Productfy’s web service API is built on GraphQL. This allows you to access vast amounts of data, usually in a single API call, and have full control of what data you want to retrieve.

There are two major endpoints to the API:

- `/graphql/api/public` that requires no authentication 
- `/graphql/api/authenticated` that requires an authentication token. Access to this endpoint requires a valid session key.

:::productfy-environment
All calls to the standard API endpoints on https://api.productfy.io require the following headers:

- **`Productfy-TenantDeploymentEnvironmentId:`** `Pfy_TnntDeployEnv-DflMainTnnt1`
- **`Productfy-ApiKey:`** *`Your provisioned API key`*
:::

If you have been provisioned your own custom API subdomain, then you do not need to pass in the headers, as they are automatically populated on every call.

In each of the following GraphQL sections, you’ll find our GraphQL Query Builder tool, which not only helps you construct the appropriate query, but also allows you to execute it and see the response. You can also export the query into an HTTP JSON or cURL request and see the payload (especially on how to pass in the session key for API’s that require authentication). Whenever feasible, we’ve populated the queries with reasonable parameters.

Finally, if you have any questions, please don’t hesitate to contact us at support@productfy.io.

Introduction

A login is the central entity for authentication and authorization on the Productfy system. Every authenticated session is identified by a session key, which is required to interact with most of the GraphQL API. The session key is found in the :graphql-name[logIn] API response within the login field. Please see the [Getting Started](/docs/guides/gettingStarted) implementation guide for detailed info on how to authenticate with Productfy. 

# User Login
Authenticate a user login and retrieve a session key. 

Use any of the following as a user ID:
* username
* emailAddress
* phoneNumber

[View GraphQL code](mutation:logIn)

NOTE: Please see step 2 of our implementation guide Getting Started [Create Session Keys](/docs/guides/gettingStarted#step-2-create-session-keys-for-each-api-call) for more information. 

# Validate Session Login
Validate the session key and return information about the login.

[View GraphQL code](query:whoAmI)

# Update User Login 
Allow the tenant admin to update the status of the login.

[View GraphQL code](mutation:updateLoginAccountStatus)

# Reset User Password
Send a password reset link to the user.

[View GraphQL code](mutation:resetPassword)



Authentication

# Overview
Productfy supports **persons** and **organizations** as customers. Each person or organization gets a unique ID number that is used in other API calls to perform actions on that customer like opening accounts, KYC, or initiating ACH transactions. Use these APIs to create persons and organizations and save demographic info to them (name, address, SSN, DOB, EIN, etc.). Additionally, Productfy supports storing and retrieving custom key-value pair data on persons and organizations if you would like to attach additional data to the record. 

# Create Person

Create a standalone person who is not associated with any login or organization. Requires tenant admin privileges. When creating a person at a minimum you must provide either the **`ssn`** or **`name`** parameter. The **`ssn`** can be provided with or without the dashes. For example, both ***123-45-6789*** and ***123456789*** are valid. Note, to pass KYC you must include the name, SSN, date of birth and set the **Primary** field to **true** on the name, for KYC to work correctly on your person ID. 

[View GraphQL code](mutation:createPerson)

# Update Person Information

Save the person's demographic information, such as date of birth, SSN. 

[View GraphQL code](mutation:updatePerson)

# Save Person Address

Save the address and associate it with a person. **This information is required for KYC.** The address is saved using one of the following methods:

* Use googlePlacesId
* Use address parameters such as streetNumber, streetName, city, and postal code

[View GraphQL code](mutation:personAddress)

# Save Person Email Address

Save a person's email address. **This information is required for fraud monitoring.**

[View GraphQL code](mutation:personEmailAddress)

# Save Person Phone Number

Save a person's phone number. **This information is required for fraud monitoring.**

[View GraphQL code](mutation:personPhoneNumber)

# Save Custom Person Data

Save any arbitrary data you want to associate with a person, such as a photo, links to social media profiles, or additional contact information.

[View GraphQL code](mutation:personKvpData)

# Get Custom Person Data

Retrieve any custom data associated with a person.

[View GraphQL code](query:personKvpDataSet)

# Create Organization

Save an organization's information, such as its name, description, address, EIN and other related metadata.

