API Reference v2025.12.10.3

Scroll down for code samples, example requests and responses. Select a language for code samples from the tabs above or the mobile navigation menu.

Base URLs:

• https://coreapi.pexcard.com/v4

Token : Manage authentication for the PEX API.

Return basic token details for the authenticated user and app.

Code samples

require 'rest-client'
require 'json'

headers = {
  'Accept' => 'application/json',
  'Authorization' => 'string'
}

result = RestClient.get 'https://coreapi.pexcard.com/v4/Token/Current',
  params: {
  }, headers: headers

p JSON.parse(result)

import requests
headers = {
  'Accept': 'application/json',
  'Authorization': 'string'
}

r = requests.get('https://coreapi.pexcard.com/v4/Token/Current', headers = headers)

print(r.json())

const headers = {
  'Accept':'application/json',
  'Authorization':'string'
};

fetch('https://coreapi.pexcard.com/v4/Token/Current',
{
  method: 'GET',

  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

GET /Token/Current

Determine which API user a token belongs to, as well as the token expiration date.

Once the token expires, it cannot be renewed or deleted.

The following error responses will result in PEX deleting the token (after the first error):
‘401: Password has changed’ (API user has changed the password)
‘403: User is not active’ (API user is terminated/closed)
‘403: Token expired or does not exist’.

If you receive any of the above errors, you will need to contact the API user for further instructions.

Parameters

Example responses

200 Response

{
  "AppId": "",
  "BusinessAccountId": 0,
  "BusinessAccountName": "",
  "CardholderAccountId": 0,
  "UserType": "Cardholder",
  "Username": "",
  "Token": "",
  "TokenExpiration": ""
}

Responses

Return a list of basic tokens details for the authenticated user and app.

Code samples

require 'rest-client'
require 'json'

headers = {
  'Accept' => 'application/json',
  'Authorization' => 'string'
}

result = RestClient.get 'https://coreapi.pexcard.com/v4/Token/GetAuthTokens',
  params: {
  }, headers: headers

p JSON.parse(result)

import requests
headers = {
  'Accept': 'application/json',
  'Authorization': 'string'
}

r = requests.get('https://coreapi.pexcard.com/v4/Token/GetAuthTokens', headers = headers)

print(r.json())

const headers = {
  'Accept':'application/json',
  'Authorization':'string'
};

fetch('https://coreapi.pexcard.com/v4/Token/GetAuthTokens',
{
  method: 'GET',

  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

GET /Token/GetAuthTokens

List all tokens for the app or user, including the expiration date/time.

Parameters

Example responses

202 Response

{
  "Tokens": [
    {
      "Token": "",
      "SecondsUntilExpire": 0,
      "ExpirationTime": ""
    }
  ]
}

Responses

Generate a new access token

Code samples

require 'rest-client'
require 'json'

headers = {
  'Content-Type' => 'application/json',
  'Accept' => 'application/json',
  'Authorization' => 'basic '
}

result = RestClient.post 'https://coreapi.pexcard.com/v4/Token',
  params: {
  }, headers: headers

p JSON.parse(result)

import requests
headers = {
  'Content-Type': 'application/json',
  'Accept': 'application/json',
  'Authorization': 'basic '
}

r = requests.post('https://coreapi.pexcard.com/v4/Token', headers = headers)

print(r.json())

const inputBody = '{
  "Username": "",
  "Password": "",
  "UserAgentString": ""
}';
const headers = {
  'Content-Type':'application/json',
  'Accept':'application/json',
  'Authorization':'basic '
};

fetch('https://coreapi.pexcard.com/v4/Token',
{
  method: 'POST',
  body: inputBody,
  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

POST /Token

Create a token.

A token is required to make all API calls. The life of a token is six (6) months.

Tokens are the equivalent of a username/password combination and must not be shared or distributed to untrusted parties.

Token authentication is only secure if SSL is used. Therefore, all requests (both to obtain and use the tokens) must use HTTPS endpoints. Please follow the best practices using SSL - peers should always be verified. To find our latest VeriSign certificate, please go to https://coreapi.pexcard.com.

If you are a partner (API user), your customer will provide a PEX administrator or cardholder username/password that you (partner) will generate the token from. You (partner) then use that token to authenticate.

If you are a customer, you received your API username/password from PEX Operations.


Before creating your first token the following pre-steps are required:
1. On developer.pexcard.com, select Dashboard in the blue menu bar.
2. In the API Keys section, click on the lock and key icons to show the values on the screen. If you have access to both Beta and Production, each will be listed separately.
3. From the returned (beta or production) values, create a Base64 encoded value for authorization. To do this you can use a simple tool like the one found here https://www.base64encode.org. The input should be in the following format: ClientID:ClientSecret. (HELPFUL TIP: If you copy the copy and paste the ClientId and ClientSecret please be sure that no extra characters or spaces are included. Correct: ClientID:ClientSecret Incorrect: ClientID: ClientSecret)
4. The returned encoded value should be used in all API calls.
Note: To see the Curl example - in the Authorization field, prepend the word basic to the Base64 encoded value, for example,
basic MmRlMWZjZgq6OTU0MzQwYmY3OGIwNjFjnJcxIIY0MWM2NWE4NWIxPPO=

Body parameter

{
  "Username": "",
  "Password": "",
  "UserAgentString": ""
}

Parameters

Example responses

201 Response

{
  "Token": ""
}

Responses

Revoke access for the authenticated user

Code samples

require 'rest-client'
require 'json'

headers = {
  'Authorization' => 'string'
}

result = RestClient.delete 'https://coreapi.pexcard.com/v4/Token',
  params: {
  }, headers: headers

p JSON.parse(result)

import requests
headers = {
  'Authorization': 'string'
}

r = requests.delete('https://coreapi.pexcard.com/v4/Token', headers = headers)

print(r.json())

const headers = {
  'Authorization':'string'
};

fetch('https://coreapi.pexcard.com/v4/Token',
{
  method: 'DELETE',

  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

DELETE /Token

To revoke API access, delete the token.

The following error responses will result in PEX deleting the token (after the first error):
‘401: Password has changed’ (Administrator has changed the password)
‘403: User is not active’ (Administrator is terminated/closed)
‘403: Token expired or does not exist’.


If the token will expire in one month or less, use POST /Token/Renew.

