Create Card issue

I’m trying to use the new cards API, and running into a problem. Sending the request through Postman to and I’m getting this response: {"Granted":false,"Reason":"Missing capabilities","MissingCapabilities":[]}

There’s nothing in the docs about that error code. This is my request body:

    "idempotency_key": "1ab73a50-dc29-4544-8c05-066c1bac1611", 
    "source_id": "cnon:CBESEMxChlfrP6lYCDZMiKgp1vc", 
    "card": {
        "customer_id": "DGRPY21NBN4MZCS165G8H6BH5W" 

And the auth token is correct, for merchant ID 3Q0RFH0QMQBTM.

I’ve tried running through the API tester at and am getting this response:

  "errors": [
      "category": "INVALID_REQUEST_ERROR",
      "code": "INVALID_CARD_DATA",
      "detail": "Invalid card data.",
      "field": "source_id"

from a newly created nonce. Nonce was created using the Square Payment Form.

With Square a nonce does a very very light validation of the card information which means the card information could have potentially inputed incorrectly. Can you confirm that the correct information was used to generate the nonce with the SqPaymentForm?

Yes, the card information was correct, and it was tried multiple times with the same result. This is a card that has been saved before using the old endpoints.

What does this error mean? It’s not saying anything about the card.

{"Granted":false,"Reason":"Missing capabilities","MissingCapabilities":[]}

It’s doing the same thing with any card I use.

I took a look at the account and see that you have a CAD account along with the default test account. What account are you trying to add the card to? I see that the CAD accounts access token is expired.


@shannonf We’ve been trying to replicate this but haven’t been successful. Are you still running into this error and if so could you please list the steps to reproduce?

List Cards is returning the same error. Process for that:

In Postman, make a GET request to

Include authorization token in header.


The other V2 endpoints work as expected with this token, so the token is not the problem.

@shannonf, the reason you are getting the error is because you have an extra / at the end of the URL. If you remove the last / it should work as expected. :slightly_smiling_face:

Well, I feel like an idiot :laughing: Thank you! Our API has the extra / at all of our urls, so force of habit!

Let’s face it, in all honesty we’ve all done it! :laughing: :joy: