Native mobile apps

Read here how to reveal sensitive card data in native mobile applications

Process overview

Process description of how PCI Proxy Show API works for native mobile applications.
Show process for native mobile applications
  1. 1.
    The backend of your application receives a request to display card data
  2. 2.
    Check if the user is allowed to see plain text card data
  3. 3.
    Assemble the request with the card and/or cvv tokens mapped to the user and submit the request to PCI Proxy
  4. 4.
    PCI Proxy returns a transactionId to your backend. It is valid for 30 minutes and can be consumed once
  5. 5.
    Pass on the transactionId to your mobile application
  6. 6.
    Call the Reveal endpoint with the transactionId in the body from the mobile application
  7. 7.
    The Reveal API returns plain text card number and CVV code to the mobile application
TransactionIDs obtained via Show API allow access to sensitive data. Please do not store them anywhere unless absolutely necessary and consume them as soon as possible.



1. Request access

Before you start with the technical integration, you need to request access to the feature. Log into our Dashboard and navigate to the Settings menu in Project settings.
If Show API access is already granted please continue with step 2
Request Show API access within the PCI Proxy Dashboard.
Click Request access in the Request Show API access section to open the form. Fill in your data and submit it. Our team will review your request and reach out to you once the access is granted or more information are needed.

2. Obtain a transactionId

Start with requesting a transactionId by calling the Show API from your server.
Init call

Example init call

curl --location --request POST ''
--header 'Authorization: Basic {basicAuth}'
--header 'Content-Type: application/json'
"aliasCVV": "qOr2SX3sQm2e8SazhFNssOkJ"
"transactionId": "pY8Pt-lWIpkDECioNQVFJvNifCeM"
Consider sending only alias or aliasCVV, depending on whether you intend to reveal just one of these values at a time.

3. Frontend integration

To display the requested card data, call the following Reveal API directly from the native mobile app with the transactionId obtained in step 2.
The Reveal API is only supported for native mobile apps. Make sure to not call it from web browsers.
Reveal API

Example Reveal call

curl --location --request POST '' \
--header 'Content-Type: application/json' \
--data-raw '{
"transactionId": "W0ZcW8zvzQ0DEISV0UafKeT8eFmC"
"cardNumber": "4242424242424242",
"cvv": "123"

Alternative integration

You can as well embed the iframes in a web view to your mobile application to show card data.

Last modified 2mo ago