Lithic Cards API

Issue and manage virtual and physical cards - create, update, reissue, renew, and convert virtual cards to physical; card programs, digital card art, bulk card orders, card balances and financial transactions, the embedded card UI, and Apple Pay / Google Pay push provisioning.

OpenAPI Specification

lithic-com-openapi.yml Raw ↑
openapi: 3.0.3
info:
  title: Lithic API
  description: >-
    The Lithic API is a card issuing and issuer-processor platform for issuing
    virtual and physical cards, authorizing and clearing transactions, moving
    money across ledgered financial accounts, and managing the full card
    lifecycle - KYC/KYB account holder onboarding, authorization rules and
    real-time Auth Stream Access (ASA) decisioning, disputes, tokenization into
    digital wallets, 3DS authentication, ACH payments, book transfers, external
    payments, settlement reporting, and fraud/transaction monitoring. This
    document curates the real, published Lithic OpenAPI 3.1 definitions
    (https://github.com/lithic-com/lithic-openapi) into the endpoint surface
    referenced by this apis.yml, expressed as OpenAPI 3.0.3 with lightweight
    response schemas. Requests are authenticated with an API key sent as the
    raw value of the Authorization header (not a Bearer token).
  version: "1.0.0"
  contact:
    name: Lithic
    url: https://www.lithic.com
  license:
    name: Apache 2.0
    url: https://www.apache.org/licenses/LICENSE-2.0.txt
servers:
  - url: https://api.lithic.com
    description: Production
  - url: https://sandbox.lithic.com
    description: Sandbox (mirrors production functionality)
security:
  - ApiKeyAuth: []
tags:
  - name: "3DS"
    description: "3D Secure e-commerce authentication and decisioning."
  - name: "Account"
    description: "Top-level program accounts and their spend limits."
  - name: "Account Holder"
    description: "KYC/KYB onboarding and management of individual and business account holders."
  - name: "Auth Stream Access (ASA)"
    description: "Real-time HTTP webhook authorization decisioning in the transaction path."
  - name: "Auth Rules"
    description: "Programmable v2 authorization rules, versions, drafts, backtests, and evaluation results."
  - name: "Balance"
    description: "Available and pending balances for financial accounts."
  - name: "Book Transfer"
    description: "Internal ledger transfers between financial accounts."
  - name: "Card"
    description: "Virtual and physical card issuance, lifecycle, and digital wallet provisioning."
  - name: "Card Authorizations"
    description: "Responses to real-time authorization challenges."
  - name: "Card Bulk Orders"
    description: "Bulk physical card ordering."
  - name: "Credit Product"
    description: "Credit product configuration, extended credit, and prime rates."
  - name: "Chargeback"
    description: "Legacy v1 dispute (chargeback) submission and evidence."
  - name: "Event"
    description: "Events API and webhook event subscription management."
  - name: "External Bank Account"
    description: "External bank accounts used for ACH payments, with prenote and micro-deposit verification."
  - name: "External Payments"
    description: "Recording and reconciling payments that move outside of Lithic-initiated rails."
  - name: "Financial Account"
    description: "Ledgered financial accounts, credit configuration, and account activity."
  - name: "Fraud Report"
    description: "Fraud reporting on card transactions."
  - name: "Funding Events"
    description: "Card program funding event reporting."
  - name: "Hold"
    description: "Holds placed against financial account balances."
  - name: "Managed Disputes"
    description: "v2 managed disputes (read surface for Lithic-managed dispute handling)."
  - name: "Management Operations"
    description: "Manual ledger adjustments and corrections."
  - name: "Network Program"
    description: "Card network program metadata."
  - name: "Payment"
    description: "ACH payments between Lithic financial accounts and external bank accounts."
  - name: "Responder Endpoints"
    description: "Registration of HTTP endpoints that receive Auth Stream Access (ASA) requests."
  - name: "Settlement Report"
    description: "Daily settlement detail, summary, and network total reporting."
  - name: "Statements"
    description: "Financial account statements, line items, and loan tapes for credit products."
  - name: "Status"
    description: "API status check."
  - name: "Tokenization"
    description: "Digital wallet tokenization (Apple Pay / Google Pay / Samsung Pay) lifecycle and decisioning."
