Custom Program
The createVirtualCard() method is very similar to the createAccount() method. The createVirtualCard() differs from createAccount() in that it will only create an account/card combination with a virtual card product ID and the method returns full PAN, expiry, and CVV2. Similar to createAccount(), it also allows the loading of funds to the card at the time of creation. If a call to createVirtualCard() is made using a product ID that is not defined as a virtual card, an invalid product response will be returned. createVirtualCard() is a PCI-compliance sensitive method. When the provider_params are enabled, it returns a PAN/cvv/expdate.
Duplicate Use of Customer ID
The createVirtualCard() method can be configured to allow or disallow the duplicate use of customer id. This configuration is set at the product level. If duplicate use of customer id is disallowed, during the createVirtualCard() call the enrollment data is checked to confirm that there are no accounts in application submitted (V), canceled without refund (Z), or active (N) status. If no account is found in these statuses, the enrollment is allowed.
Parameter Required Data type Pattern Notes
apiLogin Yes String

50 characters or less


Provider's Web Service Username as provided and authenticated by Galileo for the requesting IP Address.
apiTransKey Yes String

15 characters or less


Web Service Password as provided and authenticated by Galileo for the requesting IP Address.
providerId Yes Integer

10 digits or less


Galileo issued unique Provider identifier.
transactionId Yes String

60 characters or less


A unique system generated ID number that identifies the API transaction with Galileo Processing systems. A UUID is preferred. This must be different for each transaction.
prodId Yes Integer



Product ID
id No String

See section on ID Types.


Unique identifier for Cardholder, usually SSN (see Appendix Enumerations section on Customer ID Types).
idType Conditional Integer

See section on ID Types.


Identifies the type of parameter ID (see Appendix Enumerations section on Customer ID Types).
id2 No String

See Customer ID Type section.


Unique identifier for a Cardholder, used for a secondary ID.
idType2 Conditional Integer

See section on ID Types.


Identifies the type of ID used in the id2 response field. (See Customer ID Types in documentation).
location No String

Must be a number if type is 0. Must be less than 15 if type is 1.


Unique location identifier. See location types.
locationType No Integer

0, 1, or 2


  • 0=Galileo Location ID
  • 1=Partner Location ID
  • 2=Don't Validate
locale No String

Accepted values = "en_US", "es_US", "fr_CA", and "en_CA"


Sets customer language preference. Default is "en_US".
firstName No String

1-30 characters; letters, spaces, numbers, and some punctuation:
, . ? @ & ! # ' ~ * - ; +.


Cardholder's first name
middleName No String

Letters and spaces, maximum length of 30 characters.


Cardholder's middle name
lastName No String

30 characters; letters, spaces, numbers, and some punctuation:
, . ? @ & ! # ' ~ * - ; +.


Cardholder's last name
dateOfBirth No Date

YYYY-MM-DD, minimum age per the business rules for the program.


Cardholder's birth date
address1 No String

Maximum length -- 40 characters. Cannot be a P.O. Box.

33 Maple Street

Cardholder's address line 1
address2 No String Maximum length of 30 characters. #4B Cardholder's address line 2
city No String

Letters and spaces, maximum length 20 characters.

Salt Lake City

Cardholder's city
state No String

Valid 2 character state abbreviation.


Cardholder's state
postalCode No String

12345 or 12345-1234 (US), K1A-1A1 (CA)


Cardholder's postal code (zip code)
countryCode No Number

Three digit country code.


Three digit ISO numeric UN M49 country code; Example USA=840, Canada=124.
expressMail No Boolean

0 or 1


Use express mail to send the new card plastic.
primaryPhone No Number

Valid phone number


Cardholder's primary phone number
otherPhone No Number

Valid phone number


Cardholder's other phone number
mobilePhone No Number

Valid phone number


Cardholder's mobile phone number
mobileCarrierId Conditional Integer

Configurable list


Cardholder's mobile carrier -- configurable list.
email No String

Email Address

Cardholder's email
webUid No String

Must be unique. Start with a letter. Only letters and numbers. Case insensitive.


Cardholder website username
webPwd No String

At least 8 characters and have an uppercase character, lower case character and a number.


Cardholder website password
secretQuestion No String

Letters, spaces and '?', maximum length of 50 characters.

What was the name of your first pet?

Secret Question
secretAnswer No String

Letters and spaces, maximum length of 50 characters.


