Skip to main content
POST
/
v1
/
issuing
/
cards
/
{id}
/
risk
Enroll Card in Network Protection
curl --request POST \
  --url https://api-sandbox.uqpaytech.com/api/v1/issuing/cards/{id}/risk \
  --header 'Content-Type: application/json' \
  --header 'x-auth-token: <api-key>' \
  --header 'x-idempotency-key: <x-idempotency-key>' \
  --data '
{
  "risk_control": "network_protection",
  "action_code": "41"
}
'
{
  "card_id": "7f6dbbd9-37b9-4f64-a021-cd4f71234567",
  "card_number": "************1234",
  "cardholder_id": "b6e6268b-7d95-4700-9b87-12e7c1234567",
  "card_scheme": "VISA",
  "enabled": false,
  "status": "ENROLL_PENDING",
  "action_code": "41",
  "definition": "Lost card, pickup",
  "update_time": "2026-05-14T09:00:00Z"
}

Documentation Index

Fetch the complete documentation index at: https://developers.uqpay.com/llms.txt

Use this file to discover all available pages before exploring further.

Authorizations

x-auth-token
string
header
required

The API token for login provided by UQPay.

Headers

x-on-behalf-of
string

Specifies the sub-account on whose behalf the request is made. This should be set to the account_id, which can be retrieved via the List Connected Accounts endpoint. If omitted or empty, the request is executed using the master account. More information at Connected Accounts.

x-idempotency-key
string<uuid>
required

A unique identifier (UUID) used to maintain operation idempotency, ensuring that repeated executions of the same operation do not result in unintended effects or duplication. It helps preserve data consistency in the face of network errors, retries, or failures.

Path Parameters

id
string<uuid>
required

Universally unique identifier (UUID v4) of a resource.

Example:

"71fdb0fe-9682-457a-9361-e8868694f12f"

Body

application/json
risk_control
enum<string>
required

Risk control type. Must be network_protection for ASAF enrollment.

Available options:
network_protection
Example:

"network_protection"

action_code
enum<string>
required

ASAF action code indicating the reason the card is enrolled in Network Protection.

  • 04 — Pickup card
  • 41 — Lost card, pickup
  • 43 — Stolen card, pickup
  • 46 — Closed account
  • 54 — Expired card
Available options:
04,
41,
43,
46,
54
Example:

"41"

Response

200 - application/json

Enrollment request accepted.

Acknowledgement returned for an ASAF Network Protection enrollment or removal request.

card_id
string<uuid>

Unique identifier of the card.

Example:

"7f6dbbd9-37b9-4f64-a021-cd4f71234567"

card_number
string

Masked card number.

Example:

"************1234"

cardholder_id
string<uuid>

Unique identifier of the cardholder.

Example:

"b6e6268b-7d95-4700-9b87-12e7c1234567"

card_scheme
string

Card network.

Example:

"VISA"

enabled
boolean

Whether Network Protection is currently active on the card. The field reflects the state after the request is processed by the network — it may not flip immediately, as enrollment and removal are asynchronous.

Example:

false

status
enum<string>

Lifecycle status of an ASAF Network Protection enrollment.

Available options:
NOT_ENROLLED,
ENROLL_PENDING,
ENROLL_FAILED,
ENROLLED,
REMOVAL_PENDING
Example:

"ENROLL_PENDING"

action_code
enum<string>

ASAF action code indicating the reason the card is enrolled in Network Protection.

  • 04 — Pickup card
  • 41 — Lost card, pickup
  • 43 — Stolen card, pickup
  • 46 — Closed account
  • 54 — Expired card
Available options:
04,
41,
43,
46,
54
Example:

"41"

definition
string

Human-readable description of action_code.

Example:

"Lost card, pickup"

update_time
string<date-time> | null

Time at which the enrollment or removal request was last updated.

Example:

"2026-05-14T09:00:00Z"