Permissions

📘
Permission Scopes
Permissions are enforced on a per-endpoint level. Depending on the partner's scope, different endpoints are available.

When accessing our Partner API, you must take Scopes into consideration. Based on the scope granted to you, we provide access to specific endpoints.

In the table below, you'll find:

The different Scopes we distinguish:
- Sync
- Embedded Wallet
- Fully Embedded
Whether PCI-DSS certification is required to use an endpoint.
The environments where the endpoint is available.

Scopes & Endpoints	Sync	Embedded Wallet	Fully Embedded	Cardholder management

Organizations
GET /organizations	✅	✅	✅	✅
GET /organizations/{organizationId}	✅	✅	✅	✅

Cardholders
GET /cardholders	✅	✅	✅	✅
GET /cardholders/{cardholderId}	✅	✅	✅	✅
POST /cardholders/invite	✅	✅		✅
POST /cardholders/invite-owner	✅	✅	✅	✅
POST /cardholders/register			✅
PATCH /cardholders/{cardholderId}		✅	✅	✅
DELETE /cardholders/{cardholderId}			✅

Cards
POST /cards/{cardholderId}		✅	✅
GET /cards	✅	✅	✅
GET /cards/{cardId}	✅	✅	✅
POST /api/cards/details	✅	✅	✅
GET /available-cards		✅	✅
GET /cards/requests		✅
GET /cards/requests/{cardRequestId}		✅
POST /cards/requests		✅
DELETE /cards/requests/{cardRequestId}		✅
POST /cards/requests/{cardRequestId/approve		✅
POST /cards/requests/{cardRequestId/reject		✅
POST /cards/limits/requests/create		✅
GET /cards/limits/requests		✅
GET /cards/limits/requests/{cardLimitChangeRequestId}		✅
DELETE /cards/limits/requests/delete/{cardLimitChangeRequestId}		✅
POST /cards/limits/requests/approve/{cardRequestId}		✅
POST /cards/limits/requests/decline/{cardRequestId}		✅
PUT /cards/limits/{cardId}			✅
POST /cards/{cardId}/activate			✅
PATCH /cards/{cardId}/label			✅
POST /cards/{cardId}/lock			✅
POST /cards/{cardId}/unlock			✅
POST /cards/{cardId}/terminate			✅
GET /cards/{cardId}/pin		✅	✅
POST /cards/{cardId}/pan ()		✅	✅
POST /secrets/m11-key ()		✅	✅

Transactions
GET /transactions	✅	✅	✅
GET /transactions/{transactionId}	✅	✅	✅
POST /transactions/{transactionId}/partner-submission-status	✅	✅	✅
POST /transactions/partner-submission-status	✅	✅	✅
PATCH /transactions/{transactionId}/comment	✅	✅	✅
DELETE /transactions/{transactionId}/comment	✅	✅	✅
GET /transactions/{transactionId}/receipts	✅	✅	✅

Receipts
GET /receipts	✅	✅	✅
GET /receipts/{receiptId}	✅	✅	✅
POST /receipts	✅	✅	✅
GET /receipts/{receiptId}/original	✅	✅	✅
GET /receipts/{receiptId}/thumbnail	✅	✅	✅
GET /receipts/{receiptId}/pdf	✅	✅	✅
DELETE /receipts/{receiptId}	✅	✅	✅

Payments
GET /payments	✅	✅	✅
GET /payments/{paymentId}	✅	✅	✅
POST /payments/{paymentId}/partner-submission-status	✅	✅	✅
POST /payments/partner-submission-status	✅	✅	✅

Partners
POST /partner-management/organizations/{organizationId}/activate	✅	✅	✅
POST /partner-management/lead	✅	✅	✅

Account Entries
GET /account-entries		✅	✅
GET /account-entries/{accountEntryId}		✅	✅

Bills
GET /bills		✅	✅
GET /bills/{billId}		✅	✅
GET /bills/{billId}/pdf		✅	✅

Subscriptions & Callbacks
POST /organizations/subscription	✅	✅	✅
POST /cardholders/subcriptions	✅	✅	✅
POST /cards/subcriptions	✅	✅	✅
POST /transactions/subcriptions	✅	✅	✅
POST /payments/subscription	✅	✅	✅
POST /receipts/subscription	✅	✅	✅
POST /bills/subscription		✅	✅
DELETE /organizations/subscription	✅	✅	✅
DELETE /cardholders/subcriptions	✅	✅	✅
DELETE /cards/subcriptions	✅	✅	✅
DELETE /transactions/subcriptions	✅	✅	✅
DELETE /payments/subscription	✅	✅	✅
DELETE /receipts/subscription	✅	✅	✅
DELETE /bills/subscription		✅	✅

Test Data ()*
POST /test-data-generator/transactions	✅	✅	✅

(*) only for SANDBOX environment
(**) only for PCI-DSS certified partners