_id
string

Unique identifier for the client application. Use the value SolarisPushProvisioning.

Value: "SolarisPushProvisioning"
client_device_id
string

Stable identifier for a physical Android device. Google refers to this attribute as a Stable hardware ID in their SDK documentation. Use the getStableHardwareId method to retrieve this value.

client_wallet_account_id
string

Unique 24-byte identifier for each instance of a [Android user, Google account] pair. Google computes the ID as a keyed hash of the Android user ID and the Google account ID. The key to this hash lives on Google's servers; the wallet ID is created during user setup as an RPC.

Responses
201

Successful result of the operation.

401

Invalid or missing auth token.

403

Forbidden

404

The card could not be found.

500

Internal server error.

post/v1/cards/{card_id}/push_provision/google
Request samples
application/json
{
  • "client_app_id": "SolarisPushProvisioning",
  • "client_device_id": "DeviceIDZIiG3a0DgF4mQfkC",
  • "client_wallet_account_id": "Rwt3tJek_k1JxivcwbPHjKDk"
}
Response samples
application/json
{
  • "wallet_payload": "eyJhbGciOiJBMjU2R0NNS1ciLCJjaGFubmVsU2VjdXJpdHlDb250ZXh0IjoiU0hBUkVEX1NFQ1JFVCIsImVuYyI6IkEyNTZHQ00iLCJpYXQiOjE1NjYzMDUyNDIsIml2IjoiLVpMMGF4M0J2b1dRQjJhZyIsImtpZCI6IjhTTU5BWkRZTVFIQUFNNFU3S1ZZMTNDN0NlajVqdEVZbFI1MFhGRTdJd0R4RG9idE0iLCJ0YWciOiJDUW1DaWRFRkdFYkFyV3ViOU5IdkdRIiwidHlwIjoiSk9TRSJ9"
}

Card spending controls

Create card controls list

Creates a card controls list and applies it to all cards defined in the scope and scope_id of the request.

Request
Security:
Request Body schema: application/json
scope
required
string (Scope)

The scope of the card spending control.

Enum: "CARD" "CARDHOLDER" "ACCOUNT" "BUSINESS" "PARTNER" "PARTNER_CARDS" "BUSINESS_CARDS" "ACCOUNT_CARDS" "CARDHOLDER_CARDS" "NON_BUSINESS_CARDS" "PARTNER_CARDHOLDERS"
scope_id
required
string

ID of the resource that corresponds with the scope. For example, if the scope is PARTNER, then the scope_id would be your partner ID. For business, it would be the business ID.

idempotency_key
required
string <uuid>

A randomly generated UUID which the server uses to recognize subsequent retries of the same request.

object (ListRule)
object (ListRule)
Responses
201

The card controls list was successfully created.

208

The card controls list has already been created.

400

Validation failed for the card controls list, or the provided partner identifier is invalid.

403

You are not authorized to perform this action.

404

The card controls list could not be found.

500

Internal server error.

post/v1/card_controls/lists
Request samples
application/json
{
  • "scope": "CARD",
  • "scope_id": "54e06604b0cf825810bec508cc1f2dc7mcrd",
  • "idempotency_key": "504f6816-f7b5-4965-bc35-69acadc9f5c7",
  • "inclusion": {
    },
  • "exclusion": {
    }
}
Response samples
application/json
{
  • "id": "7a911b90-0109-11ec-9a03-0242ac130003",
  • "scope": "CARD",
  • "scope_id": "54e06604b0cf825810bec508cc1f2dc7mcrd",
  • "origin": "SOLARISBANK",
  • "idempotency_key": "504f6816-f7b5-4965-bc35-69acadc9f5c7",
  • "inclusion": {
    },
  • "exclusion": {
    }
}

Index card controls lists

Returns an array containing all active card controls lists in place for your customers.

Request
Security:
query Parameters
filter[scope]
required
string (Scope)

Filter the results by the type of scope.

Enum: "CARD" "CARDHOLDER" "ACCOUNT" "BUSINESS" "PARTNER" "PARTNER_CARDS" "BUSINESS_CARDS" "ACCOUNT_CARDS" "CARDHOLDER_CARDS" "NON_BUSINESS_CARDS" "PARTNER_CARDHOLDERS"
filter[scope_id]
string

Filter the results by a specific scope (e.g., the ID of an account or the person ID of a cardholder).

include_related
boolean

Using this filter, the API will return all card controls lists that were defined at the ACCOUNT, BUSINESS, or PARTNER level that apply to a specific card. You can only use this filter in combination with the scope and scope_id filters. The scope must be set to CARD and the scope_id must be set to a card ID.

Responses
200

Successful result of the operation

400

Request validation failed.

403

You are not authorized to perform this action.

