Order cards
curl --request POST \
--url https://apigwuat.corpay.com/cards/order \
--header 'Authorization: Bearer <token>' \
--header 'Content-Type: application/json' \
--data '
{
"customerAccountNumber": "<string>",
"cards": [
{
"additionalEmbossing": "new purchase",
"cardAddress": {
"companyName": "ABC Ltd",
"addressLines": "Unit 10, Industrial Estate Oxford Road",
"city": "Oxford",
"country": "United Kingdom",
"countryCode": "GBR",
"region": "Oxfordshire",
"zipCode": "OX1 3PA"
},
"cardCategoryId": 1,
"cardContact": {
"emailAddress": "jane.smith@example.com",
"firstName": "Jane",
"lastName": "Smith",
"middleName": "B",
"mobilePhone": "+447700900124",
"telephone": "+441234567891"
},
"cardGroupId": 12,
"cardPIN": "2345",
"cardTypeId": 1234,
"driverName": "James Smith",
"fuelProductRestrictionId": 1,
"isDriverEmbossed": true,
"isVRNEmbossed": true,
"products": [
{
"productId": 101
},
{
"productId": 102
}
],
"purchaseCategoryId": 12,
"vehicleRegNumber": "AB12 CDE"
}
]
}
'import requests
url = "https://apigwuat.corpay.com/cards/order"
payload = {
"customerAccountNumber": "<string>",
"cards": [
{
"additionalEmbossing": "new purchase",
"cardAddress": {
"companyName": "ABC Ltd",
"addressLines": "Unit 10, Industrial Estate Oxford Road",
"city": "Oxford",
"country": "United Kingdom",
"countryCode": "GBR",
"region": "Oxfordshire",
"zipCode": "OX1 3PA"
},
"cardCategoryId": 1,
"cardContact": {
"emailAddress": "jane.smith@example.com",
"firstName": "Jane",
"lastName": "Smith",
"middleName": "B",
"mobilePhone": "+447700900124",
"telephone": "+441234567891"
},
"cardGroupId": 12,
"cardPIN": "2345",
"cardTypeId": 1234,
"driverName": "James Smith",
"fuelProductRestrictionId": 1,
"isDriverEmbossed": True,
"isVRNEmbossed": True,
"products": [{ "productId": 101 }, { "productId": 102 }],
"purchaseCategoryId": 12,
"vehicleRegNumber": "AB12 CDE"
}
]
}
headers = {
"Authorization": "Bearer <token>",
"Content-Type": "application/json"
}
response = requests.post(url, json=payload, headers=headers)
print(response.text)const options = {
method: 'POST',
headers: {Authorization: 'Bearer <token>', 'Content-Type': 'application/json'},
body: JSON.stringify({
customerAccountNumber: '<string>',
cards: [
{
additionalEmbossing: 'new purchase',
cardAddress: {
companyName: 'ABC Ltd',
addressLines: 'Unit 10, Industrial Estate Oxford Road',
city: 'Oxford',
country: 'United Kingdom',
countryCode: 'GBR',
region: 'Oxfordshire',
zipCode: 'OX1 3PA'
},
cardCategoryId: 1,
cardContact: {
emailAddress: 'jane.smith@example.com',
firstName: 'Jane',
lastName: 'Smith',
middleName: 'B',
mobilePhone: '+447700900124',
telephone: '+441234567891'
},
cardGroupId: 12,
cardPIN: '2345',
cardTypeId: 1234,
driverName: 'James Smith',
fuelProductRestrictionId: 1,
isDriverEmbossed: true,
isVRNEmbossed: true,
products: [{productId: 101}, {productId: 102}],
purchaseCategoryId: 12,
vehicleRegNumber: 'AB12 CDE'
}
]
})
};
fetch('https://apigwuat.corpay.com/cards/order', options)
.then(res => res.json())
.then(res => console.log(res))
