> ## Documentation Index
> Fetch the complete documentation index at: https://docs.fyatu.com/llms.txt
> Use this file to discover all available pages before exploring further.

# List Products

> List all card products associated with your business. GET /products. Requires accounts:read scope.

## Overview

Returns all card products associated with your business across all programs. A **Card Product** is a specific card configuration within a program — it defines the card scheme (VISA/Mastercard), card type (Consumer/Corporate), the feature set available to cards issued under it, and the lifecycle controls enforced at issuance and funding time.

Products are **shared resources**: they are always read from the LIVE database regardless of whether your API key is LIVE or SANDBOX. You can create products via `POST /programs/:id/products` and manage their lifecycle with the archive and activate endpoints.

## Query Parameters

| Parameter | Type    | Default | Description                |
| --------- | ------- | ------- | -------------------------- |
| `limit`   | integer | 50      | Results per page (max 100) |
| `offset`  | integer | 0       | Number of records to skip  |

## Example

<CodeGroup>
  ```bash cURL theme={null}
  curl https://api.fyatu.com/api/v3.20/products \
    -H "Authorization: Bearer $FYATU_API_KEY"
  ```

  ```javascript Node.js theme={null}
  const resp = await fetch('https://api.fyatu.com/api/v3.20/products', {
    headers: { 'Authorization': `Bearer ${process.env.FYATU_API_KEY}` }
  });
  const body = await resp.json();
  for (const product of body.data) {
    console.log(product.productId, product.name, product.status);
  }
  ```

  ```python Python theme={null}
  import os, requests

  resp = requests.get(
      'https://api.fyatu.com/api/v3.20/products',
      headers={'Authorization': f'Bearer {os.environ["FYATU_API_KEY"]}'}
  )
  body = resp.json()
  for product in body['data']:
      print(product['productId'], product['name'], product['status'])
  ```
</CodeGroup>

## Success Response (200)

```json theme={null}
{
  "success": true,
  "status":  200,
  "message": "Products retrieved",
  "data": [
    {
      "productId": "prd_01HXYZ1111ABCDEF0001",
      "programId": "prg_01HXYZ9876ABCDEF0000",
      "name":      "Standard VISA Consumer",
      "scheme":    "VISA",
      "cardType":  "CONSUMER",
      "features": {
        "has3DS":          true,
        "hasApplePay":     true,
        "hasGooglePay":    true,
        "hasJIT":          false,
        "hasSpendControl": false,
        "hasMccControl":   false
      },
      "controls": {
        "isReloadable":          true,
        "isOneTimeUse":          false,
        "cardTTLMonths":         36,
        "maxCardsPerCardholder": 5,
        "spendingLimit":         1000,
        "spendingPeriod":        "TRANSAMOUNT"
      },
      "status":    "ACTIVE",
      "createdAt": "2026-01-10T09:00:00Z"
    }
  ],
  "pagination": {
    "total":   1,
    "limit":   50,
    "offset":  0,
    "hasMore": false
  },
  "meta": {
    "requestId": "req_01HXY123456ABCDEF",
    "platform":  "Fyatu CaaS",
    "timestamp": "2026-05-25T10:00:00Z"
  }
}
```

## Field Reference

### Core Fields

| Field       | Description                                 |
| ----------- | ------------------------------------------- |
| `productId` | Unique product identifier (prefix `prd_`)   |
| `programId` | The program this product belongs to         |
| `name`      | Human-readable product name                 |
| `scheme`    | Card network — `VISA` or `MASTERCARD`       |
| `cardType`  | Card usage type — `CONSUMER` or `CORPORATE` |
| `status`    | `ACTIVE` or `ARCHIVED`                      |
| `createdAt` | ISO 8601 creation timestamp                 |

### `features` Object

| Field             | Type    | Description                                                           |
| ----------------- | ------- | --------------------------------------------------------------------- |
| `has3DS`          | boolean | 3D Secure authentication enabled                                      |
| `hasApplePay`     | boolean | Apple Pay tokenisation enabled                                        |
| `hasGooglePay`    | boolean | Google Pay tokenisation enabled                                       |
| `hasJIT`          | boolean | Just-In-Time funding — your system authorises each spend in real time |
| `hasSpendControl` | boolean | Per-card spend limits are configured                                  |
| `hasMccControl`   | boolean | MCC (merchant category) allow/block rules are configured              |

