Creates a new account for instant issue, personalized, and secondary cards. It also allows the loading of funds to the card at the time of creation.
createAccount() is a Payment Card Industry (PCI) compliance sensitive method. When the provider_params are enabled, it returns a PAN/cvv/expdate.
Duplicate Use of Customer ID
The createAccount method can be configured to allow or disallow the duplicate use of customer ID. This configuration is set at the product level. If duplicate use of customer ID is disallowed, during the createAccount call the enrollment data is checked to confirm that there are no accounts in application submitted (V), canceled without refund (Z), or active (N) status. If no account is found in these statuses, the enrollment is allowed.
When provider_params are enabled returns PAN/cvv/expdate
Parameter Required Data type Pattern Notes
transactionId Yes String 60 characters or less


A unique system generated ID number that identifies the API transaction with Galileo Processing systems. A UUID is preferred. This must be different for each transaction.
prodId Yes Integer Integer


Product ID
location No String Must be a number if type is 0. Must be less than 15 if type is 1.


Unique location identifier. See location types.
locationType No Integer 0, 1, or 2


  • 0=Galileo Location ID

  • 1=Partner Location ID

  • 2=Don't Validate
locale No String Accepted values = "en_US", "es_US", "fr_CA", and "en_CA"


Sets customer language preference. Default is "en_US".
firstName No String

1-30 characters; letters, spaces, numbers, and some punctuation:
, . ? @ & ! # ' ~ * - ; +.

A minimum of two characters are required for this field.

Cardholder's first name
middleName No String Letters and spaces, maximum length of 30 characters.


Cardholder's middle name
lastName No String 30 characters; letters, spaces, numbers, and some punctuation:
, . ? @ & ! # ' ~ * - ; +.


Cardholder's last name
dateOfBirth No Date YYYY-MM-DD, minimum age per the business rules for the program.


Cardholder's birth date
address1 No String Maximum length -- 40 characters. Cannot be a P.O. Box.

33 Maple Street

Cardholder's address line 1
address2 No String Maximum length of 30 characters.


Cardholder's address line 2
shipToAddressPermanent No Integer 1 or 0


1=make a ship to address Permanent.
city No String Letters and spaces, maximum length 20 characters.

Salt Lake City

Cardholder's city
state No String Valid 2 character state abbreviation.


Cardholder's state
postalCode No String 12345 or 12345-1234 (US), K1A-1A1 (CA)


Cardholder's postal code (zip code)
countryCode No Number Three digit country code.


Three digit ISO numeric UN M49 country code; Example USA=840, Canada=124.
expressMail No Boolean

Y, N, 1, 2, 3 or 4

These values should only be used by programs whose emboss vendor supports all of the values. Y maps to '2' and N mapes to '1' in the ship_type field for emboss.



Use express mail to send the new card plastic.
primaryPhone No Number Valid phone number


Cardholder's primary phone number
otherPhone No Number Valid phone number


Cardholder's other phone number
mobilePhone No Number Valid phone number


Cardholder's mobile phone number
mobileCarrierId Conditional Integer Configurable list


Cardholder's mobile carrier -- configurable list.
email No String Email Address

Cardholder's email
secretQuestion No String Letters, spaces and '?', maximum length of 50 characters.

What was the name of your first pet?

Secret Question
secretAnswer No String Letters and spaces, maximum length of 50 characters.


Secret Answer
accountNo No String PAN or PRN


Can be either a PAN (the 16 digit card number) or PRN (a unique 12 digit account identifier).
loadAmount No Number Monetary amount greater than 0.


Currency amounts passed as whole or fractional amounts, examples: '100.00', '100', or '100.73'. Initial load amount on card must be within product load limits or designated amount for Instant Issue card.
loadType No String 2 characters


Payment types are configurable per client. Contact your account representative to determine which types you have implemented. If no loadType value is specified, the default loadType value RL will be used.
externalAccountId No String Letters and numbers, maximum length 30 characters.


Identifier external to the Galileo platform to be stored and associated with the respective account.
primaryAccount No Number PAN or PRN


PAN (16 digit card number) or PRN (12 digit account identifier) of the primary account a secondary account is to be associated with. This is only necessary when creating a secondary card.
sharedBalance Conditional Boolean 0 or 1


Define whether or not an additional account will share the balance with the primary. Should never be set to a value of 1 if the primaryAccount is not passed. 0=false, 1=true
userData No String Letters, numbers and spaces. Maximum length of 50 characters.