.catch(err => console.error(err));<?php
$curl = curl_init();
curl_setopt_array($curl, [
CURLOPT_URL => "https://apigwuat.corpay.com/cards/order",
CURLOPT_RETURNTRANSFER => true,
CURLOPT_ENCODING => "",
CURLOPT_MAXREDIRS => 10,
CURLOPT_TIMEOUT => 30,
CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
CURLOPT_CUSTOMREQUEST => "POST",
CURLOPT_POSTFIELDS => json_encode([
'customerAccountNumber' => '<string>',
'cards' => [
[
'additionalEmbossing' => 'new purchase',
'cardAddress' => [
'companyName' => 'ABC Ltd',
'addressLines' => 'Unit 10, Industrial Estate Oxford Road',
'city' => 'Oxford',
'country' => 'United Kingdom',
'countryCode' => 'GBR',
'region' => 'Oxfordshire',
'zipCode' => 'OX1 3PA'
],
'cardCategoryId' => 1,
'cardContact' => [
'emailAddress' => 'jane.smith@example.com',
'firstName' => 'Jane',
'lastName' => 'Smith',
'middleName' => 'B',
'mobilePhone' => '+447700900124',
'telephone' => '+441234567891'
],
'cardGroupId' => 12,
'cardPIN' => '2345',
'cardTypeId' => 1234,
'driverName' => 'James Smith',
'fuelProductRestrictionId' => 1,
'isDriverEmbossed' => true,
'isVRNEmbossed' => true,
'products' => [
[
'productId' => 101
],
[
'productId' => 102
]
],
'purchaseCategoryId' => 12,
'vehicleRegNumber' => 'AB12 CDE'
]
]
]),
CURLOPT_HTTPHEADER => [
"Authorization: Bearer <token>",
"Content-Type: application/json"
],
]);
$response = curl_exec($curl);
$err = curl_error($curl);
curl_close($curl);
if ($err) {
echo "cURL Error #:" . $err;
} else {
echo $response;
}package main
import (
"fmt"
"strings"
"net/http"
"io"
)
func main() {
url := "https://apigwuat.corpay.com/cards/order"
payload := strings.NewReader("{\n \"customerAccountNumber\": \"<string>\",\n \"cards\": [\n {\n \"additionalEmbossing\": \"new purchase\",\n \"cardAddress\": {\n \"companyName\": \"ABC Ltd\",\n \"addressLines\": \"Unit 10, Industrial Estate Oxford Road\",\n \"city\": \"Oxford\",\n \"country\": \"United Kingdom\",\n \"countryCode\": \"GBR\",\n \"region\": \"Oxfordshire\",\n \"zipCode\": \"OX1 3PA\"\n },\n \"cardCategoryId\": 1,\n \"cardContact\": {\n \"emailAddress\": \"jane.smith@example.com\",\n \"firstName\": \"Jane\",\n \"lastName\": \"Smith\",\n \"middleName\": \"B\",\n \"mobilePhone\": \"+447700900124\",\n \"telephone\": \"+441234567891\"\n },\n \"cardGroupId\": 12,\n \"cardPIN\": \"2345\",\n \"cardTypeId\": 1234,\n \"driverName\": \"James Smith\",\n \"fuelProductRestrictionId\": 1,\n \"isDriverEmbossed\": true,\n \"isVRNEmbossed\": true,\n \"products\": [\n {\n \"productId\": 101\n },\n {\n \"productId\": 102\n }\n ],\n \"purchaseCategoryId\": 12,\n \"vehicleRegNumber\": \"AB12 CDE\"\n }\n ]\n}")
req, _ := http.NewRequest("POST", url, payload)
req.Header.Add("Authorization", "Bearer <token>")
req.Header.Add("Content-Type", "application/json")
res, _ := http.DefaultClient.Do(req)
defer res.Body.Close()
body, _ := io.ReadAll(res.Body)
fmt.Println(string(body))
}HttpResponse<String> response = Unirest.post("https://apigwuat.corpay.com/cards/order")
.header("Authorization", "Bearer <token>")
