Manage cards for your business
This feature is available in the UK, US, the EEA, and SG.
This feature is not available in Sandbox.
The Business API lets you issue and manage cards for your team.
You can:
- Create a new virtual card
- Update the details for a specific card
- Retrieve the list of cards issued for your team
- Retrieve a specific card by its ID
- Retrieve sensitive details for a specific card
- Freeze a card to make it temporarily unavailable for spending
- Unfreeze it to re-enable spending for the card
- Lock a card as admin to make it temporarily unavailable for spending
- Unlock a card as admin to re-enable spending for the card
- Terminate it when you want to cancel your card permanently
To use the Cards API, please contact Revolut API Support.
Create a virtual card
You can use the Business API to generate virtual cards for your team.
To request a physical card, use the Revolut Business app.
To create a new card, you must provide the following information:
Required details
- Virtual: Confirms that the card that you're creating will be virtual. Set it to
true. - Holder ID: The ID of the team member who will be the holder of the card.noteWhile holder ID is required in request parameters, it's optional in response parameters. This is because in the past, it was possible to create a card owned by a whole business team rather than an individual team member. In such a case, the
holder_idparameter was not populated. As we no longer support creation of business-owned cards, this parameter must be provided on card creation. However, some business teams still have active team-owned cards, so for this legacy reason, this parameter is optional in the response. - Request ID: The ID of the request, provided by you to help you identify the transaction in your system.cautionTo ensure that a card creation is not processed multiple times if there are network or system errors, the same
request_idshould be used for requests related to the same card. For more details, see the Idempotency section.
Optionally, you can also specify additional details, such as a distinct label, linked accounts, and spending limits and categories.
Optional details
- Label: Give the card a label that will be displayed in the UI and help distinguish it from other cards.
- Accounts: Limit which accounts the card should be linked to, by providing their IDs. By default, all are linked.
- Categories: Limit the merchant categories available for spending. By default, all are available. For a full list of categories, see the API reference.noteIf you restrict merchant categories, you cannot use merchant controls to allow specific merchants. However, you can still use merchant controls with categories to block specific merchants.
If you set only categories or only merchant controls, each works independently. - Spending limits: Set one of the periodic (day/week/month/quarter/year/all time) limits and/or a non-periodic (single) spending limit.
- Merchant controls: Block or allow the card to only transact with specific merchants.For more details, see the API reference.noteIf you restrict merchant categories, you cannot use merchant controls to allow specific merchants. However, you can still use merchant controls with categories to block specific merchants.
If you set only categories or only merchant controls, each works independently. - Spending period: Set dates after which the card becomes available or unavailable for spending and define what happens when the end date is reached.
- Countries: Restrict card use to specified countries, provided as 2-letter ISO 3166 codes.
To see example requests and responses, check out the API Reference documentation:
Idempotency
To ensure that a card creation is not processed multiple times if there are network or system errors, we deduplicate requests made with the same request ID within a 24-hour interval (counting from the first request). This is why you should use the same request ID for requests related to the same card.
This also means that if the first request fails, this state is saved and returned in response to all the subsequent requests with the same request ID within the 24-hour deduplication period.
An exception is when the initial request fails for an unexpected reason.
In such a case, you still get an error saying that the first execution was not successful, but you don't get the exact error message and code that might have been returned for that first execution, you only see that the idempotent replay failed.
While there is no specific requirement regarding the format of the request ID that you should use, we recommend using v4 UUIDs.
Update a card
For each active card issued for your team, you can update its label displayed in the app, the merchant categories and countries available for spending, the spending limits, merchant-level controls and spending period, and the accounts the card is linked to. You can update a single parameter or multiple parameters at once.
To reset the categories to default or erase a spending limit, provide null as the value for the respective parameter.
If the card has a spend program assigned, modifying the card's spending limits via the API will unlink this spend program from this card, and the new custom settings will apply.
Updating a spending limit does not reset the spending counter.
