m2pfintech
API LibraryCard Management

Fetch card transaction channel preferences

Retrieve the current preference configuration for a customer card. Returns the enabled or disabled status for each transaction channel (ATM, POS, ECOM, CONTACTLESS, INTERNATIONAL, DCC).

Also returns advanced rule configurations if configured for the tenant, including allowed and disallowed rules for transaction origins, MCC (Merchant Category Code) groupings, and country groupings.

Transaction limits, cash limits, and category-specific limit configurations are included when configured for the customer.

POST
/Yappay/business-entity-manager/fetchPreference

Authorization

BearerAuth TenantHeader
AuthorizationBearer <token>

JWT Bearer token obtained from the /auth/login endpoint

In: header

TENANT<token>

Tenant identifier provided by M2P (e.g. ENBDTABBY)

In: header

Request Body

application/json

entityId*string

Customer ID used to fetch preferences. This is the only mandatory field.

Lengthlength <= 50
kitNo?string

Kit number to fetch preferences for a specific card. Optional.

Lengthlength <= 20
corporate?string

Corporate identifier. Optional.

Lengthlength <= 50

Response Body

application/json

curl -X POST "https://api.m2p.com/Yappay/business-entity-manager/fetchPreference" \  -H "Content-Type: application/json" \  -d '{    "entityId": "ABCDEF"  }'

{
  "result": {
    "atm": true,
    "pos": true,
    "ecom": true,
    "contactless": false,
    "international": false,
    "dcc": false,
    "allowedRuleConfig": {},
    "disallowedRuleConfig": {
      "txnOrigin": "POS,ATM",
      "mccGrouping": "6011"
    }
  },
  "exception": null,
  "pagination": null
}

Get full customer details by entity ID GET

Retrieve comprehensive customer details including personal information, address, preferences, KYC documents, and associated card (kit) list by entity ID. The response includes a kitList array with each card's kitNo, status, cardType, and description. The primary card (first ALLOCATED card) is set as the top-level kitNo and cardType. Use the v1 variant (/v1/fetchEntityByEntityid/{entityId}) to receive address details in the preference object format instead of the flat addressDto format. When Click to Pay is enabled, use the CTP-specific fetchEntityDetails endpoint (/Yappay/click-to-pay/v1/fetch-entity-details) to retrieve CTP enrollment status per card.

Get full card details by kit number POST

Retrieve complete card details including full card number (PAN), name on card, expiry date, and CVV using the kit number. This API returns sensitive card data and must be used only for authorized operations. Both kitNo and token are explicitly validated by the backend. The token is a security token unique to your tenant, provided by M2P during onboarding. It is validated against the m2pBitUrlKey configuration. Ensure secure storage and transmission of the response data in compliance with PCI DSS. This is the recommended API for retrieving card details in external integrations, replacing the older deprecated generateCVV endpoint. When Click to Pay (CTP) is enabled for the tenant, the response includes additional fields: ctpStatus (card-level CTP enrollment status) and ctpPaymentInstrumentId (Visa CTP payment instrument identifier). These fields are only present when CTP is enabled via the BUSINESSCUSTOMFIELD click.to.pay.enable configuration.