Skip to main content
OvraOvra
Join WaitlistSign In
CardsProgrammable / Virtual / Instant

Virtual cards for AI agents and assistants

Issue dedicated virtual cards to AI workflows via API. Scope spend by merchant, amount, or lifecycle so agents can complete checkout without sharing a company card.

Get Sandbox Access
TerminalPOST/v1/cards
{
  "type": "single_use",
  "currency": "eur",
  "spending_controls": {
    "max_transaction_euros": 500,
    "monthly_limit_euros": 2000,
    "merchant_blocklist": ["gambling", "crypto"]
  },
  "metadata": {
    "agent": "procurement-v2",
    "run_id": "run_8f2a91"
  }
}
Response200
{
  "id": "card_01j9x7...",
  "number": "4111 1111 1111 4891",
  "exp_month": 8,
  "exp_year": 2027,
  "cvv": "•••",
  "status": "active",
  "network_token": true,
  "dpan": "4*** **** **** 7823"
}

Card Types

SINGLE-USE

Disposable cards

Issue a card for one transaction. It expires the moment the charge clears — or if it goes unused. Zero residual exposure.

LifecycleSingle transaction
ExpiryOn authorization
Use caseAd buys, SaaS trials, one-off purchases
RECURRING

Subscription cards

Lock a card to a single merchant for repeating charges. Set a monthly cap and let the agent handle renewals autonomously.

LifecycleUntil cancelled
BillingPer-cycle limits enforced
Use caseSaaS subscriptions, recurring vendors
MERCHANT-LOCKED

Scoped cards

Bind a card to a specific merchant or MCC category. Charges outside the scope are declined at the network level.

ScopeMerchant ID or MCC code
Decline ruleNetwork-level enforcement
Use caseAd platforms, cloud vendors, marketplaces
BUDGET-CAPPED

Spend-limited cards

Hard cap on total or per-transaction spend. When the limit is reached, the card is automatically frozen — no overage possible.

Limit typesPer-transaction, daily, total
EnforcementHard block at authorization
Use caseCampaign budgets, agent allowances

Policy Controls

Every card carries a policy. Define it at issue time — the API enforces it, not your application code.

Spend limits

Set per-transaction, daily, or lifetime caps. Hard-blocked at the API — no soft declines.

MCC locks

Restrict cards to specific merchant category codes. Block entire categories like gambling or crypto.

Time windows

Cards only authorize within defined time ranges. Useful for session-scoped agents.

Approval workflows

Route charges above a threshold to a human approver before authorization proceeds.

Merchant allowlists

Explicitly allowlist or blocklist individual merchants by ID. Layer on top of MCC rules.

Velocity controls

Cap the number of transactions per hour or day. Prevents runaway agents from hammering a merchant.

Zero-knowledge architecture

Agents never see real card data. Every transaction uses a Visa Network Token (DPAN) with a single-use cryptogram. PAN and CVV never enter agent context — not in logs, not in memory, not in prompts.

Visa Network TokensZero PAN exposureEU data residencyGDPR by design

Ready to issue your first card?

Get sandbox access, issue virtual cards, and start building in minutes.

Join WaitlistRead the Docs