> ## Documentation Index > Fetch the complete documentation index at: https://www.cashfree.com/docs/llms.txt > Use this file to discover all available pages before exploring further. # Fetch All Saved Card Instrument > Use this API to fetch saved cards for a customer_id ## OpenAPI ````yaml /openapi/payments/v2022-09-01.yaml get /customers/{customer_id}/instruments openapi: 3.0.0 info: version: '2022-09-01' title: Cashfree Payment Gateway APIs license: name: Apache 2.0 url: https://www.apache.org/licenses/LICENSE-2.0.html contact: email: developers@cashfree.com name: API Support url: https://discord.com/invite/QdZkNSxXsB description: >- Cashfree's Payment Gateway APIs provide developers with a streamlined pathway to integrate advanced payment processing capabilities into their applications, platforms and websites. servers: - url: https://sandbox.cashfree.com/pg description: Sandbox server - url: https://api.cashfree.com/pg description: Production server security: [] tags: - name: Orders description: Collection of APIs to handle orders. - name: Payments description: Collection of APIs to handle payments. - name: Refunds description: Collection of APIs to handle refunds. - name: Settlements description: Collection of APIs to handle settlements. - name: Payment Links description: Collection of APIs to handle payment links. - name: Token Vault description: >- Collection of APIs to use Cashfree's token Vault. This helps you save cards and tokenize them in a PCI complaint manner. We support creation of network tokens which can be used across acquiring banks - name: softPOS description: Collection of APIs to manage softPOS' agent and order - name: Offers description: Collection of APIs to handle offers - name: Eligibility description: >- Collection of APIs to check eligibile entities - payment methods, offer, affordibility - name: Settlement Reconciliation description: Collection of APIs to handle settlements - name: PG Reconciliation description: Collection of APIs to handle reconciliation paths: /customers/{customer_id}/instruments: get: tags: - Token Vault summary: Fetch All Saved Card Instrument description: 'Use this API to fetch saved cards for a customer_id ' operationId: PGCustomerFetchInstruments parameters: - $ref: '#/components/parameters/apiVersionHeader' - $ref: '#/components/parameters/xRequestIDHeader' - $ref: '#/components/parameters/customerIDParam' - $ref: '#/components/parameters/xIdempotencyKeyHeader' - in: query name: instrument_type required: true description: 'Payment mode or type of saved instrument ' example: card schema: type: string enum: - card responses: '200': description: OK content: application/json: schema: type: array items: $ref: '#/components/schemas/InstrumentEntity' examples: fetch_all_saved_cards_example: $ref: '#/components/examples/fetch_all_saved_cards_example' headers: x-api-version: $ref: '#/components/headers/x-api-version' x-ratelimit-limit: $ref: '#/components/headers/x-ratelimit-limit' x-ratelimit-remaining: $ref: '#/components/headers/x-ratelimit-remaining' x-ratelimit-retry: $ref: '#/components/headers/x-ratelimit-retry' x-ratelimit-type: $ref: '#/components/headers/x-ratelimit-type' x-request-id: $ref: '#/components/headers/x-request-id' x-idempotency-key: $ref: '#/components/headers/x-idempotency-key' x-idempotency-replayed: $ref: '#/components/headers/x-idempotency-replayed' '400': $ref: '#/components/responses/Response400' '401': $ref: '#/components/responses/Response401' '404': $ref: '#/components/responses/Response404' '409': $ref: '#/components/responses/Response409' '422': $ref: '#/components/responses/Response422' '429': $ref: '#/components/responses/Response429' '500': $ref: '#/components/responses/Response500' deprecated: false security: - XClientID: [] XClientSecret: [] - XClientID: [] XPartnerAPIKey: [] - XClientID: [] XClientSignatureHeader: [] - XPartnerMerchantID: [] XPartnerAPIKey: [] components: parameters: apiVersionHeader: in: header name: x-api-version required: true description: API version to be used. Format is in YYYY-MM-DD schema: type: string description: API version to be used default: '2022-09-01' example: '2022-09-01' xRequestIDHeader: in: header name: x-request-id description: >- Request id for the API call. Can be used to resolve tech issues. Communicate