500

Internal server error.

get/v1/card_controls/lists
Request samples
curl -i -X GET \
  'https://api.solaris-sandbox.de/v1/card_controls/lists?filter%5Bscope%5D=CARD&filter%5Bscope_id%5D=string&include_related=true'
Response samples
application/json
[
  • {
    }
]

Retrieve a card controls list

Returns the card controls list with the ID specified in the request URL.

Request
Security:
path Parameters
id
required
string

ID of the card controls list to retrieve.

Responses
200

The operation was successful.

400

Partner identifier is invalid

403

You are not authorized to perform this action.

404

The card controls list could not be found.

500

Internal server error.

get/v1/card_controls/lists/{id}
Request samples
curl -i -X GET \
  'https://api.solaris-sandbox.de/v1/card_controls/lists/{id}'
Response samples
application/json
{
  • "id": "7a911b90-0109-11ec-9a03-0242ac130003",
  • "scope": "CARD",
  • "scope_id": "54e06604b0cf825810bec508cc1f2dc7mcrd",
  • "origin": "SOLARISBANK",
  • "idempotency_key": "504f6816-f7b5-4965-bc35-69acadc9f5c7",
  • "inclusion": {
    },
  • "exclusion": {
    }
}

Delete card controls list

Deletes the card controls list specified in the request URL.

Request
Security:
path Parameters
id
required
string

ID of the card controls list to delete.

Responses
204

No Content

400

Partner identifier is invalid

403

You are not authorized to perform this action.

404

Card controls list not found

500

Internal server error.

delete/v1/card_controls/lists/{id}
Request samples
curl -i -X DELETE \
  'https://api.solaris-sandbox.de/v1/card_controls/lists/{id}'
Response samples
application/json
[
  • {
    }
]

Create card spending limit control

Creates a card spending limit control and applies it to all cards defined in the scope and scope_id of the request.

Request
Security:
Request Body schema: application/json
scope
required
string (Scope)

The scope of the card spending control.

Enum: "CARD" "CARDHOLDER" "ACCOUNT" "BUSINESS" "PARTNER" "PARTNER_CARDS" "BUSINESS_CARDS" "ACCOUNT_CARDS" "CARDHOLDER_CARDS" "NON_BUSINESS_CARDS" "PARTNER_CARDHOLDERS"
scope_id
required
string

ID of the resource that corresponds with the scope. For example, if the scope is PARTNER, then the scope_id would be your partner ID. For business, it would be the business ID.

idempotency_key
required
string <uuid>

A randomly generated UUID which the server uses to recognize subsequent retries of the same request.

required
object (SpendingLimitRule)

Amount or count limit - only one could be used.

Responses
201

The card spending limit control was successfully created.

208

The card spending limit control has already been created.

400

The request validation failed.

403

You are not authorized to perform this action.

500

Internal server error.

post/v1/card_controls/spending_limits
Request samples
application/json
{
  • "scope": "CARD",
  • "scope_id": "54e06604b0cf825810bec508cc1f2dc7mcrd",
  • "idempotency_key": "504f6816-f7b5-4965-bc35-69acadc9f5c7",
  • "limit": {
    }
}
Response samples
application/json
{
  • "id": "7a911b90-0109-11ec-9a03-0242ac130003",
  • "scope": "CARD",
  • "scope_id": "54e06604b0cf825810bec508cc1f2dc7mcrd",
  • "origin": "SOLARISBANK",
  • "idempotency_key": "504f6816-f7b5-4965-bc35-69acadc9f5c7",
  • "limit": {
    }
}

Index card spending limit controls

Returns all active card spending limit controls.

Request
Security:
query Parameters
filter[scope]
required
string (Scope)

Filter the results by the type of scope.

Enum: "CARD" "CARDHOLDER" "ACCOUNT" "BUSINESS" "PARTNER" "PARTNER_CARDS" "BUSINESS_CARDS" "ACCOUNT_CARDS" "CARDHOLDER_CARDS" "NON_BUSINESS_CARDS" "PARTNER_CARDHOLDERS"
filter[scope_id]
string

Filter the results by a specific scope (e.g., the ID of an account or the person ID of a cardholder).

include_related
boolean

Using this filter, the API will return all card spending limit controls that were defined at the ACCOUNT, BUSINESS, or PARTNER level that apply to a specific card. You can only use this filter in combination with the scope and scope_id filters. The scope must be set to CARD and the scope_id must be set to a card ID.

Responses
200

Successful result of the operation

400

The request validation failed.

403

You are not authorized to perform this action.

500

Internal server error.

get/v1/card_controls/spending_limits
Request samples
curl -i -X GET \
  'https://api.solaris-sandbox.de/v1/card_controls/spending_limits?filter%5Bscope%5D=CARD&filter%5Bscope_id%5D=string&include_related=true'
Response samples
application/json
[
  • {
    }
]

Retrieve a card spending limit control

Returns information about the card spending limit control specified in the request URL.