Secret Answer
loadAmount No Number

Monetary amount greater than 0.


Currency amounts passed as whole or fractional amounts, examples: '100.00', '100', or '100.73'. Initial load amount on card must be within product load limits or designated amount for Instant Issue card.
loadType No String

2 characters


Payment types are configurable per client. Contact your account representative to determine which types you have implemented. If no loadType value is specified, the default loadType value RL will be used.
externalAccountId No String

Letters and numbers, maximum length 30 characters.


Identifier external to the Galileo platform to be stored and associated with the respective account.
primaryAccount No Number



PAN (16 digit card number) or PRN (12 digit account identifier) of the primary account a secondary account is to be associated with. This is only necessary when creating a secondary card.
sharedBalance Conditional Boolean

0 or 1


Define whether or not an additional account will share the balance with the primary. Should never be set to a value of 1 if the primaryAccount is not passed. 0=false, 1=true
userData No String

Letters, numbers and spaces. Maximum length of 50 characters.


Identifier external to Galileo platform to be stored and associated with the respective account. The most common usage of this parameter has been tracking the identity of affiliate marketing traffic.
verifyOnly No Boolean

0 or 1


If a value of '1' is passed, the parameter data will be tested only. No transaction will be committed.
loadFromAccountNo No String



Same as accountNo in validation. This parameter is used when loading the account at the time of creation and wanting loaded funds to be transferred from another account within the same card program.
sweepDate No Date YYYY-MM-DD If provided, sweepDate specifies the last date that a daily sweep should be performed. If daily account sweeping is not configured for your product/program, this parameter can be ignored.
creditLimit No Amount

Monetary amount greater than 0.


Credit limit for card based spending control (currently only available for credit processing).
singleUse No String

Y or N


Spending control parameter that flags card for one purchasing transaction (currently only available for credit processing).
Status Codes
The createVirtualCard() method will return customer identification program (CIP) data when real-time CIP is enabled. The XML node in response is the parent node to potentially several CIP provider responses. Currently only CIP response is for the APS CIP. The child node of the node has the following possible values: 'Pass', 'Refer', or 'Fail'. A 'model_results' node will contain results specific to the CIP decision tree setup.
Status Code description
0 Success
2 Invalid parameter(s)
24 Duplicate transaction
46 Invalid product
100 Success (Verify)
520-01 Load amount outside of load limits.
520-02 Could not create enrollment.
520-03 Could not load card.
520-04 Account created, ID validation failed.
520-05 Specified load from account number is invalid.
520-06 A load was attempted for a non-positive amount.
-1 Indicates that the application record failed to update or return.
<?xml version="1.0" encoding="UTF-8"?>
   <system_timestamp>2011-02-01 12:46:08</system_timestamp>
               <code>Pass 01</code>
               <text>SSN Matches Address</text>
     <provider_timestamp>2013-02-06 10:10:10</provider_timestamp>


Response Description Example value
status_code The status of the response. 0
status The condition of a process or response (such as embossed card, account, freeze, and so on). Success
system_timestamp A system generated timestamp. 2011-10-07 10:25:07
response_data A structure for the response data. It can be empty but usually will contain information. <response_data>
new_account Acts as a logical separator if multiple accounts are created on the same call. <new_account>
pmt_ref_no A Galileo generated account number. 074129972670
product_id Galileo generated integer. 560
galileo_account_number Galileo generated integer account number, also known as balance ID. 935631
cip Cardholder identification structure. Acts as a logical separator.  <cip>
aps Acts as a logical separator for status and model information. <aps>
status The condition of a process or response (such as embossed card, account, freeze, and so on). Pass
model_results Acts as a logical separator between models. <model_results>
model Acts as a logical separator. Relates to the template used to verify the identity of the card holder data sent to the createAccount end point. <model>
model_version Version number for the model used. 1
code In a model run, lists the pass number. Pass 01
text Plain text description of the code value. SSN Matches Address
card_id Integer identifier of the card as found in the raw data file (RDF). Unique identifier for a PAN. 12345
card_number A PAN or 16 digit card number. 1234123412341234
expiry_date Expiration date of the card. 2018-01-01
card_security_code The card verification value (cvv), is a card anti-fraud measure. 123
processing_time The time elapsed in processing the transaction. 0.973
echo A data structure that displays transaction id information. <echo>
transaction_id A number that represents a transaction. 12345a
provider_transaction_id Secondary transaction identifier (generated by a provider). 77bb
provider_timestamp Store a related timestamp for reporting and troubleshooting purposes. 2013-02-06 10:10:10
Code Snippet

