Third-Party Card Linking
Associate a card that another cardholder already owns to a user's Migo account. A third-party card is linked by the owner's email and the last-4 suffix of the card β there is no SDK tokenization or temporary-token exchange.
Link a card (Wallet Gateway)β
POST /users/{userId}/linked-cards takes an AssignThirdPartyCardPayloadDto:
curl -X POST https://api.ali.app/rest/users/{userId}/linked-cards \
-H "Authorization: Bearer <token>" \
-H "x-application-id: YOUR_APP_ID" \
-H "Content-Type: application/json" \
-d '{
"email": "owner@example.com",
"suffix": "1234",
"alias": "Family Card"
}'
| Field | Required | Notes |
|---|---|---|
email | yes | Email of the cardholder owning the third-party card |
suffix | yes | Last four digits of the card |
alias | yes | Alias used to identify the card in the account |
Link a card (CMS)β
For backoffice flows (operator acting on behalf of the cardholder), POST .../cards/association uses the same email/suffix/alias body:
curl -X POST "https://api.ali.app/cms/rest/app/partners/{partnerId}/cardholders/{cardholderId}/cards/association" \
-H "Authorization: Bearer <token>" \
-H "x-user-token: <cms-user-token>" \
-H "Content-Type: application/json" \
-d '{
"email": "owner@example.com",
"suffix": "1234",
"alias": "Family Card"
}'
List linked cardsβ
curl https://api.ali.app/rest/users/{userId}/linked-cards \
-H "Authorization: Bearer <token>"
Update association (alias)β
PATCH /users/{userId}/linked-cards/{associationId} updates only the alias (UpdateThirdPartyCardDto):
curl -X PATCH https://api.ali.app/rest/users/{userId}/linked-cards/{associationId} \
-H "Authorization: Bearer <token>" \
-H "Content-Type: application/json" \
-d '{ "alias": "BAC (primary)" }'
Delete an associationβ
curl -X DELETE https://api.ali.app/rest/users/{userId}/linked-cards/{associationId} \
-H "Authorization: Bearer <token>"
Errorsβ
| Code | Name | Meaning |
|---|---|---|
7220 | THIRD_PARTY_CARD_NOT_FOUND | No card matches the supplied owner email + suffix |
7221 | ERROR_CREATING_THIRD_PARTY_CARD | The association could not be created |
7222 | THIRD_PARTY_CARD_ALREADY_ASSIGNED | The card is already linked |
7223 | CARD_ASSOCIATED_BELONGS_TO_THE_USER_WHO_MADE_THE_REQUEST | The card belongs to the requesting user |
See the full Error Catalog for the complete list.