Update Cardholder - FYATU API Docs

Update a cardholder

curl --request PATCH \
  --url https://api.fyatu.com/api/v3.20/cardholders/{id} \
  --header 'Authorization: Bearer <token>' \
  --header 'Content-Type: application/json' \
  --data '
{
  "firstName": "<string>",
  "lastName": "<string>",
  "email": "jsmith@example.com",
  "phone": "<string>",
  "dateOfBirth": "2023-12-25",
  "nationality": "<string>",
  "kycDocument": {
    "documentType": "PASSPORT",
    "documentNumber": "AB123456",
    "issuingCountry": "US",
    "frontUrl": "https://storage.example.com/doc-front.jpg",
    "backUrl": null,
    "selfieUrl": "https://storage.example.com/selfie.jpg"
  },
  "externalId": "<string>",
  "metadata": {}
}
'

{
  "success": true,
  "status": 200,
  "message": "Cardholder retrieved",
  "data": {
    "cardholderId": "chl_01HXYZ1234ABCDEF5678",
    "firstName": "John",
    "lastName": "Smith",
    "email": "john.smith@example.com",
    "phone": "+12025551234",
    "dateOfBirth": "1990-05-15",
    "nationality": "US",
    "address": {
      "address": "123 Main Street, Apt 4B",
      "city": "Newark",
      "country": "US",
      "state": "Delaware",
      "postalCode": "19701"
    },
    "kycDocument": {
      "documentType": "PASSPORT",
      "documentNumber": "AB123456",
      "issuingCountry": "US",
      "frontUrl": "https://storage.example.com/doc-front.jpg",
      "backUrl": null,
      "selfieUrl": "https://storage.example.com/selfie.jpg"
    },
    "externalId": "usr_123456",
    "metadata": {
      "plan": "premium"
    },
    "status": "ACTIVE",
    "kycStatus": "APPROVED",
    "kycVerifiedAt": "2026-05-10T14:23:00Z",
    "kycRejectionReason": null,
    "totalCards": 2,
    "suspendedAt": null,
    "terminatedAt": null,
    "createdAt": "2026-05-01T09:00:00Z",
    "updatedAt": "2026-05-10T14:23:00Z"
  },
  "meta": {
    "requestId": "req_a1b2c3d4e5f6a7b8c9d0e1f2",
    "platform": "Fyatu CaaS",
    "timestamp": "2026-05-22T15:00:00Z"
  }
}

PATCH

cardholders

{id}

Update a cardholder

curl --request PATCH \
  --url https://api.fyatu.com/api/v3.20/cardholders/{id} \
  --header 'Authorization: Bearer <token>' \
  --header 'Content-Type: application/json' \
  --data '
{
  "firstName": "<string>",
  "lastName": "<string>",
  "email": "jsmith@example.com",
  "phone": "<string>",
  "dateOfBirth": "2023-12-25",
  "nationality": "<string>",
  "kycDocument": {
    "documentType": "PASSPORT",
    "documentNumber": "AB123456",
    "issuingCountry": "US",
    "frontUrl": "https://storage.example.com/doc-front.jpg",
    "backUrl": null,
    "selfieUrl": "https://storage.example.com/selfie.jpg"
  },
  "externalId": "<string>",
  "metadata": {}
}
'

{
  "success": true,
  "status": 200,
  "message": "Cardholder retrieved",
  "data": {
    "cardholderId": "chl_01HXYZ1234ABCDEF5678",
    "firstName": "John",
    "lastName": "Smith",
    "email": "john.smith@example.com",
    "phone": "+12025551234",
    "dateOfBirth": "1990-05-15",
    "nationality": "US",
    "address": {
      "address": "123 Main Street, Apt 4B",
      "city": "Newark",
      "country": "US",
      "state": "Delaware",
      "postalCode": "19701"
    },
    "kycDocument": {
      "documentType": "PASSPORT",
      "documentNumber": "AB123456",
      "issuingCountry": "US",
      "frontUrl": "https://storage.example.com/doc-front.jpg",
      "backUrl": null,
      "selfieUrl": "https://storage.example.com/selfie.jpg"
    },
    "externalId": "usr_123456",
    "metadata": {
      "plan": "premium"
    },
    "status": "ACTIVE",
    "kycStatus": "APPROVED",
    "kycVerifiedAt": "2026-05-10T14:23:00Z",
    "kycRejectionReason": null,
    "totalCards": 2,
    "suspendedAt": null,
    "terminatedAt": null,
    "createdAt": "2026-05-01T09:00:00Z",
    "updatedAt": "2026-05-10T14:23:00Z"
  },
  "meta": {
    "requestId": "req_a1b2c3d4e5f6a7b8c9d0e1f2",
    "platform": "Fyatu CaaS",
    "timestamp": "2026-05-22T15:00:00Z"
  }
}

Overview

Update one or more fields on a cardholder profile. Only the fields you include in the request body are changed — absent fields are left unchanged (true PATCH semantics).

