> ## Documentation Index > Fetch the complete documentation index at: https://www.cashfree.com/docs/llms.txt > Use this file to discover all available pages before exploring further. # Get All Saved Card Instrument > Use this API to fetch all saved cards stored for the customer in Cashfree’s [Token Vault](https://www.cashfree.com/docs/payments/features/token-vault). ## OpenAPI ````yaml /openapi/payments/v2025-01-01.yaml get /customers/{customer_id}/instruments?instrument_type=card openapi: 3.0.0 info: version: '2025-01-01' title: Cashfree Payment Gateway APIs license: name: Apache 2.0 url: https://www.apache.org/licenses/LICENSE-2.0.html contact: email: developers@cashfree.com name: API Support url: https://discord.com/invite/QdZkNSxXsB description: >- Cashfree's Payment Gateway APIs provide developers with a streamlined pathway to integrate advanced payment processing capabilities into their applications, platforms and websites. servers: - url: https://sandbox.cashfree.com/pg description: Sandbox server. - url: https://api.cashfree.com/pg description: Production server. security: [] tags: - name: Orders description: Collection of APIs to handle orders. - name: Payments description: Collection of APIs to handle payments. - name: Refunds description: Collection of APIs to handle refunds. - name: Settlements description: Collection of APIs to handle settlements. - name: Payment Links description: Collection of APIs to handle payment links. - name: Token Vault description: >- Collection of APIs to use Cashfree's token Vault. This helps you save cards and tokenize them in a PCI complaint manner. We support creation of network tokens which can be used across acquiring banks. - name: softPOS description: Collection of APIs to manage softPOS' agent and order. - name: Offers description: Collection of APIs to handle offers. - name: Eligibility description: >- Collection of APIs to check eligibile entities - payment methods, offer, affordibility. - name: Settlement Reconciliation description: Collection of APIs to handle settlements. - name: PG Reconciliation description: Collection of APIs to handle reconciliation. - name: Customers description: Collection of APIs to handle customers. - name: Easy-Split description: Collection of APIs to handle Easy-Split. - name: Simulation description: Collection of APIs to handle simulation. - name: Disputes description: Collection of APIs to handle disputes. - name: Utilities description: Collection of APIs for utility requirement. - name: Downtimes description: Collection of APIs for managing downtimes. externalDocs: url: https://api.cashfree.com/pg description: This url will have the information of all the APIs. paths: /customers/{customer_id}/instruments?instrument_type=card: get: tags: - Token Vault summary: Fetch All Saved Card Instrument description: >- Use this API to fetch all saved cards stored for the customer in Cashfree’s [Token Vault](https://www.cashfree.com/docs/payments/features/token-vault). operationId: PGCustomerFetchInstruments parameters: - $ref: '#/components/parameters/apiVersionHeader' - $ref: '#/components/parameters/xRequestIDHeader' - $ref: '#/components/parameters/customerIDParam' - $ref: '#/components/parameters/xIdempotencyKeyHeader' - in: query name: instrument_type required: true description: Payment mode or type of saved instrument. example: card schema: type: string enum: - card responses: '200': description: >- Success response for fetching all saved cards stored for the customer in Cashfree’s [Token Vault](https://www.cashfree.com/docs/payments/features/token-vault). content: application/json: schema: type: array items: $ref: '#/components/schemas/InstrumentEntityForAllSavedCard' examples: fetch_all_saved_cards_example: $ref: '#/components/examples/fetch_all_saved_cards_example' headers: x-api-version: $ref: '#/components/headers/x-api-version' x-ratelimit-limit: $ref: '#/components/headers/x-ratelimit-limit' x-ratelimit-remaining: $ref: '#/components/headers/x-ratelimit-remaining' x-ratelimit-retry: $ref: '#/components/headers/x-ratelimit-retry' x-ratelimit-type: $ref: '#/components/headers/x-ratelimit-type' x-request-id: $ref: '#/components/headers/x-request-id' x-idempotency-key: $ref: '#/components/headers/x-idempotency-key' x-idempotency-replayed: $ref: '#/components/headers/x-idempotency-replayed' '400': $ref: '#/components/responses/Response400' '401': $ref: '#/components/responses/Response401' '404': $ref: '#/components/responses/Response404' '409': $ref: '#/components/responses/Response409' '422': $ref: '#/components/responses/Response422' '429': $ref: '#/components/responses/Response429' '500': $ref: '#/components/responses/Response500' deprecated: false security: - XClientID: [] XClientSecret: [] - XClientID: [] XPartnerAPIKey: [] - XClientID: [] XClientSignatureHeader: [] - XPartnerMerchantID: [] XPartnerAPIKey: [] components: parameters: apiVersionHeader: in: header name: x-api-version required: true description: API version to be used. Format is in YYYY-MM-DD. schema: type: string description: API version to be used. default: '2025-01-01' example: '2025-01-01' x-ignore: true xRequestIDHeader: in: header name: x-request-id description: >- Request ID for the API call. Can be used to resolve tech issues. Communicate this in your tech related queries to Cashfree. required: false schema: type: string example: 4dfb9780-46fe-11ee-be56-0242ac120002 customerIDParam: name: customer_id in: path required: true description: >- The customer ID provided by the merchant during the [Create Order API](https://www.cashfree.com/docs/api-reference/payments/latest/orders/create) call, used to save cards for the customer. schema: type: string example: your-customer-id xIdempotencyKeyHeader: in: header name: x-idempotency-key required: false description: > An idempotency key is a unique identifier you include with your API call. If the request fails or times out, you can safely retry it using the same key to avoid duplicate actions. schema: type: string format: UUID example: 47bf8872-46fe-11ee-be56-0242ac120002 schemas: InstrumentEntityForAllSavedCard: title: InstrumentEntityForAllSavedCard description: >- Contains list of all saved cards for the customer. Merchants are advised to filter out saved cards basis token expiry sent in API response, to only show active saved cards/tokens on their checkout. example: customer_id: akshita2106 afa_reference: '3128531647' instrument_id: 54de41ad34ee-36a0-409e-aec9-bdc9d232add0 instrument_type: card instrument_uid: 78c2a3b90265436eceb4c09d8b09c85432ee1bb57512cc24ba998a12cd0180c2 instrument_display: XXXXXXXXXXXX1001 instrument_status: INACTIVE created_at: '2024-10-10T10:16:18.000+00:00' instrument_meta: card_network: mastercard card_bank_name: ICICI BANK card_country: IN card_type: credit_card card_sub_type: P card_token_details: par: 5001AJE6CSF757UMKRTKK61PRVYGC expiry_month: '11' expiry_year: '2027' properties: customer_id: type: string description: >- Customer ID that merchant sends during [Create Order API](https://www.cashfree.com/docs/api-reference/payments/latest/orders/create), against which the cards are saved for the customer. afa_reference: type: string description: >- cf_payment_id of the successful transaction done while saving instrument. instrument_id: type: string description: >- Identifier for the card saved at Cashfree. It is used for [cryptogram generation](https://www.cashfree.com/docs/api-reference/payments/latest/token-vault/generate-cryptogram) and in [order pay](https://www.cashfree.com/docs/api-reference/payments/latest/payments/pay) request for saved cards.. instrument_type: type: string description: Type of the saved instrument. Available option is `card`. instrument_uid: type: string description: >- Unique identifier for the saved card, used to identify a specific card. instrument_display: type: string description: >- Last 4 digits of actual card number, to be displayed to the customer for card identification. instrument_status: type: string description: >- Status of the saved instrument. Available options are `ACTIVE`, `INACTIVE`. created_at: type: string description: Timestamp at which instrument was saved. instrument_meta: $ref: '#/components/schemas/SavedInstrumentMeta' SavedInstrumentMeta: title: InstrumentMeta description: Card instrument meta information. type: object properties: card_network: type: string description: >- Card scheme/network of the saved card. Available options are `visa`, `mastercard`, `rupay`, `amex`, and `diners`. card_bank_name: type: string description: >- Issuing