# Create Card
To create/request a physical card, you are required to create a [tier 2 (full KYC)](https://docs.1app.online/subaccount/create-customer-full-kyc) account for your customer.
`POST` {{base\_url}}/business/debitcard-issuance
#### Headers
| Name | Type | Description |
| ----------------------------------------------- | ------ | ----------- |
| Authorization\* | String | SECRET\_KEY |
#### Request Body
| Name | Type | Description |
| ------------------------------------------------- | ------- | ------------------------------------------------------------------------------------------------------------ |
| customerid\* | Sting | Tracking ID returned from the create customer endpoint |
| cardtype\* | String | Specify the type of card requesting for as **debit** or **credit** |
| photocustomised\* | Boolean | Specify if the card should be cutomize with photo or plain.
Required value should be true or false
|
| photo | String | A valid url of the customer photo. Only required if the photocustomised value above is true |
| nin\* | String | Customer NIN e.g 21311266613 |
{% hint style="danger" %}
Your secret keys are to be kept confidential and stored only on your servers. Do not pass your secret key to the front-end language where it can be exploited.
{% endhint %}
Take a look at how you might do this:
{% tabs %}
{% tab title="cURL" %}
```php
curl --location '{{base_url}}/business/debitcard-issuance' \
--header 'Content-Type: application/json' \
--header 'Authorization: Bearer SECRET_KEY' \
--data-raw '{
"customerid": "891106211211"
"cardtype": "debit",
"nin": "21121212029",
"photocustomised": false,
"photo": ""
}'
```
{% endtab %}
{% tab title="NodeJs" %}
```javascript
const axios = require('axios');
let data = JSON.stringify({
"customerid": "891106211211"
"cardtype": "debit",
"nin": "21121212029",
"photocustomised": false,
"photo": ""
});
let config = {
method: 'post',
maxBodyLength: Infinity,
url: '{{base_url}}/business/debitcard-issuance',
headers: {
'Content-Type': 'application/json',
'Authorization': 'Bearer SECRET_KEY'
},
data : data
};
axios.request(config)
.then((response) => {
console.log(JSON.stringify(response.data));
})
.catch((error) => {
console.log(error);
});
```
{% endtab %}
{% tab title="PHP - cURL" %}
```php
$curl = curl_init();
curl_setopt_array($curl, array(
CURLOPT_URL => '{{base_url}}/business/debitcard-issuance',
CURLOPT_RETURNTRANSFER => true,
CURLOPT_ENCODING => '',
CURLOPT_MAXREDIRS => 10,
CURLOPT_TIMEOUT => 0,
CURLOPT_FOLLOWLOCATION => true,
CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
CURLOPT_CUSTOMREQUEST => 'POST',
CURLOPT_POSTFIELDS =>'{
"customerid": "891106211211"
"cardtype": "debit",
"nin": "21121212029",
"photocustomised": false,
"photo": ""
}',
CURLOPT_HTTPHEADER => array(
'Content-Type: application/json',
'Authorization: Bearer SECRET_KEY',
),
));
$response = curl_exec($curl);
curl_close($curl);
echo $response;
```
{% endtab %}
{% tab title="Dart" %}
```dart
var headers = {
'Content-Type': 'application/json',
'Authorization': 'Bearer SECRET_KEY'
};
var request = http.Request('POST', Uri.parse('{{base_url}}/business/debitcard-issuance'));
request.body = json.encode({
"customerid": "891106211211"
"cardtype": "debit",
"nin": "21121212029",
"photocustomised": false,
"photo": ""
});
request.headers.addAll(headers);
http.StreamedResponse response = await request.send();
if (response.statusCode == 200) {
print(await response.stream.bytesToString());
}
else {
print(response.reasonPhrase);
}
```
{% endtab %}
{% endtabs %}
## Sample response
{% tabs %}
{% tab title="Successful" %}
```json
{
"status": true,
"responsecode": "01",
"message": "Card Request Successfully Submitted for John Doe",
"data": {
"requestid": "1fc0e17f-31ea-c9ea-0230-770e7c7bf876",
"customerid": "BLD19661746"
}
}
```
{% endtab %}
{% tab title="Failed" %}
```json
{
"status": false,
"responsecode": "00",
"message": "Unable to process request. Invalid authorization key",
"requestid": ""
}
```
{% endtab %}
{% endtabs %}