Skip to main content
GET
/
cards
/
{cardId}
Get Card Details
curl --request GET \
  --url https://api.fyatu.com/api/v3/cards/{cardId} \
  --header 'Authorization: Bearer <token>'
import requests

url = "https://api.fyatu.com/api/v3/cards/{cardId}"

headers = {"Authorization": "Bearer <token>"}

response = requests.get(url, headers=headers)

print(response.text)
const options = {method: 'GET', headers: {Authorization: 'Bearer <token>'}};

fetch('https://api.fyatu.com/api/v3/cards/{cardId}', options)
.then(res => res.json())
.then(res => console.log(res))
.catch(err => console.error(err));
<?php

$curl = curl_init();

curl_setopt_array($curl, [
CURLOPT_URL => "https://api.fyatu.com/api/v3/cards/{cardId}",
CURLOPT_RETURNTRANSFER => true,
CURLOPT_ENCODING => "",
CURLOPT_MAXREDIRS => 10,
CURLOPT_TIMEOUT => 30,
CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
CURLOPT_CUSTOMREQUEST => "GET",
CURLOPT_HTTPHEADER => [
"Authorization: Bearer <token>"
],
]);

$response = curl_exec($curl);
$err = curl_error($curl);

curl_close($curl);

if ($err) {
echo "cURL Error #:" . $err;
} else {
echo $response;
}
package main

import (
"fmt"
"net/http"
"io"
)

func main() {

url := "https://api.fyatu.com/api/v3/cards/{cardId}"

req, _ := http.NewRequest("GET", url, nil)

req.Header.Add("Authorization", "Bearer <token>")

res, _ := http.DefaultClient.Do(req)

defer res.Body.Close()
body, _ := io.ReadAll(res.Body)

fmt.Println(string(body))

}
HttpResponse<String> response = Unirest.get("https://api.fyatu.com/api/v3/cards/{cardId}")
.header("Authorization", "Bearer <token>")
.asString();
require 'uri'
require 'net/http'

url = URI("https://api.fyatu.com/api/v3/cards/{cardId}")

http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true

request = Net::HTTP::Get.new(url)
request["Authorization"] = 'Bearer <token>'

response = http.request(request)
puts response.read_body
{
  "success": true,
  "status": 200,
  "message": "Card retrieved successfully",
  "data": {
    "id": "crd_8f3a2b1c4d5e6f7890abcdef12345678",
    "cardholderId": "ch_1a2b3c4d5e6f7890abcdef1234567890",
    "name": "JAMES WILSON",
    "last4": "4829",
    "maskedNumber": "****4829",
    "cardNumber": "5412750000004829",
    "cvv": "847",
    "expiryMonth": "09",
    "expiryYear": "2028",
    "expiration": "09/28",
    "brand": "MASTERCARD",
    "status": "ACTIVE",
    "suspendedReason": null,
    "isReloadable": true,
    "balance": {
      "available": 245.5,
      "holding": 3
    },
    "pendingAuthorizations": [
      {
        "merchantName": "LOTUS'S 5121 CHALONG",
        "mcc": "5411",
        "amount": 3,
        "currency": "USD",
        "authorizedAt": "2026-07-08 14:32:10"
      }
    ],
    "needsReissue": false,
    "spendingLimit": 5000,
    "invoiceDebt": 0,
    "declineCount": 0,
    "billingAddress": {
      "line1": "123 Example Street",
      "city": "Springfield",
      "state": "Illinois",
      "country": "US",
      "zipCode": "62701"
    },
    "createdAt": "2026-01-10 14:30:00",
    "suspendedAt": null,
    "terminatedAt": null
  },
  "meta": {
    "requestId": "req_a1b2c3d4e5f6",
    "timestamp": "2026-01-17T10:00:00+00:00"
  }
}
{
"success": false,
"status": 401,
"message": "Unable to identify business",
"error": {
"code": "AUTH_TOKEN_INVALID"
},
"meta": {
"requestId": "req_abc123",
"timestamp": "2026-01-05T10:30:00+00:00"
}
}
{
"success": false,
"status": 404,
"message": "Wallet not found",
"error": {
"code": "RESOURCE_NOT_FOUND"
},
"meta": {
"requestId": "req_abc123",
"timestamp": "2026-01-05T10:30:00+00:00"
}
}

Overview

Retrieve full card details including the card number, CVV, and expiration date. This endpoint returns sensitive PCI data that should be handled securely.
Security Notice: This endpoint returns full card details (card number, CVV). Never expose this data in client-side code, logs, or analytics.

