vellTRDocs
API ReferenceCustomersAttach Saved Card

Attach Saved Card

POST/v1/customers/{id}/cardsRecommended

Attach a vault token to a customer for later saved-card charges. The token is bound to the customer inside card-vault in the same transaction.

Authentication

Signature Pattern

HMAC-SHA256(secretKey, "{timestamp}\nPOST\n/v1/customers/{id}/cards\n{sha256(body)}")
HeaderValueDescription
X-Api-Keypk_live_a1b2c3d4e5f6g7h8Merchant public API key
X-Signature{hmac_sha256_hex}Hex HMAC-SHA256 request signature
X-Timestamp2026-04-13T10:00:00ZISO 8601 UTC request time (±5 min)

Request Parameters

NameTypeRequiredDescription
cardTokenstringRequiredVault token (tok_…) to attach
isDefaultbooleanOptionalMake this the customer default card

Request Example

JSONRequest Body
{
  "cardToken": "tok_9f8e7d6c5b4a",
  "isDefault": true
}

Response Parameters

FieldTypeExample
idstring"cuc_2b3c4d5e6f70"
customerIdstring"cus_a1b2c3d4e5f6"
cardTokenstring"tok_9f8e7d6c5b4a"
last4string"4321"
binstring"415565"
brandstring"visa"
expMonthinteger12
expYearinteger2028
isDefaultbooleantrue
createdAtstring"2026-04-13T10:05:00Z"

Response Example

JSONResponse
{
  "id": "cuc_2b3c4d5e6f70",
  "customerId": "cus_a1b2c3d4e5f6",
  "cardToken": "tok_9f8e7d6c5b4a",
  "last4": "4321",
  "bin": "415565",
  "brand": "visa",
  "expMonth": 12,
  "expYear": 2028,
  "isDefault": true,
  "createdAt": "2026-04-13T10:05:00Z"
}

Status Codes

200Success
201Created
400Bad Request
401Unauthorized
404Not Found
429Rate Limited
Try itMock
POSThttps://api.pay.sandbox.kvell.group