Skip to main content
Global Issue Visa & Mastercard cards in 180+ countries via one API — no bank queue, no volume minimums. See pricing →

Products & Program

Card Types

Regions

Industries

Pricing
English English Français Français
Login Get Started

Card Issuing · Developer APIs

Card Issuing API
Ship Programs in Days

One API call to issue virtual and physical cards, manage cardholders, and process transactions. Production-ready SDKs, real-time webhooks, and a sandbox that mirrors live — so you can go from first line of code to first card issued, fast.

Get API Keys Read the Docs
Issue a card with one API call

~ms

Avg. Response Time

%

Uptime SLA

K+

Requests / sec

Free sandbox · No credit card required

Your sandbox mirrors production exactly.

Same endpoints, signed webhooks, simulated declines. Add one header to test — remove it to go live.

Get API Keys

Card Issuing API Infrastructure Built for Production

No surprises when you go live. The same infrastructure that handles millions of transactions is available to you from the first API call.

Scalability

Rate Limits That Scale With You

Start at 500 req/s on free tier — burst headroom included. Every response carries X-RateLimit-Remaining and X-RateLimit-Reset so your client can back off cleanly. Enterprise limits are raised via a single support ticket, no re-provisioning.

X-RateLimit-RemainingX-RateLimit-Reset10K+ req/sec peakBurst headroom
Security

Your Server Never Touches a PAN

Card numbers are tokenized at issuance — your API responses contain a network_token, not a raw PAN. Webhook payloads are signed with HMAC-SHA256; verify the X-Fyatu-Signature header before processing. PCI DSS Level 1 certified.

HMAC-SHA256 webhooksX-Fyatu-SignaturePCI DSS L1TLS 1.3
Reliability

Incidents Surface Before You Page On-Call

Multi-region active-active deployment with automatic failover under 30 s. Subscribe to status.fyatu.com for push alerts on any degradation. 99.9% uptime SLA with financial credits if breached.

status.fyatu.com<30s failover99.9% SLAActive-active
Developer Experience

Test Mode Is One Header Away

Sandbox uses the exact same endpoints as production — no separate base URL. Pass X-Fyatu-Mode: test to run simulated authorizations, trigger declined-card scenarios, and fire test webhooks to your local ngrok tunnel. Flip to live by removing the header.

X-Fyatu-Mode: testSimulated declinesWebhook replaySame endpoints
api.fyatu.com  ·  v3  ·  REST + Webhooks

Everything Documented, Nothing Hidden

From your first GET request to production-grade webhook handling — three resources that cover the full integration path.

docs.fyatu.com/v3/introduction

Get Started

Introduction
Authentication
Quickstart
Errors & Codes

Cards

Issue a Card
Cardholder KYC
Card Controls

Collections

Mobile Money
Bank Transfer
Docs › Get Started › Introduction
Introduction
The Fyatu API is organized around REST. Our API has predictable resource-oriented URLs, accepts JSON bodies, and returns JSON-encoded responses using standard HTTP response codes.
Base URL
https://api.fyatu.com/v3
All requests require an Authorization: Bearer <key> header.

Documentation

Step-by-step guides covering authentication, card issuance, KYC flows, and common integration patterns
docs.fyatu.com/v3/api-reference/cards

Cards

POST /cards
GET /cards/:id
PATCH /cards/:id/controls
DEL /cards/:id

Collections

POST /collections
GET /collections/:id

Payouts

POST /payouts
POST /v3/cards Try it →

Request Body

{
"cardholderId": "ch_...",
"name": "J. WILSON",
"amount": 100,
"type": "MASTERCARD"
}

Response

201
{
"id": "card_01j...",
"status": "active",
"last4": "4242"
}

API Reference

Full REST reference: every endpoint, request schema, response shape, and error code in one place
dashboard.fyatu.com/developers/webhooks
Webhook Events
Live Last 24h
Code Event type Time Amount
200 card.authorization 0s ago $42.00
200 card.authorization 2s ago $12.50
200 payout.completed 14s ago $250.00
fail card.declined 1m ago $8.99
200 collection.successful 3m ago $100.00

Webhooks

Event catalogue with payload schemas, signature verification, retry logic, and delivery guarantees

Integration walkthrough

From zero to first card
in four API calls

POST /v3/cards
TEST /v3/cards · X-Fyatu-Mode: test
PATCH /v3/cards/:id/controls
EVENT card.authorization → your endpoint
api.fyatu.com

Request

POST /v3/cards
Authorization: Bearer sk_live_•••
Content-Type: application/json
{
"cardholderId": "ch_01jx4k...",
"type": "MASTERCARD_VIRTUAL",
"currency": "USD",
"amount": 5000
}

Response · 201 Created

{
"id": "card_01jx8p...",
"status": "active",
"last4": "4242",
"network_token": "tok_xr..."
}

Request · sandbox mode

POST /v3/cards
Authorization: Bearer sk_live_•••
X-Fyatu-Mode: test ← sandbox mode
X-Fyatu-Simulate: decline_nsf ← trigger NSF
{
"cardholderId": "ch_01jx4k...",
"type": "MASTERCARD_VIRTUAL"
}

Webhook fired · card.authorization.declined

{
"event": "card.authorization.declined",
"data": {
"reason": "insufficient_funds",
"card_id": "card_test_..."
}
}

Request

PATCH /v3/cards/card_01jx8p.../controls
Authorization: Bearer sk_live_•••
{
"daily_limit": 20000,
"allowed_mcc": ["5411", "5812"],
"blocked_countries": ["RU", "BY"]
}

Response · 200 OK

{
"controls": {
"daily_limit": 20000,
"effective_at": "next_authorization"
}
}

Inbound · to your endpoint

POST https://your-server.com/webhooks
X-Fyatu-Signature: sha256=a1b2c3d4e5...
X-Fyatu-Event: card.authorization
{
"event": "card.authorization",
"data": {
"card_id": "card_01jx8p...",
"amount": 4200,
"merchant": "Carrefour Lagos",
"decision": "approved"
}
}

Every Feature Exposed as an API

No dashboards required. Every card behaviour — spending rules, wallet tokens, FX conversion, auth challenges — is set and queried over REST.

JIT Authorization Webhooks

Intercept every authorization before it approves or declines. Your endpoint receives the full transaction context and returns an allow/deny decision in under 2 s — giving you programmable spend controls without a card reissue.

Per-Card Spend Controls

PATCH /v1/cards/:id/controls to whitelist MCC groups, cap daily spend, block specific merchant countries, or enforce velocity windows. Changes take effect on the next authorization — no card reissue needed.

Apple Pay & Google Pay Provisioning

POST /v1/cards/:id/wallet-tokens returns an encrypted payment token ready for PassKit or Google Pay push provisioning. No browser SDK, no redirect — your backend calls one endpoint and the wallet is live.

Stablecoin & Multi-Currency Funding

Fund card balances from EVM-compatible wallets (USDT/USDC on-chain) or fiat accounts. Automatic FX at settlement with rates locked at authorization time — visible in every transaction object.

3DS2 with Frictionless Flow

Every card is enrolled in 3DS2 by default. Low-risk transactions skip the challenge and complete frictionless; high-risk ones return an acs_url for your frontend. Friction level is tunable per card via the API.

The API design is clean — consistent naming, predictable error shapes, and the sandbox mirrors production exactly. We went from zero to issuing live cards in under two weeks.
LE

Lead Engineer

Card Issuing Integration · African Fintech

Download Fyatu & Take Control

Get your Fyatu card in seconds. Pay online, in-store, and across borders — and manage every transaction from your phone.

Get it on Google Play Download on the App Store