[View GraphQL code](mutation:saveCompany)

# Retrieve Organization

Retrieve an organization's information, such as its name, description, address, ID, due diligence submission and other related metadata.

[View GraphQL code](query:organization)

# Retrieve Organization Members

Retrieve an organization's associated Person IDs. 

[View GraphQL code](query:organizationMembers)

# Save Organization Address

Save an organization's address. The address is saved using one of the following methods:

* by using googlePlacesId
* by passing in address parameters such as streetNumber, streetName, city, and postal code

[View GraphQL code](mutation:organizationAddress)

# Associate Person to Organization

Associate a person with an existing organization.

[View GraphQL code](mutation:saveOrganizationPersonAssociation)

# Save Custom Organization Data

Save any arbitrary data you want to associate with an organization, such as a logo or additional contact information.

[View GraphQL code](mutation:organizationKvpData)

# Get Custom Organization Data

Retrieve any custom data associated with an organization.

[View GraphQL code](query:organizationKvpDataSet)

Customer

Know-Your-Customer (KYC) is a regulatory requirement and describes the process by which customers' identities and backgrounds are verified to enable them to move money and store money. The initial pieces of information needed on a customer are: Name, Address, Date of Birth, Social Security Number. These can be collected at different points in time as customers onboard to your app, and should be stored with each customer's Person ID (see APIs in the Customer section). 

Our approved KYC workflow is a waterfall approach that optimizes for reducing friction as much as possible. For custom KYC workflows please work with your Productfy representative for approval. The waterfall approach is as follows:

1. Basic KYC using Execute KYC API
2. If basic KYC is not passed, knowledge-based answers (KBA) must be provided 
3. If KBA is not passed, documentary evidence must be provided via a drivers license or passport photo upload

See our [KYC Implementation Guide](/docs/guides/kyc) for more info. 

Know-Your-Business (KYB) is a form of KYC done on a business customer. The process varies depending on whether the business customer is a sole proprietorship or a more complex form of business like LLC. See our [KYB Implementation Guide](/docs/guides/kyb#root) for more info. 

# Execute KYC

Executes Know-Your-Customer (KYC) verification for a person. The results will be supplied in the returned entity. This request requires tenant admin privileges. Note - this API call in production normally takes 10-45 seconds. 

In test environments, you can see the different results of KYC based on the last letter of the first name as follows:
- The letters a through g will result in an automatic pass
- The letters h, i, j, k, and l will require KBA questions to be answered: h and i will fail the KBA answers, j, k, and l will pass the KBA answers 
- The letters m through r will require documents to be uploaded: m, n, and o will fail if the DVS documents are uploaded, p, q, or r will result in an automatic pass with document verification if documents are present
- The remaining letters will automatically fail

[View GraphQL code](mutation:executeKycVerification)

# Override KYC status API 
This API is used to override end users’ KYC statuses that have initially failed KYC level 1. 

**NOTE: Before this API can be used, you must contact Productfy support to receive access to this API.**

[View GraphQL code](mutation:overrideKycStatus)
 

# Get KBA Questions

For users who don't pass KYC based on their demographic information, additional knowledge-based questions must be presented. Use this API to present the questions.

You can generate a new questionnaire for, or retrieve an existing questionnaire.

[View GraphQL code](query:kbaQuestionnaire)

# Submit KBA Answers

Submit your user's KBA questionnaire responses. The returned value indicates whether or not the responses contain real data.

[View GraphQL code](mutation:kbaAnswers)

# Process DVS

For a user to successfully pass KYC, it is required to verify the user’s correct date of birth (DOB). If the initial executeKycVerification API call fails to verify the user's DOB, it might point you to use Document Verification Service (DVS). In this step, the user must upload a photo ID, such as passport or driver’s license, to verify their identity. The information in the user’s identification documents are compared against the data provided at signup to verify the user. Validation checks are also performed on the photo IDs to ensure the IDs are authentic and unaltered. DVS is the final step in the KYC flow.

