Get Started

Quickstart

This walks the full happy path in sandbox: create a user, onboard them for a card, fund it, and read the transaction. Replace pk_test_… / sk_test_… with your credentials.

i
Prerequisite: your partner organization already exists and you have your key/secret. If not, the Qwik team creates it (see Partner Organization).

1. Register a user

POST /partner/auth/register
curl -X POST 'https://dev.qwikcard.co/api/v1/partner/auth/register' \
  -H 'X-Partner-Key: pk_test_acme_xxx' \
  -H 'X-Partner-Secret: sk_test_acme_xxx' \
  -H 'Content-Type: application/json' \
  -d '{
    "email": "john@example.com",
    "phone_number": "+15551234567",
    "first_name": "John",
    "last_name": "Doe",
    "password": "s3cret!",
    "ssn": "123-45-6789",
    "date_of_birth": "1995-06-15"
  }'

201 with:

→ Response
{
  "userId": "...",
  "email": "...",
  ...
}

2. Log the user in (get a session token)

cURL · login + verify-otp
# Sends an OTP to the user's email/phone
curl -X POST 'https://dev.qwikcard.co/api/v1/partner/auth/login' \
  -H 'X-Partner-Key: pk_test_acme_xxx' -H 'X-Partner-Secret: sk_test_acme_xxx' \
  -H 'Content-Type: application/json' \
  -d '{ "email": "john@example.com", "password": "s3cret!" }'

# Exchange the OTP for a session token
curl -X POST 'https://dev.qwikcard.co/api/v1/partner/auth/verify-otp' \
  -H 'X-Partner-Key: pk_test_acme_xxx' -H 'X-Partner-Secret: sk_test_acme_xxx' \
  -H 'Content-Type: application/json' \
  -d '{ "email": "john@example.com", "code": "123456" }'
→ Response
{
  "sessionToken": "eyJ...",
  "expiresAt": 1750000000000,
  "user": {
    "id": "...",
  }
}

Save sessionToken; it's the Bearer token for every step below.

3. Start card onboarding

POST /partner/cards/onboarding
curl -X POST 'https://dev.qwikcard.co/api/v1/partner/cards/onboarding' \
  -H 'X-Partner-Key: pk_test_acme_xxx' -H 'X-Partner-Secret: sk_test_acme_xxx' \
  -H 'Authorization: Bearer eyJ...' \
  -H 'Content-Type: application/json' \
  -d '{
    "first_name": "John", "last_name": "Doe",
    "email": "john@example.com", "phone_number": "5551234567",
    "country_code": "US", "date_of_birth": "1995-06-15",
    "address_line1": "1 Market St", "address_city": "San Francisco",
    "address_state": "CA", "address_zip": "94105",
    "ssn": "123-45-6789"
  }'
→ Response
{
  "success": true,
  "data": {
    "message": "Complete onboarding in the embedded flow to get your card.",
    "onboardingEmbedUrl": "https://embed.upwardli.com/onboarding?token=...&pcid=7IYZJwWY2gY1imKfBnuHZnrRyeJ3",
    "accessToken": "<...................>",
    "expiresIn": 3600,
    "onboardingId": "<...................>",
    "consumerId": "<...................>",
    "status": "pending",
    "consumerKycStatus": "pending"
  }
}

Open onboardingEmbedUrl in a WebView so the user can complete KYC, review their offer, and accept the agreement. Then finalize:

POST /partner/cards/onboarding/:id/complete
curl -X POST 'https://dev.qwikcard.co/api/v1/partner/cards/onboarding/ONBOARDING_ID/complete' \
  -H 'X-Partner-Key: pk_test_acme_xxx' -H 'X-Partner-Secret: sk_test_acme_xxx' \
  -H 'Authorization: Bearer eyJ...' \
  -H 'Content-Type: application/json' \
  -d '{ "result": "pass", "data": {}, "agreement_accepted": true }'

4. Fund the card (sandbox shortcut)

POST /partner/cards/simulate-fund
curl -X POST 'https://dev.qwikcard.co/api/v1/partner/cards/simulate-fund' \
  -H 'X-Partner-Key: pk_test_acme_xxx' -H 'X-Partner-Secret: sk_test_acme_xxx' \
  -H 'Authorization: Bearer eyJ...' \
  -H 'Content-Type: application/json' \
  -d '{ "amount": 100.00 }'
→ Response
{
  "message": "Simulated fund applied to card",
  "availableBalance": 100.00
}

(For the real flow, then POST /partner/cards/deposits see External Bank Connect + Funding & Deposits.)

5. Check status & read transactions

cURL · status + transactions
curl 'https://dev.qwikcard.co/api/v1/partner/cards/status' \
  -H 'X-Partner-Key: pk_test_acme_xxx' -H 'X-Partner-Secret: sk_test_acme_xxx' \
  -H 'Authorization: Bearer eyJ...'

curl 'https://dev.qwikcard.co/api/v1/partner/cards/transactions?limit=20' \
  -H 'X-Partner-Key: pk_test_acme_xxx' -H 'X-Partner-Secret: sk_test_acme_xxx' \
  -H 'Authorization: Bearer eyJ...'

6. Subscribe to webhooks

POST /partner/webhooks
curl -X POST 'https://dev.qwikcard.co/api/v1/partner/webhooks' \
  -H 'X-Partner-Key: pk_test_acme_xxx' -H 'X-Partner-Secret: sk_test_acme_xxx' \
  -H 'Content-Type: application/json' \
  -d '{ "url": "https://your-app.example.com/qwik/webhook", "events": [] }'
→ Response
{
  "webhook": { ... },
  "secret": "store-this-once"
}

Use that secret to verify the X-Qwik-Signature header on every delivery (see Verifying Signatures).