How Show works

Reveal sensitive card information in a web application.

The following diagram shows how the Show API works on web applications.

Show API for web applications

Show API for web applications

  1. The backend of your application receives a request to display card data.
  2. Check if the user is allowed to see plain text card data.
  3. Assemble the request with the card and/or CVV tokens mapped to the user and submit the request to PCI Proxy.
  4. PCI Proxy returns a transactionId to your backend, which is valid for 30 minutes and can be consumed once.
  5. Pass on the transactionId to your web application.
  6. Load and render Secure Fields into your web page.
  7. Secure Field's JavaScript library runs SecureFields.init(transactionId) to request card data.
  8. Card data and relevant buttons are injected into the web page and can be displayed to the user.


transactionIds obtained via the Show API allows access to sensitive data.

Do not store them anywhere unless absolutely necessary and consume them as soon as possible.