Parameters

Responses

Reissue token prior to expiration

Code samples

require 'rest-client'
require 'json'

headers = {
  'Accept' => 'application/json',
  'Authorization' => 'string'
}

result = RestClient.post 'https://coreapi.pexcard.com/v4/Token/Renew',
  params: {
  }, headers: headers

p JSON.parse(result)

import requests
headers = {
  'Accept': 'application/json',
  'Authorization': 'string'
}

r = requests.post('https://coreapi.pexcard.com/v4/Token/Renew', headers = headers)

print(r.json())

const headers = {
  'Accept':'application/json',
  'Authorization':'string'
};

fetch('https://coreapi.pexcard.com/v4/Token/Renew',
{
  method: 'POST',

  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

POST /Token/Renew

Reissue an existing token. A new token will be generated based on your existing valid token. This end-point does not extend the expiration date of an existing token.

All tokens expire 6 months after creation. You can reissue the token one (1) month prior to its expiration date. Once the token is expired, it cannot be renewed and you will need to generate a new one.

If you know a token has been compromised, please delete it and generate a new one.

To get the expiration date of a token, use GET /Token.

Parameters

Example responses

200 Response

{
  "Username": "",
  "Token": "",
  "AppId": "",
  "TokenExpiration": ""
}

Responses

Card : Create, activate, and fund cards. Setup rules for spending and scheduled funding.

Create a 4-digit PIN and associate it with a card accountID

Code samples

require 'rest-client'
require 'json'

headers = {
  'Content-Type' => 'application/json',
  'Accept' => 'application/json',
  'Authorization' => 'string'
}

result = RestClient.put 'https://coreapi.pexcard.com/v4/Card/SetPin/{Id}',
  params: {
  }, headers: headers

p JSON.parse(result)

import requests
headers = {
  'Content-Type': 'application/json',
  'Accept': 'application/json',
  'Authorization': 'string'
}

r = requests.put('https://coreapi.pexcard.com/v4/Card/SetPin/{Id}', headers = headers)

print(r.json())

const inputBody = '{
  "Pin": ""
}';
const headers = {
  'Content-Type':'application/json',
  'Accept':'application/json',
  'Authorization':'string'
};

fetch('https://coreapi.pexcard.com/v4/Card/SetPin/{Id}',
{
  method: 'PUT',
  body: inputBody,
  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

PUT /Card/SetPin/{Id}

Create a 4-digit PIN and associate it with a card accountID.

There is no cash access and a PEX card cannot be used to obtain cash from an ATM, POS or by any other means.

You can set a PIN to allow your cardholder to shop at some stores that require PINs, e.g. Sam's Club and Costco.

The PIN is secure and cannot be viewed online or by customer service. If the cardholder forgets the PIN, a new PIN must be created.

If the cardholder uses an incorrect PIN five (5) times, the system will block the card for fraud. To remove the block, call customer service (1-866-685-1898) or create a new PIN - SetPIN will unblock the card and set the failure count to 0.

A PIN must:
- be four (4) digits
- not be all the same digit, ex. 1111
- not be digits in sequence, ex. 1234
- not match the last four (4) digits of the card number.

Body parameter

{
  "Pin": ""
}

Parameters

Example responses

200 Response

{}

Responses

Response Schema

Status Code 200

IHttpActionResult

Set a group for the card account

Code samples

require 'rest-client'
require 'json'

headers = {
  'Content-Type' => 'application/json',
  'Accept' => 'application/json',
  'Authorization' => 'string'
}

result = RestClient.put 'https://coreapi.pexcard.com/v4/Card/SetGroup',
  params: {
  }, headers: headers

p JSON.parse(result)

import requests
headers = {
  'Content-Type': 'application/json',
  'Accept': 'application/json',
  'Authorization': 'string'
}

r = requests.put('https://coreapi.pexcard.com/v4/Card/SetGroup', headers = headers)

print(r.json())

const inputBody = '{
  "GroupId": 0,
  "AcctId": 0
}';
const headers = {
  'Content-Type':'application/json',
  'Accept':'application/json',
  'Authorization':'string'
};

fetch('https://coreapi.pexcard.com/v4/Card/SetGroup',
{
  method: 'PUT',
  body: inputBody,
  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

PUT /Card/SetGroup

Insert a card accountID into a specified group.

For a definition of group see POST /Group/Group.

Body parameter

{
  "GroupId": 0,
  "AcctId": 0
}

Parameters

Example responses

200 Response

{}

Responses

Response Schema

Status Code 200

HttpResponseMessage

Fund a specified card accountID to zero ($0)

Code samples

require 'rest-client'
require 'json'

headers = {
  'Accept' => 'application/json',
  'Authorization' => 'string'
}

result = RestClient.post 'https://coreapi.pexcard.com/v4/Card/Zero/{id}',
  params: {
  }, headers: headers

p JSON.parse(result)

import requests
headers = {
  'Accept': 'application/json',
  'Authorization': 'string'
}

r = requests.post('https://coreapi.pexcard.com/v4/Card/Zero/{id}', headers = headers)

print(r.json())

const headers = {
  'Accept':'application/json',
  'Authorization':'string'
};

fetch('https://coreapi.pexcard.com/v4/Card/Zero/{id}',
{
  method: 'POST',

  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

POST /Card/Zero/{id}

Fund a specified card accountID to zero ($0).

Specify a card accountID and funds from the business account will be added/removed so that the card account (available) balance = $0.00.

Parameters

Example responses

200 Response

{
  "AccountId": 0,
  "AvailableBalance": 0.1,
  "LedgerBalance": 0.1,
  "TransactionId": 0
}

Responses

• Must be card account ID
• Insufficient funds on business
• Invalid amount
• Admin does not have permission
• Card available balance will exceed lifetime limit|None|

Return all cards for a CardOrderId

Code samples

require 'rest-client'
require 'json'

headers = {
  'Accept' => 'application/json',
  'Authorization' => 'string'
}

result = RestClient.get 'https://coreapi.pexcard.com/v4/Card/CardOrder/{id}',
  params: {
  }, headers: headers

p JSON.parse(result)

import requests
headers = {
  'Accept': 'application/json',
  'Authorization': 'string'
}

r = requests.get('https://coreapi.pexcard.com/v4/Card/CardOrder/{id}', headers = headers)

print(r.json())

const headers = {
  'Accept':'application/json',
  'Authorization':'string'
};

fetch('https://coreapi.pexcard.com/v4/Card/CardOrder/{id}',
{
  method: 'GET',

  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

GET /Card/CardOrder/{id}

After using POST /Card/CreateAsync to create one or more cards, you can retrieve the card information, including the card AccountId, by using this call.