bank name of the saved card. For example, `HDFC BANK`, `AXIS BANK`, or `ICICI BANK`. card_country: type: string description: Issuing country of the saved card. For example, `IN`. card_type: type: string description: >- Type of the saved card. Available options are `credit_card`, `debit_card`, and `prepaid_card`. card_sub_type: type: string description: >- Subtype of the saved card. R indicates retail, P indicates premium, and C indicates corporate. Available options are `R`, `P`, and `C`. card_token_details: type: object description: Card token information. properties: par: type: string description: >- The [PAR (Primary Account Reference)](https://www.cashfree.com/docs/payments/features/payment-account-reference) for the plain card. expiry_month: type: string description: Token expiry month. expiry_year: type: string description: Token expiry year. BadRequestError: title: BadRequestError description: Invalid request received from client. example: message: bad URL, please check API documentation help: >- Check latest errors and resolution from Merchant Dashboard API logs: https://bit.ly/4glEd0W Help Document: https://bit.ly/4eeZYO9 code: request_failed type: invalid_request_error type: object properties: message: type: string code: type: string help: type: string type: type: string enum: - invalid_request_error AuthenticationError: title: AuthenticationError description: Error if api keys are wrong. example: message: authentication Failed code: request_failed type: authentication_error type: object properties: message: type: string code: type: string type: type: string description: authentication_error. ApiError404: title: ApiError404 description: Error when resource requested is not found. example: message: something is not found help: >- Check latest errors and resolution from Merchant Dashboard API logs: https://bit.ly/4glEd0W Help Document: https://bit.ly/4eeZYO9 code: something_not_found type: invalid_request_error type: object properties: message: type: string code: type: string help: type: string type: type: string enum: - invalid_request_error description: invalid_request_error. ApiError409: title: ApiError409 description: duplicate request. example: message: order with same id is already present help: >- Check latest errors and resolution from Merchant Dashboard API logs: https://bit.ly/4glEd0W Help Document: https://bit.ly/4eeZYO9 code: order_already_exists type: invalid_request_error type: object properties: message: type: string help: type: string code: type: string type: type: string enum: - invalid_request_error description: invalid_request_error. IdempotencyError: title: IdempotencyError description: >- Error when idempotency fails. Different request body with the same idempotent key. example: message: something is not found help: >- Check latest errors and resolution from Merchant Dashboard API logs: https://bit.ly/4glEd0W Help Document: https://bit.ly/4eeZYO9 code: request_invalid type: idempotency_error type: object properties: message: type: string help: type: string code: type: string type: type: string enum: - idempotency_error description: idempotency_error. RateLimitError: title: RateLimitError description: Error when rate limit is breached for your api. example: message: Too many requests from IP. Check headers code: request_failed type: rate_limit_error type: object properties: message: type: string code: type: string type: type: string enum: - rate_limit_error description: rate_limit_error. ApiError: title: ApiError description: Error at Cashfree's server. example: message: internal Server Error help: >- Check latest errors and resolution from Merchant Dashboard API logs: https://bit.ly/4glEd0W Help Document: https://bit.ly/4eeZYO9 code: internal_error type: api_error type: object properties: message: type: string code: type: string help: type: string type: type: string enum: - api_error description: api_error. examples: fetch_all_saved_cards_example: summary: Saved Instruments description: All saved instrument example. value: - customer_id: akshita2106 afa_reference: '2223295743' instrument_id: 0d6b0245-f417-41a0-8151-0b03790de1f9 instrument_type: card instrument_uid: a89b6054bd18f3f4a2e6663190c23aa7f39573dfde2ea2e5d3dbf1b31705f0da instrument_display: XXXXXXXXXXXX5717 instrument_status: