The following diagram shows how the Show API works for native mobile applications.
- The backend of your application receives a request to display card data.
- Check if the user is allows to see plain text card data.
- Assemble the request with the card and/or CVV tokens mapped to the user and submit the request to PCI Proxy.
- PCI Proxy returns a
transactionIdto your backend, which is valid for 30 minutes and can be consumed once.
- Pass on the
transactionIdto the mobile application.
- Call the Reveal endpoint with the
transactionIdin the body from the mobile application.
- The Reveal API returns plain text card numbers and CVVs to the mobile application.
transactionIds obtained via the Show API allows access to sensitive data.
Do not store them anywhere unless absolutely necessary and consume them as soon as possible.
Updated 10 months ago