Settings
Card Management
>
API Reference
>
v1
>
Card Credentials
>
Settings
openapi: 3.0.3
info:
title: Card Credentials - Settings
description: V1 APIs for Card Management Card Credentials
version: v1
contact:
name: Digital Core @ Jack Henry and Associates, inc.
url: https://www.jackhenry.com/
email: DC-Operations@jackhenry.com
servers:
- url: https://{API_ENDPOINT}
variables:
API_ENDPOINT:
default: digital.garden-fi.com
security:
- bearerAuth: []
tags:
- name: Settings
description: V1 APIs for Card Management Credentials Settings
paths:
/a/api/card-mgmt/v1/{InstitutionUniversalId}/settings/card-credentials:
post:
tags:
- Settings
description: "Create Card Credentials Settings for an institution. \n\nRequired permission: AddCardCredentialsSettings\n"
operationId: createCardCredentialsSettings
parameters:
- name: InstitutionUniversalId
in: path
description: A unique identifier to establish the identity of an Institution/Environment/Brand combination
required: true
schema:
type: string
requestBody:
content:
application/json:
schema:
required:
- enabled
- allowedBinRanges
properties:
allowedBinRanges:
type: array
items:
type: string
minLength: 6
maxLength: 9
format: number
description: An empty array indicates that all BIN ranges are allowed.
enabled:
type: boolean
responses:
'201':
description: The resource is created successfully.
'400':
description: |
Bad Request: The server could not understand the request due to an invalid request.
content:
application/problem+json:
schema:
type: object
required:
- type
- title
- details
properties:
type:
description: A string path which uniquely classifies the domain of the error.
type: string
nullable: false
example: jackhenry/operation-failed
title:
description: A end-user readable string title of the error type.
nullable: false
type: string
details:
description: An array of end-user readable strings which provide additional details for the error message.
type: array
nullable: false
items:
type: string
data:
type: object
description: |
Additional data that could be useful to a developer or for handing the error programmatically. The schema for the data in this object is intentionally left undefined.
nullable: true
'401':
description: Although the HTTP standard specifies "unauthorized", semantically this response means "unauthenticated". That is, the client must authenticate itself to get the requested response.
'403':
description: The client does not have access rights to the content; that is, it is unauthorized, so the server is refusing to give the requested resource. Unlike 401, the clients identity is known to the server.
'404':
description: The server can not find the requested resource. In an API, this can also mean that the endpoint is valid but the resource itself does not exist. Servers may also send this response instead of 403 to hide the existence of a resource from an unauthorized client.
'500':
description: An unexpected internal server error occurred while processing the request.
content:
application/problem+json:
schema:
type: object
required:
- type
- title
- details
properties:
type:
description: A string path which uniquely classifies the domain of the error.
type: string
nullable: false
example: jackhenry/operation-failed
title:
description: A end-user readable string title of the error type.
nullable: false
type: string
details:
description: An array of end-user readable strings which provide additional details for the error message.
type: array
nullable: false
items:
type: string
data:
type: object
description: |
Additional data that could be useful to a developer or for handing the error programmatically. The schema for the data in this object is intentionally left undefined.
nullable: true
examples:
internalServerError:
summary: Internal server error
value:
type: general/internal-server-error
title: Internal server error
details:
- Unexpected internal server error
get:
tags:
- Settings
description: "Get Card Credentials Settings for an institution. \n\nRequired permission: ViewCardCredentialsSettings\n"
operationId: getCardCredentialsSettings
parameters:
- name: InstitutionUniversalId
in: path
description: A unique identifier to establish the identity of an Institution/Environment/Brand combination
required: true
schema:
type: string
responses:
'200':
description: Ok
content:
application/json:
schema:
required:
- enabled
- allowedBinRanges
properties:
allowedBinRanges:
type: array
items:
type: string
minLength: 6
maxLength: 9
format: number
description: An empty array indicates that all BIN ranges are allowed.
enabled:
type: boolean
'401':
description: Although the HTTP standard specifies "unauthorized", semantically this response means "unauthenticated". That is, the client must authenticate itself to get the requested response.