Parameters

Example responses

200 Response

{
  "CardOrderId": 0,
  "OrderDateTime": "",
  "UserName": "",
  "BusinessAccountId": 0,
  "Cards": [
    {
      "AcctId": 0,
      "Status": "",
      "FirstName": "",
      "MiddleName": "",
      "LastName": "",
      "DateOfBirth": "",
      "HomePhone": "",
      "MobilePhone": "",
      "Email": "",
      "HomeAddress": {
        "AddressLine1": "",
        "AddressLine2": "",
        "City": "",
        "State": "",
        "PostalCode": ""
      },
      "ShippingAddress": {
        "AddressLine1": "",
        "AddressLine2": "",
        "City": "",
        "State": "",
        "PostalCode": ""
      },
      "Recipient": "",
      "ShipToShippingAddress": false,
      "ShippingContactNumber": "",
      "BundleCards": false,
      "ShippingMethod": "",
      "ShippingDate": "",
      "Errors": [
        {
          "Code": "",
          "Message": ""
        }
      ],
      "FailReason": "",
      "AccountNumber": "",
      "SpendingRulesetId": 0,
      "GroupId": 0,
      "CustomId": "",
      "IsVirtual": false
    }
  ]
}

Responses

Get general information about card orders

Code samples

require 'rest-client'
require 'json'

headers = {
  'Accept' => 'application/json',
  'Authorization' => 'string'
}

result = RestClient.get 'https://coreapi.pexcard.com/v4/Card/CardOrder',
  params: {
  }, headers: headers

p JSON.parse(result)

import requests
headers = {
  'Accept': 'application/json',
  'Authorization': 'string'
}

r = requests.get('https://coreapi.pexcard.com/v4/Card/CardOrder', headers = headers)

print(r.json())

const headers = {
  'Accept':'application/json',
  'Authorization':'string'
};

fetch('https://coreapi.pexcard.com/v4/Card/CardOrder',
{
  method: 'GET',

  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

GET /Card/CardOrder

This endpoint returns all the card order Ids those were created in the duration specified by Start date and End date.
With the CardOrderId from response you can use GET/Card/CardOrder/{Id} to get more information about the cards created within that CardOrder.
Please make sure time frame selected between StartDate and EndDate is no more than last 12 months.

CardOrderId: Order ID returned as a response to POST/Card/CreateAsync, when you submit card creation request.
OrderDateTime: Date time when the card order was placed.
UserName: Username of the user who placed the order
BusinessAdminId: Unique identifier for the business admin who placed the card order. More information about admin can be obtained by GET/Business/Admin/{Id}. It can have null value in some cases.
BusinessAccountId: Account Id to which card order belongs to.
NumberofCards: Total count of number of cards successfully created in the card order.

Parameters

Example responses

200 Response

{
  "CardOrders": [
    {
      "CardOrderId": 0,
      "OrderDateTime": "",
      "UserName": "",
      "BusinessAdminId": 0,
      "BusinessAccountId": 0,
      "NumberOfCards": 0
    }
  ]
}

Responses

Return profile data associated with a single card accountID

Code samples

require 'rest-client'
require 'json'

headers = {
  'Accept' => 'application/json',
  'Authorization' => 'string'
}

result = RestClient.get 'https://coreapi.pexcard.com/v4/Card/Profile/{id}',
  params: {
  }, headers: headers

p JSON.parse(result)

import requests
headers = {
  'Accept': 'application/json',
  'Authorization': 'string'
}

r = requests.get('https://coreapi.pexcard.com/v4/Card/Profile/{id}', headers = headers)

print(r.json())

const headers = {
  'Accept':'application/json',
  'Authorization':'string'
};

fetch('https://coreapi.pexcard.com/v4/Card/Profile/{id}',
{
  method: 'GET',

  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

GET /Card/Profile/{id}

Return profile data associated with a single card accountID.

Definition of some of the returned fields and how the PEX system uses them:
- AccountId: Card account ID. 0 will be returned as the Account ID for cards that are pending.
- CardholderGroupID: Unique identifier for the group (for a definition of group see POST /Group/Group.)
- Profile address: The cardholder billing address.
- Shipping address: Used for card mailing. PEX uses this address for all future card replacements including: lost, stolen, compromised and renewal.
- SpendRulestId in the response lets user know the associated SpendingRuleset with the card account specified in the request.
- IsVirtual: If this is connected to a virtual card order then the value is: true, otherwise, false.
- CustomId: User defined Id which can be assigned to Card holder profile (alphanumeric up to 50 characters). This is optional field.

To retrieve all information stored against a card accountID, including spend and funding rules, use GET /Details/AccountDetails/{Id}.

Parameters

Example responses

200 Response

{
  "AccountId": 0,
  "UserId": 0,
  "AccountStatus": "",
  "FirstName": "",
  "MiddleName": "",
  "LastName": "",
  "CardholderGroupId": 0,
  "SpendRulesetId": 0,
  "ProfileAddress": {
    "ContactName": "",
    "AddressLine1": "",
    "AddressLine2": "",
    "City": "",
    "State": "",
    "PostalCode": ""
  },
  "Phone": "",
  "ShippingAddress": {
    "ContactName": "",
    "AddressLine1": "",
    "AddressLine2": "",
    "City": "",
    "State": "",
    "PostalCode": ""
  },
  "ShippingPhone": "",
  "DateOfBirth": "",
  "UserName": "",
  "Email": "",
  "IsVirtual": false,
  "CardholderType": "TeamMember",
  "CustomId": ""
}

Responses

Update profile data for a specified card accountID.

Code samples

require 'rest-client'
require 'json'

headers = {
  'Content-Type' => 'application/json',
  'Accept' => 'application/json',
  'Authorization' => 'string'
}

result = RestClient.put 'https://coreapi.pexcard.com/v4/Card/Profile/{id}',
  params: {
  }, headers: headers

p JSON.parse(result)

import requests
headers = {
  'Content-Type': 'application/json',
  'Accept': 'application/json',
  'Authorization': 'string'
}

r = requests.put('https://coreapi.pexcard.com/v4/Card/Profile/{id}', headers = headers)

print(r.json())

const inputBody = '{
  "CardholderGroupId": 0,
  "SpendRulesetId": 0,
  "Phone": "",
  "ShippingPhone": "",
  "DateOfBirth": "",
  "Email": "",
  "CustomId": "",
  "FirstName": "",
  "LastName": "",
  "NormalizeProfileAddress": false,
  "ProfileAddress": {
    "AddressLine1": "",
    "AddressLine2": "",
    "City": "",
    "State": "",
    "PostalCode": ""
  },
  "NormalizeShippingAddress": false,
  "ShippingAddress": {
    "ContactName": "",
    "AddressLine1": "",
    "AddressLine2": "",
    "City": "",
    "State": "",
    "PostalCode": ""
  }
}';
const headers = {
  'Content-Type':'application/json',
  'Accept':'application/json',
  'Authorization':'string'
};

fetch('https://coreapi.pexcard.com/v4/Card/Profile/{id}',
{
  method: 'PUT',
  body: inputBody,
  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

PUT /Card/Profile/{id}

All fields are optional for update, however, some profile fields are required in the system and cannot be replaced by null or empty strings. The API user must have CreateCardholder = true or ManageCardholder = true.

