Issue, fund, freeze, and delete virtual cards programmatically via REST. Webhooks for every lifecycle event. Built for bot fleets, scraping infrastructure, AI agents, and any system that needs disposable payment surfaces at scale.
Bot operators and automation engineers need a payment primitive that's as ephemeral and disposable as their compute. Manual card issuance through a dashboard doesn't scale; bank-issued virtual cards require KYC and rate-limit issuance to 1-2 per day. CryptoCardy exposes the full card lifecycle as a REST API, with no per-issuance approval, no identity verification, and a $1.50-per-card unit cost.
POST /api/v1/cards  issue a new card. Returns number, expiry, CVV, and the card-id.POST /api/v1/cards/:id/freeze / /unfreeze  toggle the card's authorisation state.DELETE /api/v1/cards/:id  close the card and refund unused balance to the account.POST /api/v1/cards/:id/topup  move funds from the account balance to the card balance.GET /api/v1/cards/:id/transactions  list authorisations and settlements.POST /api/v1/topups  create a deposit address, get back the QR + crypto amount.GET /api/v1/topups/:id  poll the deposit status (or use webhooks).Full reference at /api-docs.
Bearer-token auth. Generate one or more API tokens from the dashboard's settings panel. Each token has its own scope (read-only, card-mgmt, full) and can be rotated or revoked independently.
Rate limit: 60 requests / minute on the read endpoints, 10 / minute on the write endpoints. If you need higher limits, contact support via the dashboard ticket system (requires at least one active card on the account).
For a scraping fleet that needs disposable payment surfaces:
DELETE to close the card. Unused balance refunds to the account instantly.This pattern is the lowest-overhead way to give each worker an isolated payment surface. The $1.50 per-card cost is a fraction of the cost of any other approach.
Subscribe to lifecycle events through the webhooks panel:
card.issued  fires when a card is created.card.authorised  every successful authorisation (transaction approved).card.declined  every declined authorisation with reason code.card.frozen / card.unfrozen / card.deletedtopup.confirmed  when a crypto deposit credits the account.topup.cancelled  when a deposit expires unused.Webhooks deliver HMAC-signed JSON to your endpoint. Replay protection via signed timestamps. Delivery retries 6 times with exponential backoff before giving up.
10 issuance calls per minute per account by default. Sustained higher rates need a support conversation  the platform monitors for abuse patterns.
Yes. There is no minimum lifetime. Issue, transact, delete in under 10 seconds is a supported pattern.
The API runs on the same infrastructure as the dashboard, target 99.9% monthly uptime. Status visible on the public status page (coming soon).
Subscribe to the <code>card.declined</code> webhook. It includes the network reason code and the auth attempt details. Your worker can then issue a fresh card and retry.
Yes. <code>POST /api/v1/topups</code> creates a deposit address; <code>GET /api/v1/topups/:id</code> polls the status. For full automation, subscribe to the <code>topup.confirmed</code> webhook.
Not yet, but the API is small enough to wrap in any HTTP client in a few hundred lines. Python and Node.js examples in <a href="/api-docs">/api-docs</a>.
Sign up with a seed, top up with crypto, generate an API token from the dashboard. Your first card via API in under 10 lines of code.