Request
Security:
path Parameters
id
required
string

ID of the card spending limit control.

Responses
200

Successful result of the operation

400

The supplied partner identifier is invalid.

403

You are not authorized to perform this action.

404

The card spending limit control could not be found.

500

Internal server error.

get/v1/card_controls/spending_limits/{id}
Request samples
curl -i -X GET \
  'https://api.solaris-sandbox.de/v1/card_controls/spending_limits/{id}'
Response samples
application/json
{
  • "id": "7a911b90-0109-11ec-9a03-0242ac130003",
  • "scope": "CARD",
  • "scope_id": "54e06604b0cf825810bec508cc1f2dc7mcrd",
  • "origin": "SOLARISBANK",
  • "idempotency_key": "504f6816-f7b5-4965-bc35-69acadc9f5c7",
  • "limit": {
    },
  • "utilized_limit": {
    }
}

Delete card spending limit control

Deletes the card spending limit control specified in the request URL.

Request
Security:
path Parameters
id
required
string

ID of the card spending limit control to delete.

Responses
204

No Content

400

The supplied partner identifier is invalid.

403

You are not authorized to perform this action.

404

Card controls spending limit not found

500

Internal server error.

delete/v1/card_controls/spending_limits/{id}
Request samples
curl -i -X DELETE \
  'https://api.solaris-sandbox.de/v1/card_controls/spending_limits/{id}'
Response samples
application/json
[
  • {
    }
]

Cards Smart Agent

Allow a transaction that was marked as fraudulent

This endpoint confirms that a transaction marked as fraudulent was not actually fraudulent (i.e., the customer confirms that they made the transaction themselves or is otherwise aware of the transaction). Once you call this endpoint, fraud monitoring will be disabled for the card specified in the request URL for 10 minutes, and the transaction can be attempted again.

Request
Security:
path Parameters
card_id
required
string
id
required
string
Responses
200

Successful result of the operation

400

An error occurred on the client side.

403

You are not authorized to perform this action.

404

The resource could not be found.

500

Internal server error.

default

Unexpected error

post/v1/cards/{card_id}/fraud_cases/{id}/whitelist
Request samples
curl -i -X POST \
  'https://api.solaris-sandbox.de/v1/cards/{card_id}/fraud_cases/{id}/whitelist'
Response samples
application/json
{
  • "id": "154dca58bb1b5c8701039fa6514ffc66frdcs",
  • "resolution": "WHITELISTED",
  • "whitelisted_until": "2020-05-05T11:54:26Z"
}

Confirm a fraud case

This endpoint confirms to Solaris that a fraud case was indeed fraudulent. The card used to make the fraudulent transaction will be subsequently blocked. You should then redirect your customer to your customer support so that a replacement card can be issued.

Request
Security:
path Parameters
card_id
required
string
id
required
string
Responses
200

Successful result of the operation

400

An error occurred on the client side.

403

You are not authorized to perform this action.

404

The resource could not be found.

500

Internal server error.

default

Unexpected error

post/v1/cards/{card_id}/fraud_cases/{id}/confirm
Request samples
curl -i -X POST \
  'https://api.solaris-sandbox.de/v1/cards/{card_id}/fraud_cases/{id}/confirm'
Response samples
application/json
{
  • "id": "154dca58bb1b5c8701039fa6514ffc66frdcs",
  • "resolution": "CONFIRMED"
}

(Sandbox only) Create test fraud case

This endpoint simulates a fraudulent transaction for the card specified in the request URL. The fraudulent transaction process will begin as a result.
This endpoint is only available on Sandbox.

Request
Security:
path Parameters
card_id
required
string
Responses
204

Successful result of the operation

400

An error occurred on the client side.

403

You are not authorized to perform this action.

404

The resource could not be found.

500

Internal server error.

post/v1/cards/{card_id}/test_fraud_cases
Request samples
curl -i -X POST \
  'https://api.solaris-sandbox.de/v1/cards/{card_id}/test_fraud_cases'
Response samples
application/json
{
  • "id": "a95f2aaf-4e0c-4d49-8021-8a16a884ed86",
  • "status": "400",
  • "code": "build_pagination_headers_failure",
  • "title": "Failed to build pagination headers.",
  • "details": "Cannot connect to database."
}

Credit cards

Create a credit card application for a consumer or freelancer

This endpoint creates a credit card application and assigns it to the person with the person_id specified in the request URL. The application includes all the required information about the customer, such as their self-declared financial information, credit card type and requested limit, which Solaris' credit scorer uses to initiate a series of credit checks.
Note: Solaris will tell you which fields are mandatory based on your use case.