### `controls` Object

| Field                   | Type            | Description                                                                                                              |
| ----------------------- | --------------- | ------------------------------------------------------------------------------------------------------------------------ |
| `isReloadable`          | boolean         | When `false`, `POST /cards/{id}/fund` is rejected for all cards under this product                                       |
| `isOneTimeUse`          | boolean         | When `true`, a card is automatically terminated after its first settled transaction                                      |
| `cardTTLMonths`         | integer \| null | Maximum card validity in months from issuance                                                                            |
| `maxCardsPerCardholder` | integer \| null | Maximum number of simultaneously active (non-TERMINATED) cards a cardholder may hold under this product                  |
| `spendingLimit`         | number          | Maximum spend per `spendingPeriod` in the program currency (USD)                                                         |
| `spendingPeriod`        | string          | Period window for the spending limit — `TRANSAMOUNT`, `DAILY`, `WEEKLY`, `MONTHLY`, `QUARTERLY`, `YEARLY`, or `LIFETIME` |

<Note>
  Products are always read from the LIVE database, even when using a SANDBOX API key. Use `GET /programs/:id/products` to list products scoped to a specific program.
</Note>

## Error Codes

| Code                 | HTTP | Cause                           |
| -------------------- | ---- | ------------------------------- |
| `INSUFFICIENT_SCOPE` | 403  | Key lacks `accounts:read` scope |