Identifier external to Galileo platform to be stored and associated with the respective account. The most common usage of this parameter has been tracking the identity of affiliate marketing traffic.  
offline No Boolean 0 or 1


0=on line transaction, 1=offline transaction
verifyOnly No Boolean 0 or 1


If a value of '1' is passed, the parameter data will be tested only. No transaction will be committed.
embossLine2 No String Alphanumeric 0-28 characters in length, "-" allowed.

Example 2nd Line Emboss

Second line card emboss text.
cipStatus No Integer 0, 1, or 2


0 or empty=Run CIP as normally configured, 1=Capture enrollment data and run CIP -- do not create account, 2=Process as normal -- do not run CIP (even if CIP processing is enabled).
providerAssessedFee No Number Monetary amount greater than 0.


Fee amount assessed by the API consumer. Value passed to Galileo only for informational purposes.
loadFromAccountNo No String PAN or PRN


Same as accountNo in validation. This parameter is used when loading the account at the time of creation and wanting loaded funds to be transferred from another account within the same card program.
sweepDate No Date YYYY-MM-DD If provided, sweepDate specifies the last date that a daily sweep should be performed. If daily account sweeping is not configured for your product/program, this parameter can be ignored.
occupation No String Up to 60 character alphanumeric including space, _, -, ., @, &, and comma.

Project Manager

Cardholder occupation
incomeSource No String Up to 60 character alphanumeric including space, _, -, ., @, &, and comma.

Kroger Food & Drug

Cardholder employer name or income source.
CIP response
The createAccount method will return customer identification program (CIP) data when real-time CIP is enabled. The XML node in response is the parent node to potentially several CIP provider responses. Currently only CIP response is for the APS CIP. The child node of the node has the following possible values: 'Pass', 'Refer', or 'Fail'. A 'model_results' node will contain results specific to the CIP decision tree setup.
Note:  card_number, expiry_date and card_security_code can be returned in the createAccount() response. By default a masked PAN is returned for card_number and an unary tag is returned for expiry_date and card_security code. With approval (as with other methods) these full elements can be returned in the method call response.
Status Codes
Status Code description
0 Success. You have successfully created an account.
2 Invalid parameter(s). Bad parameters were sent with the transaction.
24 Duplicate transaction. A duplicate enrollment was submitted.
28 Unauthorized product.
100 Success (Verify). Valid parameters were passed but no account was created. Verify only parameter was passed.
407-03 Invalid instant issue card. An attempt was made to use an ii card which has been sold.
407-04 Load amount outside of load limits. Too much money is being loaded.
407-05 Could not create account. Contact Galileo for troubleshooting.
407-06 Could not load card. Contact Galileo for troubleshooting.
407-07 Primary account is invalid. An instant issue account is being used in the primary account field.
407-08 Secondary accounts cannot be added to secondary accounts. Attempting to add a secondary account to a secondary account.
407-09 Maximum number of secondary accounts exceeded. The limit of secondary accounts is exceeded for the PID.
407-10 ID type 2 is required as main ID for running CIP (only occurs when product is configured to run ID validation on new accounts). The incorrect ID type is being passed.
407-11 Account created, ID validation failed. Customer's personal info has failed the ID check.
407-12 An application with the same ID has already been submitted. Duplicate SSNs were used for enrollment.
407-13 The cipStatus parameter was set to 1--Capture enrollment date and run CIP--an account was not created.
407-14 Success. Partial limit violation-Only part of the payment was applied due to load limits.
407-15 Success. Delayed payment-Payment is pending due to load limits
407-16 Card is marked as fraudulent. Used for instant issue cards which have been swiped before issuance.
407-17 Card not allocated to your store for issuance. This is a mapping issue with the location and instant issue card group ID.
407-18 Account provided (to loan money from) could not be found.
407-19 A load was attempted for a non-positive amount. A negative load amount was passed.
-1 Indicates that the application record failed to update or return. Contact Galileo for troubleshooting.
<?xml version="1.0" encoding="UTF-8"?>
   <system_timestamp>2019-06-21 08:14:20</system_timestamp>
     <provider_timestamp>2019-06-21 09:14:20</provider_timestamp>
Response Description Example value
new_account Acts as a logical separator if multiple accounts are created on the same call. <new_account>
pmt_ref_no A Galileo generated account number. 074129972670
product_id The product ID. 560
galileo_account_number The Galileo account number. 935631
cip Cardholder identification process. Acts as a logical separator. <cip>
status Indicates if account creation passed or failed. Pass
model_results Acts as a logical separator between models. <model_results>
model_name The details of the ID verification model, and how it is scored. (The criteria are used for it are proprietary information shared between the CIP vendor and the issuing bank). Also, relates to the template used to verify the identity of the cardholder data sent to the createAccount() endpoint. MODELA
model_version A version number for the model used. 1
code In a model, lists the pass number. Pass 01
text Plain text description of the code value. SSN Matches Address
card_id ID associated with the card. 12345
card_number The PAN of the card 123412XXXXXX1234
expiry_date Expiration date of the card. 2009-05-22
card_security_code The card verification value (cvv) is a card anti-fraud measure. 123
Code Snippet

