Skip to main content
POST
/
payment
/
verify-card
BODY='{"card_serial":"OLIV0001","pin":"1234"}'
TIMESTAMP='2026-03-10T12:00:00Z'
SIGNATURE=$(printf 'POST\n/api/v1/payment/verify-card\n%s\n%s' "$TIMESTAMP" "$BODY" | openssl dgst -sha256 -hmac "$OLIVE_HMAC_SECRET" -hex | sed 's/^.* //')

curl -X POST "https://demo.api.vultlocal.com/api/v1/payment/verify-card" \
  -H "X-API-Key-ID: $OLIVE_API_KEY_ID" \
  -H "X-Timestamp: $TIMESTAMP" \
  -H "X-Signature: $SIGNATURE" \
  -H "Content-Type: application/json" \
  -d "$BODY"

{
  "success": true,
  "message": "Card verified successfully",
  "is_active": true,
  "balance": "48,500.00 SLE",
  "holder_name": "John Doe"
}
Used before a payment to verify the card and fetch the holder name and current balance.

​
Request

​
X-API-Key-ID
string
required
API key ID assigned to the integration
​
X-Timestamp
string
required
RFC3339 timestamp used in the HMAC signature
​
X-Signature
string
required
Hex-encoded HMAC-SHA256 of the request

​
Body Parameters

​
card_serial
string
required
Card serial number
​
pin
string
required
Cardholder 4-digit PIN

​
Response

​
success
boolean
Whether verification succeeded
​
message
string
Verification result message
​
is_active
boolean
Whether the card is active
​
balance
string
Formatted available balance
​
holder_name
string
Card holder display name

​
Example

BODY='{"card_serial":"OLIV0001","pin":"1234"}'
TIMESTAMP='2026-03-10T12:00:00Z'
SIGNATURE=$(printf 'POST\n/api/v1/payment/verify-card\n%s\n%s' "$TIMESTAMP" "$BODY" | openssl dgst -sha256 -hmac "$OLIVE_HMAC_SECRET" -hex | sed 's/^.* //')

curl -X POST "https://demo.api.vultlocal.com/api/v1/payment/verify-card" \
  -H "X-API-Key-ID: $OLIVE_API_KEY_ID" \
  -H "X-Timestamp: $TIMESTAMP" \
  -H "X-Signature: $SIGNATURE" \
  -H "Content-Type: application/json" \
  -d "$BODY"

{
  "success": true,
  "message": "Card verified successfully",
  "is_active": true,
  "balance": "48,500.00 SLE",
  "holder_name": "John Doe"
}

​
Errors

StatusCodeDescription
400Validation or business errorInvalid payload, unknown card, blocked card, or bad PIN
401HMAC auth errorMissing/invalid X-API-Key-ID, X-Timestamp, or X-Signature
500Internal errorServer error

Authorizations

​
Authorization
string
header
required

Bearer authentication header of the form Bearer <token>, where <token> is your auth token.

Body

application/json

Card verification details

​
card_serial
string
required

Supports any alphanumeric: CARD0001, 48290173K, etc.

Example:

"CARD0001"

​
pin
string
required
Example:

"1234"

Response

Card verified

The response is of type object.