this in your tech related queries to cashfree required: false schema: type: string example: 4dfb9780-46fe-11ee-be56-0242ac120002 customerIDParam: name: customer_id in: path required: true description: Your Customer ID that you had sent during create order API `POST/orders` schema: type: string example: your-customer-id xIdempotencyKeyHeader: in: header name: x-idempotency-key required: false description: > Idempotency works by saving the resulting status code and body of the first request made for any given idempotency key, regardless of whether it succeeded or failed. Subsequent requests with the same key return the same result, including 500 errors. Currently supported on all POST calls that uses x-client-id & x-client-secret. To use enable, pass x-idempotency-key in the request header. The value of this header must be unique to each operation you are trying to do. One example can be to use the same order_id that you pass while creating orders schema: type: string format: UUID example: 47bf8872-46fe-11ee-be56-0242ac120002 schemas: InstrumentEntity: title: InstrumentEntity description: Saved card instrument object example: customer_id: siddhesh_desai afa_reference: '740324562' instrument_id: 54deabb4-ba45-4a60-9e6a-9c016fe7ab10 instrument_type: card instrument_uid: 0d8f70838cc5af8b1cd2bc0fe71278551fd3f1101e40020d89ad22ceba4f933c instrument_display: xxxxxxxxxxxx4375 instrument_status: ACTIVE created_at: '2021-11-11 16:57:57' instrument_meta: card_network: VISA card_bank_name: HDFC Bank Limited card_country: IN card_type: DEBIT_CARD card_token_details: par: somepar expiry_month: '12' expiry_year: '23' properties: customer_id: type: string description: customer_id for which the instrument was saved afa_reference: type: string description: >- cf_payment_id of the successful transaction done while saving instrument instrument_id: type: string description: saved instrument id instrument_type: type: string enum: - card description: Type of the saved instrument instrument_uid: type: string description: Unique id for the saved instrument instrument_display: type: string description: masked card number displayed to the customer instrument_status: type: string enum: - ACTIVE - INACTIVE description: Status of the saved instrument. created_at: type: string description: Timestamp at which instrument was saved. instrument_meta: $ref: '#/components/schemas/SavedInstrumentMeta' SavedInstrumentMeta: title: InstrumentMeta description: Card instrument meta information properties: card_network: type: string description: card scheme/network of the saved card. Example visa, mastercard example: VISA card_bank_name: type: string description: Issuing bank name of saved card example: HDFC Bank card_country: type: string description: Issuing country of saved card example: IN card_type: type: string description: Type of saved card example: DEBIT_CARD card_token_details: type: object nullable: true example: par: somepar expiry_month: '12' expiry_year: '23' BadRequestError: title: BadRequestError description: Invalid request received from client example: message: bad URL, please check API documentation code: request_failed type: invalid_request_error type: object properties: message: type: string code: type: string type: type: string enum: - invalid_request_error AuthenticationError: title: AuthenticationError description: Error if api keys are wrong example: message: authentication Failed code: request_failed type: authentication_error type: object properties: message: type: string code: type: string type: type: string description: authentication_error ApiError404: title: ApiError404 description: Error when resource requested is not found example: message: something is not found code: somethind_not_found type: invalid_request_error type: object properties: message: type: string code: type: string type: type: string enum: - invalid_request_error description: invalid_request_error ApiError409: title: ApiError409 description: duplicate request example: message: order with same id is already present code: order_already_exists type: invalid_request_error type: object properties: message: type: string code: type: string type: type: string enum: - invalid_request_error description: invalid_request_error IdempotencyError: title: IdempotencyError description: >- Error when idempotency fails. Different request body with the same idempotent key example: message: something is not found code: request_invalid type: idempotency_error type: object properties: message: type: string code: type: string type: type: string enum: - idempotency_error description: idempotency_error RateLimitError: title: RateLimitError description: Error when rate limit is breached for your api example: message: Too many requests from IP. Check headers code: request_failed type: rate_limit_error type: object properties: message: type: string code: type: string type: type: string enum: - rate_limit_error description: rate_limit_error ApiError: title: ApiError description: Error at cashfree's server example: message: internal Server Error code: internal_error type: api_error type: object properties: message: type: string code: type: string type: type: string enum: - api_error description: api_error examples: fetch_all_saved_cards_example: summary: Saved Intruments description: all saved intrument example value: customer_id: siddhesh_desai afa_reference: '740324562' instrument_id: 54deabb4-ba45-4a60-9e6a-9c016fe7ab10 instrument_type: card instrument_uid: 0d8f70838cc5af8b1cd2bc0fe71278551fd3f1101e40020d89ad22ceba4f933c instrument_display: xxxxxxxxxxxx4375 instrument_status: ACTIVE created_at: '2021-11-11 16:57:57' instrument_meta: card_network: VISA card_bank_name: HDFC Bank Limited card_country: IN card_type: DEBIT_CARD card_token_details: par: somepar expiry_month: '12' expiry_year: '23' headers: x-api-version: schema: type: string format: YYYY-MM-DD enum: - '2022-09-01' description: >- This header has the version of the API. The current version is `2022-09-01`. x-ratelimit-limit: schema: type: integer example: 200 description: Ratelimit set for your account for this API per minute x-ratelimit-remaining: schema: type: integer example: 2 description: >- Rate limit remaning for your account for this API in the next minute. Uses sliding window x-ratelimit-retry: schema: type: integer example: 4 description: | Contains number of seconds to wait if rate limit is breached - Is 0 if withing the limit - Is between 1 and 59 if breached x-ratelimit-type: schema: type: string enum: - app_id - ip example: ip description: > either ip or app_id - `ip` if making a call from the browser. True for api where you don't need `x-client-id` and `x-client-secret` - `app_id` for authenticated api calls i.e using `x-client-id` and `x-client-secret` x-request-id: schema: type: string example: some-req-id description: >- Request id for your api call. Is blank or null if no `x-request-id` is sent during the request x-idempotency-key: schema: type: string example: some-idem-id description: Idempotency key used during the request. Applicable for POST only x-idempotency-replayed: schema: type: string format: boolean example: 'true' description: |- In conjunction with `x-idempotency-key` this means - `true` if the response was replayed - `false` if the response has not been replayed responses: Response400: description: Bad request error content: application/json: schema: $ref: '#/components/schemas/BadRequestError' headers: x-api-version: $ref: '#/components/headers/x-api-version' x-ratelimit-limit: $ref: '#/components/headers/x-ratelimit-limit' x-ratelimit-remaining: $ref: '#/components/headers/x-ratelimit-remaining' x-ratelimit-retry: $ref: '#/components/headers/x-ratelimit-retry' x-ratelimit-type: $ref: '#/components/headers/x-ratelimit-type' x-request-id: $ref: '#/components/headers/x-request-id' x-idempotency-key: $ref: '#/components/headers/x-idempotency-key' x-idempotency-replayed: $ref: '#/components/headers/x-idempotency-replayed' Response401: description: Authentication Error content: application/json: schema: $ref: '#/components/schemas/AuthenticationError' headers: x-api-version: $ref: '#/components/headers/x-api-version' x-ratelimit-limit: $ref: '#/components/headers/x-ratelimit-limit' x-ratelimit-remaining: $ref: '#/components/headers/x-ratelimit-remaining' x-ratelimit-retry: $ref: '#/components/headers/x-ratelimit-retry' x-ratelimit-type: $ref: '#/components/headers/x-ratelimit-type' x-request-id: $ref: '#/components/headers/x-request-id' x-idempotency-key: $ref: '#/components/headers/x-idempotency-key' x-idempotency-replayed: $ref: '#/components/headers/x-idempotency-replayed' Response404: description: Resource Not found content: application/json: schema: $ref: '#/components/schemas/ApiError404' headers: x-api-version: $ref: '#/components/headers/x-api-version' x-ratelimit-limit: $ref: '#/components/headers/x-ratelimit-limit' x-ratelimit-remaining: $ref: '#/components/headers/x-ratelimit-remaining' x-ratelimit-retry: $ref: '#/components/headers/x-ratelimit-retry' x-ratelimit-type: $ref: '#/components/headers/x-ratelimit-type' x-request-id: $ref: '#/components/headers/x-request-id' x-idempotency-key: $ref: '#/components/headers/x-idempotency-key' x-idempotency-replayed: $ref: '#/components/headers/x-idempotency-replayed' Response409: description: Resource already present content: application/json: schema: $ref: '#/components/schemas/ApiError409' headers: x-api-version: $ref: '#/components/headers/x-api-version' x-ratelimit-limit: $ref: '#/components/headers/x-ratelimit-limit' x-ratelimit-remaining: $ref: '#/components/headers/x-ratelimit-remaining' x-ratelimit-retry: $ref: '#/components/headers/x-ratelimit-retry' x-ratelimit-type: $ref: '#/components/headers/x-ratelimit-type' x-request-id: $ref: '#/components/headers/x-request-id' x-idempotency-key: $ref: '#/components/headers/x-idempotency-key' x-idempotency-replayed: $ref: '#/components/headers/x-idempotency-replayed' Response422: description: Idempotency error content: application/json: schema: $ref: '#/components/schemas/IdempotencyError' headers: x-api-version: $ref: '#/components/headers/x-api-version' x-ratelimit-limit: $ref: '#/components/headers/x-ratelimit-limit' x-ratelimit-remaining: $ref: '#/components/headers/x-ratelimit-remaining' x-ratelimit-retry: $ref: '#/components/headers/x-ratelimit-retry' x-ratelimit-type: $ref: '#/components/headers/x-ratelimit-type' x-request-id: $ref: '#/components/headers/x-request-id' x-idempotency-key: $ref: '#/components/headers/x-idempotency-key' x-idempotency-replayed: $ref: '#/components/headers/x-idempotency-replayed' Response429: description: Rate Limit Error content: application/json: schema: $ref: '#/components/schemas/RateLimitError' headers: x-api-version: $ref: '#/components/headers/x-api-version' x-ratelimit-limit: $ref: '#/components/headers/x-ratelimit-limit' x-ratelimit-remaining: $ref: '#/components/headers/x-ratelimit-remaining' x-ratelimit-retry: $ref: '#/components/headers/x-ratelimit-retry' x-ratelimit-type: $ref: '#/components/headers/x-ratelimit-type' x-request-id: $ref: '#/components/headers/x-request-id' x-idempotency-key: $ref: '#/components/headers/x-idempotency-key' x-idempotency-replayed: $ref: '#/components/headers/x-idempotency-replayed' Response500: description: API related Error content: application/json: schema: $ref: '#/components/schemas/ApiError' headers: x-api-version: $ref: '#/components/headers/x-api-version' x-ratelimit-limit: $ref: '#/components/headers/x-ratelimit-limit' x-ratelimit-remaining: $ref: '#/components/headers/x-ratelimit-remaining' x-ratelimit-retry: $ref: '#/components/headers/x-ratelimit-retry' x-ratelimit-type: $ref: '#/components/headers/x-ratelimit-type' x-request-id: $ref: '#/components/headers/x-request-id' x-idempotency-key: $ref: '#/components/headers/x-idempotency-key' x-idempotency-replayed: $ref: '#/components/headers/x-idempotency-replayed' securitySchemes: XClientID: type: apiKey in: header name: x-client-id description: >- Client app ID. You can find your app id in the [Merchant Dashboard](https://merchant.cashfree.com/auth/login/pg/developers/api-keys?env=prod). XClientSecret: type: apiKey in: header name: x-client-secret description: >- Client secret key. You can find your secret in the [Merchant Dashboard](https://merchant.cashfree.com/auth/login/pg/developers/api-keys?env=prod). XPartnerAPIKey: type: apiKey in: header name: x-partner-apikey description: >- If you are partner and you are making an api call on behalf of a merchant XClientSignatureHeader: type: apiKey in: header name: x-client-signature description: >- Use this if you do not want to pass the secret key and instead want to use signature XPartnerMerchantID: type: apiKey in: header name: x-partner-merchantid description: >- If you are partner use this to specify the merchant id if you don't have the merchant client app id ````