.header("Content-Type", "application/json")
.body("{\n \"customerAccountNumber\": \"<string>\",\n \"cards\": [\n {\n \"additionalEmbossing\": \"new purchase\",\n \"cardAddress\": {\n \"companyName\": \"ABC Ltd\",\n \"addressLines\": \"Unit 10, Industrial Estate Oxford Road\",\n \"city\": \"Oxford\",\n \"country\": \"United Kingdom\",\n \"countryCode\": \"GBR\",\n \"region\": \"Oxfordshire\",\n \"zipCode\": \"OX1 3PA\"\n },\n \"cardCategoryId\": 1,\n \"cardContact\": {\n \"emailAddress\": \"jane.smith@example.com\",\n \"firstName\": \"Jane\",\n \"lastName\": \"Smith\",\n \"middleName\": \"B\",\n \"mobilePhone\": \"+447700900124\",\n \"telephone\": \"+441234567891\"\n },\n \"cardGroupId\": 12,\n \"cardPIN\": \"2345\",\n \"cardTypeId\": 1234,\n \"driverName\": \"James Smith\",\n \"fuelProductRestrictionId\": 1,\n \"isDriverEmbossed\": true,\n \"isVRNEmbossed\": true,\n \"products\": [\n {\n \"productId\": 101\n },\n {\n \"productId\": 102\n }\n ],\n \"purchaseCategoryId\": 12,\n \"vehicleRegNumber\": \"AB12 CDE\"\n }\n ]\n}")
.asString();require 'uri'
require 'net/http'
url = URI("https://apigwuat.corpay.com/cards/order")
http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true
request = Net::HTTP::Post.new(url)
request["Authorization"] = 'Bearer <token>'
request["Content-Type"] = 'application/json'
request.body = "{\n \"customerAccountNumber\": \"<string>\",\n \"cards\": [\n {\n \"additionalEmbossing\": \"new purchase\",\n \"cardAddress\": {\n \"companyName\": \"ABC Ltd\",\n \"addressLines\": \"Unit 10, Industrial Estate Oxford Road\",\n \"city\": \"Oxford\",\n \"country\": \"United Kingdom\",\n \"countryCode\": \"GBR\",\n \"region\": \"Oxfordshire\",\n \"zipCode\": \"OX1 3PA\"\n },\n \"cardCategoryId\": 1,\n \"cardContact\": {\n \"emailAddress\": \"jane.smith@example.com\",\n \"firstName\": \"Jane\",\n \"lastName\": \"Smith\",\n \"middleName\": \"B\",\n \"mobilePhone\": \"+447700900124\",\n \"telephone\": \"+441234567891\"\n },\n \"cardGroupId\": 12,\n \"cardPIN\": \"2345\",\n \"cardTypeId\": 1234,\n \"driverName\": \"James Smith\",\n \"fuelProductRestrictionId\": 1,\n \"isDriverEmbossed\": true,\n \"isVRNEmbossed\": true,\n \"products\": [\n {\n \"productId\": 101\n },\n {\n \"productId\": 102\n }\n ],\n \"purchaseCategoryId\": 12,\n \"vehicleRegNumber\": \"AB12 CDE\"\n }\n ]\n}"
response = http.request(request)
puts response.read_body{
"orderReference": "ORD-20260117-001"
}[
{
"errorCode": "ER-001",
"errorDescription": "Invalid request parameters"
},
{
"errorCode": "ER-002",
"errorDescription": "Missing required field"
}
]{
"errorCode": "ER-012",
"errorDescription": "The server encountered an unexpected condition and could not complete the request. Please contact Corpay Support."
}Card
Order cards
Order one or more cards for a customer. The process is asynchronous and returns an order reference. The identifiers required in this request can be obtained from the Master Data APIs. The Card Order process will take up to 24-36 hrs to complete the order.
