Skip to main content
POST
Issues a virtual card through a supported provider (e.g. WEX, Rapyd) and automatically stores the issued card as a PCI Booking token. The card number and CVV in the response are masked for security. The token URI is returned in the Location response header.

Error Responses

Parameters

Headers

Authorization
string
required
Your API key prefixed with APIKEY. Example: APIKEY your-api-key. See the Authentication guide.

Query String

credentialsId
string
The ID of stored credentials for a virtual card provider. When provided, ProviderName and Credentials in the request body are ignored.
tokenLocation
string
Token storage region. One of: US, IN, AU, JP, CA, IE, GB, BR. If omitted, uses the account default.

Request Body

ProviderName
string
required
The virtual card provider name (e.g. WEX, Rapyd). See List Virtual Card Providers for available providers. Not required when credentialsId is provided.
Credentials
object
Provider-specific credential key-value pairs. Not required when credentialsId is provided. See the provider’s credential structure for required fields.
Request
object
required
The virtual card issuance request.

Response

201 - Virtual card issued and tokenized. The Location header contains the PCI Booking token URI.

Response Fields

CardToken
string
The PCI Booking token for the issued virtual card.
ProviderResponse
object
The virtual card provider’s response.