SimpliFi
HomeContact Us
HomeContact Us
    • Introduction
    • SimpliFi Architecture
    • Webhooks
    • Webhook Signature
    • SimpliFi Virtual Card SDK Integration Guide
    • Auth
      • Login to generate JWT token
        POST
      • Login to generate SDK Admin JWT token
        POST
    • Card Program
      • Create Card Program
        POST
      • Get Card Program
        GET
      • Change Card Program Status
        PATCH
      • Link Funding Source to Card Program
        POST
      • Get Balance of Funding Source
        GET
      • Transfer funds from one Card Program to other
        POST
      • Raise Funding Document Upload
        POST
      • Raise Funding
        POST
      • Funding Source Statement
        GET
    • Funding Source
      • Create Rule Group on Funding Account
        POST
      • Update Rule Group on Funding Account
        PUT
      • Delete Rule Group on Funding Account
        DELETE
      • Get Rule Groups on Funding Account
        GET
      • Appply Rule Group on Funding Account
        POST
      • Remove Rule Group on Funding Account
        DELETE
    • Card
      • List all Cards
        GET
      • Create a Card
        POST
      • Get Card Details
        GET
      • Retrieve Balance on the Card
        GET
      • Activate a Card
        POST
      • Manage Card Status
        POST
      • Load a Card
        POST
      • Unload a Card
        POST
      • Renewal of the Card
        POST
      • Request a Physical Card
        POST
      • Get Card Statement
        GET
      • Get Rule Groups on Card
        GET
      • Create Rule Group on Card
        POST
      • Update Rule Group on Card
        PUT
      • Delete Rule Group on Card
        DELETE
      • Apply Rule Group on Card
        POST
      • Remove Rule Group on Card
        DELETE
    • User
      • List all Users
      • Create a User
      • Upload Document
      • Retrieve a User
      • Update a User
      • Delete a User
      • Add update address of user
    • Transaction
      • List All Transactions
    • Fee
      • Add fee configuration
      • Fetch fee config
      • Change the status of fee config
      • Add Fee event against card uuid in queue
      • Apply fee against card uuid present in queue
    • Webhook
      • Get all events
      • Create a webhook
      • Update a Webhook
      • Delete a Webhook
      • Updates the status of Webhook
      • Card Activation webhook
      • Card Issuance webhook
      • Card PIN Setup webhook
      • Card Renewed webhook
      • Card Status Change webhook
      • Card Type Change webhook
      • Card Load webhook
      • Card Unload webhook
      • Card -to- Card Transfer webhook
      • User create webhook
      • User update webhook
      • User delete webhook
      • Card Program Create webhook
      • Funds transfer webhook
      • Raise funding webhook
      • Transaction webhook
      • Transaction Enrichment webhook
      • Fee apply webhook
      • Rule group create webhook
      • Rule group update webhook
      • Rule group delete webhook
      • Wallet rule group create webhook
      • Wallet rule group delete webhook
      • Card rule group create webhook
      • Card rule group delete webhook
    • Schemas
      • ErrorModel
      • AuthRequestModel
      • SdkAuthRequestModel
      • AuthResponseModel
      • CardProgramRequestModel
      • CardConfigModel
      • CardPoi
      • CardProgramResponseModel
      • FundingSourceBalanceModel
      • CardProgramTransferFundsModel
      • FundingSourceRequestModel
      • FundingSourceResponseModel
      • CardProgramStatusChangeRequestModel
      • RaiseFundingRequestModel
      • RaiseFundingResponseModel
      • StatementResponse
      • CardStatementResponse
      • StatementResponseDetails
      • TransactionRequestModel
      • TransactionResponse
      • TransactionResponseDetails
      • RuleGroupResponseModel