  - name: "Transaction"
    description: "Card transaction authorization, clearing, and simulation."
  - name: "Transaction Monitoring"
    description: "Fraud/AML case and queue management for flagged transactions."
paths:
  /v1/account_holders:
    get:
      operationId: getAccountHolders
      tags:
        - "Account Holder"
      summary: "Get a list of individual or business account holders"
      description: "Get a list of individual or business account holders and their KYC or KYB evaluation status."
      responses:
        '200':
          description: Successful response.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/AccountHolder'
        '401':
          $ref: '#/components/responses/Unauthorized'
        '422':
          $ref: '#/components/responses/ValidationError'
    post:
      operationId: postAccountHolders
      tags:
        - "Account Holder"
      summary: "Create an individual or business account holder"
      description: "Create an account holder and initiate the appropriate onboarding workflow. Account holders and accounts have a 1:1 relationship. When an account holder is successfully created an associated account is also created. All calls to this endpoint will return a synchronous response. The response time wil"
      requestBody:
        required: true
        content:
          application/json:
            schema:
              type: object
              additionalProperties: true
      responses:
        '200':
          description: Successful response.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/AccountHolder'
        '401':
          $ref: '#/components/responses/Unauthorized'
        '422':
          $ref: '#/components/responses/ValidationError'
  /v1/account_holders/{account_holder_token}:
    get:
      operationId: getAccountHolder
      tags:
        - "Account Holder"
      summary: "Get an individual or business account holder"
      description: "Get an Individual or Business Account Holder and/or their KYC or KYB evaluation status."
      responses:
        '200':
          description: Successful response.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/AccountHolder'
        '401':
          $ref: '#/components/responses/Unauthorized'
        '422':
          $ref: '#/components/responses/ValidationError'
    patch:
      operationId: patchAccountHolder
      tags:
        - "Account Holder"
      summary: "Update account holder information and possibly resubmit for evaluation"
      description: "Update the information associated with a particular account holder (including business owners and control persons associated to a business account). If Lithic is performing KYB or KYC and additional verification is required we will run the individual's or business's updated information again and ret"
      requestBody:
        required: true
        content:
          application/json:
            schema:
              type: object
              additionalProperties: true
      responses:
        '200':
          description: Successful response.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/AccountHolder'
        '401':
          $ref: '#/components/responses/Unauthorized'
        '422':
          $ref: '#/components/responses/ValidationError'
  /v1/account_holders/{account_holder_token}/documents:
    get:
      operationId: getAccountHolderDocuments
      tags:
        - "Account Holder"
      summary: "Get account holder document uploads"
      description: "Retrieve the status of account holder document uploads, or retrieve the upload URLs to process your image uploads. Note that this is not equivalent to checking the status of the KYC evaluation overall (a document may be successfully uploaded but not be sufficient for KYC to pass). In the event you"
      responses:
        '200':
          description: Successful response.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/AccountHolder'
        '401':
          $ref: '#/components/responses/Unauthorized'
        '422':
          $ref: '#/components/responses/ValidationError'
    post:
      operationId: postAccountHolderDocuments
      tags:
        - "Account Holder"
      summary: "Initiate account holder document upload"
      description: "Use this endpoint to identify which type of supported government-issued documentation you will upload for further verification. It will return two URLs to upload your document images to - one for the front image and one for the back image. This endpoint is only valid for evaluations in a `PENDING_D"
      requestBody:
        required: true
        content:
          application/json:
            schema:
              type: object
              additionalProperties: true
      responses:
        '200':
          description: Successful response.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/AccountHolder'
        '401':
          $ref: '#/components/responses/Unauthorized'
        '422':
          $ref: '#/components/responses/ValidationError'
  /v1/account_holders/{account_holder_token}/documents/{document_token}:
    get:
      operationId: getAccountHolderDocumentByToken
      tags:
        - "Account Holder"
      summary: "Get account holder document upload status"
      description: "Check the status of an account holder document upload, or retrieve the upload URLs to process your image uploads. Note that this is not equivalent to checking the status of the KYC evaluation overall (a document may be successfully uploaded but not be sufficient for KYC to pass). In the event your"
      responses:
        '200':
          description: Successful response.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/AccountHolder'
        '401':
          $ref: '#/components/responses/Unauthorized'
        '422':
          $ref: '#/components/responses/ValidationError'
  /v1/account_holders/{account_holder_token}/entities:
    post:
      operationId: postAccountHolderEntities
