Wallet & Cards Overview
Entitiesβ
βββββββββββββββ βββββββββββββββ βββββββββββββββ
β Cardholder ββ1 NβΊβ Card ββ1 NβΊβ Movements β
β β β β β β
β authUserId β β cardId β β transfers β
β profile β β maskedPan β β statements β
β permissions β β balance β β refunds β
βββββββββββββββ βββββββββββββββ βββββββββββββββ
β²
β
β linked-cards (external cards)
β
βββββββββββββββ
β Third-party β
β card β
βββββββββββββββ
Card typesβ
| Type | How obtained | Use case |
|---|---|---|
| Physical (Migo-issued) | POST /users/{userId}/cards/virtuals | Migo-issued card, fundable in-wallet |
| Linked / third-party | POST /users/{userId}/linked-cards | External card the cardholder already owns |
POST /users/{userId}/cards (with a required clientId query param) links an existing card to a user β see Card Lifecycle. The physical-card issuance endpoint is POST /users/{userId}/cards/virtuals.
Fund modelβ
Each card has:
- Balance β available to spend (Decimal, up to 4 places, stored in the card's currency)
- Pending debits β authorized but not yet captured
- Pending credits β refunds not yet cleared
Balance changes only through:
POST /cards/{cardId}/fundsβ you add / withdraw funds as the issuer- Captured card payments β reduce balance
- Refunds credited back β increase balance
- Card-to-card transfers β move between two cards
Fund operations are atomic. You cannot overdraw; over-spend attempts return 7303 INSUFFICIENT_FUNDS.
Cardholder permissionsβ
Per-card, per-user permissions control who can do what. The real CardPermissionType values are:
checkCardβ view card detailscheckCvvβ reveal the CVVupdateAliasβ rename the cardupdateStatusβ block / unblock the cardassignPINβ set the card PINgetCardsβ list cardsgetAllTransfersByDateβ read the movement feedtransferBetweenCardsβ move money to another cardactivationβ activate the card
A single card can have multiple authorized users (e.g. a couple sharing a card). Each user's permissions are granted independently.
Permissions management endpoints:
POST /cards/{cardId}/users/{authUserId}/permissionsβ grant permissionsPATCH /cards/users/permissions/{id}β update a permission recordGET /cards/users/{authUserId}/permissionsβ list a user's card permissionsGET /cards/{cardId}/users/permissionsβ list all permissions on a cardGET /cards/{cardId}/users/{authUserId}/permissionsβ list one user's permissions on one specific card
Cards summaryβ
The wallet app pulls an aggregated summary per cardholder over a date range:
GET /users/{userId}/cards/summary?startDate=2026-04-01&endDate=2026-04-30
startDate and endDate are required. This differs from GET /users/{userId}/cards, which lists the user's cards; the summary returns aggregate figures for the period.