Required profile fields:
- First Name
- Last Name
- Profile Address Line 1
- Profile City
- Profile State
- Profile Zip
- Shipping Address Line 1
- Shipping City
- Shipping Status
- Shipping Zip
- Phone
- Email
- Date of Birth.

To find the group name associated with a 'CardholderGroupId', use GET /Details/AccountDetails.
CustomId: User defined Id which can be assigned to Card holder profile (alphanumeric up to 50 characters). This is optional field.

User can specify SpendRulesetId in the request to associate an account with SpendingRuleset.
If SpendRulesetId value in request is null, account will be disassociated from a SpendingRuleset.

If PEX card is used for fuel authorizations, transit passes or online purchases, there will be times where the cardholder will have to key in the billing zip code as it appears on the cardholder profile. To avoid issues at the time of purchase, let the cardholder know what their billing (i.e. profile) address is.

If the cardholder enters an invalid Zip Code 2 times, the merchant may refuse to accept additional card swipes. If this occurs, cardholders will have to see the attendant to complete a gas transaction, or use another form of payment.

If the cardholder should have access to dashboard.pexcard.com to review their transaction history, etc., they will need the four (4) digit year of birth from their profile. If you are using a generic value, you will need to convey that to the cardholder.

A virtual or vendor card cannot be assigned to a spend policy that allows card present purchases.

Body parameter

{
  "CardholderGroupId": 0,
  "SpendRulesetId": 0,
  "Phone": "",
  "ShippingPhone": "",
  "DateOfBirth": "",
  "Email": "",
  "CustomId": "",
  "FirstName": "",
  "LastName": "",
  "NormalizeProfileAddress": false,
  "ProfileAddress": {
    "AddressLine1": "",
    "AddressLine2": "",
    "City": "",
    "State": "",
    "PostalCode": ""
  },
  "NormalizeShippingAddress": false,
  "ShippingAddress": {
    "ContactName": "",
    "AddressLine1": "",
    "AddressLine2": "",
    "City": "",
    "State": "",
    "PostalCode": ""
  }
}

Parameters

Example responses

200 Response

{}

Responses

• Invalid email address
• Invalid profile address
• Invalid shipping address|None| |401|Unauthorized|Token expired or does not exist|None| |403|Forbidden|- Invalid card account ID
• Must be card account ID
• Card group not found|None|

Response Schema

Status Code 200

HttpResponseMessage

Add or remove funds to/from a card accountID

Code samples

require 'rest-client'
require 'json'

headers = {
  'Content-Type' => 'application/json',
  'Accept' => 'application/json',
  'Authorization' => 'string'
}

result = RestClient.post 'https://coreapi.pexcard.com/v4/Card/Fund/{id}',
  params: {
  }, headers: headers

p JSON.parse(result)

import requests
headers = {
  'Content-Type': 'application/json',
  'Accept': 'application/json',
  'Authorization': 'string'
}

r = requests.post('https://coreapi.pexcard.com/v4/Card/Fund/{id}', headers = headers)

print(r.json())

const inputBody = '{
  "Amount": 0.1,
  "NoteText": ""
}';
const headers = {
  'Content-Type':'application/json',
  'Accept':'application/json',
  'Authorization':'string'
};

fetch('https://coreapi.pexcard.com/v4/Card/Fund/{id}',
{
  method: 'POST',
  body: inputBody,
  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

POST /Card/Fund/{id}

Add or remove funds to/from a card accountID.

Card funding is in real-time and will change the cardholder's available balance immediately.


To remove funds from the card balance, enter a negative number, for example: -10.00 will remove $10.00 from the card available balance.

Padding for Restaurant: At non-fast food locations, card authorization is (typically) for total plus 20% of total (ex. bill total $56.00 + $11.20 (20%) = $67.20 authorization amount). If the cardholder spends at restaurants, please be sure to allow for the additional 20%.

Gas Purchases at Automated Fuel Dispensers (AFDs): AFDs will authorize for a minimum $50.00 and settle for the amount of gas pumped (whether the purchase is above or below $50.00).

To retrieve the card accountID, use GET /Details/AccountDetails.

Body parameter

{
  "Amount": 0.1,
  "NoteText": ""
}

Parameters

Example responses

200 Response

{
  "AccountId": 0,
  "AvailableBalance": 0.1,
  "LedgerBalance": 0.1,
  "TransactionId": 0
}

Responses

• Must be card account ID
• Insufficient funds on business
• Insufficient funds on card account
• Card available balance will exceed card limit
• Use Business Balance is enabled for card account
• Invalid amount
• Admin does not have permission|None|

Create cards for the business

Code samples

require 'rest-client'
require 'json'

headers = {
  'Content-Type' => 'application/json',
  'Accept' => 'application/json',
  'Authorization' => 'string'
}

result = RestClient.post 'https://coreapi.pexcard.com/v4/Card/CreateAsync',
  params: {
  }, headers: headers

p JSON.parse(result)

import requests
headers = {
  'Content-Type': 'application/json',
  'Accept': 'application/json',
  'Authorization': 'string'
}

r = requests.post('https://coreapi.pexcard.com/v4/Card/CreateAsync', headers = headers)

print(r.json())

const inputBody = '{
  "Cards": [
    {
      "Phone": "",
      "ShippingPhone": "",
      "ShippingMethod": "Invalid",
      "DateOfBirth": "",
      "Email": "",
      "GroupId": 0,
      "RulesetId": 0,
      "VirtualCard": false,
      "CustomId": "",
      "InternationalAllowed": false,
      "FirstName": "",
      "LastName": "",
      "NormalizeProfileAddress": false,
      "ProfileAddress": {
        "AddressLine1": "",
        "AddressLine2": "",
        "City": "",
        "State": "",
        "PostalCode": ""
      },
      "NormalizeShippingAddress": false,
      "ShippingAddress": {
        "ContactName": "",
        "AddressLine1": "",
        "AddressLine2": "",
        "City": "",
        "State": "",
        "PostalCode": ""
      }
    }
  ],
  "NormalizeHomeAddress": false,
  "NormalizeShippingAddress": false
}';
const headers = {
  'Content-Type':'application/json',
  'Accept':'application/json',
  'Authorization':'string'
};

fetch('https://coreapi.pexcard.com/v4/Card/CreateAsync',
{
  method: 'POST',
  body: inputBody,
  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

POST /Card/CreateAsync

Create cards for the business. The response to this call is a CardOrderId.

