How Reveal works
Reveal sensitive card data in native mobile applications.
The following diagram shows how the Show API works for native mobile applications.
- The backend of your application receives a request to display card data.
- Check if the user is allows to see plain text card data.
- Assemble the request with the card and/or CVV tokens mapped to the user and submit the request to PCI Proxy.
- PCI Proxy returns a
transactionId
to your backend, which is valid for 30 minutes and can be consumed once. - Pass on the
transactionId
to the mobile application. - Call the Reveal endpoint with the
transactionId
in the body from the mobile application. - The Reveal API returns plain text card numbers and CVVs to the mobile application.
transactionId
s obtained via the Show API allows access to sensitive data.Do not store them anywhere unless absolutely necessary and consume them as soon as possible.
Updated over 1 year ago