Card Check - V1
With /card-check you can effortlessly integrate with different networks to receive the current account information. This stateless API fetches real-time card updates without requiring card enrollment to the VGS Account Updater. It operates without persisting any state.
Prerequisites
You will need a valid bearer_token to issue Enrollment API calls. Please see the Authentication guide for how to create one.
Limitations:
American Express and Discover do not support real-time Account Updater lookups.
Amex: Updates are retrieved approximately every 30 minutes.
Discover: Updates are retrieved once daily.
Updates for Amex and Discover are handled through batch-based file processing and delivered via webhooks.
Stateless api to fetch card updates without persisting any state VGS Account Updater will perform both card availability and eligibility checks to check that this specific card is eligible for management.
Payment card object.
Card owner's full name.
John DoeCustomer's card number.
5573491171027312Pattern: ^(\d{6}.{0,9}[a-zA-Z].{0,9}\d{4}?)|((?:4[0-9]{12}(?:[0-9]{3})?)|5[1-5][0-9]{14}|3[47][0-9]{13}|3(?:0[0-5]|[68][0-9])[0-9]{11}|6(?:011|5[0-9]{2})[0-9]{12}|(?:2131|1800|35\d{3})\d{11})$Card's expiration month.
7Card's expiration year.
24Card's cvv
123Pattern: ^\d{3,4}$Card check API response.
Bad Request
Vgs Merchant Not found
Unprocessable Entity. Possible error codes:
card-brand-not-supportedaccount-updater-not-supported
Internal Server Error
Card check API response.
POST /card-check HTTP/1.1
Host: calm.sandbox.verygoodsecurity.app
Authorization: Bearer YOUR_OAUTH2_TOKEN
Content-Type: application/json
Accept: */*
Content-Length: 78
{
"name": "John Doe",
"number": "5573495XTjZP21V7312",
"exp_month": 7,
"exp_year": 24
}{
"data": {
"name": "John Doe",
"number": 5573491171027312,
"exp_month": 7,
"exp_year": 24,
"cvv": 123,
"merchant": {
"vgs_merchant_id": "MCq7GWCbtVXaNt8b4k2xraTw",
"sub_merchant_name": "John",
"sub_merchant_mid": 345643355
},
"failure_code": "account-updater-not-supported",
"event": "au_card.valid"
}
}Example request:
curl --X POST https://calm.<ENVIRONMENT>.verygoodsecurity.app/card-check \
-x https://<CREDENTIALS>@<VAULT_ID>.<ENVIRONMENT>.verygoodproxy.com:8443 -k \
-H "Content-type: application/json" \
-H "Authorization: Bearer ${VGS_ACCESS_TOKEN}"
-d '{
"name": "John Doe",
"number": 5573491171027312,
"exp_month": 7,
"exp_year": 24
}'Example response:
{
"data": {
"name": "John Doe",
"number": "5574491271028432",
"exp_month": 7,
"exp_year": 24,
"event": "au_card.updated"
}
}Note: An error response can contain multiple validation messages for the same field/element. Example of multiple validations in the response:
{
"errors": [
{
"detail": "[number] size must be between 13 and 19",
"error_code": "validation-failed"
},
{
"detail": "[number] with invalid card number format",
"error_code": "validation-failed"
}
],
"trace_id": "2d137f00cc53f5a9265f3b40402f7892"
}Request Body Fields
The table below contains more details on the request body fields, which are required, and which are optional.
name
Required
Name of the user on the card
number
Required
VGS alias representing the PAN
exp_month
Required
Expiration month on the card
exp_year
Required
Expiration year on the card
merchant
Conditional Required (pass this value if you are submitting the card on behalf of a merchant or if you have multiple merchants registered for a single VGS vault)
"merchant" element in the request payload
sub_merchant_name
Conditional Required (pass this value if you are submitting the card on behalf of a merchant)
Merchant Name registered on the card
vgs_merchant_id
Conditional Required (required only if multiple merchants are registered per VGS vault for Account Updater)
VGS generated ID per merchant registered for VGS Vault. This ID is returned as a part of the merchant registration process for Account Updater