> ## Documentation Index
> Fetch the complete documentation index at: https://docs.machines.cash/llms.txt
> Use this file to discover all available pages before exploring further.

# Create a card secrets session

> Returns a short-lived sessionId and secretKey for decrypting card PAN/CVC.



## OpenAPI

````yaml openapi.yaml post /partner/v1/cards/secrets/session
openapi: 3.1.0
info:
  title: Machines Cash API
  version: 0.3.0
  description: >
    API for KYC, cards, encryption, balances, deposits, transactions, and
    withdrawals.

    All responses use a consistent envelope by default: { ok, data, summary,
    errors[], next }.

    Set X-Open-Responses: 1 to receive Open Responses-style response objects.
servers:
  - url: https://api.machines.cash
    description: production
  - url: https://dev-api.machines.cash
    description: sandbox
security: []
tags:
  - name: users
  - name: sessions
  - name: kyc
  - name: kycValues
  - name: agreements
  - name: cards
  - name: encryption
  - name: balances
  - name: deposits
  - name: transactions
  - name: withdrawals
paths:
  /partner/v1/cards/secrets/session:
    parameters:
      - $ref: '#/components/parameters/OpenResponses'
      - $ref: '#/components/parameters/OpenResponsesCallId'
    post:
      tags:
        - cards
      summary: Create a card secrets session
      description: >-
        Returns a short-lived sessionId and secretKey for decrypting card
        PAN/CVC.
      operationId: api.cards.secrets.session
      requestBody:
        required: false
        content:
          application/json:
            schema:
              type: object
              additionalProperties: false
              description: Optional empty body for clients that require a JSON payload.
            example: {}
      responses:
        '200':
          description: Card secrets session
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/CardSecretsSessionResponse'
        '401':
          $ref: '#/components/responses/Unauthorized'
        '403':
          $ref: '#/components/responses/Forbidden'
        '503':
          $ref: '#/components/responses/ServiceUnavailable'
      security:
        - Session: []
components:
  parameters:
    OpenResponses:
      name: X-Open-Responses
      in: header
      required: false
      schema:
        type: string
        enum:
          - '1'
          - 'true'
      description: >-
        Return Open Responses-compatible output when set (replaces the default
        response envelope).
    OpenResponsesCallId:
      name: X-Open-Responses-Call-Id
      in: header
      required: false
      schema:
        type: string
        minLength: 1
      description: >-
        Tool call id used for function_call_output items when Open Responses
        mode is enabled.
  schemas:
    CardSecretsSessionResponse:
      type: object
      additionalProperties: false
      required:
        - ok
        - data
        - summary
        - errors
      properties:
        ok:
          type: boolean
          const: true
        data:
          $ref: '#/components/schemas/CardSecretsSession'
        summary:
          type: string
        errors:
          type: array
          items:
            $ref: '#/components/schemas/ErrorDetail'
        next:
          $ref: '#/components/schemas/NextHint'
    CardSecretsSession:
      type: object
      additionalProperties: false
      required:
        - sessionId
        - secretKey
      properties:
        sessionId:
          type: string
          description: SessionId used to fetch encrypted PAN/CVC.
        secretKey:
          type: string
          description: 16-byte secret (hex) used to decrypt PAN/CVC (AES-128-GCM).
    ErrorDetail:
      type: object
      additionalProperties: false
      required:
        - code
        - message
      properties:
        code:
          type: string
          example: invalid_request
        message:
          type: string
          example: missing required field
        field:
          type: string
          description: Optional field name that caused the error.
    NextHint:
      type: object
      additionalProperties: false
      properties:
        pollAfterMs:
          type: integer
          minimum: 0
        suggestedTool:
          type: string
        suggestedArgs:
          type: object
          additionalProperties: true
    ErrorResponse:
      type: object
      additionalProperties: false
      required:
        - ok
        - summary
        - errors
      properties:
        ok:
          type: boolean
          const: false
        summary:
          type: string
          example: invalid request
        errors:
          type: array
          items:
            $ref: '#/components/schemas/ErrorDetail'
        next:
          $ref: '#/components/schemas/NextHint'
  responses:
    Unauthorized:
      description: Unauthorized
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/ErrorResponse'
    Forbidden:
      description: Forbidden
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/ErrorResponse'
    ServiceUnavailable:
      description: Service unavailable
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/ErrorResponse'
  securitySchemes:
    Session:
      type: http
      scheme: bearer
      bearerFormat: JWT

````