Permissions

📘
Permission Scopes
We enforce permissions on an per-endpoint level. This means, depending on the scope of the partner, different endpoints are available.

While accessing our partner API you have to take Scopes into consideration. Based on the scope you have been granted, we give you access to endpoints.

In the following table, you find:

the different Scopes we distinguish
- sync
- embedded wallet
- fully embedded
if you need to be PCI-DSS certified to use an endpoint
and on which environments the endpoint is available

Scopes & Endpoints	sync	embedded wallet	fully embedded	cardholder mgmt

Organizations
GET /organizations	✅	✅	✅	✅
GET /organizations/{organizationId}	✅	✅	✅	✅

Cardholders
GET /cardholders	✅	✅	✅	✅
GET /cardholders/{cardholderId}	✅	✅	✅	✅
POST /cardholders/invite	✅	✅		✅
POST /cardholders/invite-owner	✅	✅	✅	✅
POST /cardholders/register			✅
PATCH /cardholders/{cardholderId}		✅	✅	✅
DELETE /cardholders/{cardholderId}			✅

Cards
POST /cards/{cardholderId}		✅	✅
GET /cards	✅	✅	✅
GET /cards/{cardId}	✅	✅	✅
POST /api/cards/details	✅	✅	✅
GET /available-cards		✅	✅
GET /cards/requests		✅
GET /cards/requests/{cardRequestId}		✅
POST /cards/requests		✅
DELETE /cards/requests/{cardRequestId}		✅
POST /cards/requests/{cardRequestId/approve		✅
POST /cards/requests/{cardRequestId/reject		✅
POST /cards/limits/requests/create		✅
GET /cards/limits/requests		✅
GET /cards/limits/requests/{cardLimitChangeRequestId}		✅
DELETE /cards/limits/requests/delete/{cardLimitChangeRequestId}		✅
POST /cards/limits/requests/approve/{cardRequestId}		✅
POST /cards/limits/requests/decline/{cardRequestId}		✅
PUT /cards/limits/{cardId}			✅
POST /cards/{cardId}/activate			✅
PATCH /cards/{cardId}/label			✅
POST /cards/{cardId}/lock			✅
POST /cards/{cardId}/unlock			✅
POST /cards/{cardId}/terminate			✅
GET /cards/{cardId}/pin		✅	✅
POST /cards/{cardId}/pan ()		✅	✅
POST /secrets/m11-key ()		✅	✅

Transactions
GET /transactions	✅	✅	✅
GET /transactions/{transactionId}	✅	✅	✅
POST /transactions/{transactionId}/partner-submission-status	✅	✅	✅
POST /transactions/partner-submission-status	✅	✅	✅
PATCH /transactions/{transactionId}/comment	✅	✅	✅
DELETE /transactions/{transactionId}/comment	✅	✅	✅
GET /transactions/{transactionId}/receipts	✅	✅	✅

Receipts
GET /receipts	✅	✅	✅
GET /receipts/{receiptId}	✅	✅	✅
POST /receipts	✅	✅	✅
GET /receipts/{receiptId}/original	✅	✅	✅
GET /receipts/{receiptId}/thumbnail	✅	✅	✅
GET /receipts/{receiptId}/pdf	✅	✅	✅
DELETE /receipts/{receiptId}	✅	✅	✅

Payments
GET /payments	✅	✅	✅
GET /payments/{paymentId}	✅	✅	✅
POST /payments/{paymentId}/partner-submission-status	✅	✅	✅
POST /payments/partner-submission-status	✅	✅	✅

Partners
POST /partner-management/organizations/{organizationId}/activate	✅	✅	✅
POST /partner-management/lead	✅	✅	✅

Account Entries
GET /account-entries		✅	✅
GET /account-entries/{accountEntryId}		✅	✅

Bills
GET /bills		✅	✅
GET /bills/{billId}		✅	✅
GET /bills/{billId}/pdf		✅	✅

Subscriptions & Callbacks
POST /organizations/subscription	✅	✅	✅
POST /cardholders/subcriptions	✅	✅	✅
POST /cards/subcriptions	✅	✅	✅
POST /transactions/subcriptions	✅	✅	✅
POST /payments/subscription	✅	✅	✅
POST /receipts/subscription	✅	✅	✅
POST /bills/subscription		✅	✅
DELETE /organizations/subscription	✅	✅	✅
DELETE /cardholders/subcriptions	✅	✅	✅
DELETE /cards/subcriptions	✅	✅	✅
DELETE /transactions/subcriptions	✅	✅	✅
DELETE /payments/subscription	✅	✅	✅
DELETE /receipts/subscription	✅	✅	✅
DELETE /bills/subscription		✅	✅

Test Data ()*
POST /test-data-generator/transactions	✅	✅	✅

(*) only for SANDBOX environment
(**) only for PCI-DSS certified partners

📘Permission Scopes

📘
Permission Scopes