[View GraphQL code](mutation:processDocumentVerificationAndLivenessTestRequest)

# Execute KYB

For business customers, the **Execute KYB API** must be used on the Organization ID of your business customer before they can open an account or move money via ACH. Refer to our [KYB Implementation Guide](/docs/guides/kyb#root) for more info. This API will automatically validate that the data is set up correctly for the business, that it is a legitimate business, and that it isn't on any watchlists. It will update the **cipResult** and **watchlistsCheckResult** fields, both of which must be passed for the organization to pass KYB.  For organizations with DBA (Doing Business As) names, we will run a watchlist check on both the organization name and the DBA name. 

[Execute KYB API](mutation:executeKyb)


KYC / KYB

Productfy Virtual Accounts are flexible holding accounts for customer deposits held at a partner bank. All customers who get virtual accounts must go through the KYC process before opening the account. 

# Create Virtual Account

Create a virtual financial account on the Productfy system (requires a Virtual Account Product to already be created, see Create Virtual Account Product API below). Generally this account is used to hold customer deposits and is backed by a settlement account at a Productfy partner bank. Virtual accounts get unique account IDs that can be used in other APIs to retrieve data or initiate ACH money movement. 

[View GraphQL code](mutation:createVirtualAccount)

# Create Virtual Account Product  

Use this as a one-time setup step to create your Virtual Account Product on the Productfy system. This will return the financialProductId that is needed in subsequent APIs calls to create virtual accounts. 

[View GraphQL code](mutation:createVirtualAccountProduct)

# Get Account

Retrieve data associated with a financial account by its ID.

[View GraphQL code](query:financialAccount)


# Get Multiple Accounts

Retrieve a collection of financial accounts based on specific parameters, such as organization ID or person ID.

[View GraphQL code](query:financialAccounts)

# View Operating Account

View information on your partner bank FBO account.

[View GraphQL code](query:tenantOperatingAccounts)

# Save External Account

This API is used to save an account and routing number supplied by a user or third party. The account will be created in un-verified status and will need to be verified to be used for money movement. 

[View GraphQL code](mutation:createManuallyEnteredExternalFinancialAccountWithOwnerIds)

# Verify External Link

This API is used to set an un-verified account to verified status, so that it can be used for ACH money movement. 

[View GraphQL code](mutation:setFinancialAccountAchConfigurationTenantAdminOverride)

# Create Secured Credit Card Account Product  

Use this as a one-time setup step to create your Secured Credit Card Account Product on the Productfy system. This will return the financialProductId that is needed in subsequent APIs calls to create SCC accounts. 

[View GraphQL code](mutation:createSecureCreditCardAccountProduct)

# Create Secured Credit Card Account

Secured credit cards are linked to Credit Card Accounts and Virtual Collateral Accounts on Productfy. Virtual Collateral Accounts are where a customer’s collateral funds are held to secure their line of credit. Credit Card Accounts are where a customer’s outstanding balances are tracked.

Use the **Create Secured Credit Card Account API** first to create the credit card account. This API will automatically create the Virtual Collateral Account. Use the Virtual Collateral Account's **virtualCollateralAccountId** in subsequent API calls to fund the account via ACH.

[View GraphQL code](mutation:createSecureCreditCardAccount)

Accounts

# Overview
Enable users to link their financial accounts so they can initiate ACH money movement with them, or for you to retrieve bank data (e.g. balances, transactions, APR's) on their accounts. This flow starts by calling **Get Yodlee FastLink Configuration** and then displaying the Yodlee account linking widget (more info here: https://developer.yodlee.com/docs/fastlink/4.0/getting-started) 

To initiate ACH transactions with a third party linked account, the account must be validated through Instant Account Verification (IAV) or manually via Micro-Deposit Verification (MDV). See our [Account Linking Implementation Guide](/docs/guides/accountlinking) for more detail. For the purposes of testing in non-production environments, any micro-deposit value less than $.10 will result in a valid micro-deposit verification. 

To retrieve third party bank data on a linked account, you can use the FinSight Profile API to retrieve users' financial data including account, balance, and transactions. 

# Get Yodlee FastLink Configuration

Retrieve data to initialize the Yodlee FastLink widget. It is recommended to use the Yodlee FastLink widget because it makes several API calls to help automate your account linking implementation. 

The **`accessToken`** returned by this Yodlee API expires after **30 minutes**.

