There are three statuses of debit cards in the Hydrogen API:
- Card Not Issued
- Card Issued, But Not Activated
- Card Issued and Activated
1. The following Card Components should be permissioned for users BEFORE they have issued a card:
-
Card Issuance
-
To see if you should issue a card, you need to retrieve data from the API on the logged in user.
-
Password Grant: If using the password grant, data retrieval will already be permissioned for the username of the logged in user, so you can simply call: GET /nucleus/v1/card?filter=status=in=(issued,activated)
-
Client_Credentials Grant: If using the client_credentials grant, you will need to filter by the Nucleus client_id so you get the right user’s data: GET /nucleus/v1/card?filter=status=in=(issued,activated);client_id=={client_id}
-
-
2. The following Card Components should be permissioned for users AFTER their cards have been issued, but not yet activated:
-
Card Activation:
-
Password Grant: GET /nucleus/v1/card?filter=status==issued
-
Client_Credentials Grant: GET /nucleus/v1/card?filter=status==issued;client_id=={client_id}
-
Please note: virtual cards will instantly be activated, so you should only embed this component if you are offering physical cards.
-
Card Funding
-
For physical cards, this is the only user action you should allow until the card is activated
-
3. The following Card Components should be permissioned for users AFTER their cards have been issued AND activated, which is the final state of the cards:
-
Card Balance
-
Card Transactions
-
Card Statements
-
Card Funding
-
Card Spending
-
Card Image
-
Card Controls
In all components listed above, you can use one of the following grant types:
-
-
Password Grant: GET /nucleus/v1/card?filter=status==activated
-
Client_Credentials Grant: GET /nucleus/v1/card?filter=status==activated;client_id=={client_id}
-