# How to add a Debit Card

## What is the Payments API?

***Note: You may also process debit card data and obtain a token using the [Debit Card Tokenization Element](/products/rest/elements/debit-card-tokenization)***

The Payments API is a PCI compliant endpoint and allows for secure debit card token creation. These tokens are used within DailyPay's APIs. When a tokenized debit card is added to a user’s account they can begin to take instant transfers.

**How does this work?** A user's debit card data is sent via POST request to the Payments API. The debit card data is encrypted and tokenized before being returned. This tokenized card data is used for instant transfers via the Extend API.

### What is PCI compliance?

It’s how we keep card data secure. DailyPay has a responsibility and legal requirement to protect debit card data therefore the Payments API endpoint complies with the Payment Card Industry Data Security Standards [PCI DSS](https://www.pcisecuritystandards.org/).

> 📘 **Info**
DailyPay only handles card data during encryption and tokenization
**The Payments server is DailyPay’s only PCI compliant API.**


## Create a Debit Card Token

Steps to create a tokenized debit card for use within DailyPay's APIs.

### 1. POST debit card data to the Payments API

After you have securely collected the debit card data for a user, create a POST to the PCI-compliant [Cards API](/products/rest/reference/card-tokenization) with the following required parameters in this example.

details
summary
Show parameters
```json
{
  "$ref": "#/components/schemas/schema",
  "components": {
    "schemas": {
      "schema": {
        "type": "object",
        "required": [
          "first_name",
          "last_name",
          "card_number",
          "expiration_year",
          "expiration_month",
          "address_line_one",
          "address_city",
          "address_state",
          "address_zip_code",
          "address_country"
        ],
        "properties": {
          "first_name": {
            "type": "string",
            "description": "The first name or given name of the cardholder.",
            "example": "Edith"
          },
          "last_name": {
            "type": "string",
            "description": "The last name or surname of the cardholder.",
            "example": "Clarke"
          },
          "card_number": {
            "type": "string",
            "description": "The full card number without spaces or hyphenation.",
            "example": "4007589999999912"
          },
          "expiration_year": {
            "type": "string",
            "description": "The four-digit year of expiration for the card.",
            "example": "2027"
          },
          "expiration_month": {
            "type": "string",
            "description": "The two-digit month of the expiration date for the card.",
            "example": "02"
          },
          "cvv": {
            "type": [
              "string",
              "null"
            ],
            "description": "The CVV card code.",
            "example": "123"
          },
          "address_line_one": {
            "type": "string",
            "description": "The first line of the address associated with the card.",
            "example": "123 Kebly Street"
          },
          "address_line_two": {
            "type": [
              "string",
              "null"
            ],
            "description": "The second line of the address associated with the card.",
            "example": "Unit C"
          },
          "address_city": {
            "type": "string",
            "description": "The city component of the address associated with the card.",
            "example": "Fort Lee"
          },
          "address_state": {
            "type": "string",
            "description": "The two-letter state component of the address associated with the card.",
            "example": "NJ"
          },
          "address_zip_code": {
            "type": "string",
            "description": "The 5 digit zip-code component of the address associated with the card.",
            "example": "07237"
          },
          "address_country": {
            "type": "string",
            "description": "The two-letter ISO 3166 country code component of the address associated with the card.",
            "example": "US"
          }
        }
      }
    }
  }
}
```

```shell cURL
curl -i -X POST \
  https://payments.dailypay.com/v2/cards/generic \
  -H 'Content-Type: application/json' \
  -d '{
    "first_name": "Edith",
    "last_name": "Clarke",
    "card_number": "4007589999999912",
    "expiration_year": "2027",
    "expiration_month": "02",
    "cvv": "123",
    "address_line_one": "123 Kebly Street",
    "address_line_two": "Unit C",
    "address_city": "Fort Lee",
    "address_state": "NJ",
    "address_zip_code": "07237",
    "address_country": "US"
  }'
```

### 2. Receive and handle the tokenized card data

The [Cards API](/products/rest/reference/card-tokenization) returns an opaque string representing the card details.
This token is encrypted and complies with PCI DSS. You will need the token for step 3, after which it can be discarded.
The token is a long string with a structure similar to a JWT:

```json
{"token":"s7dydhd7ih......jhfijuf245"}
```

### 3. POST the token to the Extend API

Authorization Required
[Proper authorization](/products/rest/guides/auth/authorization-code-flow) is required to create a debit card account.

Send the encrypted token in a POST request to the [accounts endpoint](/products/rest/reference/accounts/createaccount) as the value for the `token` field in the `details` object. This will create a transfer account and allow a user to start taking transfers.

```shell cURL
curl -i -X POST \
  'https://api.{environment}.com/rest/accounts' \
  -H 'Authorization: Bearer <YOUR_TOKEN_HERE>' \
  -H 'Content-Type: application/vnd.api+json' \
  -H 'DailyPay-API-Version: 3' \
  -d '{
    "data": {
      "type": "accounts",
      "attributes": {
        "name": "Acme Bank Debit Card",
        "account_type": "CARD",
        "subtype": "DEBIT",
        "details": {
          "token": "abc.efg.123",
          "first_name": "Edith",
          "last_name": "Clarke",
          "expiration_month": "02",
          "expiration_year": "2027",
          "address_line_one": "123 Kebly Street",
          "address_city": "Fort Lee",
          "address_state": "NJ",
          "address_zip_code": "72374",
          "address_country": "US",
          "issuer": "411600"
        }
      },
      "relationships": {
        "person": {
          "data": {
            "type": "people",
            "id": "3fa8f641-5717-4562-b3fc-2c963f66afa6"
          }
        }
      }
    }
  }'
```

### Using Accounts in UAT

DailyPay provides test accounts to support your development and QA processes.
In addition, DailyPay's UAT environment restricts the bank accounts and debit cards that may be used.

#### Bank Accounts

DailyPay's UAT environment requires bank accounts that meet the following rules:

- Routing number must be `021000021`
- Account number must be any integer with `eight or more digits`


#### Debit Cards

The following test debit card numbers may be used and are compatible with the UAT environment:

- `5555555555554444`
- `4111111111111111`
- `4111171111111115`


***Note**: Each of the cards above may be added to multiple users. DailyPay's duplicate card checks and fraud prevention measures will not be triggered.*