Display card details
Last updated: September 10, 2025
Cards have non-sensitive details and sensitive details (credentials) that are subject to data protection regulations. You can:
- View the details in the Dashboard.
- Get the details using the API.
- Display the details to cardholders in your app, and enable them to copy the card number to their clipboard.
You must have the Admin user role or a custom role with one or both of the following permissions:
- Non-sensitive details –
View all transactions, cards, cardholders, and card products
permission - Sensitive details –
View card number and CVC2
permission
For security reasons, no pre-defined roles include this permission by default.
- Sign in to the Dashboard.
- Go to Issuing > Cards.
- Use the search or filters to find the relevant card and then select it.
- On the Card details page, under About this card, you can see the non-sensitive details.
- To see the sensitive details, select View card credentials.
If your entity is regulated or you issue cards to your business, you can get sensitive card details using the API.
Call the Get card credentials endpoint, and provide the following:
{cardId}
path parameter – The unique identifier for the card – for example,crd_fa6psq242dcd6fdn5gifcq1491
credentials
query parameter – The card credentials you want to retrieve, which can be one of or both of the following as a comma-separated list:number
– The full primary account number (PAN)cvc2
– The security code
get
https://api.checkout.com/issuing/cards/{cardId}/credentials?credentials=number,cvc2
1{2"number": 4242424242424242,3"cvc2": 6044}
To retrieve non-sensitive card details, call the Get card details endpoint, and provide the {cardId}
path parameter.
get
https://api.checkout.com/issuing/cards/{cardId}
1{2"id": "crd_fa6psq242dcd6fdn5gifcq1491",3"client_id": "cli_vkuhvk4vjn2edkps7dfsq6emqm",4"entity_id": "ent_fa6psq242dcd6fdn5gifcq1491",5"cardholder_id": "crh_d3ozhf43pcq2xbldn2g45qnb44",6"card_product_id": "pro_7syjig3jq3mezlc3vjrdpfitl4",7"last_four": 1234,8"expiry_month": 5,9"expiry_year": 2025,10"status": "active",11"display_name": "JOHN KENNEDY",12"type": "virtual",13"billing_currency": "USD",14"issuing_country": "US",15"reference": "X-123456-N11",16"metadata": {17"udf1": "metadata1",18"udf2": "metadata2",19"udf3": "metadata3",20"udf4": "metadata4",21"udf5": "metadata5"22},23"revocation_date": "2029-03-12",24"root_card_id": "crd_fa6psq242dcd6fdn5gifcq1491",25"created_date": "2025-09-09T19:41:39Z",26"last_modified_date": "2025-09-09T19:41:39Z",27"_links": {28"self": {29"href": "https://api.checkout.com/issuing/cards/crd_fa6psq42dcdd6fdn5gifcq1491",30"actions": [31"GET"32],33"types": [34"application/json"35]36},37"credentials": {38"href": "https://api.checkout.com/issuing/cards/crd_fa6psq42dcdd6fdn5gifcq1491/credentials",39"actions": [40"GET"41],42"types": [43"application/json"44]45},46"revoke": {47"href": "https://api.checkout.com/issuing/cards/crd_fa6psq42dcdd6fdn5gifcq1491/revoke",48"actions": [49"POST"50],51"types": [52"application/json"53]54},55"controls": {56"href": "https://api.checkout.com/issuing/controls?target_id=crd_fa6psq42dcdd6fdn5gifcq1491",57"actions": [58"GET"59],60"types": [61"application/json"62]63}64},65"is_single_use": false66}
After you've integrated the Card Management Android SDK or iOS SDK, you can enable your cardholders to view their card details in your app.
Follow these steps:
- Authenticate the cardholder.
- Retrieve the cardholder's cards and non-sensitive details.
- Retrieve the sensitive details.
Information
In the iOS SDK stub environment, you can provide any String
instead of an access token, because all responses return mock data.
You are responsible for performing Strong Customer Authentication (SCA) on the cardholder for each session where they use functionality provided by the SDK. This applies to both the sandbox and production SDK environments.
Pass an access token that your app receives from your authentication back end.
1val token = "{Access_token}"2cardManager.logInSession(token)
Once you’ve authenticated the cardholder and your app, call the getCards()
method to retrieve and display a list of their cards and the following non-sensitive card details:
- The last four digits of the primary account number (PAN)
- The expiry month and year
- The cardholder's name
- The card's status –
active
,inactive
,revoked
, orsuspended
- The card ID – For example,
crd_fa6psq242dcd6fdn5gifcq1491
1cardManager.getCards { result: Result<List<Card>> ->2result.onSuccess {3// You receive a list of the cardholder's cards that you can display in your UI4// Returned card details include the last four digits of the PAN, expiry date, cardholder name, card status, and card ID5}.onFailure {6// If something goes wrong, you receive an error with more information7}8}
Once you've retrieved a cardholder's cards, you can use the following methods to retrieve each card's sensitive details:
Card.getPin()
– The personal identification number (PIN) for a physical cardCard.getPan()
– The full PANCard.getSecurityCode()
– The security code (CVC2)Card.getPANAndSecurityCode()
– The full PAN and CVC2
Every method is subject to a unique SCA flow. You can only request a single-use token after the SCA flow is completed. You must provide the token to the SDK to call the method.
The UI component protects the sensitive details and securely displays them to the cardholder only. They are never displayed to you, or sent to your server.
1val singleUseToken = "{Single_use_token_retrieved_after_SCA}"23// Request sensitive details using the card object4card.getPin(singleUseToken) { result: Result<AbstractComposeView> ->5result6.onSuccess {7// If successful, you receive a Compose view containing the sensitive that you can display to the cardholder8}.onFailure {9// If something goes wrong, you receive an error with more details10}11}
Note
Virtual cards do not have a PIN. If you call the getPin()
method for a virtual card, you receive an Unauthenticated
error.
You can enable cardholders to securely copy their card's primary account number (PAN) to the clipboard of their device. This feature includes:
- Secure authorization – Every method is subject to a unique SCA flow. You can only request a single-use token after the SCA flow is completed. The PAN is retrieved and copied asynchronously.
- Security validation – The cardholder must view the PAN before copying to prevent unauthorized access.
- Automatic logging – Successful and failed copy attempts are tracked for analytics.
- Granular error handling – Specific error cases are returned for different failure scenarios to enable troubleshooting.
The minimum supported SDK version for this feature is Android 7, API 24.
Call one of the following methods to display the PAN to the cardholder:
displayPan()
displayPANAndSecurityCode()
Information
We recommend explaining this security requirement to the cardholder for a smooth user experience.
Call the copyPan
method and provide the token:
1public fun copyPan(2singleUseToken: {Single_use_token_retrieved_after_SCA},3completionHandler: (Result<Unit>) -> Unit4}
completionHandler
is a closure executed on completion that returns a Result
that indicates either success, or the reason for failure.
Note
To avoid errors, prevent the app from attempting multiple simultaneous copy operations.
You can receive the following error cases:
Error | Description | Recovery action |
---|---|---|
| The token was invalid or expired. | Authenticate the cardholder before calling the |
| The PAN was not viewed before copying. | Call one of the following methods before calling the
|
| The app could not copy the PAN returned by the API. | Check the clipboard permissions and network availability of the cardholder's device. |
| The Android version is not supported. This applies to API versions 29, 30, 31, and 32. | The |
1card.copyPan(singleUseToken = "<single use token here>") { result ->2result.fold(3onSuccess = {45},6onFailure = {78}9)10}