                    # The following shell script will use cURL to call createAccount
# and return the json response.

curl -d '{"transactionId":"45k-dk3fj3-44478", "prodId":"501"}' \ 
-H "response-content-type: json" \ 
-H "Authorization: Bearer **your-access-token**" \ 
                    // The following Java code will make a createAccount call
// and print the json response.

import java.util. *;

class GalileoAPICall
    public static void main(String[] args) {
        try {
            Map<String,Object> params = new LinkedHashMap<>();
           params.put("transactionId", "45k-dk3fj3-44478");
           params.put("prodId", "501");
            StringBuilder postData = new StringBuilder();
            for (Map.Entry<String,Object> param : params.entrySet()) {
                if (postData.length() != 0) postData.append('&');
                postData.append(URLEncoder.encode(param.getKey(), "UTF-8"));
                postData.append(URLEncoder.encode(String.valueOf(param.getValue()), "UTF-8"));
            byte[] postDataBytes = postData.toString().getBytes("UTF-8");

            URL url = new URL("");

            HttpURLConnection conn = (HttpURLConnection) url.openConnection();
            conn.setRequestProperty("response-content-type", "json");
            conn.setRequestProperty("Authorization", "Bearer **your-access-token");
            conn.setRequestProperty("Content-Length", String.valueOf(postDataBytes.length));

            String xmlOutput;

            Reader in = new BufferedReader(new InputStreamReader(conn.getInputStream(), "UTF-8"));
            for (int c; (c = >= 0;) {
        } catch (MalformedURLException e) {
        } catch (IOException e) {
                    # The following Python code will call createAccount
# and print the json response.

import requests
headers = {'response-content-type': 'json', 'Authorization': 'Bearer {}'.format(**your-access-token**)}
payload = {'transactionId': '45k-dk3fj3-44478', 'prodId': '501'}
r ='', data=payload, headers=headers)
                    // The following PHP code will make a createAccount call
// and prints the json response.

$endpoint = '';
$params = array('transactionId'=>'45k-dk3fj3-44478', 'prodId'=>'501');

$curl = curl_init();
curl_setopt($curl, CURLOPT_POST, 1);
curl_setopt($curl, CURLOPT_POSTFIELDS, $params);
curl_setopt($curl, CURLOPT_URL, $endpoint);
curl_setopt($curl, CURLOPT_HTTPHEADER, array(
    'response-content-type: json',
    'Authorization: Bearer **your-access-token**'
curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);

$result = curl_exec($curl);
$json = new json_decode($result, true);

                    // The following C# code will make a createAccount call
// and print the json response.

using System;using System.IO;
using System.Net;
using System.Text;

byte[] data = Encoding.ASCII.GetBytes(
WebRequest request = WebRequest.Create("");
request.Method = "POST"\;
request.ContentLength = data.Length;
request.Headers.Add("response-content-type", "json");
request.Headers.Add("Authorization","Bearer **your-access-token**");
using (Stream stream = request.GetRequestStream())
    stream.Write(data, 0, data.Length);
string responseContent = null;
using (WebResponse response = request.GetResponse())
    using (Stream stream = response.GetResponseStream())
        using (StreamReader sr = new StreamReader(stream))
            responseContent = sr.ReadToEnd();
                    # The following Ruby code will make a createAccount call
# and print the json response.

require 'uri'
require 'net/http'

uri = URI("")
https =, uri.port)
https.use_ssl = true
request =
request['response-content-type'] = 'json'
request['Authorization'] = 'Bearer **your-access-token**'
request.body = {transactionId: '45k-dk3fj3-44478', prodId: '501'}.to_json
response = https.request(request)
puts response