Skip to main content

Fetching Secure Card Information

In order to retrieve the secure details of a card (CVV, expiry, PAN), a one-time token must be generated.

The steps for retrieving secure card details are as follows:

  1. Call the get a card token endpoint with the card ID.
  2. Call the GET URL specified in the callbackUrl response body field. The callbackUrl can only be used once, subsequent calls to this URL will return a 403 response code.

Sequence Diagram

sequenceDiagram participant U as User participant C as Your Client Application participant I as Immersve note over U: Authentication as per authentication guide C->>I: Get card token I-->>C: Card token C->>I: Request sensitive card data I-->>C: Return sensitive card data C-->>U: Display sensitive card data

Example code snippet

import axios from 'axios';

// Using non-custodial authentication
const tokenResponse = await axios.post(
'https://api.immersve.com/api/cards/123/pan-token',
{},
{
headers: {
Authorization: 'Bearer eyJhbvbbfg', // jwt token,
},
}
);

const secureCardDetail = await axios.get(tokenResponse.callbackUrl);

// Using custodial authentication
const tokenResponse = await axios.post(
'https://api.immersve.com/api/cards/123/pan-token',
{},
{
headers: {
'x-api-key': 'imm-key-prod-LIVE-6e7e3821983ef6fe6cecabdbc8571bbf',
'x-api-secret': 'imm-secret-prod-LIVE-95b90292dfd747c143a9d258a93fb835',
'x-account-ID': '8gh464292dfd747c143a9d258aj6jdkd8', // target account ID (the account ID this card belongs to)
},
}
);

const secureCardDetail = await axios.get(tokenResponse.callbackUrl);