KYC-Locked Fields

After kycStatus becomes APPROVED, the following fields are immutable:

Locked Field	Error if changed
`firstName`	`409 KYC_FIELD_LOCKED`
`lastName`	`409 KYC_FIELD_LOCKED`
`email`	`409 KYC_FIELD_LOCKED`
`dateOfBirth`	`409 KYC_FIELD_LOCKED`
`nationality`	`409 KYC_FIELD_LOCKED`
`address`	`409 KYC_FIELD_LOCKED`

The fields phone, externalId, and metadata can be updated at any time regardless of KYC status.

Updatable Fields

Field	Type	Constraint
`firstName`	string	KYC-locked after approval
`lastName`	string	KYC-locked after approval
`email`	string	Valid email, unique in environment; KYC-locked after approval
`phone`	string	E.164 format (e.g. `+12025551234`)
`dateOfBirth`	string	`YYYY-MM-DD`; KYC-locked after approval
`nationality`	string	ISO 3166-1 alpha-2; KYC-locked after approval
`address`	object	Full address object; KYC-locked after approval
`externalId`	string	Your internal user ID
`metadata`	object	Arbitrary key/value pairs (max 4096 bytes)

Example

curl -X PATCH https://api.fyatu.com/api/v3.20/cardholders/chl_01HXYZ1234ABCDEF5678 \
  -H "Authorization: Bearer $FYATU_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "phone": "+12025559999",
    "metadata": { "plan": "enterprise", "region": "us-east" }
  }'

Success Response (200)

Returns the full updated cardholder object:

{
  "success": true,
  "status": 200,
  "message": "Cardholder updated",
  "data": {
    "cardholderId": "chl_01HXYZ1234ABCDEF5678",
    "programId":    "prg_01HXYZ9876ABCDEF0000",
    "firstName":    "John",
    "lastName":     "Smith",
    "email":        "john.smith@example.com",
    "phone":        "+12025559999",
    "dateOfBirth":  "1990-05-15",
    "nationality":  "US",
    "address": {
      "line1":      "123 Main Street",
      "line2":      "Apt 4B",
      "city":       "Newark",
      "state":      "Delaware",
      "postalCode": "19701",
      "country":    "US"
    },
    "metadata":    { "plan": "enterprise", "region": "us-east" },
    "status":      "ACTIVE",
    "kycStatus":   "APPROVED",
    "kycVerifiedAt": "2026-05-01T09:05:00Z",
    "totalCards":  2,
    "totalSpendCents": 125000,
    "suspendedAt": null,
    "createdAt":   "2026-05-01T09:00:00Z",
    "updatedAt":   "2026-05-22T10:00:00Z"
  },
  "meta": {
    "requestId": "req_01HXY123456ABCDEF",
    "platform": "Fyatu CaaS",
    "timestamp": "2026-05-22T10:00:00Z"
  }
}

Error Codes

Code	HTTP	Cause
`VALIDATION_ERROR`	422	Invalid field values (bad email format, metadata too large, etc.)
`CARDHOLDER_NOT_FOUND`	404	Cardholder does not exist or belongs to another business
`CARDHOLDER_TERMINATED`	409	Terminated cardholder cannot be modified
`KYC_FIELD_LOCKED`	409	Attempted to change a field that is locked after KYC approval
`CARDHOLDER_EMAIL_EXISTS`	409	Updated email is already in use by another cardholder
`INSUFFICIENT_SCOPE`	403	Key lacks `cardholders:write` scope

Authorizations

Authorization

string

header

required

API key from the FYATU CaaS portal. Pass as Authorization: Bearer <key>.

Path Parameters

string

required

Body

application/json

firstName

string

lastName

string

string<email>

phone

string

dateOfBirth

string<date>

nationality

string

address

object

Show child attributes

kycDocument

object

Identity document details for KYC verification. Optional on create; patchable via PATCH. Not locked after KYC approval.

Show child attributes

externalId

string

metadata

object

Response

Cardholder updated

success

boolean

Example:

true

status

integer

Example:

200

message

string

Example:

"Cardholder retrieved"

data

object

Show child attributes

​Overview

​KYC-Locked Fields

​Updatable Fields

​Example

​Success Response (200)

​Error Codes

Authorizations

Path Parameters

Body

Response

Overview

KYC-Locked Fields

Updatable Fields

Example

Success Response (200)

Error Codes