Get details for a specific credit card
This Tango API endpoint retrieves detailed information about a specific registered credit card on your platform. It is typically used to verify card metadata such as the last four digits, expiration date, status, associated account, activation timestamp, and any configured funding‑confirmation contacts. To retrieve the card record, you must provide the token returned when the credit card was originally registered.
Use case
Acme Health is a digital healthcare platform that allows clinics and medical providers to purchase patient‑care supplies, pay for service subscriptions, and fund wellness incentive programs. Each clinic stores one or more company credit cards within Acme Health’s portal. Acme Health uses this Tango API endpoint to:
- Validate the correct clinic is using the card. Many clinics are supported under this platform.
- Ensure the card is active before auto‑funding wellness accounts. Some cards may be expired or disabled by admin.
- Display card information in the Acme Health clinic portal.
- Keep clinic account teams informed by sending notification to the card contacts.
- Maintain a clear trail for audit and compliance workflow.
Endpoint
Use the following endpoint to get details for a specific credit card.
| Endpoint | Description |
|---|---|
GET {URI}/creditCards/{token} | Get details for a specific credit card. |
Parameters
The following path parameters is required when calling this endpoint:
| Path params | Data type | Description |
|---|---|---|
| token | string | The unique credit card token returned when the card was originally registered. This value is required to retrieve the full details of that specific credit card. |
Response body
Tango uses the provided token to find the correct card and returns all metadata associated with it—not the full card number. The credit card details are used to verify that a card is active or expired, check who owns the card (customer/account), view the last four digits, manage contact emails for funding confirmations, and apply your own access rules based on customer/account relationships.
This is especially useful if your platform has multiple customers, multiple accounts, or restricted permissions, since you can know exactly which account and customer a particular card is linked to.
On a successful request (200 OK), the response body includes the following fields:
Object | Data type | Description |
|---|---|---|
customerIdentifier | string | A unique identifier for the customer who owns the card. |
accountIdentifier | string | A unique identifier for the account linked to this card. |
token | string | A secure token representing the credit card. Used to retrieve card details without storing the full card number. |
label | string | Optional user-friendly label for the card such as "Business card" or "Travel card". |
lastFourDigits | string | The last four digits of the credit card number shown to help a user identify which card it is. |
expirationDate | string | The card's expiration date. |
status | string | Indicates current card status such as active, inactive, etc. |
createdDate | date-time | Timestamp when the card was first created in the system. |
activationDate | date-time | Timestamp when the card was activated and became usable. |
contactInformation | array of objects | List of contacts that receive funding confirmation emails. Each entry contains:
|
accountNumber | string | The account number associated with the card (not the card number). |
Examples
The following payload is an example for when you get credit card details:
{
"customerIdentifier": "string",
"accountIdentifier": "string",
"token": "string",
"label": "string",
"lastFourDigits": "string",
"expirationDate": "string",
"status": "string",
"createdDate": "2025-02-14T17:56:23.295Z",
"activationDate": "2025-02-14T17:56:23.295Z",
"contactInformation": [
{
"fullName": "string",
"emailAddress": "string"
}
],
"accountNumber": "string"
}Here's an example payload for when you receive an error:
{
"timestamp": "2025-02-21T23:23:13.930Z",
"requestId": "string",
"path": "string",
"httpCode": 0,
"httpPhrase": "string",
"i18nKey": "string",
"message": "The error message will show here for error codes ",
"errors": [
{}
]
}Response codes
The possible response codes for this endpoint are as follows. For details, see i18nkey codes and their error messages:
| Response code | Meaning |
|---|---|
| 200 | The request was successful.. |
| 400 | The server could not understand the request due to invalid syntax. |
| 401 | Authentication is required and has either not been provided or failed. |
| 403 | The server understood the request but refuses to authorize it. |
| 404 | The server could not find the requested resource. In other words, the URL you’re trying to access doesn’t point to anything that exists on the server. |
| 500 | Something went wrong on the server, but the server cannot be more specific about what the exact problem is. |
| 503 | The server is currently unable to handle the request due to temporary overload or maintenance. |
Updated 1 day ago