      • RuleGroupModel
      • RuleGroupTransactionRestrictions
      • RuleGroupMerchantRules
      • RuleGroupLoadRestrictions
      • RuleGroupSpendRestrictions
      • RaiseFundingDocumentModel
      • FileUploadModel
      • DocumentUploadModel
      • DocumentModel
      • UserRequestModel
      • UserDetailModel
      • AddressModel
      • AddressRequestModel
      • ContactModel
      • UserModel
      • CardRequestModel
      • CardResponseModel
      • CardRenewalModel
      • InstrumentType
      • AmountModel
      • CardStatusModel
      • CardAmountModel
      • FeesSetupModel
      • FeeConfigurationModel
      • FeesSetupBaseModel
      • FeesSetupRequestModel
      • FeeConfigurationBaseModel
      • FeeConfigurationRequestModel
      • FeeAmountConfigRequestModel
      • FeesSetupResponseModel
      • FeeConfigurationResponseModel
      • FeeAmountConfigResponseModel
      • FeesStatusUpdateModel
      • FeesApplicationCardRequest
      • FeeApplicationEventResponse
      • ApplyFeesOnCardRequest
      • WebhookEventType
      • WebhookEventModel
      • WebhookRequestModel
      • WebhookResponseModel
      • Webhook
      • CompanyUuidParameter
      • RequestUuidParameter
      • UserUuidParameter
      • CardUuidParameter
      • MaskedPanParameter
      • CardStatusParameter
      • TransactionIdParameter
      • TransactionUuidParameter
      • TransactionTypeParameter
      • CardActivationWebhook
      • CardIssuanceWebhook
      • CardPinSetupWebhook
      • CardRenewedWebhook
      • CardStatusChangeWebhook
      • CardTypeChangeWebhook
      • CardLoadWebhook
      • CardUnloadWebhook
      • CardToCardTransferWebhook
      • UserWebhook
      • CardHolderCreationWebhook
      • CardHolderUpdationWebhook
      • CardHolderDeletionWebhook
      • CardProgramCreationWebhook
      • FundTransferWebhook
      • RaiseFundingWebhook
      • TransactionWebhook
      • TransactionEnrichmentWebhook
      • FeesApplyWebhook
      • RuleGroupCreationWebhook
      • RuleGroupUpdationWebhook
      • RuleGroupDeletionWebhook
      • WalletRuleGroupCreationWebhook
      • WalletRuleGroupDeletionWebhook
      • CardRuleGroupCreationWebhook
      • CardRuleGroupDeletionWebhook
      • Error99997
      • Error40089
      • Error40065
      • Error40007
      • Error40056
      • Error30003
      • Error15017
      • Error40081
      • Error30022
      • Error15015
      • Error15016
      • Error30049
      • Error40006
      • Error40010
      • Error40080
      • Error40053
      • Error40113
      • Error40067
      • Error40069
      • Error50010
      • Error50011
      • Error50008
      • Error50004
      • Error10003
      • Error20046
      • Error35004
      • Error35005
      • Error35006
      • Error35007
      • Error35009
      • Error10001
      • Error20133
      • Error20017
      • Error20001
      • Error20005
      • Error20039
      • Error20011
      • Error20038
      • Error20127
      • Error20018
      • Error20002
      • Error20004
      • Error20006
      • Error20032
      • Error30012
      • Error20086
      • Error20019
      • Error20132
      • Error20008
      • Error40054
      • Error20015
      • Error20074
      • Error21090
      • Error20161
      • Error20162
      • Error20089
      • Error20076
      • Error30023
      • Error30013
      • Error20087
      • Error30028
      • Error20070
      • Error20050
      • Error82028
      • Error30004
      • Error30044
      • Error30001
      • Error30006
      • Error30048
      • Error30024
      • Error35043
      • Error30025
      • Error30010
      • Error30047
      • ErrorReason99997
      • Error81040
      • Error40128
      • Error40136
      • Error10035
      • Error35024
      • Error60001
      • Error60002
      • Error60003
      • Error60004
      • Error60005
      • Error60021
      • Error60012
      • Error60009

