The fundamental purpose of the Core API is to issue payment cards and customize card behavior. It uses objects to represent various concepts. For example, a payment card is represented by a card object and a card holder is represented by a user object. You create, update, or retrieve a new object by making a call to the appropriate API endpoint.

The Core API is RESTful, meaning that it uses HTTP verbs (POST, PUT, GET) to perform functions on objects. Specifically, POST is used to create an object, PUT to update an object, and GET to retrieve an object. For example, to create a new user object you would send a POST request to /users. POST and PUT requests usually require data to be passed in the message body to define the attributes of the object being created or updated. This data must be in JSON format.

Understanding API objects

The Core API uses objects to represent concepts for issuing payments cards and customizing card behavior. First-class objects are generally the most important objects on the Marqeta platform and occupy the first node in an endpoint URL. Some examples of first-class objects include:

  • card – represents a payment card (physical or virtual) for conducting transactions.
  • user – represents a person who uses a payment card.
  • gpaorder – used to load funds into an account.
  • fundingsource – represents the source from which a gpaorder draws funds.

To see how the fundamental API objects interrelate, refer to the Summary of Resources.

Accessing the sandbox API

The Marqeta platform provides a shared sandbox environment that allows you to safely explore the capabilities of the API. The base URL for the shared sandbox is:

Note that this is a shared environment and you should not populate it with sensitive data. For detailed information on accessing and using the shared sandbox, refer to the Quick Start guide.

Accessing the production API

Each Marqeta customer who enters into an agreement to receive Marqeta's services will access the API and operate within an individually tailored production environment called a program.

To access the API in production, you use the unique base URL for your program. Be sure to update any tests or code samples with the correct base URL. For example:


Listing endpoints

You can return a listing of the available API endpoints by issuing a GET request to the /swagger.json endpoint, for example:

The response lists the endpoints you are authorized to access based on the credentials you provide in your request.