Cards API

The cards API allows you to securely store payment card details in exchange for a card token. This card token can then be used to create a single charge with the charges API or to create multiple charges over time using the customers API.

Each card object has a property called primary, which says whether the card is the customer’s primary card. Its value is true if the card is its customer’s primary card, false if it is a non-primary card of its customer, and null if it is not associated with a customer record.

A card token can only be used once, to create either a charge or a customer. If no charge or customer is created within one month, the token is automatically expired.

There are two ways of authenticating when using this API to store card details:

  1. In your secure environment, by using HTTP basic access authentication with one of your secret API keys.
  2. In an insecure environment, such as a web browser or mobile application, by using one of your publishable API keys.

This API supports JSONP.

POST /cards

Securely stores a card’s details and returns its token and other information.

Optional publishable_api_key Your publishable API key, if requesting from an insecure environment.
number The card number (e.g. 5520000000000000).
expiry_month The month of expiry (e.g. 12).
expiry_year The year of expiry (e.g. 2025).
cvc The card security code (e.g. 123).
name The name on the card (e.g. Roland Robot).
address_line1 Line 1 of the card’s billing address (e.g. 42 Sevenoaks St).
Optional address_line2 Line 2 of the card’s billing address (e.g. Apt 1).
address_city The city of the card’s billing address (e.g. Lathlain).
Optional address_postcode The postcode of the card’s billing address (e.g. 6454).
Optional address_state The state of the card’s billing address (e.g. WA).
address_country The country of the card’s billing address. Either the full name (e.g. Australia) or the ISO 3166-1 two-letter country code (e.g. AU).


curl -d "publishable_api_key=your-publishable-api-key" \
 -d "number=5520000000000000" \
 -d "expiry_month=05" \
 -d "expiry_year=2025" \
 -d "cvc=123" \
 -d "name=Roland Robot" \
 -d "address_line1=42 Sevenoaks St" \
 -d "address_line2=" \
 -d "address_city=Lathlain" \
 -d "address_postcode=6454" \
 -d "address_state=WA" \
 -d "address_country=Australia"
201 Created
  "response": {
    "token": "card_pIQJKMs93GsCc9vLSLevbw",
    "scheme": "master",
    "display_number": "XXXX-XXXX-XXXX-0000",
    "issuing_country": "AU",
    "expiry_month": 5,
    "expiry_year": 2025,
    "name": "Roland Robot",
    "address_line1": "42 Sevenoaks St",
    "address_line2": "",
    "address_city": "Lathlain",
    "address_postcode": "6454",
    "address_state": "WA",
    "address_country": "Australia",
    "network_type": null,
    "network_format": null,
    "customer_token": null,
    "primary": null
  "ip_address": ""

Error Responses

422 invalid_resource {...}
  "error": "invalid_resource",
  "error_description": "One or more parameters were missing or invalid",
  "messages": [
      "code": "number_invalid",
      "message": "Number can't be blank",
      "param": "number"
Pin Payments acknowledges the Traditional Owners and Custodians of the Country throughout Australia and recognises their continuing connection to land, water and community.
We pay our respects to Aboriginal and Torres Strait Islander cultures, and to Elders past and present.