Individual card issuance

Physical cards are the standard payment cards we carry with us in our wallets and bags. A physical card exists in a physical form. You can make cash withdrawal, online and in-app purchases with this card. By default, all our cards display the cardholder’s details like card number, an expiration date, and a CVV which is a three-digit number printed on the back of the card that is used in online purchases.

Unlike virtual cards that can be used right after the issuance, the physical cards are delivered to the cardholder by mail or courier and require card activation by the cardholder before they can be used.

nCore allows you to issue physical cards individually or in bulk. The nCore platform offers a range of optimization options for card design and personalization. nCore platform offers personalized as well as non-personalized cards. Non personalized cards are issued in bulk whereas personalized cards are issued individually. Issuing physical cards requires you to specify how nCore should manage the order for card shipment and personalization.

Physical cards can be used after card activation. An additional security feature that the physical cards have and that is not there with their virtual counterparts are the card PINs. For further details, please refer to section Card PIN management.

A personalized physical card (i.e. a card with the user name on it) can be issued for a registered user. The card is created for a card product already defined in the system.

The card inherits features and rules available on the card product. One card belongs to only one card product. You can issue a physical card and use it in the following steps.

  • Create a user

  • Create a card

  • Activate the card and set the card PIN

  • Fund the account

  • Use the card

Create a user

A user is an entity which can be an individual that holds an account at nCore which is represented by the user object.

Please refer to the section Users for more information.

Create a card

At nCore platform, payment cards are identified as an object of the cards resource, you can create a card by sending a POST request to /cards endpoint.

The card object stores data about the card for example, name on card, card number, expiry date, CVV2, card product id etc. It also stores shipping information like shipping address, return address, delivery methods etc.

Note: Create a user and a card product before creating a card. It is mandatory to provide the identifier of the user who owns the card, the type of card (physical in this case), and the identifier of the card product in POST /cards request as shown below.

POST /cards


"user_id": "d089a80f-e641-4045-8a80-54841e4a7458", "card_type": "PHYSICAL", "card_product_id": "b4eabfc-f839-4e51"


Retrieve a card

To retrieve a specific card, you can include the card ‘ID’ path parameter in your GET request and send it to /card/{id} endpoint.

GET /cards/{id}

Activate a card and set the card PIN

Physical card requires it to be activated before using it to perform any transaction. nCore platform provides the change card status API that can be used for card activation by changing the card status from inactive status to active. nCore platform also provides the set PIN API to set the card’s PIN. Only a PCI compliant client should use the set PIN API.

nCore provides customizable PCI widgets for card activation and set PIN that enables non-PCI compliant customers to perform these card activities securely without handling the sensitive card data (card number, expiry, CVV, PIN).

For PCI compliant customers:

  • To activate the card, send PUT /cards/{id}:statuschange request to change the card status as given below.

PUT /cards/{id}:statuschange


"status": "ACTIVE", "status_reason_code": "a0",


  • After activating the card, send PUT /cards/{id}:changepin request to set card PIN as given below.

PUT /cards/{id}:changepin


"enc_pin": “ncrypt:1:4p1aPxnRvuoJOoymTSA4XH1rRaaj0HvAEISFCyQouPc:2TM-I0I”


For non-PCI compliant customers: To activate the card and set the card PIN, please integrate nCore’s PCI widgets in your cardholder facing applications to enable your cardholders to securely activate their card and set the card PIN please check the PCI Widget section for further details.

Note, that if a user attempts to provision a card with an invalid CVV2/expiry more than the allowed retries limit (of 5), the card will be blocked for 24 hours.

Fund the account

Whenever a new card is issued a General Ledger (GL) account will be automatically created and linked to the card. The card account is a term which is usually used to refer to this account. The account holds the funds of the card. To access account and retrieve details, please follow these steps.

  • Send a GET request to /cards/{id}/accounts endpoint to fetch the accounts linked to the card. Send this request with the Card ID parameter field.

  • Once you have the card accounts, you can then send a GET request to /accounts/{id} endpoint with the account ID to retrieve the account details like account currency, balance etc.

GET /cards/{id}/accounts

GET /accounts/{id}

To fund the card account, please refer to the Funding section.

Use the card

The personalized card can be delivered to the cardholder selected shipment address or it can be delivered to a centralized location (e.g. a branch or a retail outlet) from where the cardholder can collect the card and start using it after card activation.

Last updated