                    # The following shell script will use cURL to call createVirtualCard
# and return the json response.

curl -d '{"apiLogin":"AbC1234-9999", "apiTransKey":"9845dk-39fdk3fj3-4483483478", "transactionId":"45k-dk3fj3-44478", "prodId":"501"}' \ 
-H "response-content-type: json" \ 
-X POST https://**your-full-implementation-url**/createVirtualCard
                    // The following Java code will make a createVirtualCard call
// and print the json response.

import java.util. *;

class GalileoAPICall
    public static void main(String[] args) {
        try {
            Map<String,Object> params = new LinkedHashMap<>();
           params.put("apiLogin", "AbC1234-9999");
           params.put("apiTransKey", "9845dk-39fdk3fj3-4483483478");
           params.put("transactionId", "45k-dk3fj3-44478");
           params.put("prodId", "501");
            StringBuilder postData = new StringBuilder();
            for (Map.Entry<String,Object> param : params.entrySet()) {
                if (postData.length() != 0) postData.append('&');
                postData.append(URLEncoder.encode(param.getKey(), "UTF-8"));
                postData.append(URLEncoder.encode(String.valueOf(param.getValue()), "UTF-8"));
            byte[] postDataBytes = postData.toString().getBytes("UTF-8");

            URL url = new URL("https://**your-full-implementation-url**/createVirtualCard");

            HttpURLConnection conn = (HttpURLConnection) url.openConnection();
            conn.setRequestProperty("response-content-type", "json");
            conn.setRequestProperty("Content-Length", String.valueOf(postDataBytes.length));

            String xmlOutput;

            Reader in = new BufferedReader(new InputStreamReader(conn.getInputStream(), "UTF-8"));
            for (int c; (c = >= 0;) {
        } catch (MalformedURLException e) {
        } catch (IOException e) {
                    # The following Python code will call createVirtualCard
# and print the json response.

import requests
headers = {'response-content-type': 'json'}
payload = {'apiLogin': 'AbC1234-9999', 'apiTransKey': '9845dk-39fdk3fj3-4483483478', 'transactionId': '45k-dk3fj3-44478', 'prodId': '501'}
r ='https://**your-full-implementation-url**/createVirtualCard', data=payload, headers=headers)
                    // The following PHP code will make a createVirtualCard call
// and prints the json response.

$endpoint = 'https://**your-full-implementation-url**/createVirtualCard';
$params = array('apiLogin'=>'AbC1234-9999', 'apiTransKey'=>'9845dk-39fdk3fj3-4483483478', 'transactionId'=>'45k-dk3fj3-44478', 'prodId'=>'501');

$curl = curl_init();
curl_setopt($curl, CURLOPT_POST, 1);
curl_setopt($curl, CURLOPT_POSTFIELDS, $params);
curl_setopt($curl, CURLOPT_URL, $endpoint);
curl_setopt($curl, CURLOPT_HTTPHEADER, array('response-content-type: json'));
curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);

$result = curl_exec($curl);
$json = new json_decode($result, true);

                    // The following C# code will make a createVirtualCard call
// and print the json response.

using System;using System.IO;
using System.Net;
using System.Text;

byte[] data = Encoding.ASCII.GetBytes(
WebRequest request = WebRequest.Create("https://**your-full-implementation-url**/createVirtualCard");
request.Method = "POST"\;
request.ContentLength = data.Length;
request.Headers.Add("response-content-type", "json");
using (Stream stream = request.GetRequestStream())
    stream.Write(data, 0, data.Length);
string responseContent = null;
using (WebResponse response = request.GetResponse())
    using (Stream stream = response.GetResponseStream())
        using (StreamReader sr = new StreamReader(stream))
            responseContent = sr.ReadToEnd();
                    # The following Ruby code will make a createVirtualCard call
# and print the json response.

require 'uri'
require 'net/http'

uri = URI("https://**your-full-implementation-url**/createVirtualCard")
https =, uri.port)
https.use_ssl = true
request =
request['response-content-type'] = 'json'
request.body = {apiLogin: 'AbC1234-9999', apiTransKey: '9845dk-39fdk3fj3-4483483478', transactionId: '45k-dk3fj3-44478', prodId: '501'}.to_json
response = https.request(request)
puts response