      tags:
        - "Account Holder"
      summary: "Create a new beneficial owner individual or replace the existing control person entity"
      description: "Create a new beneficial owner individual or replace the control person entity on an existing KYB account holder. This endpoint is only applicable for account holders enrolled through a KYB workflow with the Persona KYB provider. A new control person can only replace the existing one. A maximum of 4"
      requestBody:
        required: true
        content:
          application/json:
            schema:
              type: object
              additionalProperties: true
      responses:
        '200':
          description: Successful response.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/AccountHolder'
        '401':
          $ref: '#/components/responses/Unauthorized'
        '422':
          $ref: '#/components/responses/ValidationError'
  /v1/account_holders/{account_holder_token}/entities/{entity_token}:
    delete:
      operationId: deleteAccountHolderEntity
      tags:
        - "Account Holder"
      summary: "Deactivate a beneficial owner individual"
      description: "Deactivate a beneficial owner individual on an existing KYB account holder. Only beneficial owner individuals can be deactivated."
      responses:
        '200':
          description: Successful response.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/AccountHolder'
        '401':
          $ref: '#/components/responses/Unauthorized'
        '422':
          $ref: '#/components/responses/ValidationError'
  /v1/accounts:
    get:
      operationId: getAccounts
      tags:
        - "Account"
      summary: "List accounts"
      description: "List account configurations."
      responses:
        '200':
          description: Successful response.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/Account'
        '401':
          $ref: '#/components/responses/Unauthorized'
        '422':
          $ref: '#/components/responses/ValidationError'
  /v1/accounts/{account_token}:
    get:
      operationId: getAccountByToken
      tags:
        - "Account"
      summary: "Get account"
      description: "Get account configuration such as spend limits."
      responses:
        '200':
          description: Successful response.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/Account'
        '401':
          $ref: '#/components/responses/Unauthorized'
        '422':
          $ref: '#/components/responses/ValidationError'
    patch:
      operationId: patchAccountByToken
      tags:
        - "Account"
      summary: "Update account"
      description: "Update account configuration such as state or spend limits. Can only be run on accounts that are part of the program managed by this API key. Accounts that are in the `PAUSED` state will not be able to transact or create new cards."
      requestBody:
        required: true
        content:
          application/json:
            schema:
              type: object
              additionalProperties: true
      responses:
        '200':
          description: Successful response.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/Account'
        '401':
          $ref: '#/components/responses/Unauthorized'
        '422':
          $ref: '#/components/responses/ValidationError'
  /v1/accounts/{account_token}/spend_limits:
    get:
      operationId: getAccountSpendLimits
      tags:
        - "Account"
      summary: "Get account's available spend limits"
      description: "Get an Account's available spend limits, which is based on the spend limit configured on the Account and the amount already spent over the spend limit's duration. For example, if the Account has a daily spend limit of $1000 configured, and has spent $600 in the last 24 hours, the available spend lim"
      responses:
        '200':
          description: Successful response.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/Account'
        '401':
          $ref: '#/components/responses/Unauthorized'
        '422':
          $ref: '#/components/responses/ValidationError'
  /v2/auth_rules:
    post:
      tags:
        - "Auth Rules"
      summary: "Create a new rule"
      description: "Creates a new V2 Auth rule in draft mode"
      requestBody:
        required: true
        content:
          application/json:
            schema:
              type: object
              additionalProperties: true
      responses:
        '200':
          description: Successful response.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/AuthRules'
        '401':
          $ref: '#/components/responses/Unauthorized'
        '422':
          $ref: '#/components/responses/ValidationError'
    get:
      tags:
        - "Auth Rules"
      summary: "List rules"
      description: "Lists V2 Auth rules"
      responses:
        '200':
          description: Successful response.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/AuthRules'
        '401':
          $ref: '#/components/responses/Unauthorized'
        '422':
          $ref: '#/components/responses/ValidationError'
  /v2/auth_rules/{auth_rule_token}:
    get:
      tags:
        - "Auth Rules"
      summary: "Fetch a rule"
      description: "Fetches a V2 Auth rule by its token"
      responses:
        '200':
          description: Successful response.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/AuthRules'
        '401':
          $ref: '#/components/responses/Unauthorized'
        '422':
          $ref: '#/components/responses/ValidationError'
    patch:
      tags:
        - "Auth Rules"
      summary: "Update a rule"
      description: "Updates a V2 Auth rule's properties If `account_tokens`, `card_tokens`, `program_level`, `excluded_card_tokens`, `excluded_account_tokens`, or `excluded_business_account_tokens` is provided, this will replace existing associations with the provided list of entities."
