Attach Saved Card
POST
/v1/customers/{id}/cardsRecommendedAttach a vault token to a customer for later saved-card charges. The token is bound to the customer inside card-vault in the same transaction.
Authentication
Signature Pattern
HMAC-SHA256(secretKey, "{timestamp}\nPOST\n/v1/customers/{id}/cards\n{sha256(body)}")| Header | Value | Description |
|---|---|---|
X-Api-Key | pk_live_a1b2c3d4e5f6g7h8 | Merchant public API key |
X-Signature | {hmac_sha256_hex} | Hex HMAC-SHA256 request signature |
X-Timestamp | 2026-04-13T10:00:00Z | ISO 8601 UTC request time (±5 min) |
Request Parameters
| Name | Type | Required | Description |
|---|---|---|---|
cardToken | string | Required | Vault token (tok_…) to attach |
isDefault | boolean | Optional | Make this the customer default card |
Request Example
JSONRequest Body
{
"cardToken": "tok_9f8e7d6c5b4a",
"isDefault": true
}Response Parameters
| Field | Type | Example |
|---|---|---|
id | string | "cuc_2b3c4d5e6f70" |
customerId | string | "cus_a1b2c3d4e5f6" |
cardToken | string | "tok_9f8e7d6c5b4a" |
last4 | string | "4321" |
bin | string | "415565" |
brand | string | "visa" |
expMonth | integer | 12 |
expYear | integer | 2028 |
isDefault | boolean | true |
createdAt | string | "2026-04-13T10:05:00Z" |
Response Example
JSONResponse
{
"id": "cuc_2b3c4d5e6f70",
"customerId": "cus_a1b2c3d4e5f6",
"cardToken": "tok_9f8e7d6c5b4a",
"last4": "4321",
"bin": "415565",
"brand": "visa",
"expMonth": 12,
"expYear": 2028,
"isDefault": true,
"createdAt": "2026-04-13T10:05:00Z"
}Status Codes
200Success
201Created
400Bad Request
401Unauthorized
404Not Found
429Rate Limited
Try itMock
POSThttps://api.pay.sandbox.kvell.group