Replace a lost or damaged card
Initiate card replacement when a card is lost, stolen, or damaged.
Important - The old card MUST be blocked (using the block API with flag BL) before calling this API.
The system automatically transfers the balance and transaction history from the old card to the new card. Digital wallet tokens remain linked to the customer. The new card inherits the same customer preferences as the old card.
Card replacement process - Step 1: Block the old card using the lock/unlock/block API with flag BL. Step 2: Call this API with old and new kit numbers. Step 3: System automatically transfers balance and transaction history. Step 4: Digital wallet tokens are updated automatically.
Authorization
BearerAuth TenantHeader JWT Bearer token obtained from the /auth/login endpoint
In: header
Tenant identifier provided by M2P (e.g. ENBDTABBY)
In: header
Request Body
application/json
Customer ID. Validated against the customer record.
length <= 16Kit number of the card being replaced. Must be a blocked card.
length <= 20New kit number to assign. Validated in service layer for availability in inventory.
length <= 20Reason for replacement. Optional but recommended for audit.
length <= 30Response Body
application/json
application/json
curl -X POST "https://api.m2p.com/Yappay/business-entity-manager/replaceCard" \ -H "Content-Type: application/json" \ -d '{ "entityId": "ABCDEF", "oldKitNo": "10000202", "newKitNo": "10000203" }'{
"result": "success",
"exception": null,
"pagination": null
}{
"result": null,
"exception": {
"detailMessage": "Customer Id should not be empty",
"shortMessage": "Empty EntityId",
"errorCode": "Y1001",
"languageCode": "en"
},
"pagination": null
}Lock, unlock, or permanently block a card POST
Change the status of a customer card. Supports temporary locking, unlocking a locked card, and permanent blocking. Lock (L) is a reversible action that temporarily disables the card. The card can be re-enabled by calling this API with Unlock (UL). Block (BL) is a PERMANENT action. Once a card is blocked, it cannot be reactivated. The customer will need a card replacement through the replaceCard API. Either entityId or kitNo must be provided to identify the card. The flag field is the only truly mandatory field with controller-level validation. Always provide a meaningful reason for audit trail purposes.
Request a physical card for delivery POST
Request a physical card for a customer who currently has only a virtual card. The physical card will be manufactured and mailed to the provided delivery address. The entityId and kitNo fields are explicitly validated by the backend. If requesting physical delivery, provide a complete delivery address in the addressDto. The virtual card remains active until the physical card is activated by the customer. The same kitNo is used for both the virtual and physical card. Address field constraints - Each address line (address1, address2, address3) allows maximum 35 characters, alphanumeric with spaces. City accepts only alphabetic characters without spaces. State accepts alphabetic characters with spaces. Postal code is 6 digits for India. The aliasName field (max 30 characters) is printed on the physical card. Address formation for card printing - Version 1 (Indian card printers) - Each field max 35 chars. If any field exceeds limit, first 140 chars of address1 + address2 + city, plus first 35 chars of state. Version 2 (Non-Indian card printers) - Total 175 characters with tilde separator for line breaks, includes address1, address2, address3, city, state, country.