Skip to main content

View sensitive information

Prepare to view sensitive information​

The cardUrl available in the card query leads to a website that displays the card with its design and its sensitive hidden information.

Consider integrating it into your product with an iframe or a webview. This URL is available for one hour after you query it. After one hour, renew the query to get another cardUrl.

Information not visible

If information fails to become visible despite having the appropriate permissions, it may remain hidden due to regulatory restrictions based on your location.

View virtual card numbers​

To make online payments you usually need to provide the card numbers, the expiration date, and the CVC. All of this data is considered sensitive and is not directly available through the Web Banking interface or the API.

  1. When the Account member wants to display sensitive information, you must call the viewCardNumbers mutation which returns a consent.
  2. Replace $YOUR_CARD_ID with your card ID, and $YOUR_REDIRECT_URL with the URL you want to redirect the user to after viewing the card numbers.
  3. Make sure you are authenticated with a user access token using the name of the card's account member.
  4. Then a consentUrl is returned which invites the user to start the Strong Customer Authentication with Swan. You need to open a native pop-up to display the consentUrl. This URL will redirect the user to a page with the card numbers displayed with the card design.

Mutation​

🔎 Open the mutation in API Explorer

mutation ViewSensitiveInfo {
  viewCardNumbers(
    input: {
      cardId: "$YOUR_CARD_ID"
      consentRedirectUrl: "$YOUR_REDIRECT_URL"
    }
  ) {
    ... on ViewCardNumbersSuccessPayload {
      __typename
      consent {
        consentUrl
        id
      }
    }
  }
}

Payload​

{
  "data": {
    "viewCardNumbers": {
      "__typename": "ViewCardNumbersSuccessPayload",
      "consent": {
        "consentUrl": "$YOUR_CONSENT_URL",
        "id": "$YOUR_CONSENT_ID"
      }
    }
  }
}

After the consent is accepted, the card's sensitive information is displayed for five minutes. The link to view the information is also valid for five minutes; the user can close and reopen the link anytime within those five minutes.

The user can click to copy any of the sensitive information to their clipboard. After they're done with the card info, they can click okay to be redirected to the redirectUrl set up during the viewCardNumbers mutation.

Swan card with information masked and revealed