A card is a Helix-issued debit card linked to one or more savings or checking accounts. To correlate a specific card in Helix to a specific card record in your system, store your system's unique key in the tag property, or store Helix's cardId in your system.

Creating a physical card and shipping it to the customer is a multi-day process. The standard production workflow is:

  • Call /card/initiate
  • Wait for physical card to be printed and shipped to the customer.
  • Prompt the customer (via your site/app) to activate their card - or in Helix terms, "verify" the card via /card/verify
  • Customer can now use the card



When reissuing a card in the sandbox environment, if a card is currently in PendingVerification or ReissuePendingVerification status, the new status will be ReissuePendingVerification. Otherwise, the new status will be Verified.

card Object

Represents a single card. A single customer can have multiple cards. A single card can be tied to multiple accounts (4 checking, and 4 savings). A single account can be tied to multiple cards.

PropertyData Type (length)Description
accountsarrayAn array of partially populated account objects. Properties that are populated on each account object:
- accountBalance
- accountId
- accountNumberMasked
- availableBalance
- balanceLastModifiedDate
- customerId
- lastModifiedDate
- name
- pendingBalance
- cardPriority: values will be between 1 and 4 inclusive
- status
- tag
- type
archivedDatedatetimeDate the card status was set to Archived via /card/archive

Format: yyyy-MM-ddT00:00:00.000+00:00
Example: 2020-07-04T00:00:00.000+00:00
binIdintegerSpecifies which bin a card will be assigned to. Defaults to first bin created for your program .
cardHolderCustomerIdintegerThe unique identifier of the customer who typically has the card in their possession. If 0 or null, defaults to value in customerId. This customer must have status=Verified and accessTypeCode of FULL, ACCT or CARD. Assumes customer was already created and verified.
cardIdintegerHelix-assigned unique ID for the card
cardNumberMaskedstringThe masked value of the PAN (Primary Account Number) for the card.
Example: *************1234 .
Note: This property returns all asterisks until the card has been verified.
createdDatedatetimeDate the card was created

Format: yyyy-MM-ddT00:00:00.000+00:00
Example: 2020-07-04T00:00:00.000+00:00
customerIdintegerThe Helix-assigned unique ID for the customer who actually created the card (the customer who called /card/initiate). This customer must have status=Verified and accessTypeCode=FULL.
deniedDatedatetimeDate the card status was set to Denied
digitalWalletTokensarrayOptional array of Digital Wallet Tokens if the card has been provisioned into a Digital Wallet
expireMonthintegerMonth the card expired or will expire
expireYearinteger4-digit year the card expired or will expire
expiredDatedatetimeDate the card status was set to Expired due to the customer never verifying the card.

Format: yyyy-MM-ddT00:00:00.000+00:00
Example: 2020-07-04T00:00:00.000+00:00
firstNamestring (64)The cardholder's first name as it should appear on the card verbatim. See /card/initiate for restrictions.

See [card name allowed special characters] (doc:card-name-allowed-special-characters) for more details
isDigitalOnlybooleantrue when created through /card/createDigital or /card/initiate and isCreateDualIssuanceSinglePAN = true and IsPhysicalCardOrdered = false endpoints.
A physical card shipped to the customer when true.
isDualIssuanceSinglePANbooleantrue when created through /card/initiate endpoint with isCreateDualIssuanceSinglePAN set to true.
This type of a card will be functional as a digital card for use with mobile wallets and will have a physical card shipped to the customer if IsPhysicalCardOrdered was set to false' at card order and isDigitalOnlyis set tofalse`.
lastModifiedDatedatetimeDate when the object was last altered in any way. Note: This property updates when a card is locked or unlocked.
lastNamestring (128)The cardholder's last name as it should appear on the card verbatim. See /card/initiate for restrictions.