'403':
description: The client does not have access rights to the content; that is, it is unauthorized, so the server is refusing to give the requested resource. Unlike 401, the clients identity is known to the server.
'404':
description: The server can not find the requested resource. In an API, this can also mean that the endpoint is valid but the resource itself does not exist. Servers may also send this response instead of 403 to hide the existence of a resource from an unauthorized client.
'500':
description: An unexpected internal server error occurred while processing the request.
content:
application/problem+json:
schema:
type: object
required:
- type
- title
- details
properties:
type:
description: A string path which uniquely classifies the domain of the error.
type: string
nullable: false
example: jackhenry/operation-failed
title:
description: A end-user readable string title of the error type.
nullable: false
type: string
details:
description: An array of end-user readable strings which provide additional details for the error message.
type: array
nullable: false
items:
type: string
data:
type: object
description: |
Additional data that could be useful to a developer or for handing the error programmatically. The schema for the data in this object is intentionally left undefined.
nullable: true
examples:
internalServerError:
summary: Internal server error
value:
type: general/internal-server-error
title: Internal server error
details:
- Unexpected internal server error
put:
tags:
- Settings
description: "Update Card Credentials Settings for an institution. \n\nRequired permission: EditCardCredentialsSettings\n"
operationId: updateCardCredentialsSettings
parameters:
- name: InstitutionUniversalId
in: path
description: A unique identifier to establish the identity of an Institution/Environment/Brand combination
required: true
schema:
type: string
requestBody:
content:
application/json:
schema:
required:
- allowedBinRanges
- enabled
properties:
allowedBinRanges:
type: array
items:
type: string
minLength: 6
maxLength: 9
format: number
description: An empty array indicates that all BIN ranges are allowed.
enabled:
type: boolean
responses:
'204':
description: The resource is updated successfully. No Content is returned.
'400':
description: |
Bad Request: The server could not understand the request due to an invalid request.
content:
application/problem+json:
schema:
type: object
required:
- type
- title
- details
properties:
type:
description: A string path which uniquely classifies the domain of the error.
type: string
nullable: false
example: jackhenry/operation-failed
title:
description: A end-user readable string title of the error type.
nullable: false
type: string
details:
description: An array of end-user readable strings which provide additional details for the error message.
type: array
nullable: false
items:
type: string
data:
type: object
description: |
Additional data that could be useful to a developer or for handing the error programmatically. The schema for the data in this object is intentionally left undefined.
nullable: true
'401':
description: Although the HTTP standard specifies "unauthorized", semantically this response means "unauthenticated". That is, the client must authenticate itself to get the requested response.
'403':
description: The client does not have access rights to the content; that is, it is unauthorized, so the server is refusing to give the requested resource. Unlike 401, the clients identity is known to the server.
'404':
description: The server can not find the requested resource. In an API, this can also mean that the endpoint is valid but the resource itself does not exist. Servers may also send this response instead of 403 to hide the existence of a resource from an unauthorized client.
'500':
description: An unexpected internal server error occurred while processing the request.
content:
application/problem+json:
schema:
type: object
required:
- type
- title
- details
properties:
type:
description: A string path which uniquely classifies the domain of the error.
type: string
nullable: false
example: jackhenry/operation-failed
title:
description: A end-user readable string title of the error type.
nullable: false
type: string
details:
description: An array of end-user readable strings which provide additional details for the error message.
type: array
nullable: false
items:
type: string
data:
type: object
description: |
Additional data that could be useful to a developer or for handing the error programmatically. The schema for the data in this object is intentionally left undefined.
nullable: true
examples:
internalServerError:
summary: Internal server error
value:
type: general/internal-server-error
title: Internal server error
details:
- Unexpected internal server error
Did this page help you?
Why was this page helpful?
Why wasn't this page helpful?
Thank you for your feedback!
Last updated Fri Jan 23 2026