Consult a support person before you call this operation.

[View GraphQL code](query:yodleeFastlinkConfiguration)

# Save Yodlee FastLink Result

After a user completes the Yodlee FastLink widget flow, the account data must be saved to Productfy using one of the APIs below depending on if the user is a Person or Organization. Note, for person IDs, you must set **linkWithYodlee** to true when [creating the person ID](/docs/api/customer#create-person). 
- **For Person**: [View GraphQL code](mutation:saveFinancialAccountsFromYodleeFastLinkForPerson)

- **For Organization**: [View GraphQL code](mutation:saveFinancialAccountsFromYodleeFastLinkForOrganization)
 
# Register Organization With Yodlee

If your app is onboarding businesses as customers, these customers must be created on Productfy as Organizations and if they want to link accounts must be registered with Yodlee prior to actually linking the bank account. First, [create an organization](/docs/api/customer#create-organization) in the Productfy system then provide the `organizationId` in this API call to register with Yodlee.

[View GraphQL code](mutation:registerOrganizationYodleeUser)

# Account Linking Status #

After the Yodlee FastLink widget flow is complete, the account link may be in varying statuses from fully linked, partially linked to not linked at all. Use this API to check the status of the account link. Note - it may take between 1-15 minutes for Yodlee to fully link an account once the user submits their information through the widget. The boolean values returned will guide the next steps of the flow you should present to users. If all values are false but there is an accountID returned, that means the account is fully linked and no further steps are needed. 

[View GraphQL code](query:accountLinkingStatus)

# Add Routing & Account Numbers

If the **Account Linking Status** API returns an accountID but has needAccountNumber and needRoutingNumber as true, then the account has been partially added. You will need to ask the user to input the Routing Number and Account Number for their bank account and save it to Productfy with this API before initiating micro-deposits. 

[View GraphQL code](mutation:sensitiveFinancialAccountInformation)

# Save External Account

If the **Account Linking Status** API does not return an accountID, this means no account has been added via Yodlee and you will need to create it from scratch using this API.   You'll need to ask the user to input the account number and routing number and save the account to Productfy using this API. The account must be associated with a login, person, or organization on the Productfy system. It is not possible to retrieve transaction history on external accounts as they are only used for ACH money movement. Note, this API only supports accounts of the following types: checking, savings, money market, loan. 

[View GraphQL code](mutation:createManuallyEnteredExternalFinancialAccountWithOwnerIds)

# Initiate Micro-Deposits

Initiate micro-deposit verification for any saved external account.  It will take 1 business day or less for two amounts to show up at the third party financial institution. Also we will automatically initiate withdrawals for the micro-deposit amounts. 

[View GraphQL code](mutation:initiateMicroDeposits)

# Verify Micro-Deposit

Verify the amount of micro-deposit transfers initiated on an external account. You must wait 3 hours after the micro-deposit transfer is initiated to be able to verify the amounts. Micro-deposit verification is invalidated after five failures. Micro-deposits do not expire.

In testing environments, any amount less than $0.10 can be considered valid for micro-deposit verification.

[View GraphQL code](mutation:verifyMicroDeposits)

# Remove Financial Account

Deletes a third-party (Yodlee-linked) financial account from the system. This will remove the account and all associated transactions from Yodlee. This is a permanent operation that cannot be reversed. NOTE: Do not use this to delete virtual accounts.

[View GraphQL code](mutation:removeFinancialAccount)

# Verify External Link

Use this API to set a financial account on the Productfy system to Verified, so it can be used for ACH money movement. This API is used if you are using account linking services outside of Productfy to establish trusted links on the Productfy system. Note - use of this API requires configuration by Productfy, work with your Productfy representative to ensure you are enabled to use this. 

[View GraphQL code](mutation:setFinancialAccountAchConfigurationTenantAdminOverride)


Account Linking

# Overview
ACH refers to Automated Clearing House which is the traditional form of moving money between banks in the United States. Through our simple API you can allow your customers to move money between bank accounts. All ACH users must go through our KYC process, and must have valid linked accounts through our Account Linking process to be able to transact. Productfy creates properly formatted ACH files to be processed by our partner bank and handles ACH return processing on your behalf. You can choose whether to send the ACH as **same-day** or **standard**, see our [ACH Implementation Guide](/docs/guides/ach) for more details on processing times. Also note, same-day ACH carries increased risk of an ACH return after the initial ACH request has been settled, since it can settle on the same day but a return due to insufficient funds won't show up until the next day.

