Supported operations

Updated on 23 Jan 2024

Note, all features that will be available from the vendor (Marqeta) to the client (for both, the source code or cloud clients) depend on the client’s needs and their agreements with the vendor (Marqeta).

Operations supported on the Test Environment

(Please contact us to have the access for testing)

As Administrator:

  1. Create a card product
  2. Set up the gate commission profile for the “Issue Card” operation (gate product)

As Individual:

  1. Issue (create) a card
  2. Activate/deactivate a card

Business process and APIs flow

Step 1. Registration of the Administrator at the Card Issuing Provider System

  1. Create the Administrator user in the Marqeta system.
  2. As an Administrator, sign in to the Marqeta sandbox back-office UI and get credentials for further authorization.

There are the preliminary steps that should be done as part of integration settings before the card issuing process starts.

Step 2. Create the Card Product in the Card Issuing Provider System by the Administrator.

  1. Call API POST /card-products as Administrator to create a card product.
  • the system creates cardProduct entity in SDK
  • the integration service makes the provider`s API call POST/cardproducts
  • the system gets parameters from the provider`s response and updates the cardProduct entity in SDK
  1. Call API GET /card-products as Administrator to view the created card products
  • the system returns the list of created card products in the response
  • the system makes the provider`s API call GET /cardproducts
  • the system gets parameters from the provider`s response and shows API response to the administrator

Note, as for now card product management is available only via API, in the future, the functionality will be allowed also via front-end.

Step 3. Initiate the Card Issue by the Individual User of the SDK platform.

  1. The user selects the “Issue Card” option on the SDK’s back-office UI.
  • front-end call the GET /card-products
  • the system makes the provider`s API call POST/cardproducts
  • the system gets parameters from the provider`s response and displays the list of card products on the front-end
  1. The user selects the product and enters card data.
  2. The user confirms the card issuing while pressing the button “Issue Card”.

3.1. Conditions: if User KYC Status: Verified

  • front-end call APIPOST /cards/issue
  • the system initiates a new BusinessProcess (BusinessProcess=GateProcess, BusinessProcess.type=issue_card in status=pending(include BusinessRequest issue_card) and creates a card entity in SDK
  • the system makes the provider`s API call POST/user (gets data from user_profile) and POST/card (gets data from card)
  • the system gets parameters from the provider`s response and updates the card entity in SDK
  • the system links the card with the user through user_token and card token, like en external ID`s from the Marqeta system 
  • the front-end calls API GET /cards and the card displayed in the user`s account, (card state=inactivated)

3.2. Conditions: if User KYC Status: Unverified

  • front-end call APIPOST /cards/issue
  • the system creates the BusinessRequest for KYC verification in status=requires_confirmation, create BusinessProcess issue_card in status=pending(include BusinessRequest status=pending) in the SDK
  • for further process flow required to verify user profile data (manually or via KYC vendor integration) and change User KYC status to Verified (BusinessRequest status change requires_confirmation -> processed)
  • the system updates the BusinessRequest and BusinessProcess issue_card status to processed
  • go further process flow for User KYC Status: Verified condition (3.1)

Note, by default, newly created cards are inactive and must be explicitly activated. To create cards that are activated upon the issue, configure your card product’s config.card_life_cycle.activate_upon_issue field.

Note, to work with sensitive data, such as card number (PAN) or PIN within the SDK system compliance with PCI is required.

Note, if the company (or client of SDK.finance) has not complied with PCI  sensitive data, such as card number (PAN) or PIN should not be returned in the response from the provider, and should not be stored in the SDK system (for this set in the URL query parameters show_cvv_number=false and show_pan=false). For card identification within communication with the provider a token or an internal card ID should be used.

List of Marqeta`s API endpoints implemented in the SDK`s integration service

API documentation

APIs used:

POST/users

GET/users

POST/cardproducts

GET/cardproducts

POST/cards

GET/cards/user/{token}

POST/cardtransitions