Register a new credit card

This Tango API endpoint allows you to add a credit card to a Tango account so it can be used for funding activities. A credit card must be registered before initiating a funding transaction. A registered credit cards can be used to fund your account immediately. Learn more about Register a new credit card with Tango API.

Once a card is successfully registered, the API returns an activation date. Funding with the newly registered card must occur after this activation date. Any funding attempt before the activation date will result in an error. All funding calls must include the origin token returned during credit‑card registration.

📘
Notes:

Only credit card funding is currently accessible through Tango API.

Each Tango platform can store up to 10 registered cards and is encouraged to audit them every 60–90 days for cleanup. Delete any credit card that you do not wish to use, or has been expired.

Credit card transactions are subject to a 2.9% processing fee.

Use case

Acme Health runs wellness programs that reward members for completing healthy‑behavior tasks such as annual checkups and preventative screenings. Acme Health uses Tango to automate reward delivery at scale. To streamline funding, Acme Health pre‑funds its Tango accounts using a corporate credit card. Because Tango requires that a credit card be registered before it can be used for funding, the finance team provides the required parameters—including the customer identifier, account identifier, IP address, etc. in a POST request to the POST {URI}/creditCards endpoint to complete the registration process. When Acme registers a credit card using the Tango API, the system creates a unique origin token tied to that specific credit card. This token is essential because it becomes the required credential for all future funding attempts using that card.

Endpoint

Use the following endpoint to register a new credit card on your platform:

Endpoint	Description
`POST {URI}/creditCards`	Register a new credit card.

Parameters

When registering a new credit card with the Tango API, the request body includes a set of required and optional fields. These fields ensure proper identification of the customer, card details, billing information, and optional notification contacts:

Body Params	Data type	Requirement	Description
customerIdentifier	string	required	Specify the customer associated with the credit card. It must be the customer the `accountIdentifier` is associated with. The string must have 5-100 characters.
accountIdentifier	string	required	Specify the account this credit card is associated with the string must have 5-100 characters.
ipAddress	string	required	Specify the IP address of the person adding the credit card.
label	string	required	Specify a label for the credit card.
creditCard	object	required	Enter the credit card details that is being registered (Required): -number(string, required) Specify the account this order will be deducted from. -expiration(string, required) Specify the card expiration date in YYYY-MM format. -verificationNumber(string, required) Specify the 3 or 4-digit card security code on back of card (CVV2, CVC2, or CID).
billingAddress	object	required	Enter the billing address information for the credit card that is being registered (Required): -firstName(string, required) -lastName(string, required) -addressLine1(string, required) -addressLine2(string, optional) -city(string, required) -state(string, required) -postalCode(string, required) -country(string, required, 2-letter country code such as US) -emailAddress(string, required)
contactInformation	array of objects	optional	Enter the contact information of any person(s) who will be notified if there are issues (Optional): -fullName(string, optional) Used for email receipts. Specify the contact's full name. -emailAddress(string, optional) Used for email receipts. Specify the contact email address.

How to register a new credit card?

This is how the registration process works:

You submit the registration request including the body parameters above.
Tango returns a registration response with a token in the response body. The token is the key identifier for the credit card in all future operations. The token is not the card number and cannot be regenerated by the client — it is created only once during registration.
You must wait until the activation date. The card becomes usable for funding only after the activation date included in the response.
The token must be used for all funding operations. Tango uses the token to identify the stored credit card, charge the correct card, and apply the deposit to the appropriate account. Without it the funding call fails.
You can retrieve the card (and token) later. Registered cards along with their stored contact information can be fetched via GET {URI}/creditCards. This returns the previously issued token so you can continue funding operations without re‑registering the card.

Register a new credit card in the sandbox environment

When testing credit card registration in the Tango Sandbox environment, you must use the supported test card numbers provided below. Each number represents a specific card brand (e.g., Visa, MasterCard) and must be paired with the correct type of security code. Only these test numbers are supported in the Sandbox; real or alternative card numbers will not work.

See the test credit card numbers below:

Card brand	Credit card number	Security code
Visa	4111111111111111	requires 3-digit security code.
MasterCard	5555555555554444	requires 3-digit security code.
Discover	6011111111111117	requires 3-digit security code.
American Express	378282246310005	requires 4-digit security code.

Test credit card registered with sandbox

After registering a test credit card in the Tango API Sandbox, we recommend verifying that it behaves as expected. The Sandbox simulates credit‑card deposit outcomes based on the test amount you submit. Each test amount triggers a predictable sequence of status updates—typically beginning with PENDING and transitioning within about one hour.

The table below outlines the expected pending status, simulated transitions, and final outcomes:

Test amount	Result
$5.55	The initial response status shows PENDING, but will change to SUCCESS within one hour.
$6.55	The initial response status shows PENDING, but a change to DECLINED within one hour.
$7.55	The initial and final status show DECLINED.

The following example shows the payload registering a Visa card with sandbox:

{
  "accountIdentifier": "string", (5-100 chars)
  "billingAddress": {
    "addressLine1": "123 Street",
    "addressLine2": "Suite 456",
    "city": "Seattle",
    "country": "US",
    "emailAddress": "[email protected]",
    "firstName": "First",
    "lastName": "Last",
    "postalCode": "12345",
    "state": "WA"
  },
  "creditCard": {
    "expiration": "2025-12",
    "number": "4111111111111111",
    "verificationNumber": "123"
  },
  "customerIdentifier": "string", (5-100 chars)
  "ipAddress": "100.10.SAMPLE.10",
  "label": "Test Card"
}

Get an email receipt when registering your credit card

For credit cards successfully registered on or after March 22, 2018, Tango automatically sends credit card funding receipts to the primary email address provided in the registration request, and up to five additional contacts specified during registration. Each contact is defined by an emailAddress and fullName.

Contacts included in a successful registration request are returned in the API response and you can retrieve them at any time using GET {URI}/creditCards.

Email receipts are issued after a successful funding attempt has completed processing, the credit card has been charged, and the associated account balance is updated.

📘
Note:
For security reasons, the primary email address provided during credit card registration cannot be modified. To change the contacts where receipts are sent, the credit card must be deleted and re-registered with a new contact.

Examples

Here's an example payload for when you receive an error:

{
  "timestamp": "2025-02-21T23:23:13.930Z",
  "requestId": "string",
  "path": "string",
  "httpCode": 0,
  "httpPhrase": "string",
  "i18nKey": "string",
  "message": "The error message will show here for error codes ",
  "errors": [
    {}
  ]
}

Response codes

The possible response codes for this endpoint are as follows. For details, see i18nkey codes and their error messages:

Response code	Meaning
201	New resource has been successfully created as a result of the request.
400	The server could not understand the request due to invalid syntax.
401	Authentication is required and has either not been provided or failed.
403	The server understood the request but refuses to authorize it.
404	The server could not find the requested resource. In other words, the URL you’re trying to access doesn’t point to anything that exists on the server.
500	Something went wrong on the server, but the server cannot be more specific about what the exact problem is.
503	The server is currently unable to handle the request due to temporary overload or maintenance.