Query sensitive card informationSignature required

2026-05-26 12:34

POST /amsin/api/v2/business/worldcard/queryCardSensitiveInfo

You are viewing the latest API version. If you are using V1, please refer to the legacy documentation.

Partners can call this API to query the sensitive information of a World Card.

Structure

A message consists of a header and body. For details, see the following sections.

Request header

Field	Required	Sample	Description
Client-Id	Yes	`Client-Id: *****`	For more information about these request header fields, see Request structure. To generate`Signature`, see Sign a request and validate the signature.
Signature	Yes	`Signature: algorithm=RSA256, keyVersion=2, signature=*****`
Content-Type	Yes	`Content-Type: application/json; charset=UTF-8`
Request-Time	Yes	`Request-Time: 2019-04-04T12:08:56+08:00`
Connected-AccountId	Conditional	`Connected-AccountId: *****`	Attention Required when a partner manages a customer's account.
Access-Token	Conditional	`Access-Token: ******`	Attention Required for OAUTH authorization. Refer to applyToken.

Request parameters

assetId String REQUIRED

The unique identifier of a card.

Response parameters

result Result REQUIRED

The result of the API call.

Show child parameters

assetId String REQUIRED

The unique identifier of a card.

This field is returned only when the value of result.resultStatus is S.

accountId String REQUIRED

The unique ID assigned by WorldFirst to identify a customer account.

More information:

Maximum length: 64 characters

cvv String REQUIRED

The card CVV (Card Verification Value) number.

This information needs to be obtained from the Payment Processing Partner because WorldFirst does not hold the CVV information.

This field is returned only when the value of result.resultStatus is S.

cardNo String REQUIRED

The World Card number.

This field is returned only when the value of result.resultStatus is S.

More information:

Maximum length: 16 characters

expiredMonth String REQUIRED

The month when the card will expire. Use numbers from 1 to 12 to represent months. For example: 07 represents July.

This field is returned only when the value of result.resultStatus is S.

More information:

Maximum length: 2 characters

expiredYear String REQUIRED

The year when the card will expire. Use 2-digit numbers from 00 to 99 to represent the years between 2000 and 2099. For example: 29 represents 2029.

This field is returned only when the value of result.resultStatus is S.

More information:

Maximum length: 2 characters

API Explorer

Request

URL

Request Body

Response

Response Body

Result processing logic

After calling the API, a response is returned. Possible values for result.resultStatus are:

Result status	Description
`S`	Indicates that the API call succeeded.
`F`	Indicates that the API call failed. For additional information on the failure, refer to result.resultCode.
`U`	Indicates that the API call result is unknown. If this status is returned, the Partner may make a query. The querying strategy is as follows: Maximum 7 queries are allowed. Intervals between queries: 5 min, 10 min, 20 min, 40 min, 80 min, 160 min, and 320 min. If no queries succeed, contact our Technical Support Team.

System-related Result Codes

Code	Value	Message	Further action
SUCCESS	S	Success
PARAM_ILLEGAL	F	Illegal parameters exist. For example, a non-numeric input, or an invalid date.	Refer to the API documentation page to confirm whether the request header and parameters are correct.
SYSTEM_ERROR	F	System error.	Do not retry. Contact WorldFirst Technical Support for more information.
SERVICE_NOT_ALLOWED	F	Service not allowed.	Retry with correct information. If the issue persists, contact WorldFirst Technical Support.
UNKNOWN_EXCEPTION	U	API failed due to unknown reason.	Server error. If retrying later does not resolve the issue, contact WorldFirst Technical Support.
REQUEST_TRAFFIC_EXCEED_LIMIT	U	The request traffic exceeds the limit.	Retry. If the issue persists, contact WorldFirst Technical Support.
OAUTH_FAIL	F	OAuth process failed.	Contact WorldFirst Technical Support for more information.
INVALID_API	F	The called API is invalid or not active.	Confirm whether the correct API is called.
INVALID_CLIENT	F	The client is invalid.	The Client ID does not exist or is invalid.
INVALID_SIGNATURE	F	The signature is invalid.	Confirm that the request is correctly signed.
METHOD_NOT_SUPPORTED	F	The server does not implement the requested HTTP method.	Confirm that the HTTP request method is POST.
CONTRACT_CHECK_FAIL	F	The contract check has failed.	Contact WorldFirst Technical Support to check the contract status and retry.

Business-related Result Codes

Code	Value	Message	Further action
USER_NOT_EXIST	F	customerId is not correct.	Retry with the correct user information.
AUTHORIZATION_NOT_EXIST	F	The authorization does not exist.	Make sure that the input is correct. If the issue persists, contact our Technical Support Team to verify the authorization status.
RISK_REJECT	F	Securlty reason error, please contact the account manager	Please reach out to our Technical Support Team.