Update Subscription Card
Update the card authorization used for an existing subscription
Use this endpoint when a customer’s card is expired, declined, replaced, or when a subscription is PAST_DUE because the saved card can no longer be charged.
This endpoint starts a hosted card update/payment flow. The customer is redirected to authorize a new card. After successful authorization, the subscription is updated with the new card and can become active again.
Endpoint
POST /v1/subscriptions/:subscriptionIdOrCode/update-card
Authentication
Include your secret key in the request header:
x-api-key: your_secret_key
Path Parameters
| Field | Data Type | Required | Description |
|---|---|---|---|
| subscriptionIdOrCode | string | Yes | The subscription ID or subscription code whose card should be updated. |
Request Body
| Field | Data Type | Required | Description |
|---|---|---|---|
| redirectUrl | string | No | URL to redirect the customer after completing the card update flow. |
Sample
{
"redirectUrl": "https://merchant.com/subscription/card-updated"
}
{
"status": true,
"message": "Success",
"code": 201,
"data": {
"authorizationUrl": "https://checkout.provider.com/xxxx",
"accessCode": "xxxx",
"reference": "KYSHI-123456789"
}
}
Flow
- Merchant calls the
update-cardendpoint. - Kyshi creates a card update transaction.
- Kyshi returns an
authorizationUrl. - Merchant redirects the customer to the
authorizationUrl. - Customer completes card authorization/payment.
- On successful payment confirmation, Kyshi saves the new card authorization on the subscription.
- The subscription is reactivated if applicable.
Behavior
If the Card Update Succeeds
subscription.card = new card authorizationsubscription.status = ACTIVEsubscription.isActive = truesubscription.pastDueAt = null
If the subscription was PAST_DUE, the customer can regain access after the new card is successfully authorized and:
- the outstanding charge succeeds, or
- the subscription is reactivated according to the merchant’s flow.
Use Cases
| Use Case | Description |
|---|---|
| Expired card | Customer’s saved card has expired before renewal. |
| Insufficient funds | Customer wants to switch to another card. |
| Declined card | Current authorization can no longer be charged. |
| Past-due recovery | Customer updates card so the subscription can recover from PAST_DUE. |
| Customer-requested card change | Customer wants future renewals to use a different card. |
Webhook Events
The card update itself is confirmed through the payment/transaction webhook flow.
After successful card update, subscription-related events may be emitted:
| Event | Description |
|---|---|
| subscription.active | Subscription became active after successful card update. |
| invoice.payment_succeeded | If the outstanding invoice is successfully paid. |
| invoice.updated | Invoice state changed after payment. |
Important Notes
- Updating a card does not by itself guarantee a successful renewal payment unless the outstanding charge is also paid.
- If the subscription is
PAST_DUE, the business should continue to block access until the subscription returns toACTIVE. - The customer should be redirected to the returned
authorizationUrl. - The returned
referencecan be used to track the card update transaction.
Error Responses
| HTTP Status | Error Code | Description |
|---|---|---|
| 400 | VALIDATION_ERROR | Invalid request body. |
| 401 | UNAUTHORIZED | Invalid or missing API key. |
| 422 | UNPROCESSABLE_ENTITY | Invalid subscription ID or code. |
| 422 | UNPROCESSABLE_ENTITY | Subscription is not active or cannot be updated. |
| 422 | UNPROCESSABLE_ENTITY | No supported card processor found. |
| 422 | UNPROCESSABLE_ENTITY | Unable to initialize card update payment. |
Updated about 14 hours ago