Process Card Payout
Payouts — Process Card Payout
7 min readUpdated Mar 27, 2026
POST /api/v1/payouts/card
Send funds to a customer's card (credit push). Used for disbursements, commissions, refunds-as-payouts, and withdrawals.
Guide: Initiating a Card Payout — conceptual walkthrough, flow diagrams, and integration patterns.
#Headers
| Header | Value |
|---|---|
Content-Type | application/json |
Authorization | Bearer {token} — see Authentication |
#Request Body Parameters
| Field | Type | Required | Description |
|---|---|---|---|
requestId | String | Yes | Unique identifier for the request. Used for idempotency — if you retry with the same requestId, the system will return the original response instead of processing a duplicate. |
mid | String | Yes | Merchant account ID. Identifies which merchant account the transaction is associated with. |
amount | String | Yes | Transaction amount as a decimal string in major currency units (e.g. "10.00" = ten dollars). Values with more than two decimal places are automatically rounded. |
card | Object — See PayoutCardDetails | Yes | |
billingDetails | Object — See PayoutBillingDetails | No | |
callbackUrl | String | No | Server-to-server webhook URL. Exirom sends a POST with the final transaction result to this URL. See Webhook Callbacks. |
metadata | Map<String, String> | No | Arbitrary key-value pairs for your own use (e.g. order reference, campaign ID). Returned unchanged in responses and callbacks. |
| Field | Type | Required | Description |
|---|---|---|---|
expMonth | String | Yes | Card expiration month in MM format (e.g. "08" for August). |
expYear | String | Yes | Card expiration year in YYYY format (e.g. "2027"). |
number | String | Yes | Full card number (PAN). Must be a numeric string with no spaces or dashes. Handled securely and never stored in plaintext. |
cvv | String | No | Card verification value (CVV/CVC) — the 3- or 4-digit security code on the card. |
cardHolderName | String | No | Cardholder's name as printed on the card. |
| Field | Type | Required | Description |
|---|---|---|---|
firstName | String | No | Customer's first name. Required for 3DS2 frictionless flow. |
lastName | String | No | Customer's last name. Required for 3DS2 frictionless flow. |
address | String | No | |
postalCode | String | No | Billing ZIP or postal code. |
city | String | No | Billing city. Required for 3DS2 frictionless flow. |
state | String | No | Billing state or province. |
countryCode | String | No | |
phone | String | No | Customer's phone number (including country code). Required for 3DS2 frictionless flow. |
email | String | Yes | Customer's email address. |
#Response
| Field | Type | Description |
|---|---|---|
transactionId | String | Unique transaction identifier assigned by Exirom. Use this ID to query status, retrieve info, or reference the transaction in support requests. |
transactionStatus | String (NEW, PENDING, FAILED, REFUNDED, CUSTOMER_VERIFICATION, ...) | Current status of the transaction. See Transaction Status Guide for the full lifecycle. |
declineCode | Integer | Numeric code indicating the reason for a decline. Only present when the transaction is FAILED. See Decline Codes Reference. |
paymentType | String (CARD, APM) | Payment type identifier: CARD for card transactions, APM for alternative payment methods. |
{
"requestId": "req_abc123",
"mid": "merchant_123",
"amount": "100.00",
"card": {
"expMonth": "12",
"expYear": "2027",
"number": "4111111111111111",
"cvv": "123",
"cardHolderName": "John Doe"
},
"billingDetails": {
"firstName": "John",
"lastName": "Doe",
"address": "123 Main St",
"postalCode": "10001",
"city": "New York",
"state": "NY",
"countryCode": "US",
"phone": "+12125551234",
"email": "test@example.com"
},
"callbackUrl": "https://yourserver.com/callback",
"metadata": {
"key1": "value1"
}
}{
"transactionId": "example_transactionId",
"transactionStatus": "NEW",
"declineCode": 12345,
"paymentType": "CARD"
}Idempotency: The
requestIdfield ensures idempotent processing. If you retry a request with the samerequestId, the original response is returned without reprocessing.
#Error Responses
| HTTP Status | Description |
|---|---|
400 | Bad Request — missing or invalid parameters. Check the response body for field-level details. |
401 | Unauthorized — missing, expired, or invalid bearer token. Re-authenticate via POST /api/v1/auth. |
404 | Not Found — the requested resource does not exist. |
500 | Internal Server Error — an unexpected error occurred. Retry with exponential backoff. |
curl -X POST https://sandbox.api.exirom.com/api/v1/payouts/card \
-H "Content-Type: application/json" \
-H "Authorization: Bearer YOUR_TOKEN" \
-d '{
"requestId": "req_abc123",
"mid": "merchant_123",
"amount": "100.00",
"card": {
"expMonth": "12",
"expYear": "2027",
"number": "4111111111111111",
"cvv": "123",
"cardHolderName": "John Doe"
},
"billingDetails": {
"firstName": "John",
"lastName": "Doe",
"address": "123 Main St",
"postalCode": "10001",
"city": "New York",
"state": "NY",
"countryCode": "US",
"phone": "+12125551234",
"email": "test@example.com"
},
"callbackUrl": "https://yourserver.com/callback",
"metadata": {
"key1": "value1"
}
}'#Try It
SandboxTry it
https://sandbox.api.exirom.com/api
Was this helpful?