Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.seismic-cards.systems/llms.txt

Use this file to discover all available pages before exploring further.

The Seismic Cards API lets you issue virtual and physical cards, manage budgets, move funds between accounts, and query transaction history. Every request targets the sandbox or production base URL, carries an x-access-token header (except the OAuth endpoints), and sends and receives application/json. Sandbox base URL: https://sandbox-api.seismic.systems Production base URL: https://api.seismic.systems Auth header: x-access-token: <token> on every authenticated request

Authentication

Seismic uses a two-step OAuth flow: first get a short-lived authorization code, then exchange it for a long-lived access token.

Get an authorization code

GET /v1/oauth/authorize Call this endpoint to receive a single-use authorization code. The code expires in 10 minutes — exchange it immediately at the next endpoint.
clientId
string
required
Your Seismic program’s client ID.
curl "https://sandbox-api.seismic.systems/v1/oauth/authorize?clientId=YOUR_CLIENT_ID"
data.code
string
The single-use authorization code. Pass this to POST /v1/oauth/access-token.
data.timestamp
number
Unix timestamp (seconds) when the code was issued.

Generate an access token

POST /v1/oauth/access-token Exchange the authorization code for an access token and a refresh token. Cache the accessToken server-side — never expose clientSecret or raw tokens to a client browser or mobile app.
clientId
string
required
Your Seismic program’s client ID.
clientSecret
string
required
Your Seismic program’s secret. Server-side only — never expose this to a client.
code
string
required
The authorization code from GET /v1/oauth/authorize.
curl -X POST "https://sandbox-api.seismic.systems/v1/oauth/access-token" \
  -H "Content-Type: application/json" \
  -d '{
    "clientId": "YOUR_CLIENT_ID",
    "clientSecret": "YOUR_CLIENT_SECRET",
    "code": "8655cf76c744615b57e631216ee006df"
  }'
data.accessToken
string
The token to send as x-access-token on every subsequent request.
data.refreshToken
string
Long-lived token (valid 30 days). Reserved for a future refresh endpoint — for now, re-run the two-step OAuth flow to get a new access token when yours expires.
data.expiresIn
number
Validity window in seconds. Default is 86400 (24 hours).
data.timestamp
number
Unix timestamp (seconds) when the token was issued.

Accounts

Create a sub-account

POST /v1/accounts/register Create a sub-account for a new user under your top-level partner account. Each sub-account holds the user’s USD Wallet and card programs.
Send an Idempotency-Key: <uuid> header so that network retries don’t create duplicate accounts.
name
string
required
Display name for the sub-account (typically the user’s full name).
email
string
required
User’s email. Must be unique within your parentAccountId.
phone
string
E.164 format with + (e.g. +15551234567). Optional but recommended for fraud scoring.
parentAccountId
string
required
Your top-level partner account UUID.
curl -X POST "https://sandbox-api.seismic.systems/v1/accounts/register" \
  -H "x-access-token: YOUR_TOKEN" \
  -H "Idempotency-Key: 550e8400-e29b-41d4-a716-446655440000" \
  -H "Content-Type: application/json" \
  -d '{
    "name": "Jane Smith",
    "email": "jane.smith@example.com",
    "phone": "+15551234567",
    "parentAccountId": "5b8e2e93-0c4a-43b3-8e73-2f1ef0a3a9f1"
  }'
data.accountId
string
The new sub-account UUID. Store this — you’ll pass it to nearly every subsequent request.
data.userId
string
The internal user identifier associated with the account.

