Show Card PAN - HTML
Endpoint
POST /api/v1/merchant/cards/{cardId}/reveal-html/
Retrieves a temporary URL to display a cardβs PAN (card number, expiry, CVV) via a PCI-compliant iFrame.
This API securely returns a short-lived URL that can be embedded into your frontend. The link expires within 60 seconds and should be used immediately after receiving the response.
β οΈ Important Security Considerations
π¨ Frontend-Only Usage - This API must be called from your web or mobile frontend. - The response returns a URL to an HTML iFrame view, not raw PAN data. - Do NOT call this from your backend, as it may expose sensitive information and violate PCI DSS.
Path Parameters
| Name | Type | Required | Description |
|---|---|---|---|
cardId |
string |
β | UUID of the card whose PAN you want to display. |
β Response
Returns a JSON object with a temporary accessUrl:
{
"accessUrl": "https://<apidomain>/merchant/cards/pan/iframe/eyJ0eXAiOiJKV1QiLCJhbGci..."
}
Use this accessUrl as the source for an <iframe> in your frontend application.
β οΈ The
accessUrlexpires in 60 seconds. After that, it will return an error.
π Use Cases
| Scenario | Solution |
|---|---|
| You want to display card details without handling raw PAN data | Use the accessUrl inside an iFrame |
| You want to remain PCI compliant | Use our generated view and do not store the data yourself |
| You want to customize styling | Contact support for iFrame styling options |
π Additional Notes
- The returned URL is tokenized and cannot be reused after expiration.
- The endpoint ensures only authorized, authenticated merchants receive access.
- If the card is expired or terminated, access will be denied.
- This method is compatible with major frontend frameworks (React, Angular, etc.).