See [card name allowed special characters] (doc:card-name-allowed-special-characters) for more details
limitsarrayReserved for future use
lockReasonTypeCodeenumThe reason the lock was applied to the card

Valid values include:
- UNK: Unknown
- STL: Stolen *
- LST: Lost *
- FRD: Suspected Fraud
- DMG: Physical Damage
- ADM: Administrative **
- TMP: Temporary
- PIN: PIN Retries Exceeded **

* Can be set via /card/hotlist API route only. Cannot be subsequently unlocked.

** Can be set via Admin Console or background processing only.
lockTypeCodeenumThe type of lock applied to the card. Possible values:
- UNL: Unlocked
- CST: Customer Locked (locked via the API, or, if a user of the Admin Console specifies the lock can be unlocked by the customer via the API)
- SYS: System Locked (locked via the Admin Console or an automated process; the Admin user specified customer should not be able to unlock it via the API or the network provider deemed the card is locked on their end so it was reflected as such in Helix) Note: customers can unlock most CST locks but none
of the SYS locks. See /card/unlock matrix for more details
middleNamestring (64)The cardholder's middle name as it should appear on the card verbatim. See /card/initiate for restrictions.

See [card name allowed special characters] (doc:card-name-allowed-special-characters) for more details
nameOnCardstringThe name of the cardholder as it appears on the card
newPinstringThe new 4-digit (0-9 only) value to assign to the PIN. Must be encrypted using this public key and converted to base64 per RFC 4648. For example, if the new PIN is 1234 , the value for newPin would look something like the following:
ahbL0fFx/do4mBEpURziDUEJftK5OZKhIts5yThxDgHcmvC56vX/GGrnAenz an3PuO9ZYm353KB/jYqupR0/3UDs0i0PNoeFro3fE5eZZuB3UZzO3HGaf8dJ XSg63CDeqDnuSFCMOhMciZwolgx+jGrSncTt3wWvwysreQ9RFN0+pgJsD8TZ LqZ5oWG/sdUG1yQej8Q/S3HOMmmPou9FIh4H7ZPeQGnkydCxpOKhfuLXKjW8 gc5yhaKA8lmTio+rQ1nA+zDaG/TeNx8FYIBX2TwB8HBkLe1vfQNpVEE8A/H4 SvhxmHrajrZmg2BA9xP/f/JoFTk7mwgeOWYwSC7VnA==

This value will never be returned from the API.

Note: OAEP must be enabled during the encryption process. See program.publicKeyAlgorithms for language-specific details.
nickNamestring (50)A display-friendly name that applies to the card
primaryAccountIdintegerThe accountId of the default account for this card. Should
be an account with type=Checking
qualifierCodestring (3)Optional. Accepts any alphanumeric characters. Valid values are defined by Visa DPS at the time of bin creation.
reissuedDatedatetimeDate the card was set to a Reissued status due to calling
renewalOverridestringCard renewal override set by client
renewalOverrideReasonstring (20)Card renewal override reason set by client.
requestedDatedatetimeDate the request to create the card was sent to the card provider

Format: yyyy-MM-ddT00:00:00.000+00:00
Example: 2020-07-04T00:00:00.000+00:00
statusenumCard status

Valid values include:
- Initiated
- Pending
- PendingVerification
- Verified
- Denied
- Expired
- Archived
- Reissued
- HotListed
- ReissuedPendingVerification
- AutoReissuedPendingVerification
- DigitalActivePhysicalInitiated
- DigitalActivePhysicalPending
- AutoReissueInitiated
- ReissueStaged

See card.status for more details
tagstring (50)A caller-specified, unique identifier for this card. Must be unique within your program.
typeCodeenumPossible values:
- DBT: Debit (default value)
- GPR: General purpose prepaid
vendorTypeCodestringPossible values:
- VS: Visa (default value)
- MC: Mastercard
verifiedDatedatetimeDate the card status was set to Verified via /card/verify

Format: yyyy-MM-ddT00:00:00.000+00:00
Example: 2020-07-04T00:00:00.000+00:00