To retrieve card details, including the card AccountId, use GET /Card/CardOrder/{Id}

Cards have an expiration date of 3 years and will renew automatically 60 days prior to expiration. If the card expiration is 01/17, the card will expire on the last day of the month, January 31, 2017.

ShippingMethod is a required field and maps to the same choices available on the admin website:
ShippingMethod = 0 i.e 'FirstClassMail' (10-15 business days) Free
ShippingMethod = 1 i.e 'Expedited' (up to 4 business days) $35
ShippingMethod = 2 i.e 'Rush' (up to 3 business days) $45.
ShippingMethod = 3 i.e 'PriorityMail' (3-5 business days) $10.

non-ASCII characters. Ex: "ñ" not allowed
Cardholder name may only include letters, numbers and the following punctuation symbols: , . - & '
Cardholder first + last names must be no more than 23 characters
Email format: name@domain.com
Date format: MM-DD-YYYY, ex. 01-31-1970
Phone format: 2125551212 or 212-555-1212
Zip Code should be 5 digits: 10018.
Address format: letters, numbers and the following punctuation symbols: . ' () , # - /
City format: letters, numbers and the following punctuation symbols: . ' () , # - /
State format: two letter format ex. "CA"
Max AddressLine1 field length: 26 characters
Max AddressLine2 field length: 26 characters
Max City field length: 25 characters
Country: US
CustomId: User defined Id which can be assigned to Card holder profile (alphanumeric up to 50 characters). This is optional field.
Virtual Card - True to make the card virtual, False to emboss and ship a physical card.

Shipping address is used for card mailing. PEX uses this address for all future card replacements including: lost, stolen, compromised and renewal.
Valid Shipping address need to be populated as part of request while creating new cards.

If PEX card is used for fuel authorizations, transit passes or online purchases, there will be times where the cardholder will have to key in the billing zip code as it appears on the cardholder profile. To avoid issues at the time of purchase, let the cardholder know what their billing (i.e. profile) address is.

If the cardholder enters an invalid Zip Code 2 times, the merchant may refuse to accept additional card swipes. If this occurs, cardholders will have to see the attendant to complete a gas transaction, or use another form of payment.

If the cardholder should have access to dashboard.pexcard.com to review their transaction history, etc., they will need the four (4) digit year of birth from their profile. If you are using a generic value, you will need to convey that to the cardholder.

At card creation, the spend rule defaults are:
- Daily spend limit is NONE
- International spending is OFF
- Card-not-present spending is ON
- All merchant categories are ON.

To add a card account to a group, use GET /Group to retrieve GroupIds
To add spend rules to a card account, use GET /SpendingRuleset to retrieve all the Spend rule sets for your business.

Body parameter

{
  "Cards": [
    {
      "Phone": "",
      "ShippingPhone": "",
      "ShippingMethod": "Invalid",
      "DateOfBirth": "",
      "Email": "",
      "GroupId": 0,
      "RulesetId": 0,
      "VirtualCard": false,
      "CustomId": "",
      "InternationalAllowed": false,
      "FirstName": "",
      "LastName": "",
      "NormalizeProfileAddress": false,
      "ProfileAddress": {
        "AddressLine1": "",
        "AddressLine2": "",
        "City": "",
        "State": "",
        "PostalCode": ""
      },
      "NormalizeShippingAddress": false,
      "ShippingAddress": {
        "ContactName": "",
        "AddressLine1": "",
        "AddressLine2": "",
        "City": "",
        "State": "",
        "PostalCode": ""
      }
    }
  ],
  "NormalizeHomeAddress": false,
  "NormalizeShippingAddress": false
}

Parameters

Example responses

201 Response

{
  "CardOrderId": 0
}

Responses

Emboss and ship physical cards for the business

Code samples

require 'rest-client'
require 'json'

headers = {
  'Content-Type' => 'application/json',
  'Authorization' => 'string'
}

result = RestClient.post 'https://coreapi.pexcard.com/v4/Card/PhysicalEmbossingJob',
  params: {
  }, headers: headers

p JSON.parse(result)

import requests
headers = {
  'Content-Type': 'application/json',
  'Authorization': 'string'
}

r = requests.post('https://coreapi.pexcard.com/v4/Card/PhysicalEmbossingJob', headers = headers)

print(r.json())

const inputBody = '{
  "ShippingPhone": "",
  "ShippingMethod": "Invalid",
  "ShippingAddress": {
    "ContactName": "",
    "AddressLine1": "",
    "AddressLine2": "",
    "City": "",
    "State": "",
    "PostalCode": ""
  },
  "Accounts": [
    0
  ]
}';
const headers = {
  'Content-Type':'application/json',
  'Authorization':'string'
};

fetch('https://coreapi.pexcard.com/v4/Card/PhysicalEmbossingJob',
{
  method: 'POST',
  body: inputBody,
  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

POST /Card/PhysicalEmbossingJob

Emboss and ship physical cards for previously created virtual cards within Expense and Disburse programs. Cannot be used on dedicated virtual card programs.

Action can only be provided once and is not substitute for replacing a compromised or damaged card.

ShippingMethod is a required field and maps to the same choices available on the admin website:
ShippingMethod = 0 i.e 'FirstClassMail' (10-15 business days) Free
ShippingMethod = 1 i.e 'Expedited' (up to 4 business days) $35
ShippingMethod = 2 i.e 'Rush' (up to 3 business days) $45.
ShippingMethod = 3 i.e 'PriorityMail' (3-5 business days) $10.

non-ASCII characters. Ex: "ñ" not allowed
Cardholder name may only include letters, numbers and the following punctuation symbols: , . - & '
Cardholder first + last names must be no more than 23 characters
Email format: name@domain.com
Date format: MM-DD-YYYY, ex. 01-31-1970
Phone format: 2125551212 or 212-555-1212
Zip Code should be 5 digits: 10018.
Address format: letters, numbers and the following punctuation symbols: . ' () , # - /
City format: letters, numbers and the following punctuation symbols: . ' () , # - /
State format: two letter format ex. "CA"
Max AddressLine1 field length: 26 characters
Max AddressLine2 field length: 26 characters
Max City field length: 25 characters
Country: US

Body parameter

{
  "ShippingPhone": "",
  "ShippingMethod": "Invalid",
  "ShippingAddress": {
    "ContactName": "",
    "AddressLine1": "",
    "AddressLine2": "",
    "City": "",
    "State": "",
    "PostalCode": ""
  },
  "Accounts": [
    0
  ]
}

Parameters

Responses

Activate a card

Code samples

require 'rest-client'
require 'json'

headers = {
  'Accept' => 'application/json',
  'Authorization' => 'string'
}

result = RestClient.post 'https://coreapi.pexcard.com/v4/Card/Activate/{id}',
  params: {
  }, headers: headers

p JSON.parse(result)

import requests
headers = {
  'Accept': 'application/json',
  'Authorization': 'string'
}

r = requests.post('https://coreapi.pexcard.com/v4/Card/Activate/{id}', headers = headers)

print(r.json())

const headers = {
  'Accept':'application/json',
  'Authorization':'string'
};

fetch('https://coreapi.pexcard.com/v4/Card/Activate/{id}',
{
  method: 'POST',

  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

POST /Card/Activate/{id}

Activate a card using the card accountID.

