Issue, manage, and monitor virtual cards programmatically — no dashboard clicks required. Webhooks for real-time transaction events, fleet-scale card operations, and a clean REST interface for any automation or bot system.
When you're running bots, automation workflows, or fleet-scale operations, clicking through a dashboard for every card doesn't scale. CryptoCardy's REST API makes card issuance a single function call — POST to /v2/cards, get back card details as JSON, route them to your downstream processes. Webhooks keep you informed of every transaction in real time.
| Endpoint | Method | Description | Rate Limit |
|---|---|---|---|
| /v2/cards | POST | Issue a new card. Body: BIN, load_amount, billing_address | 10/min |
| /v2/cards/{id} | GET | Retrieve card details (masked PAN by default) | 60/min |
| /v2/cards/{id} | PATCH | Update card status: freeze, unfreeze, close | 60/min |
| /v2/cards/{id} | DELETE | Delete card. Remaining balance refunds to account | 60/min |
| /v2/transactions | GET | List transactions with filters (date range, card_id, type) | 60/min |
| /v2/balance | GET | Check account balance | 60/min |
| Event | Payload | Typical Latency | Use Case |
|---|---|---|---|
| authorization.attempt | card_id, merchant, amount, currency, timestamp | <1s | Real-time spend tracking |
| authorization.success | card_id, merchant, amount, auth_code | <1s | Trigger downstream actions after payment |
| authorization.decline | card_id, decline_reason, merchant | <1s | Alerting, auto-retry logic |
| refund.processed | card_id, original_txn_id, amount | <5s | Balance reconciliation |
| card.expiring | card_id, expiry_date, days_remaining | — | Fires 30 days before expiry. Auto-reissue or alert |
The recommended architecture for fleet-scale card management:
Your main service issues cards via POST /v2/cards when a new bot instance spins up. Each bot gets a dedicated card with a pre-computed load matching its expected spend.
A single webhook endpoint receives events for all cards. Route authorization.decline events to an alert system. Use authorization.success to trigger the bot's next step.
A cron job polls /v2/balance and /v2/transactions. Auto-tops up cards approaching zero. Deletes cards for terminated bots. Logs everything for audit.
| Workload | Best BIN | Why |
|---|---|---|
| Facebook ad bots | 471938 (Visa Business) | Highest survival rate on FB payment review |
| Google ad bots | 471938 (Visa Business) | Passes Google's AVS consistently |
| SaaS trial sign-up bots | 491653 (Visa Classic) | Lighter BIN, lower cost, sufficient for trial auth |
| E-commerce bots | 485291 (Visa Platinum) | Platinum tier = higher auth ceiling on large purchases |
| Cloud infra bots | 493847 (Visa Corporate) | Corporate tier for cloud billing systems |
Production tier: 60 requests/minute. Card issuance endpoint: 10 cards/minute. All limits are per API key.
Yes. POST to /v2/cards returns full card details as JSON that your system can parse and route to any downstream process. See the full API documentation.
Bearer token in the Authorization header. Generate tokens in dashboard → Settings → API. Multiple tokens with different permission scopes (read-only, card-issue, admin).
API calls are atomic per card. If card #47 fails, you get a 4xx for that request. Cards #1-46 remain active. Your script should check each response individually.
Yes. All accounts include a sandbox with test tokens. Sandbox cards are generated but not provisioned on real networks — use for integration testing before production.
Only registered members can comment.
Sign up, generate an API key, and your first card is one POST request away. Full sandbox included.
Get Started