Skip to main content
POST
/
open-api
/
v1
/
card
/
pin
/
set
curl --request POST \
  --url https://sandbox-openplatform.keysecure.io/open-api/v1/card/pin/set \
  --header 'Content-Type: application/json' \
  --header 'Api-Key: your_api_key' \
  --header 'Timestamp: 1716307200000' \
  --header 'Access-Token: your_access_token' \
  --data '{
    "card_no": "C202605220001",
    "cardholder_no": "U202605220001",
    "pin": "Base64EncodedEncryptedPin..."
  }'
{
  "code": 0,
  "msg": "Success",
  "data": {"result": true}
}
Sets the physical card PIN. Only physical cards (Physical) are supported, and the card status must be normal (Activated). The pin must be encrypted with AES/ECB/PKCS5Padding + Base64 before being passed in.
  • Only physical cards are supported; calling this endpoint for a virtual card returns 4017.
  • The plaintext PIN must be exactly 6 digits, and must not contain three or more identical or sequential digits (for example, 111111 or 123456); otherwise 4016 is returned.
  • The card status must be Activated; otherwise 4005 is returned.
  • See the “Code Utilities” section for encryption algorithm details.

Request Headers

Api-Key
string
required
apiKey (merchant credential, bound to IP whitelist)
Timestamp
string
required
Unix timestamp in milliseconds. The deviation from the server time must be within 60 seconds, and future timestamps are not accepted.
Access-Token
string
required
Login token (required for all interfaces except Get Token).
Content-Type
string
default:"application/json"
Fixed to application/json

Request Body

card_no
string
required
Card order number.
cardholder_no
string
required
Cardholder order number.
pin
string
required
Encrypted PIN (Base64 ciphertext).

Response Parameters

code
number
Response status code. 0 indicates success.
msg
string
Response message.
data
object
Response data.
curl --request POST \
  --url https://sandbox-openplatform.keysecure.io/open-api/v1/card/pin/set \
  --header 'Content-Type: application/json' \
  --header 'Api-Key: your_api_key' \
  --header 'Timestamp: 1716307200000' \
  --header 'Access-Token: your_access_token' \
  --data '{
    "card_no": "C202605220001",
    "cardholder_no": "U202605220001",
    "pin": "Base64EncodedEncryptedPin..."
  }'
{
  "code": 0,
  "msg": "Success",
  "data": {"result": true}
}