Skip to content

Use transaction APIs for customer-facing views and webhook events for backend synchronization. The Card Issuing API exposes transaction history, transaction details, pending 3D Secure challenges, and challenge response.

List transactions

curl "https://issuing-stage.xmoney.com/v1/transactions?page=1&size=20" \
  -H "Authorization: Bearer CUSTOMER_ACCESS_TOKEN"

You can filter by type, status, startDate, and endDate.

Retrieve one transaction:

curl "https://issuing-stage.xmoney.com/v1/transactions/TRANSACTION_ID" \
  -H "Authorization: Bearer CUSTOMER_ACCESS_TOKEN"

List pending 3D Secure challenges

curl "https://issuing-stage.xmoney.com/v1/transactions/3d-secure" \
  -H "Authorization: Bearer CUSTOMER_ACCESS_TOKEN"

Respond to a 3D Secure challenge

curl -X PATCH "https://issuing-stage.xmoney.com/v1/transactions/3d-secure/TRANSACTION_AUTH_ID" \
  -H "Content-Type: application/json" \
  -H "Authorization: Bearer CUSTOMER_ACCESS_TOKEN" \
  -d '{
    "authType": "pinCode",
    "authStatus": "success"
  }'

authType identifies the customer authentication method. Possible values are pinCode, pattern, other, faceRecognition, and fingerprint.

authStatus is the result submitted by your app. Possible values are success, failed, canceled, and timeout.

Webhook synchronization

Use webhooks to update backend state when transactions are created, settled, require 3D Secure, or complete 3D Secure. Your backend should deduplicate webhook events, verify the signature, and process updates asynchronously.