Request
Security:
path Parameters
person_id
required
string
Request Body schema: application/json
product_type
required
string

Indicates the type of credit card to open.

Enum: "CONSUMER_CREDIT_CARD" "FREELANCER_CREDIT_CARD" "BUSINESS_CREDIT_CARD"
external_customer_id
string

Arbitrary ID provided by you (e.g., membership ID).

object

Object containing information about the repayment plan for the credit card.

required
object (consumer_scoring_options)
Responses
201

The credit card application was created successfully.

400

Validation Error

403

Unathorized action

404

Not found

500

Internal server error.

post/v1/persons/{person_id}/credit_card_applications
Request samples
application/json
{
  • "product_type": "CONSUMER_CREDIT_CARD",
  • "external_customer_id": "CKV1002494",
  • "repayment_options": {
    },
  • "scoring_options": {
    }
}
Response samples
application/json
{
  • "id": "string",
  • "external_customer_id": "string",
  • "customer_id": "0ba2211cab11af6094d60ead81f2bd9dcper",
  • "account_id": "c2a13abed3b0686ab5343aa748d7f2fecacc",
  • "account_iban": "DE53110101013323159108",
  • "reference_account_id": "d1ed02309ca52b5e636e215ff82b2d52sddm",
  • "status": "PENDING",
  • "product_type": "CONSUMER_CREDIT_CARD",
  • "billing_start_date": "2022-07-01",
  • "billing_end_date": "2022-07-28",
  • "approved_limit": {
    },
  • "requested_limit": {
    },
  • "current_limit": {
    },
  • "decline_reasons": [
    ],
  • "repayment_options": {
    },
  • "scoring_options": {
    },
  • "in_dunning": true,
  • "repayment_type_switch_available_date": "2022-07-28"
}

Create a credit card application for a business

This endpoint creates a credit card application and assigns it to the business with the business_id specified in the request URL. The application includes all the required information about the customer, such as their self-declared financial information, credit card type and requested limit, which Solaris' credit scorer uses to initiate a series of credit checks.
Note: Solaris will tell you which fields are mandatory based on your use case.

Request
Security:
path Parameters
business_id
required
string
Request Body schema: application/json
product_type
required
string

Indicates the type of credit card to open.

Enum: "CONSUMER_CREDIT_CARD" "FREELANCER_CREDIT_CARD" "BUSINESS_CREDIT_CARD"
external_customer_id
string

Arbitrary ID provided by you (e.g., membership ID).

object

Object containing information about the repayment plan for the credit card.

required
object (business_scoring_options)
Responses
201

The credit card application was created successfully.

400

Validation Error

403

Unathorized action

404

Not found

500

Internal server error.

post/v1/businesses/{business_id}/credit_card_applications
Request samples
application/json
{
  • "product_type": "CONSUMER_CREDIT_CARD",
  • "external_customer_id": "CKV1002494",
  • "repayment_options": {
    },
  • "scoring_options": {
    }
}
Response samples
application/json
{
  • "id": "string",
  • "external_customer_id": "string",
  • "customer_id": "0ba2211cab11af6094d60ead81f2bd9dcper",
  • "account_id": "c2a13abed3b0686ab5343aa748d7f2fecacc",
  • "account_iban": "DE53110101013323159108",
  • "reference_account_id": "d1ed02309ca52b5e636e215ff82b2d52sddm",
  • "status": "PENDING",
  • "product_type": "CONSUMER_CREDIT_CARD",
  • "billing_start_date": "2022-07-01",
  • "billing_end_date": "2022-07-28",
  • "approved_limit": {
    },
  • "requested_limit": {
    },
  • "current_limit": {
    },
  • "decline_reasons": [
    ],
  • "repayment_options": {
    },
  • "scoring_options": {
    },
  • "in_dunning": true,
  • "repayment_type_switch_available_date": "2022-07-28"
}

Accept and finalize credit card application

Finalizes the credit card application specified in the request URL. If the request succeeds, then Solaris will create a credit card account for the customer.
Note: Call this endpoint only after the customer has successfully completed the KYC process.

Request
Security:
path Parameters
id
required
string
Responses
200

The credit card application was created successfully.

400

Validation Error

403

Unathorized action

404

Not found

500

Internal server error.

post/v1/credit_card_applications/{id}/finalize
Request samples
curl -i -X POST \
  'https://api.solaris-sandbox.de/v1/credit_card_applications/{id}/finalize'
Response samples
application/json
{
  • "id": "string",
  • "external_customer_id": "string",
  • "customer_id": "0ba2211cab11af6094d60ead81f2bd9dcper",
  • "account_id": "c2a13abed3b0686ab5343aa748d7f2fecacc",
  • "account_iban": "DE53110101013323159108",
  • "reference_account_id": "d1ed02309ca52b5e636e215ff82b2d52sddm"