      requestBody:
        required: true
        content:
          application/json:
            schema:
              type: object
              additionalProperties: true
      responses:
        '200':
          description: Successful response.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/AuthRules'
        '401':
          $ref: '#/components/responses/Unauthorized'
        '422':
          $ref: '#/components/responses/ValidationError'
    delete:
      tags:
        - "Auth Rules"
      summary: "Delete a rule"
      description: "Deletes a V2 Auth rule"
      responses:
        '200':
          description: Successful response.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/AuthRules'
        '401':
          $ref: '#/components/responses/Unauthorized'
        '422':
          $ref: '#/components/responses/ValidationError'
  /v2/auth_rules/{auth_rule_token}/draft:
    post:
      tags:
        - "Auth Rules"
      summary: "Draft a new rule version"
      description: "Creates a new draft version of a rule that will be ran in shadow mode. This can also be utilized to reset the draft parameters, causing a draft version to no longer be ran in shadow mode."
      requestBody:
        required: true
        content:
          application/json:
            schema:
              type: object
              additionalProperties: true
      responses:
        '200':
          description: Successful response.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/AuthRules'
        '401':
          $ref: '#/components/responses/Unauthorized'
        '422':
          $ref: '#/components/responses/ValidationError'
  /v2/auth_rules/{auth_rule_token}/features:
    get:
      tags:
        - "Auth Rules"
      summary: "Calculated Feature values"
      description: "Fetches the current calculated Feature values for the given Auth Rule This only calculates the features for the active version. - VelocityLimit Rules calculates the current Velocity Feature data. This requires a `card_token` or `account_token` matching what the rule is Scoped to. - ConditionalBlock"
      responses:
        '200':
          description: Successful response.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/AuthRules'
        '401':
          $ref: '#/components/responses/Unauthorized'
        '422':
          $ref: '#/components/responses/ValidationError'
  /v2/auth_rules/{auth_rule_token}/promote:
    post:
      tags:
        - "Auth Rules"
      summary: "Promote a rule version"
      description: "Promotes the draft version of an Auth rule to the currently active version such that it is enforced in the respective stream."
      responses:
        '200':
          description: Successful response.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/AuthRules'
        '401':
          $ref: '#/components/responses/Unauthorized'
        '422':
          $ref: '#/components/responses/ValidationError'
  /v2/auth_rules/{auth_rule_token}/versions:
    get:
      tags:
        - "Auth Rules"
      summary: "List rule versions"
      description: "Returns all versions of an auth rule, sorted by version number descending (newest first)."