Path Parameters

ParameterTypeDescription
cardIdstringThe unique card identifier

Example Usage

<?php
$cardId = 'crd_8f3a2b1c4d5e6f7890abcdef12345678';

$response = file_get_contents(
    'https://api.fyatu.com/api/v3/cards/' . $cardId,
    false,
    stream_context_create([
        'http' => [
            'method' => 'GET',
            'header' => 'Authorization: Bearer ' . $accessToken
        ]
    ])
);

$result = json_decode($response, true);
$card = $result['data'];

echo "Card Number: " . $card['cardNumber'] . "\n";
echo "CVV: " . $card['cvv'] . "\n";
echo "Expiry: " . $card['expiryMonth'] . '/' . $card['expiryYear'] . "\n";
echo "Balance: $" . $card['balance']['available'] . "\n";
const cardId = 'crd_8f3a2b1c4d5e6f7890abcdef12345678';

const response = await fetch(`https://api.fyatu.com/api/v3/cards/${cardId}`, {
  method: 'GET',
  headers: {
    'Authorization': `Bearer ${accessToken}`
  }
});

const result = await response.json();
const card = result.data;

console.log('Card Number:', card.cardNumber);
console.log('CVV:', card.cvv);
console.log('Expiry:', `${card.expiryMonth}/${card.expiryYear}`);
console.log('Balance: $' + card.balance.available);

Response Fields

FieldTypeDescription
idstringUnique card identifier
cardholderIdstringThe cardholder this card belongs to
namestringName printed on the card
last4stringLast 4 digits of the card number
maskedNumberstringMasked card number (e.g. ****4829)
cardNumberstringFull 16-digit card number (PCI sensitive)
cvvstring3-digit security code (PCI sensitive)
expiryMonthstringCard expiration month (MM format)
expiryYearstringCard expiration year (YYYY format)
expirationstringShort expiration date (MM/YY format, e.g. 09/28)
brandstringCard brand: MASTERCARD or VISA
statusstringCard status: ACTIVE, FROZEN, SUSPENDED, TERMINATED
suspendedReasonstring|nullReason for suspension, or null
isReloadablebooleanWhether the card can be funded
balance.availablenumberAvailable (spendable) balance in USD, net of any pending authorization holds
balance.holdingnumberTotal value of pending authorization holds (liens) currently on the card. Reserved but not yet settled — balance.available already excludes it
pendingAuthorizationsarrayIndividual pending authorization holds making up balance.holding (see below). Empty when there are no active holds
pendingAuthorizations[].merchantNamestring|nullMerchant that placed the hold
pendingAuthorizations[].mccstring|nullMerchant category code
pendingAuthorizations[].amountnumberHeld amount in USD
pendingAuthorizations[].currencystringCurrency of the hold (always USD)
pendingAuthorizations[].authorizedAtstring|nullWhen the authorization was placed (provider timestamp)
needsReissuebooleantrue when the provider flags the card for reissue (expired/compromised) and a replacement should be requested
spendingLimitnumberSpending limit amount in USD (0 if no limit)
invoiceDebtnumberOutstanding unpaid fee debt for this card in USD (already deducted from balance.available)
declineCountintegerNumber of declined transactions (insufficient funds) on this card
billingAddressobjectCard billing address
createdAtstringCard creation timestamp (YYYY-MM-DD HH:MM:SS)
suspendedAtstring|nullWhen the card was suspended, or null
terminatedAtstring|nullWhen the card was terminated, or null
Decline Count: The number of consecutive insufficient-funds declines before automatic suspension depends on the card product — it can be 3, 15, or unlimited depending on the product’s configuration. Monitor declineCount and notify cardholders before reaching their product’s limit.

Authorizations

Authorization
string
header
required

JWT access token obtained from /auth/token

Path Parameters

cardId
string
required

Card ID

Response

Card details retrieved

success
boolean
Example:

true

status
integer
Example:

200

message
string
data
object
meta
object