# Accounts, cards, and funding

After a customer is authenticated and KYC-approved, create the customer account, issue a card, and fund the account. The card issuing product is delivered as a whitelabel service, so the partner controls the user experience while xMoney handles account and card infrastructure.

## Create an account

List existing accounts:

```bash
curl "https://issuing-stage.xmoney.com/v1/accounts?currency=EUR" \
  -H "Authorization: Bearer CUSTOMER_ACCESS_TOKEN"
```

Create an account for the required card currency:

```bash
curl -X POST "https://issuing-stage.xmoney.com/v1/accounts" \
  -H "Content-Type: application/json" \
  -H "Authorization: Bearer CUSTOMER_ACCESS_TOKEN" \
  -d '{
    "currency": "EUR"
  }'
```

Close an account only when it is no longer needed:

```bash
curl -X POST "https://issuing-stage.xmoney.com/v1/accounts/ACCOUNT_ID/close" \
  -H "Authorization: Bearer CUSTOMER_ACCESS_TOKEN"
```

## Issue a card

Use the subscription card product assigned to your program.

```bash
curl -X POST "https://issuing-stage.xmoney.com/v1/cards" \
  -H "Content-Type: application/json" \
  -H "Authorization: Bearer CUSTOMER_ACCESS_TOKEN" \
  -d '{
    "subscriptionCardId": "123e4567-e89b-12d3-a456-426614174000",
    "isVirtual": true,
    "currency": "EUR",
    "label": "Main card"
  }'
```

For physical cards, include the required delivery fields and PIN.

List issued cards:

```bash
curl "https://issuing-stage.xmoney.com/v1/cards" \
  -H "Authorization: Bearer CUSTOMER_ACCESS_TOKEN"
```

## Card lifecycle

Use these routes to manage card state:

- `POST /v1/cards/{id}/freeze`
- `POST /v1/cards/{id}/unfreeze`
- `POST /v1/cards/{id}/reissue/{reason}`
- `GET /v1/cards/{id}/secrets`
- `POST /v1/cards/{id}/provisioning/apple-pay`
- `GET /v1/cards/{id}/provisioning/google-pay`


Retrieve sensitive card secrets only when needed, and never log or store PAN, CVV, PIN, or wallet provisioning secrets longer than required for the user action.

## Fiat funding

Create a fiat topup order:

```bash
curl -X POST "https://issuing-stage.xmoney.com/v1/topups/fiat" \
  -H "Content-Type: application/json" \
  -H "Authorization: Bearer CUSTOMER_ACCESS_TOKEN" \
  -d '{
    "amount": "100.00",
    "currency": "EUR"
  }'
```

The response is HTML for the hosted payment processor flow. Present or redirect the customer according to the returned form.

## Crypto funding

Use the crypto topup routes to list supported assets, check limits, quote rates and fees, then create the topup order.

```bash
curl "https://issuing-stage.xmoney.com/v1/topups/crypto/currencies" \
  -H "Authorization: Bearer CUSTOMER_ACCESS_TOKEN"
```

Check limits for a specific asset:

```bash
curl "https://issuing-stage.xmoney.com/v1/topups/crypto/limits?blockchain=multiversx&identifier=EGLD" \
  -H "Authorization: Bearer CUSTOMER_ACCESS_TOKEN"
```

Get an exchange-rate quote:

```bash
curl -X POST "https://issuing-stage.xmoney.com/v1/topups/crypto/exchange-rate" \
  -H "Content-Type: application/json" \
  -H "Authorization: Bearer CUSTOMER_ACCESS_TOKEN" \
  -d '{
    "fiatCurrency": "EUR",
    "cryptoCurrency": "EGLD",
    "amount": 10,
    "inputType": "fiat",
    "blockchain": "multiversx",
    "senderAddress": "erd1exampleaddress"
  }'
```

Create the topup order with the same quote input shape:

```bash
curl -X POST "https://issuing-stage.xmoney.com/v1/topups/crypto" \
  -H "Content-Type: application/json" \
  -H "Authorization: Bearer CUSTOMER_ACCESS_TOKEN" \
  -d '{
    "fiatCurrency": "EUR",
    "cryptoCurrency": "EGLD",
    "amount": 10,
    "inputType": "fiat",
    "blockchain": "multiversx",
    "senderAddress": "erd1exampleaddress"
  }'
```

Track topups with:

- `GET /v1/topups?page=1&size=20`
- `GET /v1/topups/{id}`
- `GET /v1/topups/limits`
- `GET /v1/topups/usage`


`GET /v1/topups` can also filter by `type` and `status`.