Find an account by email

GET /v1/accounts Look up an existing sub-account by email address. Returns at most one result per email per parentAccountId. Use this to de-duplicate retries before calling register again.
email
string
required
The email address to search for.
curl "https://sandbox-api.seismic.systems/v1/accounts?email=jane.smith@example.com" \
  -H "x-access-token: YOUR_TOKEN"

Submit KYC

POST /v1/accounts/{accountId}/kyc Submit identity verification data for a sub-account using a Sumsub share token. The KYC decision typically arrives within 2 minutes via the KYC.UPDATED webhook.
accountId
string
required
The sub-account UUID.
sourceType
string
required
KYC provider. Use "sumsub" for Sumsub-sourced verification.
sumsubShareToken
string
required
Verified Sumsub share token (format: _act-sbx-jwt-...).
ipAddress
string
User’s real IP address. Improves fraud scoring accuracy.
occupation
string
Occupation code (e.g. "11-1011").
annualSalary
string
Annual salary with currency (e.g. "75000 USD").
accountPurpose
string
Intended use of the account (e.g. "Living Expense").
expectedMonthlyVolume
string
Expected monthly spend with currency (e.g. "1000 USD").
curl -X POST "https://sandbox-api.seismic.systems/v1/accounts/78ad30f2-5794-47c7-b413-62cc599ab203/kyc" \
  -H "x-access-token: YOUR_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "sourceType": "sumsub",
    "sumsubShareToken": "_act-sbx-jwt-eyJ...",
    "ipAddress": "192.0.2.1",
    "occupation": "11-1011",
    "annualSalary": "75000 USD",
    "accountPurpose": "Living Expense",
    "expectedMonthlyVolume": "1000 USD"
  }'

Get KYC / CDD status

GET /v1/accounts/cdd/detail/{accountId} Poll the KYC status of a sub-account, or use this to confirm the status before initializing the account.
accountId
string
required
The sub-account UUID.
curl "https://sandbox-api.seismic.systems/v1/accounts/cdd/detail/78ad30f2-5794-47c7-b413-62cc599ab203" \
  -H "x-access-token: YOUR_TOKEN"
data.kyc.status
string
One of:
ValueMeaning
NONENo KYC submitted.
PENDINGUnder review.
APPROVEDCleared. You can now initialize the account and issue cards.
REJECTEDFailed. Inspect caseId and resubmit with corrected data.
data.kyc.caseId
string
The KYC case identifier. Include this when contacting support about a rejection.

Initialize the account

POST /v1/accounts/{accountId}/init Provision the user’s USD Wallet and unlock card issuance. Call this once per user, immediately after KYC status becomes APPROVED.
accountId
string
required
The sub-account UUID.
curl -X POST "https://sandbox-api.seismic.systems/v1/accounts/78ad30f2-5794-47c7-b413-62cc599ab203/init" \
  -H "x-access-token: YOUR_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{}'

Cardholders

Create a cardholder

POST /v1/cardholders Create a cardholder profile for a user. You should create exactly one cardholder per user — reuse its id for every card you issue to that user. The cardholder status starts as PENDING and transitions to APPROVED within seconds; listen for the CARDHOLDER.UPDATED webhook.
The Idempotency-Key header is required. Use a UUID v4 unique to this creation attempt.
accountId
string
required
The user’s sub-account UUID.
binId
string
required
UUID of the BIN to associate with this cardholder. Retrieve available BINs from GET /v1/card/bins.
businessModel
string
required
Use "B2C_GATEWAY" for consumer card programs.
referenceId
string
required
Your unique identifier for this cardholder (e.g. yourapp-ch-{userId}). Must be globally unique across your program.
firstName
string
required
A–Z letters only. Combined with lastName (including the space) must be ≤ 23 characters.
lastName
string
required
A–Z letters only.
email
string
required
User’s email address.
phoneCountryCode
string
required
Country calling code, digits only — no +. For example, use "1" not "+1".
phoneNumber
string
required
Phone number without the country code, up to 15 digits.
address
object
required
curl -X POST "https://sandbox-api.seismic.systems/v1/cardholders" \
  -H "x-access-token: YOUR_TOKEN" \
  -H "Idempotency-Key: 550e8400-e29b-41d4-a716-446655440001" \
  -H "Content-Type: application/json" \
  -d '{
    "accountId":        "78ad30f2-5794-47c7-b413-62cc599ab203",
    "binId":            "1997881966041939972",
    "businessModel":    "B2C_GATEWAY",
    "referenceId":      "yourapp-ch-user-12345",
    "firstName":        "John",
    "lastName":         "Doe",
    "email":            "john.doe@example.com",
    "phoneCountryCode": "1",
    "phoneNumber":      "5551234567",
    "address": {
      "addressLine1": "123 Main St",
      "addressLine2": "Apt 4B",
      "city":         "New York",
      "state":        "NY",
      "country":      "US",
      "postalCode":   "10001"
    }
  }'