# Initiate Fund Transfer 
Transfers funds between accounts, currently the API does not support two-legged ACH transfers between two external accounts. If either the source or destination account is an external account, an ACH Transfer Request will be created and the ledger will be updated accordingly. Otherwise, if both accounts are internally managed accounts, the fund transfer will occur on the Productfy ledger without needing to create an ACH Transfer.

The transfer request will first be verified by our approval rule engine before being sent to the ACH network. If it does not pass, the field **`achTransferRequestDto.approvalRuleEvaluationResults.approved`** will be returned as false and the request will not be submitted to the network. Further details on the failure reason can be seen in the fields **`achTransferRequestDto.approvalRuleEvaluationResults.failureDetails`** and **`achTransferRequestDto.approvalRuleEvaluationResults.ruleDescription`**. 

[View GraphQL code](mutation:initiateFundTransfer)

# Initiate ACH Transfer

Submit the transaction amount, and which accounts the money should move from and to in this API to get the ACH transfer process started.

If you are testing in a test environment, any transfers where the last non-zero digit is an odd number (ex. 1, 2.21, 10, 20.01) will end in a failed ACH state whereas if the last non-zero digit is an even number (ex. 2, 1.02, 5.12) will succeed. This only occurs in simulation mode and only after the normal validation rules are applied.

[View GraphQL code](mutation:createAchTransferRequest)

# Cancel ACH Transfer

Cancel an ACH transfer request. This can only be done before the ACH transfer request is validated.

[View GraphQL code](mutation:cancelAchTransferRequest)

# Get ACH Transfer Requests

Retrieve ACH transfer requests based on various parameters, such as the transfer request ID, account ID, person ID, or status.

To find the status or reason for an ACH transfer failure, pass in the parameter **`achTransferRequestIds`** and ask for **`approvalRuleEvaluationResults`** in the response returns to display all the details pertaining to the failure.

[View GraphQL code](query:achTransferRequests)

# Get Latest Account Balance

Request the latest account balance of a third-party (Yodlee-linked) financial account. The account balance will be returned in the Yodlee Balance Refresh webhook, which should come 1-5 minutes after the API call. You’ll need to compare the account balance in the webhook against any amount your customers are transferring out of this account over ACH and reject transfers that are too large to be covered by the balance. 

Note: use of this API requires configuration by Productfy, work with your Productfy representative to ensure you are enabled to use this. 

[View GraphQL code](mutation:initiateAccountBalanceRefresh)

Transactions are associated with an account on the Productfy system and are retrievable via the Get Transactions API. Additionally, Productfy generates monthly PDF statements for all transactions done on a Virtual Account. 

You have the ability to create transactions on Productfy's ledger through the Create Virtual Account Transaction API. This is used with ACH processing to give customers availability of funds. 

# Create Virtual Account Transaction

Use this operation to create a transaction of a specific amount on the Productfy ledger for a customer’s Virtual Account. Transactions can be in pending or settled status.

For example, suppose an ACH transaction in the amount of $100 has settled. if an account has an existing balance of $200, call this method to add the matching $100 to make the new balance of the account $300.

[View GraphQL code](mutation:createVirtualAccountTransaction)

# Apply Group Financial Transactions

Apply a set of transactions to multiple accounts that have the same balance types, asset types, and asset IDs. Use this with sub-account ledgering to transfer balance amounts among multiple accounts in an account group. 

The following groups are involved in this API:

There are three groups; the final amount of leftGroup and rightGroup should net to zero. The netDeltaGroup is used to control the in/out flow of the amount from the account group, is optional, and independent from the left and right groups. All accounts must belong to a single account group and are internally-managed. 

[View GraphQL code](mutation:applyFinancialAccountGroupFinancialTransactions)

# Settle Pending Transaction

Settle a pending transaction. This method may only be executed by a tenant administrator.