      responses:
        '200':
          description: Successful response.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/AuthRules'
        '401':
          $ref: '#/components/responses/Unauthorized'
        '422':
          $ref: '#/components/responses/ValidationError'
  /v2/auth_rules/{auth_rule_token}/report:
    get:
      tags:
        - "Auth Rules"
      summary: "Retrieve a performance report"
      description: "Retrieves a performance report for an Auth rule containing daily statistics and evaluation outcomes. **Time Range Limitations:** - Reports are supported for the past 3 months only - Maximum interval length is 1 month - Report data is available only through the previous day in UTC (current day data"
      responses:
        '200':
          description: Successful response.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/AuthRules'
        '401':
          $ref: '#/components/responses/Unauthorized'
        '422':
          $ref: '#/components/responses/ValidationError'
  /v2/auth_rules/{auth_rule_token}/backtests:
    get:
      tags:
        - "Auth Rules"
      summary: "List backtests"
      description: "Lists backtests for an Auth Rule"
      responses:
        '200':
          description: Successful response.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/AuthRules'
        '401':
          $ref: '#/components/responses/Unauthorized'
        '422':
          $ref: '#/components/responses/ValidationError'
    post:
      tags:
        - "Auth Rules"
      summary: "Request a backtest"
      description: "Initiates a request to asynchronously generate a backtest for an Auth rule. During backtesting, both the active version (if one exists) and the draft version of the Auth Rule are evaluated by replaying historical transaction data against the rule's conditions. This process allows customers to simula"
      requestBody:
        required: true
        content:
          application/json:
            schema:
              type: object
              additionalProperties: true
      responses:
        '200':
          description: Successful response.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/AuthRules'
        '401':
          $ref: '#/components/responses/Unauthorized'
        '422':
          $ref: '#/components/responses/ValidationError'
  /v2/auth_rules/{auth_rule_token}/backtests/{auth_rule_backtest_token}:
    get:
      tags:
        - "Auth Rules"
      summary: "Retrieve backtest results"
      description: "Returns the backtest results of an Auth rule (if available). Backtesting is an asynchronous process that requires time to complete. If a customer retrieves the backtest results using this endpoint before the report is fully generated, the response will return null for `results.current_version` and"
      responses:
        '200':
          description: Successful response.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/AuthRules'
        '401':
          $ref: '#/components/responses/Unauthorized'
        '422':
          $ref: '#/components/responses/ValidationError'
  /v2/auth_rules/results:
    get:
      tags:
        - "Auth Rules"
      summary: "List rule evaluation results"
      description: "Lists Auth Rule evaluation results. **Limitations:** - Results are available for the past 3 months only - At least one filter (`event_token` or `auth_rule_token`) must be provided - When filtering by `event_token`, pagination is not supported"
      responses:
        '200':
          description: Successful response.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/AuthRules'
        '401':
          $ref: '#/components/responses/Unauthorized'
        '422':
          $ref: '#/components/responses/ValidationError'
  /v1/cards/{card_token}/signals:
    get:
      operationId: getCardSignals
      tags:
        - "Card"
      summary: "Fetch card signals"
      description: "Returns behavioral feature state derived from a card's transaction history. These signals expose the same data used by behavioral rule attributes (e.g. `AMOUNT_Z_SCORE` with `scope: CARD`, `IS_NEW_COUNTRY` with `scope: CARD`) and custom code `TRANSACTION_HISTORY_SIGNALS` features, allowing clients"
      parameters:
        - name: card_token
          in: path
          required: true
          description: "The token of the card to fetch signals for."
          schema:
            type: string
      responses:
        '200':
          description: Successful response.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/Card'
        '401':
          $ref: '#/components/responses/Unauthorized'
        '422':
          $ref: '#/components/responses/ValidationError'
  /v1/accounts/{account_token}/signals:
    get:
      operationId: getAccountSignals
      tags:
        - "Account"
      summary: "Fetch account signals"
      description: "Returns behavioral feature state derived from an account's transaction history. These signals expose the same data used by behavioral rule attributes (e.g. `AMOUNT_Z_SCORE` with `scope: ACCOUNT`, `IS_NEW_COUNTRY` with `scope: ACCOUNT`) and custom code `TRANSACTION_HISTORY_SIGNALS` features, allowin"
      parameters:
        - name: account_token
          in: path
          required: true
          description: "The token of the account to fetch signals for."
