getCardProvisioningUrl query to mint a short, single-use URL that — when opened on your end-user’s phone — launches Fluz on the device and adds the virtual card for a given offer to Apple Pay (iOS) or Google Pay (Android).
You can deliver the URL however you like: a QR code, an SMS, an email, or an in-app button. Fluz handles the wallet-provisioning flow from there.
When to use it
Anywhere you would normally hand the user a virtual card and want them to be able to tap it in their phone’s wallet without typing the card number. Typical flows:- After creating a card offer for the user, present a QR code on screen.
- Text or email the URL to the cardholder.
- Embed an “Add to Apple Pay / Google Pay” button in your own mobile app.
Prerequisites: an OAuth access token for the end-user that includes the
CREATE_VIRTUALCARD scope, and a virtual-card offer for the user (created via the existing offer API).The query
Input
ProvisioningPlatform
The returned URL is platform-aware: iOS users automatically get the App Clip experience, Android users automatically get the Fluz app deep link. The platform value only affects what happens when the URL is opened somewhere other than an iOS or Android device (e.g. a desktop browser).
Pick the value that best matches where you expect the URL to be opened. If in doubt, leave it as
IOS.
Output
Example
Request
Response
How to deliver the URL
The URL is opaque and contains no sensitive data — it’s safe to surface in QR codes, SMS, email, or in-app UI. Common patterns:- QR code on a screen — generate a QR from
urland show it; the user scans with their phone camera. - SMS / email — send the link directly to the user’s phone or inbox.
- In-app deep link — wire a button in your mobile app that opens
url.
Lifetime & re-issuing
- Each call returns a fresh, single-use URL.
- The URL is valid until
expiresAt(≈ 5 minutes). - If a user doesn’t act in time, simply call
getCardProvisioningUrlagain to mint a new one. There is no separate “refresh” endpoint.
Error handling
All errors come back in the standard Fluz GraphQL error shape, with the error name inextensions.code.
FAQ
Does the URL contain the card number?
Does the URL contain the card number?
No. The URL carries a short-lived opaque lookup id only. Credentials are exchanged securely on the device once the user opens the link.
Can the same URL be reused?
Can the same URL be reused?
No. It’s single-use. Generate a new one each time you need to surface the flow.
What if the user is on desktop?
What if the user is on desktop?
They’ll land on the fallback you selected with
platform (App Clip launcher, Android deep link, or Fluz web app). For the wallet provisioning itself to work, they need to end up opening the URL on a mobile device.Do I need to do anything different for iOS vs. Android?
Do I need to do anything different for iOS vs. Android?
No. The same URL works for both — Fluz routes per-device automatically.
Next steps
Send cards
Distribute virtual cards to recipients by email, SMS, or share link.
Set a virtual card PIN
Set a PIN on eligible cards before in-person, PIN-prompted transactions.