[View GraphQL code](mutation:settlePendingFinancialTransaction)

# Reverse Transaction

Reverse a pending transaction by creating an offsetting transaction and hiding both of the transactions. This method only works for pending transactions. This method may only be executed by a tenant administrator.

[View GraphQL code](mutation:reverseFinancialTransaction)

# Get Transactions

Search for financial transactions using the transaction ID or transaction category.

[View GraphQL code](query:financialTransactions)

# Get Transactions By Date Range

Use this API to retrieve transactions by a specific date range. 

[View GraphQL code](query:financialTransactionsByFinancialAccount)

# Get Statements

Retrieve all statements associated with an account. You must specify the accountId. Statements are generated at the end of every month. 
Note - in the QA environment statements will run on this same schedule. 

[View GraphQL code](query:statements)


Transactions

Productfy offers a suite of APIs to create an end-to-end card issuing experience for your customers. All debit cards must be linked to a Virtual Account on Productfy as the source of funds. Work with your Productfy representative to set up custom card designs for your plastic cards to get mailed out. For virtual cards, see our Virtual Card Widget for an easy way to display card details in your app. 

For testing card transactions, Productfy offers a set of simulation APIs to generate all the different kinds of transactions that can come up. 

Webhooks are generated on each card transaction, see our [Webhooks](/docs/api/webhooks#card-transaction) section for more details. 

See our [Debit Card Implementation Guide](/docs/guides/debit) for more details. 

# Create Physical Card Product

Create a group of settings for a physical card product for consumers. The Card Product ID returned should be used in your Issue Card calls to open individual cards under this card product.

For consumer debit physical cards:
[View GraphQL code](mutation:createPhysicalPersonalDebitCardProduct)

For business debit physical cards:
[View GraphQL code](mutation:createPhysicalBusinessDebitCardProduct)

For consumer secured credit physical cards:
[View GraphQL code](mutation:createPhysicalSecureCreditCardProduct)

**NOTE: Before creating a business debit card product, you must contact Productfy support to enable this feature for your environment.**

# Create Virtual Card Product

Create a group of settings for a virtual card product for consumers. The Card Product ID returned should be used in your Issue Card calls to open individual cards under this card product.

For consumer debit virtual cards:
[View GraphQL code](mutation:createVirtualPersonalDebitCardProduct)

For business debit virtual cards:
[View GraphQL code](mutation:createVirtualBusinessDebitCardProduct)

For consumer secured credit virtual cards:
[View GraphQL code](mutation:createVirtualSecureCreditCardProduct)

**NOTE: Before creating a business debit card product, you must contact Productfy support to enable this feature for your environment.**

# Set Card PIN

Set payment card PIN. PIN numbers must NOT be all the same (i.e. 0000), nor be consecutive (i.e. 1234 OR 4321).
NOTE: PINs need to be set for virtual cards, since customers may get prompted for PINs when using mobile payments in stores.

[View GraphQL code](mutation:setPaymentCardPin)

# Issue Card
Order a card to be created for a customer. This API can also open the virtual account along with the card, or take in a Virtual Account ID if you created it previously. This action requires tenant admin or admin privileges. 
### Multiple Addresses
This API also supports a multi-address feature allowing users to have a card associated with an address that is not their primary address. Physical cards are mailed to this address, not the primary address. To utilize this feature, call the appropriate **Issue Card API** below with the ID of the address in the **`addressId`** parameter. The **`addressId`** will be in the format *Pfy_A-XXXXXXX* and is returned from the [**Save Person Address API**](/docs/api/customer#save-person-address) on initial creation.  The card is issued on the primary address if the **`addressId`** parameter is omitted. 
![IssueCardAddressId.jpeg](https://productfy-strapi-production.s3.us-west-2.amazonaws.com/Issue_Card_Address_Id_a2f4c3dffa.jpeg)

To issue consumer debit cards: [View GraphQL code](mutation:issuePersonalDebitCard)

To issue business debit cards: [View GraphQL code](mutation:issueBusinessDebitCard)

To issue secured credit cards: [View GraphQL code](mutation:issueSecureCreditCard)


# Activate Card

Change the card's status to active so that the card can be used. For example, you have issued the card to the user and the user has activated the card using your application.