          schema:
            type: string
      responses:
        '200':
          description: Successful response.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/Account'
        '401':
          $ref: '#/components/responses/Unauthorized'
        '422':
          $ref: '#/components/responses/ValidationError'
  /v1/auth_stream/secret:
    get:
      operationId: getAuthStreamSecret
      tags:
        - "Auth Stream Access (ASA)"
      summary: "Retrieve the ASA HMAC secret key"
      description: "Retrieve the ASA HMAC secret key. If one does not exist for your program yet, calling this endpoint will create one for you. The headers (which you can use to verify webhooks) will begin appearing shortly after calling this endpoint for the first time. See [this page](https://docs.lithic.com/docs/au"
      responses:
        '200':
          description: Successful response.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/AuthStreamAccessASA'
        '401':
          $ref: '#/components/responses/Unauthorized'
        '422':
          $ref: '#/components/responses/ValidationError'
  /v1/auth_stream/secret/rotate:
    post:
      operationId: rotateAuthStreamSecret
      tags:
        - "Auth Stream Access (ASA)"
      summary: "Rotate the ASA HMAC secret key"
      description: "Generate a new ASA HMAC secret key. The old ASA HMAC secret key will be deactivated 24 hours after a successful request to this endpoint. Make a [`GET /auth_stream/secret`](https://docs.lithic.com/reference/getauthstreamsecret) request to retrieve the new secret key."
      responses:
        '200':
          description: Successful response.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/AuthStreamAccessASA'
        '401':
          $ref: '#/components/responses/Unauthorized'
        '422':
          $ref: '#/components/responses/ValidationError'
  /v1/balances:
    get:
      operationId: getBalances
      tags:
        - "Balance"
      summary: "List balances"
      description: "Get the balances for a program, business, or a given end-user account"
      responses:
        '200':
          description: Successful response.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/Balance'
        '401':
          $ref: '#/components/responses/Unauthorized'
        '422':
          $ref: '#/components/responses/ValidationError'
  /v1/card_programs:
    get:
      operationId: getCardPrograms
      tags:
        - "Card"
      summary: "List card programs"
      description: "List card programs."
      responses:
        '200':
          description: Successful response.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/Card'
        '401':
          $ref: '#/components/responses/Unauthorized'
        '422':
          $ref: '#/components/responses/ValidationError'
  /v1/card_programs/{card_program_token}:
    get:
      operationId: getCardProgram
      tags:
        - "Card"
      summary: "Get card program"
      description: "Get card program."
      responses:
        '200':
          description: Successful response.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/Card'
        '401':
          $ref: '#/components/responses/Unauthorized'
        '422':
          $ref: '#/components/responses/ValidationError'
  /v1/cards:
    get:
      operationId: getCards
      tags:
        - "Card"
      summary: "List cards"
      description: "List cards."
      responses:
        '200':
          description: Successful response.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/Card'
        '401':
          $ref: '#/components/responses/Unauthorized'
        '422':
          $ref: '#/components/responses/ValidationError'
    post:
      operationId: postCards
      tags:
        - "Card"
      summary: "Create card"
      description: "Create a new virtual or physical card. Parameters `shipping_address` and `product_id` only apply to physical cards."
      requestBody:
        required: true
        content:
          application/json:
            schema:
              type: object
              additionalProperties: true
      responses:
        '200':
          description: Successful response.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/Card'
        '401':
          $ref: '#/components/responses/Unauthorized'
        '422':
          $ref: '#/components/responses/ValidationError'
  /v1/cards/search_by_pan:
    post:
      operationId: searchCardByPan
      tags:
        - "Card"
      summary: "Search for card by PAN"
      description: "Get card configuration such as spend limit and state. Customers must be PCI compliant to use this endpoint. Please contact [support.lithic.com](https://support.lithic.com/) for questions. *Note: this is a `POST` endpoint because it is more secure to send sensitive data in a request body than in a UR"
      requestBody:
        required: true
        content:
          application/json:
            schema:
              type: object
              additionalProperties: true
      responses:
        '200':
          description: Successful response.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/Card'
        '401':
          $ref: '#/components/responses/Unauthorized'
        '422':
          $ref: '#/components/responses/ValidationError'
  /v1/cards/{card_token}:
    get:
      operationId: getCardByToken
      tags:
        - "Card"
      summary: "Get card"
      description: "Get card configuration such as spend limit and state."
      responses:
        '200':
          description: Successful response.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/Card'
        '401':
          $ref: '#/components/responses/Unauthorized'
        

# --- truncated at 32 KB (182 KB total) ---
# Full source: https://raw.githubusercontent.com/api-evangelist/lithic-com/refs/heads/main/openapi/lithic-com-openapi.yml