# Change card PIN with Change Request Changes the PIN of the card specified in the request URL using the Change Request process. Follow these instructions to use this endpoint: 1. Retrieve the encryption key in JWK format with the method and make it available. 2. Collect the customer's desired PIN through a text input in your frontend and store it as string containing a JSON-formatted object . 3. Parse the received encryption key JWK from the first step (you may want to use a suitable library of your choice, e.g. JOSESwift for iOS or Nimbus JOSE for Android). 4. Encrypt the string containing the new PIN from step 2 into a JWE using the previously received encryption key and the following properties: 1. Algorithm: 2. Encryption method: 3. Key ID: property from the encryption key JWK 5. On the customer's device, generate the compact serialization of the JWE created in the previous step—this will be used as the parameter. 6. Call this endpoint from your backend. Endpoint: POST /v1/cards/{card_account_id}/sca_pin_update_requests Version: 1.0 ## Path parameters: - `card_account_id` (string, required) Unique identifier of the card whose PIN you wish to change. Example: "1fe8caa4bf1f49d87b2d63c14bb565f0mcrd" ## Request fields (application/json): - `encrypted_pin` (string, required) The encrypted PIN value (JWE in compact serialization). See the description of this method for instructions on how to produce this value. - `key_id` (string, required) Solaris' public RSA key ID. Returned as the property by the endpoint. ## Response 200 fields (application/json): - `id` (string) ID of the change request. Example: "d6c778822b2d7bd3b778935bcfd0d1d3csc" - `status` (string) The current status of the change request. Enum: "ACCEPTED", "AUTHORIZATION_REQUIRED", "CONFIRMATION_REQUIRED", "COMPLETED", "FAILED" - `updated_at` (string) UTC timestamp from the last time the change request was updated. Example: "2022-04-21T13:59:52+00:00" - `url` (string) URL to use to authorize the change request. Example: "https://example.com/authorize" ## Response 400 fields (application/json): - `errors` (array) - `errors.id` (string) - `errors.status` (integer) - `errors.code` (string) - `errors.title` (string) - `errors.detail` (string) - `errors.source` (object) - `errors.source.field` (string) - `errors.source.message` (string) ## Response 403 fields (application/json): - `id` (string) Example: "a95f2aaf-4e0c-4d49-8021-8a16a884ed86" - `status` (string) Example: "403" - `code` (string) Example: "unauthorized_action" - `title` (string) Example: "Unauthorized Action" - `detail` (string) Example: "Unauthorized action is not allowed." ## Response 404 fields (application/json): - `id` (string) Example: "a95f2aaf-4e0c-4d49-8021-8a16a884ed86" - `status` (string) Example: "404" - `code` (string) Example: "model_not_found" - `title` (string) Example: "Model Not Found" - `detail` (string) Example: "Couldn't find 'Solaris::Identification' for id 'bbbcccfff388923eb899a5852df6cidt'." ## Response 500 fields (application/json): - `id` (string) Example: "e8915041-9d8c-4d96-9dd1-04e8522ecdbf" - `status` (string) Example: "500" - `code` (string) Example: "generic_error" - `title` (string) Example: "Generic Error" - `detail` (string) Example: "There was an error."