Display card details
Last updated: March 12, 2025
Cards have non-sensitive details and sensitive details (credentials) that are subject to data protection regulations. You can:
- View the details in the Dashboard.
- Retrieve the details using the API.
- Display the details to cardholders in your app.
You must have the Admin role or a custom role with one or both of the following user permissions:
- Non-sensitive details – View all transactions, cards, cardholders, and card products permission
- Sensitive details – View card number and CVC2 permission
For security reasons, no pre-defined roles include this permission by default.
- Sign in to the Dashboard.
- Go to Issuing > Cards.
- Use the search or filters to find the relevant card and then select it.
- On the Card details screen, under About this card, you can see the non-sensitive details.
- To see the sensitive details, select View card credentials.
If your entity is regulated or you issue cards to your business, you can retrieve sensitive card details using the API.
Call the Get card credentials endpoint, and provide the following:
{cardId}
path parameter – The unique identifier for the card – for example,crd_fa6psq242dcd6fdn5gifcq1491
credentials
query parameter – The card credentials you want to retrieve, which can be one of or both of the following as a comma-separated list:number
– The full primary account number (PAN)cvc2
– The security code
get
https://api.checkout.com/issuing/cards/{cardId}/credentials?credentials=number,cvc2
1{2"number": 4242424242424242,3"cvc2": 6044}
To retrieve non-sensitive card details, call the Get card details endpoint, and provide the {cardId}
path parameter.
get
https://api.checkout.com/issuing/cards/{cardId}
1{2"id": "crd_fa6psq242dcd6fdn5gifcq1491",3"client_id": "cli_vkuhvk4vjn2edkps7dfsq6emqm",4"entity_id": "ent_fa6psq242dcd6fdn5gifcq1491",5"cardholder_id": "crh_d3ozhf43pcq2xbldn2g45qnb44",6"card_product_id": "pro_7syjig3jq3mezlc3vjrdpfitl4",7"last_four": 1234,8"expiry_month": 5,9"expiry_year": 2025,10"status": "active",11"display_name": "JOHN KENNEDY",12"type": "virtual",13"billing_currency": "USD",14"issuing_country": "US",15"reference": "X-123456-N11",16"metadata": {17"udf1": "metadata1",18"udf2": "metadata2",19"udf3": "metadata3",20"udf4": "metadata4",21"udf5": "metadata5"22},23"revocation_date": "2029-03-12",24"root_card_id": "crd_fa6psq242dcd6fdn5gifcq1491",25"created_date": "2025-09-09T19:41:39Z",26"last_modified_date": "2025-09-09T19:41:39Z",27"_links": {28"self": {29"href": "https://api.checkout.com/issuing/cards/crd_fa6psq42dcdd6fdn5gifcq1491",30"actions": [31"GET"32],33"types": [34"application/json"35]36},37"credentials": {38"href": "https://api.checkout.com/issuing/cards/crd_fa6psq42dcdd6fdn5gifcq1491/credentials",39"actions": [40"GET"41],42"types": [43"application/json"44]45},46"revoke": {47"href": "https://api.checkout.com/issuing/cards/crd_fa6psq42dcdd6fdn5gifcq1491/revoke",48"actions": [49"POST"50],51"types": [52"application/json"53]54},55"controls": {56"href": "https://api.checkout.com/issuing/controls?target_id=crd_fa6psq42dcdd6fdn5gifcq1491",57"actions": [58"GET"59],60"types": [61"application/json"62]63}64},65"is_single_use": false66}
After you've integrated the Card Management Android SDK or iOS SDK, you can enable your cardholders to view their card details in your app.
Follow these steps:
- Authenticate the cardholder.
- Retrieve the cardholder's cards and non-sensitive details.
- Retrieve the sensitive details.
Information
In the iOS SDK stub environment, you can provide any String
instead of an access token, because all responses return mock data.
You are responsible for performing Strong Customer Authentication (SCA) on the cardholder for each session where they use functionality provided by the SDK. This applies to both the sandbox and production SDK environments.
Pass an access token that your app receives from your authentication back end.
1val token = "{Access_token}"2cardManager.logInSession(token)
Once you’ve authenticated the cardholder and your app, call the getCards()
method to retrieve and display a list of their cards and the following non-sensitive card details:
- The last four digits of the primary account number (PAN)
- The expiry month and year
- The cardholder's name
- The card's status –
active
,inactive
,revoked
, orsuspended
- The card ID – For example,
crd_fa6psq242dcd6fdn5gifcq1491
1cardManager.getCards { result: Result<List<Card>> ->2result.onSuccess {3// You receive a list of the cardholder's cards that you can display in your UI4// Returned card details include the last four digits of the PAN, expiry date, cardholder name, card status, and card ID5}.onFailure {6// If something goes wrong, you receive an error with more information7}8}
Once you've retrieved a cardholder's cards, you can use the following methods to retrieve each card's sensitive details:
Card.getPin()
– The personal identification number (PIN) for a physical cardCard.getPan()
– The full PANCard.getSecurityCode()
– The security code (CVC2)Card.getPANAndSecurityCode()
– The full PAN and CVC2
Every method is subject to a unique SCA flow. You can only request a single-use token after the SCA flow is completed. You must provide the token to the SDK to call the method.
The UI component protects the sensitive details and securely displays them to the cardholder only. They are never displayed to you, or sent to your server.
1val singleUseToken = "{Single_use_token_retrieved_after_SCA}"23// Request sensitive details using the card object4card.getPin(singleUseToken) { result: Result<AbstractComposeView> ->5result6.onSuccess {7// If successful, you receive a Compose view containing the sensitive that you can display to the cardholder8}.onFailure {9// If something goes wrong, you receive an error with more details10}11}
Note
Virtual cards do not have a PIN. If you call the getPin()
method for a virtual card, you receive an Unauthenticated
error.