Wasabi Card API
A complete REST API integration layer for card issuance, cardholder management, wallet operations, and real-time webhook events.
Overview
The Wasabi Card API is a RESTful backend that wraps the Wasabi Card Open API platform. As a third-party developer you interact only with this API — you never call Wasabi directly.
All API endpoints are versioned under
/api/v1/. All requests must use POST (or GET where noted). All payloads are JSON.Base URL
# Live (Production) https://wasabi.alphalinx.top # Sandbox https://wasabi.alphalinx.top/sandbox
Authentication
Every request to /api/v1/* must include your API key in the X-API-KEY request header.
# Example — all requests require this header X-API-KEY: wc_YourSecretKeyHere Content-Type: application/json
Keep your key secret. Treat it like a password. Do not commit it to source control or expose it in client-side code. If compromised, contact the administrator to revoke and reissue it.
Getting a Key
API keys are issued by the platform administrator via the admin portal. Each key is tied to your developer account. Contact the admin to receive yours.
Missing or Invalid Key
{
"success": false,
"code": 401,
"msg": "Invalid or missing API key.",
"data": null
}
Request Format
All requests use JSON bodies with Content-Type: application/json. Unless otherwise stated, endpoints use the POST method.
cURL Example
curl -X POST https://wasabi.alphalinx.top/sandbox/api/v1/cardholders/occupations \ -H "X-API-KEY: wc_YourSecretKeyHere" \ -H "Content-Type: application/json"
Request with Body
curl -X POST https://wasabi.alphalinx.top/sandbox/api/v1/cards/balance \ -H "X-API-KEY: wc_YourSecretKeyHere" \ -H "Content-Type: application/json" \ -d '{ "cardNo": "4111111111111111" }'
Response Format
Every response — success or error — uses the same JSON envelope:
{
"success": true, // boolean — true only when code=200
"code": 200, // integer status code
"msg": "Success", // human-readable message
"data": { ... } // payload — object, array, or null
}
Always check success === true (or code === 200) before processing data.
Successful List Response Example
{
"success": true,
"code": 200,
"msg": "Success",
"data": {
"total": 42,
"records": [ ... ]
}
}
Error Codes
| HTTP Status | code | Meaning | Action |
|---|---|---|---|
| 200 | 200 | Success | Process data |
| 400 | 400 | Bad request / business rule error | Check msg for details |
| 401 | 401 | Missing or invalid API key | Check your X-API-KEY header |
| 422 | 422 | Validation failed | data contains field-level errors |
| 429 | 429 | Rate limit exceeded | Wait and retry. See Rate Limiting |
| 502 | 502 | Upstream Wasabi API error | Retry. If persistent, contact support |
Validation Error Example
{
"success": false,
"code": 422,
"msg": "Validation failed.",
"data": {
"email": [ "The email field must be a valid email address." ],
"cardHolderModel": [ "The selected card holder model is invalid." ]
}
}
Rate Limiting
Each API key is limited to 60 requests per minute. Exceeding this returns HTTP 429. Implement exponential back-off in your client.
# Retry strategy (example)
attempt 1: immediate
attempt 2: wait 1s
attempt 3: wait 2s
attempt 4: wait 4s
Common — Reference Data
Lookup tables required for other API calls. Cache these responses — they rarely change.
GET
/api/v1/common/regions Supported countries/regionsGET
/api/v1/common/cities City list with codesGET
/api/v1/common/cities/hierarchical Cities grouped by regionGET
/api/v1/common/mobile-codes Supported phone area codesPOST
/api/v1/common/files/upload Upload KYC documents (multipart/form-data)File upload returns a
fileId. Pass it as idFrontId, idBackId, or idHoldId when creating a B2C cardholder.Wallet
On-chain deposit orders and wallet transaction history.
POST
/api/v1/wallet/deposit Create a deposit order (deprecated)POST
/api/v1/wallet/deposit/transactions Deposit transaction history (deprecated)POST
/api/v1/wallet/v2/coins Supported coins listPOST
/api/v1/wallet/v2/create Create wallet deposit address (V2)POST
/api/v1/wallet/v2/address-list Wallet address listPOST
/api/v1/wallet/v2/transactions Transaction history V2Cards
Full card lifecycle: create, manage, fund, and query transaction history.
Card Setup
POST
/api/v1/cards/support-bins Supported card types and BINsPOST
/api/v1/cards/create-v2 Create a new virtual card (V2)POST
/api/v1/cards/activate-physical Activate a physical cardCard Information
POST
/api/v1/cards/info Card detailsPOST
/api/v1/cards/sensitive Encrypted card number, expiry, CVVPOST
/api/v1/cards/balance Card balancePOST
/api/v1/cards/list List all cards (paginated)Card Management
POST
/api/v1/cards/update Update card label / settingsPOST
/api/v1/cards/freeze Freeze cardPOST
/api/v1/cards/unfreeze Unfreeze cardPOST
/api/v1/cards/cancel Cancel (close) cardPOST
/api/v1/cards/update-pin Update card PINPOST
/api/v1/cards/note Update card noteCard Funding
POST
/api/v1/cards/deposit Deposit funds to cardPOST
/api/v1/cards/withdraw Withdraw funds from cardTransaction History
POST
/api/v1/cards/purchase-transactions Purchase/debit transactionsPOST
/api/v1/cards/operation-transactions-v2 Operation transactions V2POST
/api/v1/cards/auth-transactions Authorization transactionsPOST
/api/v1/cards/auth-fee-transactions Authorization fee transactionsPOST
/api/v1/cards/3ds-transactions 3DS OTP / auth URL transactionsPOST
/api/v1/cards/simulate-auth Simulate authorization (sandbox only)Cardholders
KYC onboarding and cardholder lifecycle. Cardholder creation is async — the initial response returns wait_audit and the final result arrives via webhook.