For example, if you create a card with a weekly spending limit of £50 on Monday, spend £25 with that card on Tuesday, and update the weekly spending limit to £30 on Wednesday, you'll only have £5 left to spend that week.
If you restrict merchant categories, you cannot use merchant controls to allow specific merchants. However, you can still use merchant controls with categories to block specific merchants.
If you set only categories or only merchant controls, each works independently.
curl -X PATCH https://b2b.revolut.com/api/1.0/cards/{card_id} \
-H 'Content-Type: application/json' \
-H "Authorization: Bearer <your access token>" \
-d '{
"label": "New label",
"categories": [
"services",
"shopping",
"furniture"
],
"spending_limits": {
"single": null
}
}'
For more details and example requests and responses, check out the API Reference:
Retrieve cards
The Business API lets you retrieve the cards generated for your team.
When you retrieve cards, for each card, you get its details, such as the card ID, the last 4 digits of its PAN, expiry date, current state, its type, and more.
You can:
- Retrieve all cards for your team
- Retrieve a specific card
Retrieve a list of cards
You can list all the cards issued for your team. You can also filter the cards by their creation date.
The results are paginated and sorted by the created_at date in reverse chronological order.
For more details and example requests and responses, check out the API Reference:
Filtering and pagination
When retrieving cards, you can also include the optional query parameters to:
- Modify the maximum number of cards returned per page (by default, it's
100) - Retrieve only the cards which were created before a date/date-time that you specify
For example, these parameters limit the number of cards to three and retrieve only the cards created before 13th June 2023:
/cards?limit=3&created_before=2023-06-13
To get to the next page, make a new request and use the created_at date of the last returned card as created_before.
Retrieve a specific card
You can also retrieve a single specific card by its ID to look up its details.
To retrieve sensitive card details, you must use a different, dedicated endpoint.
For more details and example requests and responses, check out the API Reference:
Retrieve sensitive card details
To retrieve sensitive details of a card, such as its PAN (Primary Account Number), CVV (Card Verification Value) and expiry date, use this dedicated endpoint.
This endpoint requires the READ_SENSITIVE_CARD_DATA token scope.
In your request, provide the ID of the card for which you want to retrieve the sensitive details.
For more details and example requests and responses, check out the API Reference:
Freeze or unfreeze cards
You can freeze an active card to make it temporarily unavailable for spending, or you can unfreeze a frozen card to re-enable spending for that card.
If you want to cancel your card permanently instead, you can terminate it.
Freeze a card
To freeze a card, provide its ID in the request to the freeze endpoint.
On success, the card's state changes to frozen and no content is returned in the response.
For more details and example requests and responses, check out the API Reference:
Unfreeze a card
To unfreeze a card, provide its ID in the request to the unfreeze endpoint.
On success, the card's state changes to active and no content is returned in the response.
For more details and example requests and responses, check out the API Reference:
Lock or unlock cards
You can apply an admin lock to a card to make it temporarily unavailable for spending, or you can unlock an admin-locked card to re-enable spending for that card.
To lock or unlock cards via API, the access token used for the request must have the WRITE scope.
You can also lock or unlock a card in the Revolut Business app.
Note that only members with the Manage Cards permission can lock or unlock cards in-app. If the team member does not have this permission, they won't be able to lock the card.
Lock a card
To apply an admin lock to a card, provide the card's ID in the request to the lock endpoint.
On success, the card's state changes to locked and no content is returned in the response.
For more details and example requests and responses, check out the API Reference:
Unlock a card
To unlock an admin-locked card, provide its ID in the request to the unlock endpoint.
On success, the card's state changes to active and no content is returned in the response.
For more details and example requests and responses, check out the API Reference:
Terminate a card
When you want to cancel your card permanently, you can terminate it.
Once the card is terminated, it will no longer be returned by the API or appear in your cards.
Card termination cannot be undone, so exercise caution and make sure that you understand the implications before you proceed.
To terminate a card, provide its ID.
On success, the card is removed from your cards and no content is returned.
For more details and example requests and responses, check out the API Reference: