How Reveal works

Reveal sensitive card data in native mobile applications.

The following diagram shows how the Show API works for native mobile applications.

Show API for native mobile applications

Show API for native mobile applications

  1. The backend of your application receives a request to display card data.
  2. Check if the user is allows to see plain text card data.
  3. Assemble the request with the card and/or CVV tokens mapped to the user and submit the request to PCI Proxy.
  4. PCI Proxy returns a transactionId to your backend, which is valid for 30 minutes and can be consumed once.
  5. Pass on the transactionId to the mobile application.
  6. Call the Reveal endpoint with the transactionId in the body from the mobile application.
  7. The Reveal API returns plain text card numbers and CVVs to the mobile application.


transactionIds obtained via the Show API allows access to sensitive data.

Do not store them anywhere unless absolutely necessary and consume them as soon as possible.