POST
/api/v1/cardholders/occupations Supported occupation codesPOST
/api/v1/cardholders/create-v2 Create cardholder — B2B or B2C modelPOST
/api/v1/cardholders/update-v2 Update cardholder (when status=reject)POST
/api/v1/cardholders/list List cardholders (paginated, filterable)POST
/api/v1/cardholders/update-email Update cardholder email (when status=pass_audit)B2B vs B2C Model
| Field | B2B | B2C |
|---|---|---|
| cardHolderModel | "B2B" | "B2C" |
| Common fields (name, address, mobile…) | ✅ Required | ✅ Required |
| gender, nationality, occupation | — | ✅ Required |
| idType, idNumber, idFrontId, idBackId, idHoldId | — | ✅ Required |
| kycVerification (provider, referenceId) | — | Optional (required for type 111065) |
Accounts
Merchant wallet accounts — balances, ledger history, and fund transfers between accounts.
GET
/api/v1/accounts/assets Total assets overviewGET
/api/v1/accounts/ Account listGET
/api/v1/accounts/single Single account detailsGET
/api/v1/accounts/transactions Ledger transaction historyPOST
/api/v1/accounts/create Create shared accountPOST
/api/v1/accounts/transfer Transfer funds between accountsWork Orders
Submit and track platform work orders (e.g. card activation requests).
POST
/api/v1/work-orders/ Submit a work orderGET
/api/v1/work-orders/ List work ordersWebhooks — Overview
Several operations are asynchronous: the API returns an immediate pending status, and the final result is delivered later via webhook. Your server must poll the Webhook Events API to retrieve these results.
Step 1
You call the API
e.g. create cardholder
→
Step 2
Immediate response
status: wait_audit
→
Step 3
Platform reviews
minutes to hours
→
Step 4
Webhook stored
final status: pass_audit or reject
→
Step 5
You poll events
GET /api/v1/webhook-events
Async Operations (always poll for final result)
| API Call | Initial Response | Final via Event category |
|---|---|---|
POST /cardholders/create-v2 | wait_audit | card_holder |
POST /cardholders/update-v2 | wait_audit | card_holder |
POST /cardholders/update-email | wait_audit | card_holder_change_email |
POST /cards/activate-physical | pending | physical_card |
POST /cards/deposit | pending | card_transaction |
POST /cards/withdraw | pending | card_transaction |
POST /cards/cancel | pending | card_transaction |
| Card purchase (external) | — | card_auth_transaction |
| 3DS triggered (external) | — | card_3ds |
Webhook Event Reference
| category | Trigger | reference_id field |
|---|---|---|
card_holder | Cardholder status change | holderId |
card_holder_change_email | Email update status | holderId |
card_transaction | Deposit / withdraw / cancel final result | orderNo |
card_auth_transaction | Authorization — may push multiple times as status flows | tradeNo |
card_fee_patch | Authorization fee applied | tradeNo |
card_3ds | 3DS OTP code / auth URL / activation code | tradeNo |
physical_card | Physical card activation result | cardNo |
work | Work order status change | orderNo |
wallet_transaction | Wallet deposit/withdrawal | orderNo |
wallet_transaction_v2 | Wallet transaction history V2 | orderNo |
Cardholder Status Values
| status | Meaning |
|---|---|
wait_audit | Pending review — not final, keep polling |
under_review | In review — not final, keep polling |
pass_audit | ✅ Approved — final |
reject | ❌ Rejected — final. Check description for reason |
Polling Webhook Events
Use GET /api/v1/webhook-events to retrieve stored async results. Filter by category and reference_id for the specific operation you're waiting on.
Example: Poll for cardholder creation result
# Step 1 — create cardholder, get holderId from response curl -X POST https://wasabi.alphalinx.top/sandbox/api/v1/cardholders/create-v2 \ -H "X-API-KEY: wc_..." -d '{ "cardHolderModel": "B2C", ... }' # Response: { "data": { "holderId": 124024, "status": "wait_audit" } } # Step 2 — poll until status is pass_audit or reject curl "https://wasabi.alphalinx.top/sandbox/api/v1/webhook-events?category=card_holder&reference_id=124024" \ -H "X-API-KEY: wc_..."
Query Parameters
| Parameter | Type | Description |
|---|---|---|
category | string | Filter by event type (e.g. card_holder) |
reference_id | string | holderId, tradeNo, orderNo, or cardNo depending on category |
merchant_order_no | string | Filter by your own order number |
status | string | Filter by status value (e.g. pass_audit) |
from | datetime | Filter from date. Format: Y-m-d H:i:s |
to | datetime | Filter to date. Format: Y-m-d H:i:s |
per_page | integer | Records per page. Max 100, default 15 |
page | integer | Page number |
Sample Response
{
"success": true,
"code": 200,
"data": {
"total": 1,
"data": [
{
"id": 5,
"category": "card_holder",
"reference_id": "124024",
"merchant_order_no": "ORDER20250101000001",
"status": "pass_audit",
"payload": { // full raw payload from Wasabi
"holderId": 124024,
"status": "pass_audit",
"description": "Approved"
},
"created_at": "2026-04-18T10:30:00.000000Z"
}
]
}
}
Polling interval recommendation: Poll every 30–60 seconds. Stop once you receive a final status (
pass_audit or reject). card_auth_transaction events may be pushed multiple times for the same tradeNo as status progresses.
For full interactive API reference with request/response schemas and a live testing console, visit
the Swagger UI →