A card must be activated before the cardholder can spend. For security reasons, you should not activate a card until it is received by the cardholder.

The PEX system will prevent you from activating a card within 24 hours of creation.

NOTE: If the card is a replacement for an existing, damaged or expiring card, you should use the endpoint /Card/Activate/{id}/{cardid} and make sure the cardholder has the new card prior to activating it. Card activation immediately terminates all other cards on the account, including the one the cardholder is currently using. The card termination process is immediate and NOT reversible.

Parameters

Example responses

200 Response

{}

Responses

• Cannot change status
• Admin does not have permission|None|

Response Schema

Status Code 200

IHttpActionResult

Activate a card for a specified Card ID

Code samples

require 'rest-client'
require 'json'

headers = {
  'Accept' => 'application/json',
  'Authorization' => 'string'
}

result = RestClient.post 'https://coreapi.pexcard.com/v4/Card/Activate/{id}/{cardId}',
  params: {
  }, headers: headers

p JSON.parse(result)

import requests
headers = {
  'Accept': 'application/json',
  'Authorization': 'string'
}

r = requests.post('https://coreapi.pexcard.com/v4/Card/Activate/{id}/{cardId}', headers = headers)

print(r.json())

const headers = {
  'Accept':'application/json',
  'Authorization':'string'
};

fetch('https://coreapi.pexcard.com/v4/Card/Activate/{id}/{cardId}',
{
  method: 'POST',

  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

POST /Card/Activate/{id}/{cardId}

Activate a card using the card accountID and Card ID.

A card must be activated before the cardholder can spend. For security reasons, you should not activate a card until it is received by the cardholder.

The PEX system will prevent you from activating a card within 24 hours of creation.

If the card is a replacement for an existing, damaged or expiring card, make sure the cardholder has the new card prior to activating it. Card activation immediately terminates all other cards on the account, including the one the cardholder is currently using. The card termination process is immediate and NOT reversible.

Parameters

Example responses

200 Response

{}

Responses

• Invalid card ID
• Cannot change status
• Admin does not have permission|None|

Response Schema

Status Code 200

IHttpActionResult

Close a specified card accountId

Code samples

require 'rest-client'
require 'json'

headers = {
  'Accept' => 'application/json',
  'Authorization' => 'string'
}

result = RestClient.post 'https://coreapi.pexcard.com/v4/Card/Terminate/{id}',
  params: {
  }, headers: headers

p JSON.parse(result)

import requests
headers = {
  'Accept': 'application/json',
  'Authorization': 'string'
}

r = requests.post('https://coreapi.pexcard.com/v4/Card/Terminate/{id}', headers = headers)

print(r.json())

const headers = {
  'Accept':'application/json',
  'Authorization':'string'
};

fetch('https://coreapi.pexcard.com/v4/Card/Terminate/{id}',
{
  method: 'POST',

  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

POST /Card/Terminate/{id}

Close a specified card accountId.

Card/Terminate completely closes the card account. Any remaining funds on the card account are returned to the main PEX business account. This action is immediate and NOT reversible.

Parameters

Example responses

200 Response

{}

Responses

• Must be card account ID
• Cannot change status
• Admin does not have permission|None|

Response Schema

Status Code 200

IHttpActionResult

In real-time, change the card status for a specified card accountID.

Code samples

require 'rest-client'
require 'json'

headers = {
  'Content-Type' => 'application/json',
  'Accept' => 'application/json',
  'Authorization' => 'string'
}

result = RestClient.put 'https://coreapi.pexcard.com/v4/Card/Status/{id}',
  params: {
  }, headers: headers

p JSON.parse(result)

import requests
headers = {
  'Content-Type': 'application/json',
  'Accept': 'application/json',
  'Authorization': 'string'
}

r = requests.put('https://coreapi.pexcard.com/v4/Card/Status/{id}', headers = headers)

print(r.json())

const inputBody = '{
  "Status": "Invalid"
}';
const headers = {
  'Content-Type':'application/json',
  'Accept':'application/json',
  'Authorization':'string'
};

fetch('https://coreapi.pexcard.com/v4/Card/Status/{id}',
{
  method: 'PUT',
  body: inputBody,
  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

PUT /Card/Status/{id}

In real-time, change the card status for a specified card accountID.

If you want to temporarily prevent a cardholder from using the card for purchases, you can change the card status from Active to Blocked. Changing card status occurs immediately on a PEX card and is reversible by using this call.

You can either make card status Active or Blocked using this endpoint.
To change card status from Blocked to Active pass 0 in request.
To change card status from Active to Blocked pass 2 in request.

If the card is inactive, you must activate it prior to changing the status to Blocked, use GET /Card/Activate/{Id}.

To find current status of all cards, use GET /Details/AccountDetails/{Id}.

Body parameter

{
  "Status": "Invalid"
}

Parameters

Example responses

200 Response

{}

Responses

• Cannot change status
• Admin does not have permission|None|

Response Schema

Status Code 200

IHttpActionResult

Return remaining limits allowed by the Lifetime Card Funding Limit determined in Business Settings.

Code samples

require 'rest-client'
require 'json'

headers = {
  'Accept' => 'application/json',
  'Authorization' => 'string'
}

result = RestClient.get 'https://coreapi.pexcard.com/v4/Card/LoadLimitRemaining/{id}',
  params: {
  }, headers: headers

p JSON.parse(result)

import requests
headers = {
  'Accept': 'application/json',
  'Authorization': 'string'
}

r = requests.get('https://coreapi.pexcard.com/v4/Card/LoadLimitRemaining/{id}', headers = headers)

print(r.json())

const headers = {
  'Accept':'application/json',
  'Authorization':'string'
};

fetch('https://coreapi.pexcard.com/v4/Card/LoadLimitRemaining/{id}',
{
  method: 'GET',

  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

GET /Card/LoadLimitRemaining/{id}

Return remaining limits allowed by the Lifetime Card Funding Limit determined in Business Settings.
Definition of the returned fields and how the PEX system uses them:

LifetimeLimit: This value is the maximum amount of dollars that can be loaded onto a Cardholder's Account. Note: a value of zero indicates that there is no limit set for the account.

