Cards, Subscriptions, and Verifications
Introduction
In the Astrada ecosystem, three core resources manage the lifecycle of card enrollment and data sharing: Cards, Card Subscriptions, and Verifications.
A Card represents the physical or virtual payment card identity. A Card Subscription models the data-sharing relationship between a Card and a Subaccount — it is the active link that determines whether transaction data is captured. A Verification ensures the card is validated before data begins to flow.
Together, these resources form the enrollment layer that sits between Subaccounts and Transaction data.
Card
The Card represents the physical or virtual payment card, encapsulating essential information that remains constant over its lifetime. This includes the card's country of issuance, expiry date, network, and the first and last digits of the PAN (Primary Account Number). A Card is created during the enrollment process and belongs to a specific Subaccount.
| Field | Description | Type |
|---|---|---|
| id | Unique card identifier | string, uuid |
| subaccountId | The Subaccount this card belongs to | string, uuid |
| first6digits | First 6 digits of the PAN (BIN) | integer |
| last4digits | Last 4 digits of the PAN | integer |
| network | Card network | string, enum: visa, mastercard |
| country | Country of issuance | string, ISO 3166 ALPHA-3 |
| expiryMonth | Card expiry month | integer, 1–12 |
| expiryYear | Card expiry year | integer, YYYY |
| createdAt | Creation timestamp | string, ISO 8601 |
| updatedAt | Last update timestamp | string, ISO 8601 |
Example Card
{
"_links": {
"self": { "href": "/cards/f744b691-bf05-4f2a-ab89-bb1afe4eb840" }
},
"id": "f744b691-bf05-4f2a-ab89-bb1afe4eb840",
"subaccountId": "da6649a8-f0ea-4af0-b342-c0b5c3e024dd",
"first6digits": 434343,
"last4digits": 4343,
"network": "mastercard",
"country": "USA",
"expiryMonth": 11,
"expiryYear": 2028,
"createdAt": "2024-02-04T18:41:16.142Z",
"updatedAt": "2024-02-04T18:41:16.142Z"
}Astrada stores only the first 6 and last 4 digits of the PAN. The full card number is never stored or returned by the API.
Cardholder
The Cardholder is an optional sub-resource available via GET /cards/{cardId}/cardholder. It contains personal and corporate information associated with the card — including firstName, lastName, email, and a nested corporate object with corporate.id, corporate.employeeId, and corporate.alternativeEmployeeId. Cardholder data is primarily populated for cards enrolled through network bulk enrollment.
Card Subscription
The Card Subscription models the state of the continuous flow of transactional data for a specific Card within a specific Subaccount. It is the active link that determines whether transaction data is captured for a given card. When a Card Subscription is active, Astrada will deliver transaction data for that card to the associated Subaccount.
| Field | Description | Type |
|---|---|---|
| id | Unique subscription identifier | string, uuid |
| subaccountId | The Subaccount context | string, uuid |
| cardId | Reference to the associated Card | string, uuid |
| enrollmentType | How the card was enrolled | string, enum: cardholder-single, network-bulk |
| state | Current subscription state | string (see states below) |
| effectiveDate | When the subscription became active | string, ISO 8601 |
| expirationDate | When the subscription will expire | string, ISO 8601 |
| customerReferenceId | Optional customer context | string, uuid |
| createdAt | Creation timestamp | string, ISO 8601 |
| updatedAt | Last update timestamp | string, ISO 8601 |
Subscription state
state| Value | Description |
|---|---|
active | Currently receiving transaction data |
reqSCA | Requires Strong Customer Authentication — awaiting verification |
expired | Subscription reached its expiration date |
deactivated | Manually disabled — this is permanent and irreversible |
failed-to-create | Subscription creation was unsuccessful |
Example Card Subscription
{
"_links": {
"self": { "href": "/card-subscriptions/a1b2c3d4-5678-90ab-cdef-1234567890ab" },
"card": { "href": "/cards/f744b691-bf05-4f2a-ab89-bb1afe4eb840" }
},
"id": "a1b2c3d4-5678-90ab-cdef-1234567890ab",
"subaccountId": "da6649a8-f0ea-4af0-b342-c0b5c3e024dd",
"cardId": "f744b691-bf05-4f2a-ab89-bb1afe4eb840",
"enrollmentType": "cardholder-single",
"state": "active",
"effectiveDate": "2024-02-04T18:53:32.000Z",
"expirationDate": "2025-02-04T18:53:32.000Z",
"createdAt": "2024-02-04T18:53:32.000Z",
"updatedAt": "2024-02-04T18:53:32.000Z"
}Only
cardholder-singlesubscriptions can be updated or deactivated viaPATCH /card-subscriptions/{id}. Attempting to update anetwork-bulksubscription returns 422.
Deactivation is final and cannot be undone.
Enrollment Types
- Cardholder Individual Enrollment (
cardholder-single): Enrolled via the SDK or API on a per-card basis. See Enrolling Cards. - Network Bulk Enrollment (
network-bulk): Enrolled via the API for corporate card portfolios. See Enrolling Cards.
Webhook Events
| Event Name | Trigger |
|---|---|
cardsubscription.created | A new Card Subscription is created |
cardsubscription.updated | A Card Subscription is updated |
Learn more about Webhooks.
Verification
Verifications ensure a Card is validated and authorized before data tracking begins. When a Card Subscription is created via cardholder individual enrollment, it enters the reqSCA state. A Verification must be completed to transition the subscription to active.
For individual enrollment, the verification process uses 3D Secure (3DS):
- Device Fingerprint — Browser and device data is collected via a hidden iframe to assess risk.
- 3DS Challenge (conditional) — If the issuer requires it, a challenge is presented via the issuer's Access Control Server (ACS). The form of the challenge (OTP, biometric, in-app notification, etc.) is determined by the card issuer.
Once the verification completes successfully, the Card Subscription transitions to active and transaction data begins flowing.
For a detailed walkthrough of the enrollment and verification flow, see Cardholder Individual Enrollment.
API
See our API reference for the full set of Card and Card Subscription endpoints.
Updated 13 days ago