***

title: Manage ghost cards with the API
subtitle: >-
Learn how to create and manage multi-use virtual debit cards for vendor spend
with the Payabli API
description: >-
Issue ghost cards to vendors for recurring or discretionary spend. Create
cards with configurable spending limits, usage caps, and merchant
restrictions.
'og:description': >-
Issue ghost cards to vendors for recurring or discretionary spend. Create
cards with configurable spending limits, usage caps, and merchant
restrictions.
keywords: >-
embedded payments, payment API, REST API, ghost cards, virtual cards, vendor
payments, payouts, spending limits, expense management
slug: guides/pay-out-developer-ghost-cards-manage
icon: credit-card
area:

* Pay Out
  subArea:
* Payouts
  audience:
* developers

***

<AudienceInfo audiences={['developers']} />

Payabli supports two types of virtual cards for Pay Out:

* **Single-use virtual cards** are tied to a specific payout and can only be used once. You create them by passing `vcard` as the payment method when you [authorize a payout](/developers/api-reference/moneyout/authorize-a-transaction-for-payout), or a vendor can select `vCard` as the payment method through a vendor link.
* **Ghost cards** (multi-use virtual cards) are issued directly to a vendor and aren't tied to a specific payout. They're designed for recurring or discretionary vendor spend with configurable limits.

This guide covers creating ghost cards and updating their status through the API.

## Considerations

When working with ghost cards, keep the following in mind:

* Ghost cards are linked to a vendor. The vendor must belong to the paypoint and have an active status.
* `expenseLimit` is required and must be greater than `0`. It can't exceed the paypoint's configured payout credit limit.
* Setting `exactAmount` to `true` forces `maxNumberOfUses` to `1`, regardless of any other value you pass.
* If you set `maxNumberOfUses` to `0` or a negative number, it defaults to `9999`.
* Card currency is always USD.

## Create a ghost card

Send a POST request to `/api/MoneyOutCard/GhostCard/{entry}` to create a ghost card. See the [API reference](/developers/api-reference/cards/create-ghost-card) for full documentation.

At minimum, you need to pass a `vendorId` and an `expenseLimit`. All other fields are optional and let you configure spending controls, usage limits, and merchant restrictions. For example, you can cap per-transaction spend with `transactionAmountLimit`, set daily limits with `dailyAmountLimit` and `dailyTransactionCount`, define an expense period with `expenseLimitPeriod`, or restrict merchant categories with `mcc` and `tcc`.

<EndpointRequestSnippet endpoint="POST /MoneyOutCard/GhostCard/{entry}" example="CreateGhostCard" />

A successful request returns a `ReferenceId` in `responseData`. This is the card token. Store it to reference the card in subsequent operations.

<EndpointResponseSnippet endpoint="POST /MoneyOutCard/GhostCard/{entry}" example="CreateGhostCard" />

## Update a card's status

Send a PATCH request to `/api/MoneyOutCard/card/{entry}` to update a card's status. See the [API reference](/developers/api-reference/cards/update-card-status) for full documentation.

Pass the `cardToken` (the `ReferenceId` from the create response) and the new `status`. Valid statuses are `Active`, `Inactive`, `Cancelled`, and `Expired`.

Not all status transitions are allowed:

| From        | Allowed transitions                |
| ----------- | ---------------------------------- |
| `Active`    | `Inactive`, `Cancelled`, `Expired` |
| `Inactive`  | `Active`                           |
| `Expired`   | `Active` (renews the card)         |
| `Cancelled` | None — `Cancelled` is terminal     |

<EndpointRequestSnippet endpoint="PATCH /MoneyOutCard/card/{entry}" example="CancelGhostCard" />

<EndpointResponseSnippet endpoint="PATCH /MoneyOutCard/card/{entry}" example="CancelGhostCard" />