RemainingLimit: The amount of funds that can still be added to an account before exceeding the Lifetime Card Funding Limit (i.e. LifetimeLimit less the total funds added to the account to date). Note: a value of null is returned if the lifetime limit does not exist for the account.

Parameters

Example responses

200 Response

{
  "AccountId": 0,
  "LifetimeLimit": 0.1,
  "RemainingLimit": 0.1
}

Responses

Return all spend rules for a specified card accountID

Code samples

require 'rest-client'
require 'json'

headers = {
  'Accept' => 'application/json',
  'Authorization' => 'string'
}

result = RestClient.get 'https://coreapi.pexcard.com/v4/Card/SpendRules/{id}',
  params: {
  }, headers: headers

p JSON.parse(result)

import requests
headers = {
  'Accept': 'application/json',
  'Authorization': 'string'
}

r = requests.get('https://coreapi.pexcard.com/v4/Card/SpendRules/{id}', headers = headers)

print(r.json())

const headers = {
  'Accept':'application/json',
  'Authorization':'string'
};

fetch('https://coreapi.pexcard.com/v4/Card/SpendRules/{id}',
{
  method: 'GET',

  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

GET /Card/SpendRules/{id}

Return all spend rules for a specified card accountID.

Spend rules dictate where a card can be used to make purchases.

Cardholders using PEX card do not have cash access. ATMs, Money Orders, Money Remittance (e.g. MoneyGram) and other cash transactions, such as purchasing casino chips, will be declined at all times.

At card creation, the spend rule defaults are:
- Daily spend limit NONE
- International spending is OFF
- All merchant categories are ON.

CardNotPresentUse: This property is deprecated in favor of CardPresence.

CardPresence: Control how PEX Card can be used for purchases, either physically present at the point-of-sale or used virtually over the Internet or phone.
0 - Card present (in person) transaction only. If the cardholder only makes purchase in person, choose this option for better fraud protection.
1 - No restrictions. A cardholder can make purchases both in-person and online/over the internet.
2 - Card not present (online) transactions only. If the cardholder only makes purchases over the internet/online, choose this option for better fraud protection.

PEX has combined Merchant Category Codes (MCC) into larger groupings based upon merchant or service type. Below is the list of those combinations with examples of merchant types for each (this is not an exhaustive merchant listing):
- Associations & Organizations: Post Office, local and federal government services, religious organizations
- Automotive dealers: Vehicle dealerships (car, RV, motorcycle, boat, recreational)
- Educational services: Schools, training programs
- Entertainment: Movies, bowling, golf, sports clubs
- Fuel & Convenience stores: Service stations (non-pump purchases), miscellaneous food stores, convenience stores and specialty markets
- Grocery stores: Food, bakeries, candy
- Healthcare & Childcare services: Medical services, hospitals, daycare
- Professional services: Heating, plumbing, HVAC, freight, storage, utilities, fuel oil, coal, dry cleaners
- Restaurants: Fast food and sit-down restaurants
- Retail stores: Clothing, office supplies, hardware, building supplies, furniture, electronics
- Travel & transportation: Airlines, rental cars, trains, tolls, hotels, parking
- Fuel Pump Only: Outdoor fuel pumps(i.e. Pay at the Pump).

Parameters

Example responses

200 Response

{
  "SpendRules": {
    "UseMerchantCategory": false,
    "MerchantCategories": {
      "AssociationsAndOrganizations": false,
      "AutomotiveDealers": false,
      "EducationalServices": false,
      "Entertainment": false,
      "FuelAndConvenienceStores": false,
      "GroceryStores": false,
      "HealthcareAndChildcareServices": false,
      "ProfessionalServices": false,
      "Restaurants": false,
      "RetailStores": false,
      "TravelAndTransportation": false,
      "FuelPumpOnly": false,
      "HardwareStores": false
    },
    "InternationalSpendEnabled": false,
    "IsDailySpendLimitEnabled": false,
    "DailySpendLimit": 0.1,
    "CardNotPresentUse": false,
    "CardPresence": 0,
    "UsePexAccountBalanceForAuths": false,
    "UseCustomerAuthDecision": false
  }
}

Responses

Create spend rules for a specified card accountID

Code samples

require 'rest-client'
require 'json'

headers = {
  'Content-Type' => 'application/json',
  'Accept' => 'application/json',
  'Authorization' => 'string'
}

result = RestClient.put 'https://coreapi.pexcard.com/v4/Card/SpendRules/{id}',
  params: {
  }, headers: headers

p JSON.parse(result)

import requests
headers = {
  'Content-Type': 'application/json',
  'Accept': 'application/json',
  'Authorization': 'string'
}

r = requests.put('https://coreapi.pexcard.com/v4/Card/SpendRules/{id}', headers = headers)

print(r.json())

const inputBody = '{
  "MerchantCategories": {
    "AssociationsAndOrganizations": false,
    "AutomotiveDealers": false,
    "EducationalServices": false,
    "Entertainment": false,
    "FuelAndConvenienceStores": false,
    "GroceryStores": false,
    "HealthcareAndChildcareServices": false,
    "ProfessionalServices": false,
    "Restaurants": false,
    "RetailStores": false,
    "TravelAndTransportation": false,
    "FuelPumpOnly": false,
    "HardwareStores": false
  },
  "InternationalSpendEnabled": false,
  "DailySpendLimit": 0.1,
  "CardNotPresentUse": false,
  "CardPresence": 0,
  "UsePexAccountBalanceForAuths": false,
  "UseCustomerAuthDecision": false
}';
const headers = {
  'Content-Type':'application/json',
  'Accept':'application/json',
  'Authorization':'string'
};

fetch('https://coreapi.pexcard.com/v4/Card/SpendRules/{id}',
{
  method: 'PUT',
  body: inputBody,
  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

PUT /Card/SpendRules/{id}

Create spend rules for a specified card accountID.

Spend rules dictate where a card can be used to make purchases and can be used to set a per day spending limit. Changes to spend rules happen in real-time. Be sure the cardholder is aware of the limitations being set.

If your business allows cardholders to "Use your PEX Account balance" for transactions, you must set a value for "DailySpendLimit" for those cardholders. The "DailySpendLimit" value must be less than or equal to the PEX assigned daily spend limit for your business (typically $5,000 USD).

Cardholders using PEX do not have cash access. ATMs, Money Orders, Money Remittance (e.g. MoneyGram) and other cash transactions, such as purchasing casino chips, will be declined at all times.

CardNotPresentUse: This property is deprecated in favor of CardPresence.

