User Cards

With Ottu, managing your customers' saved cards is straightforward and secure. The User Cards API lets you fetch all saved cards for a customer or delete a specific card. By incorporating this functionality, you ensure a seamless, personalized, and efficient payment experience.

info

User Cards API is not available in KSA.

Boost Your Integration

Ottu offers SDKs and tools to speed up your integration. See Getting Started for all available options.

When to Use

• Display saved cards — show customers their previously tokenized cards at checkout for one-click payments.
• Delete saved cards — let customers or your backend remove cards they no longer want stored.
• Build custom card management UI — if the Checkout SDK doesn't fit your UX needs, use these APIs directly.
• Pre-filter cards for auto-debit — retrieve tokenized cards before initiating recurring payments.

Setup

When integrating the User Cards API, here are the key points:

1. You will not receive the full card number (PAN). Instead, you'll get the last 4 digits and a token. This token is what you use for payments or authorizations.
2. If you're using the Checkout SDK, customers can delete their saved cards at any point. This gives users control over their payment information.
3. When a customer saves their card during payment, the corresponding token is included in the payload sent to your webhook_url.
4. Ottu already handles displaying saved cards and card deletion. Use these APIs only if you need more granular control.

Successful Payment is a Prerequisite

A saved card (token) can only be created after the customer completes a successful payment transaction. This ensures card validity and enables tokenization. See the Tokenization documentation for implementation details.

Guide

Workflow

1. Customer pays and saves card — during a Checkout API payment with tokenization enabled, Ottu creates a token.
2. Token delivered via webhook — the token is included in the webhook payload sent to your webhook_url.
3. List saved cards — call the User Cards API with customer_id to retrieve all saved cards (masked PAN + token).
4. Delete a card — call the delete endpoint with the card token to remove it.

Step-by-Step

1. Fetch saved cards — call GET /b/pbl/v2/card/?customer_id={id} to retrieve all tokenized cards for a customer.
2. Display cards — show the masked card number, brand, and expiry in your UI.
3. Delete a card — call DELETE /b/pbl/v2/card/{token}/ to remove a specific card.
4. Use a card for payment — pass the token to the Checkout API or Auto-Debit API for subsequent charges.

API Reference

Retrieve a list of saved cards for the customer.

Retrieve a list of saved cards for the customer.

POST 
/b/pbl/v2/card/

This endpoint retrieves a list of cards saved by the customer. The response includes details such as the card's masked number, card type, and expiration date. By using this endpoint, you can provide the customer with an overview of their saved cards for future payments.

Note: if card is created via save_card operation, below details should be considered

1. The amount must be zero for the save card operation.
2. The selected MID(pg_code) must support tokenization to enable the save card operation.
3. Please note that the save card operation is considered successful without any funds being charged.
4. Once a card is created, Ottu will send a webhook containing the card details to the merchant's webhook URL.
5. When the transaction type is save_card, all previously saved cards returned in the sdk_preload_payload should be hidden since the user is saving a new card and does not need to select from existing ones.

Permissions

Auth Method	Required Permissions
API Key	Required (Basic Auth not supported for this endpoint)

Request

Responses

200

400

401

403

404

405

415

Last updated on Mar 25, 2026

---

Delete a saved card for the customer.

Delete a saved card for the customer.

DELETE 
/b/pbl/v2/card/:token/

This endpoint allows you to delete a customer's saved card from the system. Provide the unique card identifier to remove the card from the customer's saved cards list. This action can help maintain up-to-date card information and ensure that customers do not accidentally use expired or unwanted cards for payments.

Permissions

Auth Method	Required Permissions
API Key	Required (Basic Auth not supported for this endpoint)

Request

Responses

204

No Content

400

401

403

404

415

Last updated on Mar 25, 2026

FAQ

What's Next?

• Recurring Payments — Use saved tokens for auto-debit and recurring billing
• Tokenization — How cards get saved during payment
• Checkout SDK — Drop-in UI that handles card management automatically