## OpenAPI

````yaml v3.20/openapi.json GET /products
openapi: 3.1.0
info:
  title: FYATU CaaS API v3.20
  description: >-
    FYATU Cards-as-a-Service API â€” API key authentication, Cardholder
    lifecycle, Card issuance, Transactions, Webhooks, and Programs.
  version: 3.20.0
  contact:
    name: FYATU Support
    url: https://fyatu.com
    email: support@fyatu.com
servers:
  - url: https://api.fyatu.com/api/v3.20
    description: >-
      FYATU CaaS API â€” the environment (LIVE or SANDBOX) is determined by the
      API key, not the URL
security:
  - BearerAuth: []
tags:
  - name: Meta
    description: Liveness, account info, and supported event types
  - name: Account
    description: Account-level balance and funding status
  - name: Programs
    description: Read card program configuration
  - name: Cardholders
    description: Create and manage cardholder profiles
  - name: Cards
    description: Issue, fund, freeze, and terminate virtual cards
  - name: Transactions
    description: Read-only card transaction history
  - name: Webhooks
    description: Manage webhook endpoints for real-time event delivery
  - name: Products
    description: Read card product configurations
paths:
  /products:
    get:
      tags:
        - Products
      summary: List products
      description: >-
        Returns all card products associated with your business across all
        programs. Products are shared resources â€” they are always read from
        the LIVE database regardless of whether the API key is LIVE or SANDBOX.
        Products are immutable after creation.
      operationId: listProducts
      parameters:
        - name: limit
          in: query
          schema:
            type: integer
            minimum: 1
            maximum: 100
            default: 50
          description: Results per page
        - name: offset
          in: query
          schema:
            type: integer
            minimum: 0
            default: 0
          description: Number of records to skip
      responses:
        '200':
          description: Products retrieved
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ProductListResponse'
              example:
                success: true
                status: 200
                message: Products retrieved
                data:
                  - productId: prd_01HXYZ1111ABCDEF0001
                    programId: prg_01HXYZ9876ABCDEF0000
                    name: Standard VISA Consumer
                    scheme: VISA
                    cardType: CONSUMER
                    features:
                      has3DS: true
                      hasApplePay: true
                      hasGooglePay: true
                      hasJIT: false
                      hasSpendControl: false
                      hasMccControl: false
                    status: ACTIVE
                    createdAt: '2026-01-10T09:00:00Z'
                pagination:
                  total: 1
                  limit: 50
                  offset: 0
                  hasMore: false
                meta:
                  requestId: req_a1b2c3d4e5f6a7b8c9d0e1f2
                  platform: Fyatu CaaS
                  timestamp: '2026-05-25T10:00:00Z'
        '401':
          $ref: '#/components/responses/Unauthorized'
        '403':
          $ref: '#/components/responses/Forbidden'
        '429':
          $ref: '#/components/responses/RateLimitExceeded'
        '500':
          $ref: '#/components/responses/InternalError'
components:
  schemas:
    ProductListResponse:
      type: object
      properties:
        success:
          type: boolean
          example: true
        status:
          type: integer
          example: 200
        message:
          type: string
          example: Products retrieved
        data:
          type: array
          items:
            $ref: '#/components/schemas/Product'
        pagination:
          $ref: '#/components/schemas/Pagination'
        meta:
          $ref: '#/components/schemas/Meta'
    Product:
      type: object
      properties:
        productId:
          type: string
          example: prd_01HXYZ1111ABCDEF0001
        programId:
          type: string
          example: prg_01HXYZ9876ABCDEF0000
        name:
          type: string
          example: Standard VISA Consumer
        scheme:
          type: string
          enum:
            - VISA
            - MASTERCARD
          example: VISA
        cardType:
          type: string
          enum:
            - CONSUMER
            - CORPORATE
          example: CONSUMER
        features:
          type: object
          properties:
            has3DS:
              type: boolean
              example: true
            hasApplePay:
              type: boolean
              example: true
            hasGooglePay:
              type: boolean
              example: true
            hasJIT:
              type: boolean
              example: false
            hasSpendControl:
              type: boolean
              example: false
            hasMccControl:
              type: boolean
              example: false
        controls:
          type: object
          properties:
            isReloadable:
              type: boolean
              example: true
            isOneTimeUse:
              type: boolean
              example: false
            cardTTLMonths:
              type: integer
              nullable: true
              example: null
            maxCardsPerCardholder:
              type: integer
              nullable: true
              example: null
            spendingLimit:
              type: number
              format: float
              description: Maximum spend amount per spendingPeriod. Defaults to 1000.
              example: 1000
            spendingPeriod:
              type: string
              enum:
                - TRANSAMOUNT
                - DAILY
                - WEEKLY
                - MONTHLY
                - QUARTERLY
                - YEARLY
                - LIFETIME
              description: The period over which spendingLimit is enforced.
              example: TRANSACTION
        status:
          type: string
          enum:
            - ACTIVE
            - ARCHIVED
          example: ACTIVE
        createdAt:
          type: string
          format: date-time
          example: '2026-01-10T09:00:00Z'
    Pagination:
      type: object
      properties:
        total:
          type: integer
          example: 47
        limit:
          type: integer
          example: 20
        offset:
          type: integer
          example: 0
        hasMore:
          type: boolean
          example: true
    Meta:
      type: object
      properties:
        requestId:
          type: string
          example: req_a1b2c3d4e5f6a7b8c9d0e1f2
        platform:
          type: string
          example: Fyatu CaaS
        timestamp:
          type: string
          format: date-time
          example: '2026-05-22T15:00:00Z'
    Error:
      type: object
      properties:
        success:
          type: boolean
          example: false
        status:
          type: integer
          example: 422
        message:
          type: string
          example: Human readable message
        error:
          $ref: '#/components/schemas/ErrorBody'
        meta:
          $ref: '#/components/schemas/Meta'
    ErrorBody:
      type: object
      properties:
        code:
          type: string
          example: VALIDATION_ERROR
        detail:
          type: string
          example: dateOfBirth must be in YYYY-MM-DD format
  responses:
    Unauthorized:
      description: Missing or invalid API key
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/Error'
          examples:
            missing:
              summary: API key missing
              value:
                success: false
                status: 401
                message: API key is required
                error:
                  code: AUTH_TOKEN_MISSING
                  detail: API key is required
                meta:
                  requestId: req_a1b2c3d4e5f6a7b8c9d0e1f2
                  platform: Fyatu CaaS
                  timestamp: '2026-05-22T15:00:00Z'
            invalid:
              summary: API key invalid
              value:
                success: false
                status: 401
                message: Invalid API key
                error:
                  code: AUTH_TOKEN_INVALID
                  detail: Invalid API key
                meta:
                  requestId: req_a1b2c3d4e5f6a7b8c9d0e1f2
                  platform: Fyatu CaaS
                  timestamp: '2026-05-22T15:00:00Z'
    Forbidden:
      description: Scope denied or business suspended
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/Error'
          example:
            success: false
            status: 403
            message: Scope denied
            error:
              code: INSUFFICIENT_SCOPE
              detail: This endpoint requires the cards:write scope
            meta:
              requestId: req_a1b2c3d4e5f6a7b8c9d0e1f2
              platform: Fyatu CaaS
              timestamp: '2026-05-22T15:00:00Z'
    RateLimitExceeded:
      description: Rate limit exceeded
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/Error'
          example:
            success: false
            status: 429
            message: Rate limit exceeded
            error:
              code: RATE_LIMIT_EXCEEDED
              detail: Too many requests
            meta:
              requestId: req_a1b2c3d4e5f6a7b8c9d0e1f2
              platform: Fyatu CaaS
              timestamp: '2026-05-22T15:00:00Z'
    InternalError:
      description: Unexpected server error
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/Error'
          example:
            success: false
            status: 500
            message: Internal error
            error:
              code: INTERNAL_ERROR
              detail: An unexpected error occurred
            meta:
              requestId: req_a1b2c3d4e5f6a7b8c9d0e1f2
              platform: Fyatu CaaS
              timestamp: '2026-05-22T15:00:00Z'
  securitySchemes:
    BearerAuth:
      type: http
      scheme: bearer
      description: >-
        API key from the FYATU CaaS portal. Pass as `Authorization: Bearer
        <key>`.

````