Release Notes for 13th October 2023

New changes to the Thredd Cards API for the week ending 13th October 2023.

New Get Encrypted Data endpoint

Endpoint: /cards/{{PublicToken}}/encrypted
A new endpoint has been added that enables customers to be able to send secure data to a cardholder with or without PCI DSS compliance.

You can get encrypted data by making a POST request to the Get Encrypted Data endpoint. For example:


The device-generated session key must be included in the request body to the endpoint. The value of the key is a base64 encoded string, comprising of an AES key that you've encrypted with your company specific public RSA key provided to you by Thredd.


Documentation/API Explorer

Fixed issue with certain country codes not being accepted in Create Card endpoint

An issue with the Create Card endpoint, where certain country codes were not being accepted, has been resolved with this release. The country field now uses ISO 3166-1 Alpha-3 codes for all countries.

For a full list of country codes, see the Alpha-3 list on the List of ISO 3166 country codes page on Wikipedia.

Behaviour change for Renew and Replace Card endpoints

A change to the Renew and Replace card endpoints has been made with this release, so that the new card is inactive on creation. Previously, when a new card was created from the Renew and Replace Card endpoints, the status of the card was set to Active.

nameOnCard changed in Create Card and Update Card endpoints

From the 2nd November, as part of PRN-160, the nameOnCard object will be removed from the Create Card and Update Card endpoints, and replaced with a new nameOnCard field.


 "nameOnCard": {
    "title": "string",
    "firstName": "string",
    "lastName": "string"


    "nameOnCard": "string"

For more information on these endpoints, see Creating a Card and Updating a Card.