Native mobile apps

Read here how to reveal sensitive card data in native mobile applications

Process overview
Process description of how PCI Proxy Show API works for native mobile applications. 
Show process for native mobile applications
1.The backend of your application receives a request to display card data
2.​Check if the user is allowed to see plain text card data
3.Assemble the request with the card and/or cvv tokens mapped to the user and submit the request to PCI Proxy
4.PCI Proxy returns a transactionId to your backend. It is valid for 30 minutes and can be consumed once
5.Pass on the transactionId to your mobile application
6.Call the Reveal endpoint with the transactionId in the body from the mobile application
7.The Reveal API returns plain text card number and CVV code to the mobile application
TransactionIDs obtained via Show API allow access to sensitive data. Please do not store them anywhere unless absolutely necessary and consume them as soon as possible.
Endpoints
Sandbox
Production
​https://api.sandbox.datatrans.com​
​https://api.datatrans.com​
Endpoints
Sandbox
Production
​https://api.sandbox.datatrans.com​
​https://api.datatrans.com​
1. Request access
Before you start with the technical integration, you need to request access to the feature. Log into our Dashboard and navigate to the Settings menu in Project settings. 
If Show API access is already granted please continue with step 2​
Request Show API access within the PCI Proxy Dashboard.
Click Request access in the Request Show API access section to open the form. Fill in your data and submit it. Our team will review your request and reach out to you once the access is granted or more information are needed.
2. Obtain a transactionId
Start with requesting a transactionId by calling the Show API from your server. 
post
https://api.sandbox.datatrans.com
/v1/transactions/secureFields/show
Init call
Example init call
Request
Response
curl --location --request POST 'https://api.sandbox.datatrans.com/v1/transactions/secureFields/show'
--header 'Authorization: Basic {basicAuth}'
--header 'Content-Type: application/json'
--data-raw 
'{ 
    "alias": "rN5IABEiAAEAAAGB8QcMWHYu8SeGACOZ", 
    "aliasCVV": "qOr2SX3sQm2e8SazhFNssOkJ" 
}'
​
{
    "transactionId": "pY8Pt-lWIpkDECioNQVFJvNifCeM"
}
Consider sending only alias or aliasCVV, depending on whether you intend to reveal just one of these values at a time.
3. Frontend integration
To display the requested card data, call the following Reveal API directly from the native mobile app with the transactionId obtained in step 2.  
The Reveal API is only supported for native mobile apps. Make sure to not call it from web browsers. 
post
https://api.sandbox.datatrans.com
/v1/transactions/secureFields/show/reveal
Reveal API
Example Reveal call
Request
Response
curl --location --request POST 'https://api.sandbox.datatrans.com/v1/transactions/secureFields/show/reveal' \
--header 'Content-Type: application/json' \
--data-raw '{
    "transactionId": "W0ZcW8zvzQ0DEISV0UafKeT8eFmC"
}'
{
    "cardNumber": "4242424242424242",
    "cvv": "123"
}
Alternative integration
You can as well embed the iframes in a web view to your mobile application to show card data. 
​