List cardholders

GET /v1/cardholders Return all cardholder profiles under a sub-account. Use this to check whether a cardholder already exists before retrying a failed creation.
accountId
string
required
The sub-account UUID.
Request
curl "https://sandbox-api.seismic.systems/v1/cardholders?accountId=78ad30f2-5794-47c7-b413-62cc599ab203" \
  -H "x-access-token: YOUR_TOKEN"

Get a cardholder

GET /v1/cardholders/{cardholderId} Fetch a single cardholder by ID.
accountId is a required query parameter on this endpoint. Omitting it returns a 400 error.
cardholderId
string
required
The cardholder UUID returned when you created the cardholder.
accountId
string
required
The sub-account UUID.
curl "https://sandbox-api.seismic.systems/v1/cardholders/1963922322985988097?accountId=78ad30f2-5794-47c7-b413-62cc599ab203" \
  -H "x-access-token: YOUR_TOKEN"

Update a cardholder

PATCH /v1/cardholders/{cardholderId} Update mutable fields on an existing cardholder. Include only the fields you want to change — accountId is always required.
cardholderId
string
required
The cardholder UUID.
accountId
string
required
The sub-account UUID.
email
string
New email address. Supported on BB / BZ BINs only.
phoneCountryCode
string
New country calling code. Supported on non-BB / non-BZ BINs.
phoneNumber
string
New phone number without country code.
firstName
string
Updated first name, if supported by your BIN.
lastName
string
Updated last name, if supported by your BIN.
address
object
Updated address. Address changes have limited BIN support — contact support if you receive error 010002.
Request
curl -X PATCH "https://sandbox-api.seismic.systems/v1/cardholders/1963922322985988097" \
  -H "x-access-token: YOUR_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "accountId":   "78ad30f2-5794-47c7-b413-62cc599ab203",
    "phoneNumber": "5559876543"
  }'

BINs

List available BINs

GET /v1/card/bins Return the BINs your program is authorized to issue cards on. Use the id from this response when creating cardholders and cards.
accountId
string
required
The sub-account UUID.
curl "https://sandbox-api.seismic.systems/v1/card/bins?accountId=78ad30f2-5794-47c7-b413-62cc599ab203" \
  -H "x-access-token: YOUR_TOKEN"
data.list[].id
string
BIN UUID. Pass this as binId when creating cardholders or cards.
data.list[].bin
string
The 6-digit BIN prefix.
data.list[].type
number
BIN type:
ValueMeaning
0Budget BIN. Cards spend from a linked budget.
1Prepaid BIN. Cards spend from a balance attached directly to the cardholder.
data.list[].currencies
string[]
Supported currencies (e.g. ["USD"]).
data.list[].network
string
Card network (e.g. "VISA").
data.list[].supportPhysicalCard
boolean
Whether this BIN can be used to issue physical cards.

Budgets

Create a budget

POST /v1/budgets Create a budget that acts as a spending pool for one or more cards. Fund the budget before or after issuing cards — cards can only spend what the budget holds.
The Idempotency-Key header is required. Use a UUID v4 unique to this creation attempt.
accountId
string
required
The sub-account UUID.
name
string
required
Internal label for the budget (e.g. "Q2 Marketing").
currency
string
Currency code. Currently only "USD" is supported (default).
curl -X POST "https://sandbox-api.seismic.systems/v1/budgets" \
  -H "x-access-token: YOUR_TOKEN" \
  -H "Idempotency-Key: 550e8400-e29b-41d4-a716-446655440002" \
  -H "Content-Type: application/json" \
  -d '{
    "accountId": "78ad30f2-5794-47c7-b413-62cc599ab203",
    "name":      "Travel Budget",
    "currency":  "USD"
  }'

Get a budget

GET /v1/budgets/{budgetId} Fetch a budget’s current balance and status.
budgetId
string
required
The budget UUID.
accountId
string
required
The sub-account UUID.
Request
curl "https://sandbox-api.seismic.systems/v1/budgets/c0598084-16d9-4426-b98e-382166afb0eb?accountId=78ad30f2-5794-47c7-b413-62cc599ab203" \
  -H "x-access-token: YOUR_TOKEN"
Returns the same response shape as POST /v1/budgets, with the current balance.available value.

