Display card details

Last updated: March 12, 2025

Cards have non-sensitive details and sensitive details (credentials) that are subject to data protection regulations. You can:

You must have the Admin role or a custom role with one or both of the following user permissions:

Non-sensitive details – View all transactions, cards, cardholders, and card products permission
Sensitive details – View card number and CVC2 permission
For security reasons, no pre-defined roles include this permission by default.

Sign in to the Dashboard.
Go to Issuing > Cards.
Use the search or filters to find the relevant card and then select it.
On the Card details screen, under About this card, you can see the non-sensitive details.
To see the sensitive details, select View card credentials.

If your entity is regulated or you issue cards to your business, you can retrieve sensitive card details using the API.

Call the Get card credentials endpoint, and provide the following:

{cardId} path parameter – The unique identifier for the card – for example, crd_fa6psq242dcd6fdn5gifcq1491
credentials query parameter – The card credentials you want to retrieve, which can be one of or both of the following as a comma-separated list:
- number – The full primary account number (PAN)
- cvc2 – The security code

get

https://api.checkout.com/issuing/cards/{cardId}/credentials?credentials=number,cvc2


1{
2  "number": 4242424242424242,
3  "cvc2": 604
4}

To retrieve non-sensitive card details, call the Get card details endpoint, and provide the {cardId} path parameter.

get

https://api.checkout.com/issuing/cards/{cardId}


1{
2  "id": "crd_fa6psq242dcd6fdn5gifcq1491",
3  "client_id": "cli_vkuhvk4vjn2edkps7dfsq6emqm",
4  "entity_id": "ent_fa6psq242dcd6fdn5gifcq1491",
5  "cardholder_id": "crh_d3ozhf43pcq2xbldn2g45qnb44",
6  "card_product_id": "pro_7syjig3jq3mezlc3vjrdpfitl4",
7  "last_four": 1234,
8  "expiry_month": 5,
9  "expiry_year": 2025,
10  "status": "active",
11  "display_name": "JOHN KENNEDY",
12  "type": "virtual",
13  "billing_currency": "USD",
14  "issuing_country": "US",
15  "reference": "X-123456-N11",
16  "metadata": {
17    "udf1": "metadata1",
18    "udf2": "metadata2",
19    "udf3": "metadata3",
20    "udf4": "metadata4",
21    "udf5": "metadata5"
22  },
23  "revocation_date": "2029-03-12",
24  "root_card_id": "crd_fa6psq242dcd6fdn5gifcq1491",
25  "created_date": "2025-09-09T19:41:39Z",
26  "last_modified_date": "2025-09-09T19:41:39Z",
27  "_links": {
28    "self": {
29      "href": "https://api.checkout.com/issuing/cards/crd_fa6psq42dcdd6fdn5gifcq1491",
30      "actions": [
31        "GET"
32      ],
33      "types": [
34        "application/json"
35      ]
36    },
37    "credentials": {
38      "href": "https://api.checkout.com/issuing/cards/crd_fa6psq42dcdd6fdn5gifcq1491/credentials",
39      "actions": [
40        "GET"
41      ],
42      "types": [
43        "application/json"
44      ]
45    },
46    "revoke": {
47      "href": "https://api.checkout.com/issuing/cards/crd_fa6psq42dcdd6fdn5gifcq1491/revoke",
48      "actions": [
49        "POST"
50      ],
51      "types": [
52        "application/json"
53      ]
54    },
55    "controls": {
56      "href": "https://api.checkout.com/issuing/controls?target_id=crd_fa6psq42dcdd6fdn5gifcq1491",
57      "actions": [
58        "GET"
59      ],
60      "types": [
61        "application/json"
62      ]
63    }
64  },
65  "is_single_use": false
66}

After you've integrated the Card Management Android SDK or iOS SDK, you can enable your cardholders to view their card details in your app.

Follow these steps:

Information

In the iOS SDK stub environment, you can provide any String instead of an access token, because all responses return mock data.

You are responsible for performing Strong Customer Authentication (SCA) on the cardholder for each session where they use functionality provided by the SDK. This applies to both the sandbox and production SDK environments.

Pass an access token that your app receives from your authentication back end.


1val token = "{Access_token}"
2cardManager.logInSession(token)


1let token = "{Access_token}"
2cardManager.logInSession(token: accessToken)

Once you’ve authenticated the cardholder and your app, call the getCards() method to retrieve and display a list of their cards and the following non-sensitive card details:

The last four digits of the primary account number (PAN)
The expiry month and year
The cardholder's name
The card's status – active, inactive, revoked, or suspended
The card ID – For example, crd_fa6psq242dcd6fdn5gifcq1491


1cardManager.getCards { result: Result<List<Card>> ->
2  result.onSuccess {
3    // You receive a list of the cardholder's cards that you can display in your UI
4    // Returned card details include the last four digits of the PAN, expiry date, cardholder name, card status, and card ID
5  }.onFailure {
6    // If something goes wrong, you receive an error with more information
7  }
8}


1cardManager.getCards { result in
2  switch result {
3  case .success(let cards):
4    // You receive a list of the cardholder's cards that you can display in your UI
5    // Returned card details include last four digits of the PAN, expiry date, cardholder name, card status, and card ID
6  case .failure(let error):
7    // If something goes wrong, you receive an error with more information
8  }
9}

Once you've retrieved a cardholder's cards, you can use the following methods to retrieve each card's sensitive details:

Card.getPin() – The personal identification number (PIN) for a physical card
Card.getPan() – The full PAN
Card.getSecurityCode() – The security code (CVC2)
Card.getPANAndSecurityCode() – The full PAN and CVC2

Every method is subject to a unique SCA flow. You can only request a single-use token after the SCA flow is completed. You must provide the token to the SDK to call the method.

The UI component protects the sensitive details and securely displays them to the cardholder only. They are never displayed to you, or sent to your server.


1val singleUseToken = "{Single_use_token_retrieved_after_SCA}"
2
3// Request sensitive details using the card object
4card.getPin(singleUseToken) { result: Result<AbstractComposeView> ->
5  result
6    .onSuccess {
7      // If successful, you receive a Compose view containing the sensitive that you can display to the cardholder
8    }.onFailure {
9      // If something goes wrong, you receive an error with more details
10    }
11}


1let singleUseToken = "{Single_use_token_retrieved_after_SCA}"
2
3// Request sensitive details using the card object
4card.getPin(singleUseToken) { result: Result<AbstractComposeView> ->
5  result
6    .onSuccess {
7      // If successful, you receive a Compose view containing the sensitive that you can display to the cardholder
8    }.onFailure {
9      // If something goes wrong, you receive an error with more details
10  }
11}

Note

Virtual cards do not have a PIN. If you call the getPin() method for a virtual card, you receive an Unauthenticated error.

Display card details

View card details in the Dashboard

Retrieve card details using the API

Sensitive card details

Response example

Non-sensitive card details

Response example

Display card details in your app

Information

Authenticate the cardholder

Retrieve the cardholder's cards

Retrieve the sensitive card details

Note