    SimpliFi Virtual Card SDK Integration Guide

    Overview#

    The SimpliFi Virtual Card SDK allows you to securely display sensitive card information (PAN, CVV) and manage PINs within your application. To ensure PCI-DSS compliance, these details are rendered directly from SimpliFi servers via a secure web page.
    Base URL: https://{env}-virtualcard.simplifipay.com/simplifi-sdk/

    Parameters through postMessage#

    The SDK accepts credentials via postMessage. The message is delivered securely to the SDK page using the browser postMessage API after the SDK has fully loaded and signalled readiness.
    The Handshake
    1.
    Host loads the SDK URL in an iframe or WebView
    2.
    SDK mounts and sends SIMPLIFI_SDK_READY to the host
    3.
    Host receives SIMPLIFI_SDK_READY and sends SIMPLIFI_SDK_CONFIG with credentials
    4.
    SDK validates the config and sends SIMPLIFI_SDK_CONFIG_ACK (accepted) or SIMPLIFI_SDK_CONFIG_ERROR (rejected)
    5.
    On flow completion, SDK sends SDK_FLOW_RESULT
    Important: Never send credentials before receiving SIMPLIFI_SDK_READY. The SDK may not have mounted yet and the message will be lost.
    Config Payload
    Sent to the SDK after it signals readiness via SIMPLIFI_SDK_READY.
    FieldTypeRequiredDescription
    tokenStringYesBearer token obtained from the Auth API.
    cardIDStringYesThe unique 36-character ID of the card to display.
    userIDStringYesThe unique 36-character ID of the cardholder.
    actionStringYesThe operation to perform (see list below).
    Available Actions
    ActionDescription
    view_card_detailReveal Card Number and CVV
    set_pinSet a new PIN for Physical Card
    activate_cardActivate a new physical Card

    Message Protocol#

    The SDK and host communicate via postMessage. All messages are JSON objects.

    SDK → Host#

    eventNamesourceDescription
    SIMPLIFI_SDK_READYsimplifi-sdkSDK loaded and waiting for config
    SIMPLIFI_SDK_CONFIG_ACKsimplifi-sdkConfig accepted, SDK initialising
    SIMPLIFI_SDK_CONFIG_ERRORsimplifi-sdkConfig rejected — check errorCode and message
    SDK_FLOW_RESULTsimplifi-sdkFlow completed — check status (SUCCESS/FAILURE) and flow

    Host → SDK#

    eventNamesourceDescription
    SIMPLIFI_SDK_CONFIGsimplifi-parentSend config payload to SDK
    Config message
    {
      "source": "simplifi-parent",
      "eventName": "SIMPLIFI_SDK_CONFIG",
      "payload": {
        "token": "YOUR_TOKEN",
        "cardId": "YOUR_CARD_UUID",
        "userId": "YOUR_USER_UUID",
        "action": "view_card_detail"
      }
    }

    Flutter Integration#

    Dependency#

    Step 1 — Define SDK URL and origin#

    sdkOrigin scopes all postMessage communication to the SDK domain only. Derive it from sdkUrl — never hardcode it separately.

    Step 2 — Set up WebViewController#

    All three parts below are required. Missing any one will break the integration.

    Step 3 — Load the SDK#

    Always append ?platform=webview to the URL. This tells the SDK it is running inside a WebView and to use SimplifiSDKChannel instead of window.parent. Without this param the SDK will not send any events.
    Call this after the controller is fully configured in Step 2.

    Step 4 — Handle incoming SDK messages#

    The SDK sends four events. You must handle all of them.

    Step 5 — Send config to the SDK#

    Only called from inside the SIMPLIFI_SDK_READY handler. Never send config before the SDK signals ready — the message will be lost.
    Use a flag to ensure config is sent only once per session.

    Step 6 — Timeout handling (Optional)#

    The SDK should respond within a few seconds. Add a timeout in case the page fails to load or the WebView is blocked.

    Web Integration#

    To integrate this into a website (React, Vue, or plain HTML), use a standard HTML iFrame.
    1.
    Create Element: Add an <iframe> tag to your page structure.
    2.
    Styling: Ensure the iframe has sufficient height (approx. 600px) and width (100%) to display the card visually properly. No additional headers or authentication logic is needed inside the browser code; the token in the URL handles validation.

    Security Notes#

    Always set targetOrigin to the SDK origin when calling postMessage — never "*".
    Always validate e.origin on all incoming messages before processing.
    ?platform=webview is required for Flutter — without it the SDK will not dispatch any events in a WebView context.
    Never log the token field from the config payload.
    Modified at 2026-07-15 12:24:45
    Previous
    Webhook Signature
    Next
    Auth
    Built with