Fund a budget (transfer-in)

POST /v1/budgets/{budgetId}/transfer-in Move funds from the user’s USD Wallet into a budget. The balance becomes immediately available for card spending.
budgetId
string
required
The budget UUID to fund.
clientTransactionId
string
required
Your idempotency key for this transfer. UUID v4 recommended.
amount
string
required
USD amount to transfer, up to 2 decimal places (e.g. "100.00").
accountId
string
required
The sub-account UUID.
curl -X POST "https://sandbox-api.seismic.systems/v1/budgets/c0598084-16d9-4426-b98e-382166afb0eb/transfer-in" \
  -H "x-access-token: YOUR_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "clientTransactionId": "txn-550e8400-e29b-41d4",
    "amount":    "100.00",
    "accountId": "78ad30f2-5794-47c7-b413-62cc599ab203"
  }'

Withdraw from a budget (transfer-out)

POST /v1/budgets/{budgetId}/transfer-out Pull funds back from a budget into the user’s USD Wallet.
The amount cannot exceed balance.available minus any funds locked by pending card authorizations. Attempting to withdraw locked funds returns error 030003.
budgetId
string
required
The budget UUID to withdraw from.
clientTransactionId
string
required
Your idempotency key for this transfer. UUID v4 recommended.
amount
string
required
USD amount to withdraw, up to 2 decimal places.
accountId
string
required
The sub-account UUID.
Request
curl -X POST "https://sandbox-api.seismic.systems/v1/budgets/c0598084-16d9-4426-b98e-382166afb0eb/transfer-out" \
  -H "x-access-token: YOUR_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "clientTransactionId": "txn-550e8400-e29b-41d4-b",
    "amount":    "50.00",
    "accountId": "78ad30f2-5794-47c7-b413-62cc599ab203"
  }'

Transfers

Transfer between accounts

POST /v1/business/transfer/external Move funds between two USD Wallets — for example, from your master merchant account to a user’s account to top up their wallet before funding budgets.
The Idempotency-Key header is required. Use a UUID v4 unique to this transfer.
clientTransactionId
string
required
Your idempotency key for this transfer. UUID v4 recommended.
amount
string
required
USD amount to transfer.
from
object
required
to
object
required
curl -X POST "https://sandbox-api.seismic.systems/v1/business/transfer/external" \
  -H "x-access-token: YOUR_TOKEN" \
  -H "Idempotency-Key: 550e8400-e29b-41d4-a716-446655440003" \
  -H "Content-Type: application/json" \
  -d '{
    "clientTransactionId": "txn-550e8400-e29b-41d4-c",
    "amount": "200.00",
    "from": {
      "accountId":    "5b8e2e93-0c4a-43b3-8e73-2f1ef0a3a9f1",
      "id":           "master-wallet-balance-id",
      "currency":     "USD",
      "businessType": 0
    },
    "to": {
      "accountId": "78ad30f2-5794-47c7-b413-62cc599ab203",
      "id":        "0d13f168-339b-4b74-a412-07a6ababcd9c",
      "currency":  "USD"
    }
  }'

List wallets / USD Wallet balance

GET /v1/cards/wallets List the wallets for a sub-account and check their current balances. Use the wallet id as the from.id or to.id in inter-account transfers.
accountId
string
required
The sub-account UUID.
curl "https://sandbox-api.seismic.systems/v1/cards/wallets?accountId=78ad30f2-5794-47c7-b413-62cc599ab203" \
  -H "x-access-token: YOUR_TOKEN"
data.list[].objectType
number
Wallet type:
ValueMeaning
0USD Wallet — use id as from.id / to.id in inter-account transfers.