CardPresence: Control how PEX Card can be used for purchases, either physically present at the point-of-sale or used virtually over the Internet or phone.
0 - Card present (in person) transaction only. If the cardholder only makes purchase in person, choose this option for better fraud protection.
1 - No restrictions. A cardholder can make purchases both in-person and online/over the internet.
2 - Card not present (online) transactions only. If the cardholder only makes purchases over the internet/online, choose this option for better fraud protection.

International spending is turned OFF by default. To keep fraud to a minimum, we suggest you leave 'InternationalSpendEnabled' = false. If a cardholder is traveling internationally, or needs to make purchases from international websites/merchants, change 'InternationalSpendEnabled' = true. US sanctioned countries will always be declined, see list of sanctioned countries on dashboard.pexcard.com in FAQ (found in the footer).

Padding for Restaurant: At non-fast food locations, card authorization is (typically) for total plus 20% of total (ex. bill total $56.00 + $11.20 (20%) = $67.20 authorization amount). If the cardholder spends at restaurants, please be sure to allow for the additional 20%.

Gas Purchases at Automated Fuel Dispensers (AFDs): AFDs will authorize for a minimum $50.00 and settle for the amount of gas pumped (whether the purchase is above or below $50.00). So setting a daily spend limit of $30.00 means a cardholder cannot purchase fuel at the gas pump.

PEX has combined Merchant Category Codes (MCC) into larger groupings based upon merchant or service type. Below is the list of those combinations with examples of merchant types for each (this is not an exhaustive merchant listing): - Associations & organizations: Post Office, local and federal government services, religious organizations
- Automotive dealers: Vehicle dealerships (car, RV, motorcycle, boat, recreational)
- Educational services: Schools, training programs
- Entertainment: Movies, bowling, golf, sports clubs
- Fuel & Convenience stores: Service stations (non-pump purchases), miscellaneous food stores, convenience stores and specialty markets
- Grocery stores: Food, bakeries, candy
- Healthcare & Childcare services: Medical services, hospitals, daycare
- Professional services: Heating, plumbing, HVAC, freight, storage, utilities, fuel oil, coal, dry cleaners
- Restaurants: Fast food and sit-down restaurants
- Retail stores: Clothing, office supplies, hardware, building supplies, furniture, electronics
- Travel & transportation: Airlines, rental cars, trains, tolls, hotels, parking
- Fuel Pump Only: Outdoor fuel pumps(i.e. Pay at the Pump).

Body parameter

{
  "MerchantCategories": {
    "AssociationsAndOrganizations": false,
    "AutomotiveDealers": false,
    "EducationalServices": false,
    "Entertainment": false,
    "FuelAndConvenienceStores": false,
    "GroceryStores": false,
    "HealthcareAndChildcareServices": false,
    "ProfessionalServices": false,
    "Restaurants": false,
    "RetailStores": false,
    "TravelAndTransportation": false,
    "FuelPumpOnly": false,
    "HardwareStores": false
  },
  "InternationalSpendEnabled": false,
  "DailySpendLimit": 0.1,
  "CardNotPresentUse": false,
  "CardPresence": 0,
  "UsePexAccountBalanceForAuths": false,
  "UseCustomerAuthDecision": false
}

Parameters

Example responses

200 Response

{}

Responses

• Must be card account ID
• Account closed|None|

Response Schema

Status Code 200

HttpResponseMessage

Return all advanced spend rules for a specified card accountID

Code samples

require 'rest-client'
require 'json'

headers = {
  'Accept' => 'application/json',
  'Authorization' => 'string'
}

result = RestClient.get 'https://coreapi.pexcard.com/v4/Card/SpendRules/{id}/Advanced',
  params: {
  }, headers: headers

p JSON.parse(result)

import requests
headers = {
  'Accept': 'application/json',
  'Authorization': 'string'
}

r = requests.get('https://coreapi.pexcard.com/v4/Card/SpendRules/{id}/Advanced', headers = headers)

print(r.json())

const headers = {
  'Accept':'application/json',
  'Authorization':'string'
};

fetch('https://coreapi.pexcard.com/v4/Card/SpendRules/{id}/Advanced',
{
  method: 'GET',

  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

GET /Card/SpendRules/{id}/Advanced

Return all advanced spend rules for a specified card accountID.

Advanced spend rules dictate where a card can be used to make purchases.

Cardholders using PEX card do not have cash access. ATMs, Money Orders, Money Remittance (e.g. MoneyGram) and other cash transactions, such as purchasing casino chips, will be declined at all times.

At card creation, the advanced spend rule defaults are:
- Daily spend limit NONE
- Weekly spend limit NONE
- Monthly spend limit NONE
- Yearly spend limit NONE
- Lifetime spend limit NONE
- International spending is OFF
- All merchant categories are ON.

CardNotPresentEnabled: This parameter is deprecated in favor of CardPresence.

CardPresence: Control how PEX Card can be used for purchases, either physically present at the point-of-sale or used virtually over the Internet or phone.
0 - Card present (in person) transaction only. If the cardholder only makes purchase in person, choose this option for better fraud protection.
1 - No restrictions. A cardholder can make purchases both in-person and online/over the internet.
2 - Card not present (online) transactions only. If the cardholder only makes purchases over the internet/online, choose this option for better fraud protection.

DaysOfWeekRestrictions: This parameter allows a card to be used only on specific days of the week. If empty, all days are valid. Days are comma delimited array values. E.g. Allow only weekends: ["Saturday", "Sunday"]

UsStateRestrictions: This parameter allows a card to be used only in certain US States. If empty, all US States are valid. States are abbriviated comma delimited array values. E.g. Allow only New York and New Jersey: ["NY","NJ"]

PEX has combined Merchant Category Codes (MCC) into larger groupings based upon merchant or service type. Below is the list of those combinations with examples of merchant types for each (this is not an exhaustive merchant listing):
- Associations & Organizations: Post Office, local and federal government services, religious organizations
- Automotive dealers: Vehicle dealerships (car, RV, motorcycle, boat, recreational)
- Educational services: Schools, training programs
- Entertainment: Movies, bowling, golf, sports clubs
- Fuel & Convenience stores: Service stations (non-pump purchases), miscellaneous food stores, convenience stores and specialty markets
- Grocery stores: Food, bakeries, candy
- Healthcare & Childcare services: Medical services, hospitals, daycare
- Professional services: Heating, plumbing, HVAC, freight, storage, utilities, fuel oil, coal, dry cleaners
- Restaurants: Fast food and sit-down restaurants
- Retail stores: Clothing, office supplies, hardware, building supplies, furniture, electronics
- Travel & transportation: Airlines, rental cars, trains, tolls, hotels, parking
- Fuel Pump Only: Outdoor fuel pumps(i.e. Pay at the Pump).