POST
/
cards
/
order
Order cards
curl --request POST \
--url https://apigwuat.corpay.com/cards/order \
--header 'Authorization: Bearer <token>' \
--header 'Content-Type: application/json' \
--data '
{
"customerAccountNumber": "<string>",
"cards": [
{
"additionalEmbossing": "new purchase",
"cardAddress": {
"companyName": "ABC Ltd",
"addressLines": "Unit 10, Industrial Estate Oxford Road",
"city": "Oxford",
"country": "United Kingdom",
"countryCode": "GBR",
"region": "Oxfordshire",
"zipCode": "OX1 3PA"
},
"cardCategoryId": 1,
"cardContact": {
"emailAddress": "jane.smith@example.com",
"firstName": "Jane",
"lastName": "Smith",
"middleName": "B",
"mobilePhone": "+447700900124",
"telephone": "+441234567891"
},
"cardGroupId": 12,
"cardPIN": "2345",
"cardTypeId": 1234,
"driverName": "James Smith",
"fuelProductRestrictionId": 1,
"isDriverEmbossed": true,
"isVRNEmbossed": true,
"products": [
{
"productId": 101
},
{
"productId": 102
}
],
"purchaseCategoryId": 12,
"vehicleRegNumber": "AB12 CDE"
}
]
}
'import requests
url = "https://apigwuat.corpay.com/cards/order"
payload = {
"customerAccountNumber": "<string>",
"cards": [
{
"additionalEmbossing": "new purchase",
"cardAddress": {
"companyName": "ABC Ltd",
"addressLines": "Unit 10, Industrial Estate Oxford Road",
"city": "Oxford",
"country": "United Kingdom",
"countryCode": "GBR",
"region": "Oxfordshire",
"zipCode": "OX1 3PA"
},
"cardCategoryId": 1,
"cardContact": {
"emailAddress": "jane.smith@example.com",
"firstName": "Jane",
"lastName": "Smith",
"middleName": "B",
"mobilePhone": "+447700900124",
"telephone": "+441234567891"
},
"cardGroupId": 12,
"cardPIN": "2345",
"cardTypeId": 1234,
"driverName": "James Smith",
"fuelProductRestrictionId": 1,
"isDriverEmbossed": True,
"isVRNEmbossed": True,
"products": [{ "productId": 101 }, { "productId": 102 }],
"purchaseCategoryId": 12,
"vehicleRegNumber": "AB12 CDE"
}
]
}
headers = {
"Authorization": "Bearer <token>",
"Content-Type": "application/json"
}
response = requests.post(url, json=payload, headers=headers)
print(response.text)const options = {
method: 'POST',
headers: {Authorization: 'Bearer <token>', 'Content-Type': 'application/json'},
body: JSON.stringify({
customerAccountNumber: '<string>',
cards: [
{
additionalEmbossing: 'new purchase',
cardAddress: {
companyName: 'ABC Ltd',
addressLines: 'Unit 10, Industrial Estate Oxford Road',
city: 'Oxford',
country: 'United Kingdom',
countryCode: 'GBR',
region: 'Oxfordshire',
zipCode: 'OX1 3PA'
},
cardCategoryId: 1,
cardContact: {
emailAddress: 'jane.smith@example.com',
firstName: 'Jane',
lastName: 'Smith',
middleName: 'B',
mobilePhone: '+447700900124',
telephone: '+441234567891'
},
cardGroupId: 12,
cardPIN: '2345',
cardTypeId: 1234,
driverName: 'James Smith',
fuelProductRestrictionId: 1,
isDriverEmbossed: true,
isVRNEmbossed: true,
products: [{productId: 101}, {productId: 102}],
purchaseCategoryId: 12,
vehicleRegNumber: 'AB12 CDE'
}
]
})
};
fetch('https://apigwuat.corpay.com/cards/order', options)
.then(res => res.json())
.then(res => console.log(res))
.catch(err => console.error(err));<?php
$curl = curl_init();
curl_setopt_array($curl, [
CURLOPT_URL => "https://apigwuat.corpay.com/cards/order",
CURLOPT_RETURNTRANSFER => true,
