Secure card information describes the details of a card that only a cardholder should have access to. This includes the card's 16 digit PAN (Primary Account Number), expiry date, and security code (CVC/CVV).
It is not recommended that the sensitive card details are supplied to any application other than one that resides within the cardholder environment (i.e. their mobile application or web application running in their browser) unless that system is sufficiently compliant with PCI-DSS requirements and is audited as such.
The steps for retrieving secure card details are as follows:
- Call the Get Card Token endpoint with the card ID.
- Call the GET URL specified in the
callbackUrlresponse body field. ThecallbackUrlcan only be used once, subsequent calls to this URL will return a403response code.
Example code snippet
import axios from 'axios';
// Using non-custodial authenticationconst tokenResponse = await axios.post( 'https://api.immersve.com/api/cards/123/pan-token', {}, { headers: { Authorization: 'Bearer eyJhbvbbfg', // jwt token, }, });
const secureCardDetail = await axios.get(tokenResponse.callbackUrl);
// Using custodial authenticationconst tokenResponse = await axios.post( 'https://api.immersve.com/api/cards/123/pan-token', {}, { headers: { 'x-api-key': 'imm-key-prod-LIVE-6e7e3821983ef6fe6cecabdbc8571bbf', 'x-api-secret': 'imm-secret-prod-LIVE-95b90292dfd747c143a9d258a93fb835', 'x-account-ID': '8gh464292dfd747c143a9d258aj6jdkd8', // target account ID (the account ID this card belongs to) }, });
const secureCardDetail = await axios.get(tokenResponse.callbackUrl);