m2pfintech
API LibraryCard Management

Get secure card details widget URL

Generate a secure URL for displaying card details (card number, CVV, expiry date) via a hosted web view or APK. The URL contains a one-time random string and expires after a configured timeout period.

This is the recommended secure method for displaying sensitive card details without exposing them directly in your application. The token parameter is an encrypted string composed of kitNo, entityId, and DOB (if configured).

The returned URL is valid for a single use only. A new URL must be generated for each card details viewing session.

POST
/Yappay/bitUrl/cardDetails

Authorization

BearerAuth TenantHeader
AuthorizationBearer <token>

JWT Bearer token obtained from the /auth/login endpoint

In: header

TENANT<token>

Tenant identifier provided by M2P (e.g. ENBDTABBY)

In: header

Request Body

application/json

token*string

Encrypted string composed of kitNo, entityId, and DOB. Must end with an equals sign. Encryption details provided by M2P during onboarding.

Lengthlength <= 200
kitNo*string

Kit number of the card whose details should be displayed

Lengthlength <= 20
entityId*string

Entity ID (alphanumeric) of the customer

Lengthlength <= 10
appGuid*string

Application GUID provided by M2P during onboarding

Lengthlength <= 10
business*string

Business identifier provided by M2P

Lengthlength <= 10
callbackUrl?string

URL to redirect the user after the session times out. Optional.

Lengthlength <= 100
dob?string

Date of birth in DDMMYYYY format. Required if the token encryption includes DOB as part of the encryption input.

Lengthlength <= 10

Response Body

application/json

application/json

curl -X POST "https://api.m2p.com/Yappay/bitUrl/cardDetails" \  -H "Content-Type: application/json" \  -d '{    "token": "MBBvrhYUIpVqLzUFElSWORO57tSoVp3n07MqMajOfCIrEvq35YJ2uc2fTkRe8CNW/VvldCAURWORO57tSoVp3n07MqM=",    "kitNo": "10000201",    "entityId": "abcde",    "appGuid": "123dase",    "business": "ENBDTABBY",    "callbackUrl": "https://www.example.com/callback",    "dob": "22061988"  }'
{
  "result": "https://auth-sit.yappay.in/url/generateVirtualCardDetails?key=GsAC6Yxn25VB7S4pNbSYV8Gs8pfLSXQ1mhmVRMH76KFkl5SpldW6tgNoVLXxrg2RCvDJjfLBjcinRSz963DFGMFpNCnhx31VqXU51xTFyGO3VccWWG3epyfaahOmW2CDpKh60h4qj63EU8E3gXEsv2A6Tlg7K0qHn02tvygk=|gDPVBCRuKq",
  "exception": null,
  "pagination": null
}
{
  "result": null,
  "exception": {
    "detailMessage": "Mandatory field token is missing",
    "shortMessage": "Missing mandatory field",
    "errorCode": "Y105",
    "languageCode": "en"
  },
  "pagination": null
}

Update a single card transaction channel preference POST

Enable or disable a single transaction channel for a customer card. This API updates one preference at a time. For bulk preference updates, use the setPreferences API instead which is more efficient. Changes take effect immediately after a successful response. Use status ALLOWED to enable a channel and NOTALLOWED to disable it. Supported channel types are ATM (cash withdrawals), POS (point of sale purchases), ECOM (online purchases), CONTACTLESS (tap-to-pay NFC payments), INTERNATIONAL (foreign currency transactions), and DCC (dynamic currency conversion at merchant).

Add a card to an existing CTP enrollment POST

Enroll an additional card/kit for a customer who is already registered on Click to Pay. The entity must already have an ACTIVE CTP registration. The operation is asynchronous. Use the returned requestTraceId to poll status. Validations: 1. Entity must already be registered on CTP (CTPCustomer record must exist) 2. Entity CTP status must be ACTIVE 3. Kit must be assigned to the entity 4. Kit must not already be enrolled in CTP