CURLOPT_ENCODING => "",
CURLOPT_MAXREDIRS => 10,
CURLOPT_TIMEOUT => 30,
CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
CURLOPT_CUSTOMREQUEST => "POST",
CURLOPT_POSTFIELDS => json_encode([
'customerAccountNumber' => '<string>',
'cards' => [
[
'additionalEmbossing' => 'new purchase',
'cardAddress' => [
'companyName' => 'ABC Ltd',
'addressLines' => 'Unit 10, Industrial Estate Oxford Road',
'city' => 'Oxford',
'country' => 'United Kingdom',
'countryCode' => 'GBR',
'region' => 'Oxfordshire',
'zipCode' => 'OX1 3PA'
],
'cardCategoryId' => 1,
'cardContact' => [
'emailAddress' => 'jane.smith@example.com',
'firstName' => 'Jane',
'lastName' => 'Smith',
'middleName' => 'B',
'mobilePhone' => '+447700900124',
'telephone' => '+441234567891'
],
'cardGroupId' => 12,
'cardPIN' => '2345',
'cardTypeId' => 1234,
'driverName' => 'James Smith',
'fuelProductRestrictionId' => 1,
'isDriverEmbossed' => true,
'isVRNEmbossed' => true,
'products' => [
[
'productId' => 101
],
[
'productId' => 102
]
],
'purchaseCategoryId' => 12,
'vehicleRegNumber' => 'AB12 CDE'
]
]
]),
CURLOPT_HTTPHEADER => [
"Authorization: Bearer <token>",
"Content-Type: application/json"
],
]);
$response = curl_exec($curl);
$err = curl_error($curl);
curl_close($curl);
if ($err) {
echo "cURL Error #:" . $err;
} else {
echo $response;
}package main
import (
"fmt"
"strings"
"net/http"
"io"
)
func main() {
url := "https://apigwuat.corpay.com/cards/order"
payload := strings.NewReader("{\n \"customerAccountNumber\": \"<string>\",\n \"cards\": [\n {\n \"additionalEmbossing\": \"new purchase\",\n \"cardAddress\": {\n \"companyName\": \"ABC Ltd\",\n \"addressLines\": \"Unit 10, Industrial Estate Oxford Road\",\n \"city\": \"Oxford\",\n \"country\": \"United Kingdom\",\n \"countryCode\": \"GBR\",\n \"region\": \"Oxfordshire\",\n \"zipCode\": \"OX1 3PA\"\n },\n \"cardCategoryId\": 1,\n \"cardContact\": {\n \"emailAddress\": \"jane.smith@example.com\",\n \"firstName\": \"Jane\",\n \"lastName\": \"Smith\",\n \"middleName\": \"B\",\n \"mobilePhone\": \"+447700900124\",\n \"telephone\": \"+441234567891\"\n },\n \"cardGroupId\": 12,\n \"cardPIN\": \"2345\",\n \"cardTypeId\": 1234,\n \"driverName\": \"James Smith\",\n \"fuelProductRestrictionId\": 1,\n \"isDriverEmbossed\": true,\n \"isVRNEmbossed\": true,\n \"products\": [\n {\n \"productId\": 101\n },\n {\n \"productId\": 102\n }\n ],\n \"purchaseCategoryId\": 12,\n \"vehicleRegNumber\": \"AB12 CDE\"\n }\n ]\n}")
req, _ := http.NewRequest("POST", url, payload)
req.Header.Add("Authorization", "Bearer <token>")
req.Header.Add("Content-Type", "application/json")
res, _ := http.DefaultClient.Do(req)
defer res.Body.Close()
body, _ := io.ReadAll(res.Body)
fmt.Println(string(body))
}HttpResponse<String> response = Unirest.post("https://apigwuat.corpay.com/cards/order")
.header("Authorization", "Bearer <token>")
.header("Content-Type", "application/json")