Cards

Issue a virtual card

POST /v1/budget-card Issue a virtual (or physical) card and link it to a budget. The card is immediately active and can be charged against the budget’s available balance.
The Idempotency-Key header is required. Use a UUID v4 unique to this card issuance attempt.
accountId
string
required
The user’s sub-account UUID.
binId
string
required
UUID of the BIN to issue from. Must be type: 0 (Budget BIN).
cardMode
string
required
"VIRTUAL_CARD" or "PHYSICAL_CARD".
cardholderId
string
required
UUID of the user’s approved cardholder.
budgetId
string
required
UUID of the budget that backs this card.
referenceId
string
required
Your unique identifier for this card. Must be globally unique across your program.
label
string
Display name for the card (e.g. "Travel"). Maximum 50 characters.
useType
string
Free-form tag for internal reporting.
physicalCardDesignId
string
Required when cardMode is "PHYSICAL_CARD".
curl -X POST "https://sandbox-api.seismic.systems/v1/budget-card" \
  -H "x-access-token: YOUR_TOKEN" \
  -H "Idempotency-Key: 550e8400-e29b-41d4-a716-446655440004" \
  -H "Content-Type: application/json" \
  -d '{
    "accountId":    "78ad30f2-5794-47c7-b413-62cc599ab203",
    "binId":        "1997881966041939972",
    "cardMode":     "VIRTUAL_CARD",
    "cardholderId": "1963922322985988097",
    "budgetId":     "c0598084-16d9-4426-b98e-382166afb0eb",
    "referenceId":  "yourapp-card-12345-1714000000",
    "label":        "Primary card",
    "useType":      "personal"
  }'

Get card details

GET /v1/card-list Fetch a card by ID. Returns a paginated list — filtering by cardId returns at most one record.
accountId
string
required
The sub-account UUID.
cardId
string
required
The card UUID.
curl "https://sandbox-api.seismic.systems/v1/card-list?accountId=78ad30f2-5794-47c7-b413-62cc599ab203&cardId=d8eda079-6ba7-409e-99c8-ab5f83566fbd" \
  -H "x-access-token: YOUR_TOKEN"

Get card sensitive data (server-side)

GET /v1/cards/{cardId} Return the full card number, expiry date, and CVV for a card.
We strongly recommend using the PCI Widget instead. It renders card details directly in the user’s browser via iframes, so your servers never handle raw card data. Use this endpoint only for server-side use cases such as automated test scripts.
cardId
string
required
The card UUID.
accountId
string
required
The sub-account UUID.
curl "https://sandbox-api.seismic.systems/v1/cards/d8eda079-6ba7-409e-99c8-ab5f83566fbd?accountId=78ad30f2-5794-47c7-b413-62cc599ab203" \
  -H "x-access-token: YOUR_TOKEN"

Get card access token (for the PCI widget)

GET /v1/cards/{cardId}/private-info/access-token Return a short-lived JWT (valid for approximately 5 minutes) to bootstrap SeismicWidget.js in a client browser or mobile WebView. Your server fetches this token and passes it to your client — the client then uses it to initialize the widget without your server ever touching the raw card data.
cardId
string
required
The card UUID.
accountId
string
required
The sub-account UUID.
curl "https://sandbox-api.seismic.systems/v1/cards/d8eda079-6ba7-409e-99c8-ab5f83566fbd/private-info/access-token?accountId=78ad30f2-5794-47c7-b413-62cc599ab203" \
  -H "x-access-token: YOUR_TOKEN"
See the PCI Widget guide for how to use this token in your iOS, Android, or web client.

