# Change card PIN Changes the PIN of the card specified in the request URL. Follow these instructions to use this endpoint: 1. In your backend, retrieve the encryption key in JWK format with the method and make it available to the customer's device. 2. On the customer's device, collect the customer's desired PIN through a text input in your frontend and store it as string containing a JSON-formatted object . 3. On the customer's device, parse the received encryption key JWK from the first step (you may want to use a suitable library of your choice, e.g. JOSESwift for iOS or Nimbus JOSE for Android). 4. On the customer's device, encrypt the string containing the new PIN from step 2 into a JWE using the previously received encryption key and the following properties: 1. Algorithm: 2. Encryption method: 3. Key ID: property from the encryption key JWK 5. On the customer's device, generate the compact serialization of the JWE created in the previous step—this will be used as the parameter. 6. On the customer's device, sign the serialized JWE of the previous step using the cardholder's private key from their bound device — this is the parameter. Note that you must use the key. 7. Transfer the values generated in the previous two steps (serialized JWE and created signature) to your backend. 8. Call this endpoint from your backend. Endpoint: POST /v1/cards/{card_account_id}/pin_update_requests Version: 1.0 ## Path parameters: - `card_account_id` (string, required) Unique identifier of the card whose PIN you wish to change. Example: "1fe8caa4bf1f49d87b2d63c14bb565f0mcrd" ## Request fields (application/json): - `device_id` (string, required) ID of the customer's previously bound device. - `encrypted_pin` (string, required) The encrypted PIN value (JWE in compact serialization). See the description of this method for instructions on how to produce this value. - `key_id` (string, required) Solaris' public RSA key ID. Returned as the property by the endpoint. - `signature` (string, required) The signature of the created with the device binding key. - `device_data` (string) Encoded device fingerprint generated using the [Seon SDK](https://seon.io). See the [device monitoring guide](https://docs.solarisgroup.com/guides/kyc/device-monitoring) for more information about generating this value. ## Response 400 fields (application/json): - `errors` (array) - `errors.id` (string) - `errors.status` (integer) - `errors.code` (string) - `errors.title` (string) - `errors.detail` (string) - `errors.source` (object) - `errors.source.field` (string) - `errors.source.message` (string) ## Response 403 fields (application/json): - `id` (string) Example: "a95f2aaf-4e0c-4d49-8021-8a16a884ed86" - `status` (string) Example: "403" - `code` (string) Example: "unauthorized_action" - `title` (string) Example: "Unauthorized Action" - `detail` (string) Example: "Unauthorized action is not allowed." ## Response 404 fields (application/json): - `id` (string) Example: "a95f2aaf-4e0c-4d49-8021-8a16a884ed86" - `status` (string) Example: "404" - `code` (string) Example: "model_not_found" - `title` (string) Example: "Model Not Found" - `detail` (string) Example: "Couldn't find 'Solaris::Identification' for id 'bbbcccfff388923eb899a5852df6cidt'." ## Response 500 fields (application/json): - `id` (string) Example: "e8915041-9d8c-4d96-9dd1-04e8522ecdbf" - `status` (string) Example: "500" - `code` (string) Example: "generic_error" - `title` (string) Example: "Generic Error" - `detail` (string) Example: "There was an error."