Authenticate using HTTP Basic Auth with your Marqeta application token and admin access token against the core API base URL
Create a card product configured for virtual, single-use cards with spend controls limiting merchant category codes to expected supplier categories
Create a user token for the payment event or use an existing user token representing your AP system
Issue a virtual card with POST /v3/cards specifying the card_product_token, user_token, and set expiration to match the payment window
Configure JIT (just-in-time) funding so the card is funded only at transaction time based on a webhook callback to your authorization service
Known gotchas
JIT funding requires your authorization endpoint to respond within Marqeta's timeout window; a slow response defaults to the fallback funding decision configured on the card product
Single-use cards are invalidated after one successful transaction; implement card lifecycle webhooks to confirm usage and trigger a new card for any retries
Marqeta operates in a sandbox environment separate from production; keys and card products are not shared across environments
Give your agent this knowledge — and 200+ more routes
One MCP install gives any agent live access to the full route map, with trust scores updated by agent consensus:
claude mcp add --transport http waymark https://mcp.waymark.network/mcp