Update card label

PUT /v1/cards/{cardId} Change the display label on a card.
cardId
string
required
The card UUID.
accountId
string
required
The sub-account UUID.
label
string
required
New display label for the card (e.g. "Travel card").
Request
curl -X PUT "https://sandbox-api.seismic.systems/v1/cards/d8eda079-6ba7-409e-99c8-ab5f83566fbd" \
  -H "x-access-token: YOUR_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "accountId": "78ad30f2-5794-47c7-b413-62cc599ab203",
    "label":     "Travel card"
  }'

Set velocity control

PUT /v1/cards/{cardId}/velocity-control Apply a per-card spending limit. Only one limit type is active at a time — calling this endpoint replaces any existing limit.
cardId
string
required
The card UUID.
accountId
string
required
The sub-account UUID.
transactionLimitsType
string
required
The period over which the limit applies. One of: TRANSACTION, DAY, WEEK, MONTH, QUARTER, YEAR, LIFETIME, NA.
amountLimit
string
required
USD spending limit, up to 2 decimal places (e.g. "500.00").
Periodic limits (DAY, WEEK, MONTH, etc.) reset at 00:00 GMT+8. Use LIFETIME for an absolute cap that never resets.
Request
curl -X PUT "https://sandbox-api.seismic.systems/v1/cards/d8eda079-6ba7-409e-99c8-ab5f83566fbd/velocity-control" \
  -H "x-access-token: YOUR_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "accountId":             "78ad30f2-5794-47c7-b413-62cc599ab203",
    "transactionLimitsType": "MONTH",
    "amountLimit":           "500.00"
  }'

Freeze a card

POST /v1/cards/{cardId}/freeze Temporarily decline all future authorizations on a card. This does not affect transactions that have already settled.
cardId
string
required
The card UUID.
accountId
string
required
The sub-account UUID.
curl -X POST "https://sandbox-api.seismic.systems/v1/cards/d8eda079-6ba7-409e-99c8-ab5f83566fbd/freeze" \
  -H "x-access-token: YOUR_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{ "accountId": "78ad30f2-5794-47c7-b413-62cc599ab203" }'

Unfreeze a card

POST /v1/cards/{cardId}/unfreeze Restore a frozen card to active status.
cardId
string
required
The card UUID.
accountId
string
required
The sub-account UUID.
Request
curl -X POST "https://sandbox-api.seismic.systems/v1/cards/d8eda079-6ba7-409e-99c8-ab5f83566fbd/unfreeze" \
  -H "x-access-token: YOUR_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{ "accountId": "78ad30f2-5794-47c7-b413-62cc599ab203" }'

Delete a card

DELETE /v1/cards/{cardId} Permanently close a card.
This action is irreversible. Once deleted, a card cannot be reactivated. Any pending authorizations will still settle against the budget.
cardId
string
required
The card UUID.
accountId
string
required
The sub-account UUID.
Request
curl -X DELETE "https://sandbox-api.seismic.systems/v1/cards/d8eda079-6ba7-409e-99c8-ab5f83566fbd?accountId=78ad30f2-5794-47c7-b413-62cc599ab203" \
  -H "x-access-token: YOUR_TOKEN"

Card transactions

List card transactions

GET /v1/cards/transaction-list Return authorizations, settlements, refunds, and reversals for a card. Results are paginated and sorted by most recent first. By default the query covers the last 180 days.
For real-time updates, subscribe to the CARD_TRANSACTION.CREATED and CARD_TRANSACTION.UPDATED webhooks instead of polling this endpoint.
accountId
string
required
The sub-account UUID.
cardId
string
required
The card UUID.
page
number
default:"1"
Page number (1-indexed).
limit
number
default:"50"
Results per page. Maximum is 100.
id
string
Filter by a single transaction UUID.
clientTransactionId
string
Filter by your client transaction ID.
type
string
Transaction type code (e.g. "1" for Consumption).
status
string
Filter by status: PENDING, CLOSED, or FAIL.
startTime
string
Lower bound as a Unix timestamp in milliseconds. Default is 180 days ago.
endTime
string
Upper bound as a Unix timestamp in milliseconds. Default is end of today.
curl "https://sandbox-api.seismic.systems/v1/cards/transaction-list?accountId=78ad30f2-5794-47c7-b413-62cc599ab203&cardId=d8eda079-6ba7-409e-99c8-ab5f83566fbd&page=1&limit=50" \
  -H "x-access-token: YOUR_TOKEN"
data.total
number
Total number of matching transactions across all pages.
data.list[].status
string
Transaction status:
ValueMeaning
PENDINGAuthorization placed; not yet captured.
CLOSEDSettled (captured). Money has moved.
FAILDeclined.