Update card
PATCH /card
PATCH
/card
Update the card status, PIN, or installments mode.
Updating the card status
- ACTIVE: The card is active and can be used.
- FROZEN: The card is frozen and cannot be used but may be active in the future.
- DELETED: The card is deleted and cannot be used permanently.
Updating the card PIN
- Encrypt the PIN: Format and encrypt the PIN using the session secret.
- Submit the update: Send the encrypted PIN with the
sessionIdto update the card.
PIN Requirements
- Length must be between 4–12 digits.
- No simple sequences (e.g., 1234, 0000)
- No repeated numbers (e.g., 1111, 2222)
PIN Encryption Format
async function encryptPIN(pin: string) {
if (pin.length < 4 || pin.length > 12) throw new Error("PIN must be between 4–12 digits");
const data = `2${pin.length.toString(16)}${pin}${"F".repeat(14 - pin.length)}`;
const secret = crypto.randomUUID().replaceAll("-", "");
const secretKeyBase64 = Buffer.from(secret, "hex").toString("base64");
const secretKeyBase64Buffer = Buffer.from(secretKeyBase64, "utf8");
const secretKeyBase64BufferEncrypted = crypto.publicEncrypt(
{ key: pem, padding: crypto.constants.RSA_PKCS1_OAEP_PADDING },
secretKeyBase64Buffer,
);
const sessionId = secretKeyBase64BufferEncrypted.toString("base64");
const iv = crypto.randomBytes(12);
const cipher = crypto.createCipheriv("aes-128-gcm", Buffer.from(secret, "hex"), iv);
const encrypted = Buffer.concat([cipher.update(data, "utf8"), cipher.final()]);
const authTag = cipher.getAuthTag();
return {
data: Buffer.concat([encrypted, authTag]).toString("base64"),
iv: iv.toString("base64"),
sessionId,
};
}Authorizations
Section titled “Authorizations ”Request Body
Section titled “Request Body ”Responses
Section titled “ Responses ”Card updated
Bad request
Not found
object
code
required
no card legacy
required
no card found