Fetching Secure Card Information
In order to retrieve the secure details of a card (CVV, expiry, PAN), a one-time token must be generated.
The steps for retrieving secure card details are as follows:
- Call the get a card token endpoint with the card ID.
- Call the GET URL specified in the
callbackUrl
response body field. ThecallbackUrl
can only be used once, subsequent calls to this URL will return a403
response code.
Sequence Diagram
sequenceDiagram
participant U as User
participant C as Your Client Application
participant I as Immersve
note over U: Authentication as per authentication guide
C->>I: Get card token
I-->>C: Card token
C->>I: Request sensitive card data
I-->>C: Return sensitive card data
C-->>U: Display sensitive card data
Example code snippet
- JavaScript
import axios from 'axios';
// Using non-custodial authentication
const tokenResponse = await axios.post(
'https://api.immersve.com/api/cards/123/pan-token',
{},
{
headers: {
Authorization: 'Bearer eyJhbvbbfg', // jwt token,
},
}
);
const secureCardDetail = await axios.get(tokenResponse.callbackUrl);
// Using custodial authentication
const tokenResponse = await axios.post(
'https://api.immersve.com/api/cards/123/pan-token',
{},
{
headers: {
'x-api-key': 'imm-key-prod-LIVE-6e7e3821983ef6fe6cecabdbc8571bbf',
'x-api-secret': 'imm-secret-prod-LIVE-95b90292dfd747c143a9d258a93fb835',
'x-account-ID': '8gh464292dfd747c143a9d258aj6jdkd8', // target account ID (the account ID this card belongs to)
},
}
);
const secureCardDetail = await axios.get(tokenResponse.callbackUrl);