.body("{\n \"customerAccountNumber\": \"<string>\",\n \"cards\": [\n {\n \"additionalEmbossing\": \"new purchase\",\n \"cardAddress\": {\n \"companyName\": \"ABC Ltd\",\n \"addressLines\": \"Unit 10, Industrial Estate Oxford Road\",\n \"city\": \"Oxford\",\n \"country\": \"United Kingdom\",\n \"countryCode\": \"GBR\",\n \"region\": \"Oxfordshire\",\n \"zipCode\": \"OX1 3PA\"\n },\n \"cardCategoryId\": 1,\n \"cardContact\": {\n \"emailAddress\": \"jane.smith@example.com\",\n \"firstName\": \"Jane\",\n \"lastName\": \"Smith\",\n \"middleName\": \"B\",\n \"mobilePhone\": \"+447700900124\",\n \"telephone\": \"+441234567891\"\n },\n \"cardGroupId\": 12,\n \"cardPIN\": \"2345\",\n \"cardTypeId\": 1234,\n \"driverName\": \"James Smith\",\n \"fuelProductRestrictionId\": 1,\n \"isDriverEmbossed\": true,\n \"isVRNEmbossed\": true,\n \"products\": [\n {\n \"productId\": 101\n },\n {\n \"productId\": 102\n }\n ],\n \"purchaseCategoryId\": 12,\n \"vehicleRegNumber\": \"AB12 CDE\"\n }\n ]\n}")
.asString();require 'uri'
require 'net/http'
url = URI("https://apigwuat.corpay.com/cards/order")
http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true
request = Net::HTTP::Post.new(url)
request["Authorization"] = 'Bearer <token>'
request["Content-Type"] = 'application/json'
request.body = "{\n \"customerAccountNumber\": \"<string>\",\n \"cards\": [\n {\n \"additionalEmbossing\": \"new purchase\",\n \"cardAddress\": {\n \"companyName\": \"ABC Ltd\",\n \"addressLines\": \"Unit 10, Industrial Estate Oxford Road\",\n \"city\": \"Oxford\",\n \"country\": \"United Kingdom\",\n \"countryCode\": \"GBR\",\n \"region\": \"Oxfordshire\",\n \"zipCode\": \"OX1 3PA\"\n },\n \"cardCategoryId\": 1,\n \"cardContact\": {\n \"emailAddress\": \"jane.smith@example.com\",\n \"firstName\": \"Jane\",\n \"lastName\": \"Smith\",\n \"middleName\": \"B\",\n \"mobilePhone\": \"+447700900124\",\n \"telephone\": \"+441234567891\"\n },\n \"cardGroupId\": 12,\n \"cardPIN\": \"2345\",\n \"cardTypeId\": 1234,\n \"driverName\": \"James Smith\",\n \"fuelProductRestrictionId\": 1,\n \"isDriverEmbossed\": true,\n \"isVRNEmbossed\": true,\n \"products\": [\n {\n \"productId\": 101\n },\n {\n \"productId\": 102\n }\n ],\n \"purchaseCategoryId\": 12,\n \"vehicleRegNumber\": \"AB12 CDE\"\n }\n ]\n}"
response = http.request(request)
puts response.read_body{
"orderReference": "ORD-20260117-001"
}[
{
"errorCode": "ER-001",
"errorDescription": "Invalid request parameters"
},
{
"errorCode": "ER-002",
"errorDescription": "Missing required field"
}
]{
"errorCode": "ER-012",
"errorDescription": "The server encountered an unexpected condition and could not complete the request. Please contact Corpay Support."
}Performance expectations:
p50: 300 ms, p99: 900 ms.
Measured on successful requests (2xx), server-side only.
How to interpret these metrics
p50: 300 ms, p99: 900 ms.
Measured on successful requests (2xx), server-side only.
How to interpret these metrics
Authorizations
Use OAuth2 client credentials to obtain a bearer token.
Token endpoint:
POST <BASE_URL>/keycloak/realms/longship/protocol/openid-connect/token
Use the same base URL as the selected API server:
- Test environment:
https://apigwuat.corpay.com - Production environment:
https://apigw.corpay.com
Example:
curl --location '<BASE_URL>/keycloak/realms/longship/protocol/openid-connect/token' \
--header 'accept: application/json' \
--data-urlencode 'grant_type=client_credentials' \
--data-urlencode 'client_id=.......' \
--data-urlencode 'client_secret=......'
Response
Order accepted (async)
⌘I