[View GraphQL code](mutation:activatePaymentCard)

# Deactivate Card

Deactivate a card by specifying the card's ID number. This action is permanent and cannot be reversed. Deactivated cards can no longer be used.

[View GraphQL code](mutation:deactivatePaymentCard)

# Freeze Card

Temporarily block all debit transactions (e.g. purchases) from processing against a card, credit transactions like refunds will continue to process. The status of the card will change to Suspended.

[View GraphQL code](mutation:freezePaymentCard)

# Unfreeze Card

Change a card status from Suspended back to Active to allow transactions to process on it.

[View GraphQL code](mutation:unfreezePaymentCard)

# Simulate Card Authorization 

Generate an authorized test purchase transaction against a card. This action creates a pending transaction on the account and reduces the available balance.

[View GraphQL code](mutation:simulatePaymentCardAuthorization)

# Simulate Card Clearing

Generate a clearing message that follows the authorization message from signature card transactions. The clearing message shows the finalized transaction and amount. The message is generated using the token of the original authorization.

[View GraphQL code](mutation:simulatePaymentCardClearing)

# Simulate Card Advice Message

Generate an advice message that follows the authorization but precedes the clearing. Merchants can use this to amend an existing authorization, such as at a gas pump transaction. The message is generated using the token of the original authorization.

[View GraphQL code](mutation:simulatePaymentCardAuthorizationAdvice)

# Simulate Card Refund

Simulate a cardholder requesting a refund after the transaction is settled and the clearing message is received. The message is generated using the token of the original authorization.

[View GraphQL code](mutation:simulatePaymentCardRefund)

# Simulate Card Reversal

Simulate a merchant canceling a transaction after the authorization is sent but before the transaction is cleared. The message is generated using the token of the original authorization.

[View GraphQL code](mutation:simulatePaymentCardReversal)

# Get Payment Cards
Gets all payment cards associated with either **`personIds`**, **`organizationIds`**, or **`tenantDeploymentEnvironmentIds`**

[View GraphQL code](query:paymentCards)

# Get Virtual Card Access Token

Call the **Get Virtual Card Access Token API** to retrieve your Virtual Card access token from our card processor. This token is only valid for 5 minutes, and a new token must be requested again upon expiration. See our [Debit Card Issuing](/docs/guides/debit#step-3-expose-virtual-card-details) or [Secured Credit Card](/docs/guides/scc#step-7-expose-virtual-card-details) implementation guides for more info on Virtual Cards. 

[View GraphQL code](query:paymentCardClientAccessToken)

# Make Credit Card Payment

This API makes a payment to a credit card via ACH. 

[View GraphQL code](mutation:makeCreditCardPayment)

# Initiate Credit Application

This API is used to gather credit card underwriting information (self-reported bankruptcies) and to formally track the start date/time of a credit card application. 

[View GraphQL code](mutation:initiatePaymentCardApplication)

# Save Card Control

This API is used to set spending and authorization controls for virtual or physical cards. Once a card is created, you can call the **Save Payment Card Control API** to set spending and authorization limits on the existing card.  When a user attempts to spend with a card, the controls are evaluated at the time of the transaction. This will allow you to create, read, or update spending and authorization controls that are set on the card level. Only one card control can be applied per card. 

This API contains the following fields:

**active:** A boolean field that indicates whether the authorization control is active. Defaulted to true. A required field.

**card_id:** A string field token identifying the associated card. A required field.

**mccs:** An array that contains 1 or more merchant category codes. Either the mccs, merchantIds, or amount_limit field are required. 


**merchantIds:** An array that contains a list of alphanumeric merchant identifiers. Either this field or amount_limit field are required.

**amount_limit:** A decimal field that indicates the maximum monetary sum that can be cleared. Either this field or mids field are required.

To modify an existing card control, call the API again with the paymentCardId to update the "active", "mids", or "amount_limit" field. 

With the Get Transactions API you have the opportunity to obtain merchant IDs from the networkMerchantId field. Te merchant ID is assigned by the card network for payment card transactions. This value however is not guaranteed to be returned by the card network. 