ACTIVE created_at: '2023-11-01T04:55:07.000+00:00' instrument_meta: card_network: visa card_bank_name: AXIS BANK card_country: IN card_type: credit_card card_sub_type: P card_token_details: par: V0010013823048595023916090696 expiry_month: '05' expiry_year: '2028' - customer_id: akshita2106 afa_reference: '2372080606' instrument_id: 36e3b8ab-27e5-4a33-baf6-31a2d412a530 instrument_type: card instrument_uid: b6f4e24db8ab83e59dc57049b25f0fdfa9b730e329b9730d3d3fe0aba3ccfaa3 instrument_display: XXXXXXXXXXXX7293 instrument_status: ACTIVE created_at: '2024-01-04T09:16:37.000+00:00' instrument_meta: card_network: mastercard card_bank_name: PUNJAB NATIONAL BANK card_country: IN card_type: debit_card card_sub_type: R card_token_details: par: 5001D6TQMCHMY7SHM2SFANC3AWFSD expiry_month: '09' expiry_year: '2028' - customer_id: akshita2106 afa_reference: '3128531647' instrument_id: 0d6b0245-f417-41a0-8151-0b03790de1f9 instrument_type: card instrument_uid: a89b6054bd18f3f4a2e6663190c23aa7f39573dfde2ea2e5d3dbf1b31705f0da instrument_display: XXXXXXXXXXXX1001 instrument_status: ACTIVE created_at: '2024-10-10T10:16:18.000+00:00' instrument_meta: card_network: mastercard card_bank_name: ICICI BANK card_country: IN card_type: credit_card card_sub_type: P card_token_details: par: 5001AJE6CSF757UMKRTKK61PRVYGC expiry_month: '11' expiry_year: '2027' headers: x-api-version: schema: type: string format: YYYY-MM-DD enum: - '2025-01-01' description: >- This header has the version of the API. The current version is `2025-01-01`. x-ratelimit-limit: schema: type: integer example: 200 description: Ratelimit set for your account for this API per minute. x-ratelimit-remaining: schema: type: integer example: 2 description: >- Rate limit remaning for your account for this API in the next minute. Uses sliding window. x-ratelimit-retry: schema: type: integer example: 4 description: | Contains number of seconds to wait if rate limit is breached - Is 0 if withing the limit - Is between 1 and 59 if breached x-ratelimit-type: schema: type: string enum: - app_id - ip example: ip description: > either ip or app_id - `ip` if making a call from the browser. True for api where you don't need `x-client-id` and `x-client-secret` - `app_id` for authenticated api calls i.e using `x-client-id` and `x-client-secret` x-request-id: schema: type: string example: some-req-id description: >- Request id for your api call. Is blank or null if no `x-request-id` is sent during the request. x-idempotency-key: schema: type: string example: some-idem-id description: >- An idempotency key is a unique identifier you include with your API call. If the request fails or times out, you can safely retry it using the same key to avoid duplicate actions. x-idempotency-replayed: schema: type: string format: boolean example: 'true' description: |- In conjunction with `x-idempotency-key` this means - `true` if the response was replayed - `false` if the response has not been replayed. responses: Response400: description: Bad request error. content: application/json: schema: $ref: '#/components/schemas/BadRequestError' headers: x-api-version: $ref: '#/components/headers/x-api-version' x-ratelimit-limit: $ref: '#/components/headers/x-ratelimit-limit' x-ratelimit-remaining: $ref: '#/components/headers/x-ratelimit-remaining' x-ratelimit-retry: $ref: '#/components/headers/x-ratelimit-retry' x-ratelimit-type: $ref: '#/components/headers/x-ratelimit-type' x-request-id: $ref: '#/components/headers/x-request-id' x-idempotency-key: $ref: '#/components/headers/x-idempotency-key' x-idempotency-replayed: $ref: '#/components/headers/x-idempotency-replayed' Response401: description: Authentication Error. content: application/json: schema: $ref: '#/components/schemas/AuthenticationError' headers: x-api-version: $ref: '#/components/headers/x-api-version' x-ratelimit-limit: $ref: '#/components/headers/x-ratelimit-limit' x-ratelimit-remaining: $ref: '#/components/headers/x-ratelimit-remaining' x-ratelimit-retry: $ref: '#/components/headers/x-ratelimit-retry' x-ratelimit-type: $ref: '#/components/headers/x-ratelimit-type' x-request-id: $ref: '#/components/headers/x-request-id' x-idempotency-key: $ref: '#/components/headers/x-idempotency-key' x-idempotency-replayed: $ref: '#/components/headers/x-idempotency-replayed' Response404: description: Resource Not found. content: application/json: schema: $ref: '#/components/schemas/ApiError404' headers: x-api-version: $ref: '#/components/headers/x-api-version' x-ratelimit-limit: $ref: '#/components/headers/x-ratelimit-limit' x-ratelimit-remaining: $ref: '#/components/headers/x-ratelimit-remaining' x-ratelimit-retry: $ref: '#/components/headers/x-ratelimit-retry' x-ratelimit-type: $ref: '#/components/headers/x-ratelimit-type' x-request-id: $ref: '#/components/headers/x-request-id' x-idempotency-key: $ref: '#/components/headers/x-idempotency-key' x-idempotency-replayed: $ref: '#/components/headers/x-idempotency-replayed' Response409: description: Resource already present. content: application/json: schema: $ref: '#/components/schemas/ApiError409' headers: x-api-version: $ref: '#/components/headers/x-api-version' x-ratelimit-limit: $ref: '#/components/headers/x-ratelimit-limit' x-ratelimit-remaining: $ref: '#/components/headers/x-ratelimit-remaining' x-ratelimit-retry: $ref: '#/components/headers/x-ratelimit-retry' x-ratelimit-type: $ref: '#/components/headers/x-ratelimit-type' x-request-id: $ref: '#/components/headers/x-request-id' x-idempotency-key: $ref: '#/components/headers/x-idempotency-key' x-idempotency-replayed: $ref: '#/components/headers/x-idempotency-replayed' Response422: description: Idempotency error. content: application/json: schema: $ref: '#/components/schemas/IdempotencyError' headers: x-api-version: $ref: '#/components/headers/x-api-version' x-ratelimit-limit: $ref: '#/components/headers/x-ratelimit-limit' x-ratelimit-remaining: $ref: '#/components/headers/x-ratelimit-remaining' x-ratelimit-retry: $ref: '#/components/headers/x-ratelimit-retry' x-ratelimit-type: $ref: '#/components/headers/x-ratelimit-type' x-request-id: $ref: '#/components/headers/x-request-id' x-idempotency-key: $ref: '#/components/headers/x-idempotency-key' x-idempotency-replayed: $ref: '#/components/headers/x-idempotency-replayed' Response429: description: Rate Limit Error. content: application/json: schema: $ref: '#/components/schemas/RateLimitError' headers: x-api-version: $ref: '#/components/headers/x-api-version' x-ratelimit-limit: $ref: '#/components/headers/x-ratelimit-limit' x-ratelimit-remaining: $ref: '#/components/headers/x-ratelimit-remaining' x-ratelimit-retry: $ref: '#/components/headers/x-ratelimit-retry' x-ratelimit-type: $ref: '#/components/headers/x-ratelimit-type' x-request-id: $ref: '#/components/headers/x-request-id' x-idempotency-key: $ref: '#/components/headers/x-idempotency-key' x-idempotency-replayed: $ref: '#/components/headers/x-idempotency-replayed' Response500: description: API related Error. content: application/json: schema: $ref: '#/components/schemas/ApiError' headers: x-api-version: $ref: '#/components/headers/x-api-version' x-ratelimit-limit: $ref: '#/components/headers/x-ratelimit-limit' x-ratelimit-remaining: $ref: '#/components/headers/x-ratelimit-remaining' x-ratelimit-retry: $ref: '#/components/headers/x-ratelimit-retry' x-ratelimit-type: $ref: '#/components/headers/x-ratelimit-type' x-request-id: $ref: '#/components/headers/x-request-id' x-idempotency-key: $ref: '#/components/headers/x-idempotency-key' x-idempotency-replayed: $ref: '#/components/headers/x-idempotency-replayed' securitySchemes: XClientID: type: apiKey in: header name: x-client-id description: >- Client app ID. You can find your app id in the [Merchant Dashboard](https://merchant.cashfree.com/auth/login/pg/developers/api-keys?env=prod). XClientSecret: type: apiKey in: header name: x-client-secret description: >- Client secret key. You can find your secret key in the [Merchant Dashboard](https://merchant.cashfree.com/auth/login/pg/developers/api-keys?env=prod). XPartnerAPIKey: type: apiKey in: header name: x-partner-apikey description: >- If you are partner and you are making an api call on behalf of a merchant. XClientSignatureHeader: type: apiKey in: header name: x-client-signature description: >- Use this if you do not want to pass the secret key and instead want to use signature. XPartnerMerchantID: type: apiKey in: header name: x-partner-merchantid description: >- If you are partner use this to specify the merchant ID if you don't have the merchant client app ID. ````