Display card details

Last updated: August 30, 2023

Card details, or credentials, include the unique 16-digit primary account number (PAN) and the security code (CVV).

We offer three ways of displaying these details:

If you’re an administrator, you can also grant users permissions to view card details.

If you've integrated the Issuing Android SDK or iOS SDK into your app, you can let your cardholders view their card details through your app.

You are responsible for authenticating your cardholders for each session where they use functionality provided by the SDK, in both the sandbox and production SDK environments. To do this, use an access token that your app receives from your authentication back end.

Note

In the iOS SDK stub environment, you can provide any String instead of an access token, because all responses return mock data.

The Android SDK does not provide a stub environment.


1val token = "<ACCESS_TOKEN>"
2cardManager.logInSession(token)


1let token = "<ACCESS_TOKEN>"
2cardManager.logIn(with: token)

Once you’ve authenticated the cardholder and your app, you can return a list of their cards:


1cardManager.getCards { result: Result<List<Card>> ->
2  result.onSuccess {
3    // You receive a list of cards that you can display in your UI
4    // The card details include the last four digits of the PAN, expiry date, cardholder name, card state, and card ID
5  }.onFailure {
6    // If something goes wrong, you receive an error with more information
7  }
8}


1cardManager.getCards { result in
2  switch result {
3  case .success(let cards):
4    // You receive a list of cards that you can display in your UI
5    // Returned card details include last four digits of the PAN, expiry date, cardholder name, card state, and card ID
6  case .failure(let error):
7    // If something goes wrong, you receive an error with more information
8  }
9}

Once you've retrieved a cardholder's cards, you can retrieve the cards' secure details, including:

the last four digits of the PAN
the expiry date
the cardholder's name
the card's state – active, inactive, revoked, or suspended
the card's unique ID

To retrieve the PIN, PAN, CVV, and joint PAN and CVV data, you must make separate API calls.

Each API call is subject to a unique Strong Customer Authentication (SCA) flow. When an authentication flow is completed, you can request a single-use token to provide to the SDK to execute the call.


1val singleUseToken = "<SINGLE_USE_TOKEN_RETRIEVED_AFTER_SCA>"
2
3// Request sensitive data via the card object
4card.getPin(singleUseToken) { result: Result<AbstractComposeView> ->
5  result
6    .onSuccess {
7      // Receives a UI component that you can display to the user
8    }.onFailure {
9      // If something goes wrong, you receive an error with more information
10    }
11}


1let singleUseToken = "<SINGLE_USE_TOKEN_RETRIEVED_AFTER_SCA>"
2
3// Request sensitive data via the card object
4card.getPin(singleUseToken: singleUseToken) { result in
5  switch result {
6    case .success(let pinView):
7      // Receives a UI component that you can display to the user
8    case .failure(let error):
9      // If something goes wrong, you receive an error with more information
10  }
11}

The UI component protects the returned value and delivers it directly to the user. The sensitive card details are never displayed to you, or sent to your server.

The UI component's visuals are defined by the values you supplied to CardManagementDesignSystem when you integrated the Android SDK or iOS SDK.

If you're a regulated entity or you issue cards to your business, you can display the card details using the API:

To do this, call the Get the card credentials endpoint with the cardId value, and specify which details to retrieve in the credentials field. For example:

post

https://api.checkout.com/issuing/cards/{cardId}/credentials?credentials=number,cvc2

Note

You can choose to include the PAN number and CVV cvc2 details within the response when creating a card. To do so, call the Create a card endpoint for a virtual card and provide the return_credentials parameter.

To view card details, users must have the required user permission. For security reasons, no default roles include this permission by default. This means you have to create a custom role, which you can assign to your users.

Note

To create a custom role and assign it to users, you must be an administrator or administrator owner.

To create a custom role:

Sign in to the Dashboard.
Go to Team > User permissions.
Select View all roles > New role.
Give the new role a name, and then add the View card number and cvc2 permission.
Select Create custom role.

To assign the custom role:

Go to Team > User permissions.
Select an existing user, select Edit user, and then apply the custom role to them.

Alternatively, create a new user and apply the custom role. The user can now view the card details in the Dashboard.


1<Image src = "/docs/Issuing/Assign-custom-role.png" alt="New user screen with the Permissions dropdown showing all available roles including the custom role created."/>

Sign in to the Dashboard and ensure you have permission to view card details.
Go to Issuing > Cards.
Use the search or filters to find the relevant card.
Select the card to view its details.
Select View card credentials.

Display card details