[View GraphQL code](mutation:savePaymentCardControl)


Card Issuing

# Overview
Productfy's disbursements services allow companies to send money to recipients in a convenient, secure and real-time manner. This feature requires a pre-funded funding account to be created on the system before any disbursements can be sent out. See our Disbursements Implementation Guide (coming soon) for more information. 

# Create Disbursement

Creates a disbursement request for a recipient that contains the recipient's name, email address, security code for validating the disbursement and the amount. Disbursements start out in Created status.

[View GraphQL code](mutation:createConsumerDisbursementRequest)

# Send Disbursement Notification

Once a disbursement has been created, this API can be used to trigger the Disbursement Webhook and advance the disbursement status to Notified.

[View GraphQL code](mutation:generateConsumerDisbursementNotification)

# Validate Disbursement Security Code

This API validates a security code entered by a user to claim a disbursement. 

[View GraphQL code](query:verifyConsumerDisbursementRequestSecurityCode)

# Search Disbursements

This API can be used to query for disbursements created. 

[View GraphQL code](query:consumerDisbursementRequests)

# Cancel Disbursement Request

This API can be used to cancel a disbursement that is not yet in Claimed status. 

[View GraphQL code](mutation:cancelConsumerDisbursement)

# Issue Consumer Disbursement

This API is the final step in funding a disbursement once the user has successfully validated ownership of the disbursement and passed the necessary KYC check. It will automatically create a virtual account, issue a card, and transfer money in real-time from your funding account. 

[View GraphQL code](mutation:issueConsumerDisbursement)

Disbursements

Productfy's FinSight Profile is one of the most useful APIs available to you. With a single unified API call, you can retrieve information about your users including demographic info, accounts, balances, transactions, credit information, documents, KYC results, ACH transfers, and much more. It's a lot of information, so we suggest you start slow... adding more fields as you become familiar with the data.

 In testing environments, there is a low limit to compute capacity for basic test environments, so the query will timeout if you request too much data.

# FinSight Profile

Query nearly any data on the Productfy system associated with a Person. 

[View GraphQL code](query:finsightProfile)




FinSight Profile

Productfy's integration with Equifax allows you to pull personal credit information, business risk profiles, and report back both loan / credit card payments and rental payment information. 

### Pre-requisites
Before requesting an Equifax credit report, you will need to use the following API calls to update required fields on a person record as follows:

**CreatePerson API**
- First Name
- Last Name
- Middle Name
- Date of Birth
- SSN

**UpdatePersonAddress API**
- Primary Address include Street, City, State and Zipcode
- Ensure Primary Address Checkbox is marked to “true”

# Get Credit Data

Retrieve a new Equifax consumer credit profile. Please note that you will need to select **prequal** or **fullCreditReport** option (not both options at the same time).

- Option 1 - Select prequal (FICO scores are already include so checkbox for this option does not need to be selected)
- Option 2 - Select fullCreditReport (This will provide you all inquired user credit reporting data)

[View GraphQL code](mutation:requestEquifaxConsumerCreditData)

Credit Report Data

Productfy provides these utilities to aid in your technical integration to the platform. 

# Save Disclosure Acceptance #

Use this API to send Productfy data on each Disclosure document your customer accepts before opening an account. See your Productfy representative for information on the correct Disclosure IDs to send us. 

[View GraphQL code](mutation:saveDisclosureAcceptance)


# Document Upload #

Use this API to upload documents to the Productfy platform.

[View GraphQL code](mutation:document)

# Retrieve Documents #

Use this API to retrieve documents associated with entities on the Productfy platform. 

[View GraphQL code](query:documents)


# Enums #

Productfy makes extensive use of enums. This operations allows you to access the enums and their definitions as a pair. where the key is the enumType and the values is the set of associated enums.When submitting a request, always use the enum code and not the enum name. If you are using the Web SDK, the enum mappings are already implemented to simplify your integration.

[View GraphQL code](query:enums)

# Decrypt Utility #

Operation to decrypt an EncryptedData object. This is required for protected fields like Social Security Number. The returned value is a Base64-encoded value of the decrypted data (so you will need to decode it using a Base64 decoder.)

[View GraphQL code](query:decrypt)