Display card details

Last updated: September 10, 2025

Cards have non-sensitive details and sensitive details (credentials) that are subject to data protection regulations. You can:

View the details in the Dashboard.
Get the details using the API.
Display the details to cardholders in your app, and enable them to copy the card number to their clipboard.

You must have the Admin user role or a custom role with one or both of the following permissions:

Non-sensitive details – View all transactions, cards, cardholders, and card products permission
Sensitive details – View card number and CVC2 permission
For security reasons, no pre-defined roles include this permission by default.

Sign in to the Dashboard.
Go to Issuing > Cards.
Use the search or filters to find the relevant card and then select it.
On the Card details page, under About this card, you can see the non-sensitive details.
To see the sensitive details, select View card credentials.

If your entity is regulated or you issue cards to your business, you can get sensitive card details using the API.

Call the Get card credentials endpoint, and provide the following:

{cardId} path parameter – The unique identifier for the card – for example, crd_fa6psq242dcd6fdn5gifcq1491
credentials query parameter – The card credentials you want to retrieve, which can be one of or both of the following as a comma-separated list:
- number – The full primary account number (PAN)
- cvc2 – The security code

get

https://api.checkout.com/issuing/cards/{cardId}/credentials?credentials=number,cvc2


1{
2  "number": 4242424242424242,
3  "cvc2": 604
4}

To retrieve non-sensitive card details, call the Get card details endpoint, and provide the {cardId} path parameter.

get

https://api.checkout.com/issuing/cards/{cardId}


1{
2  "id": "crd_fa6psq242dcd6fdn5gifcq1491",
3  "client_id": "cli_vkuhvk4vjn2edkps7dfsq6emqm",
4  "entity_id": "ent_fa6psq242dcd6fdn5gifcq1491",
5  "cardholder_id": "crh_d3ozhf43pcq2xbldn2g45qnb44",
6  "card_product_id": "pro_7syjig3jq3mezlc3vjrdpfitl4",
7  "last_four": 1234,
8  "expiry_month": 5,
9  "expiry_year": 2025,
10  "status": "active",
11  "display_name": "JOHN KENNEDY",
12  "type": "virtual",
13  "billing_currency": "USD",
14  "issuing_country": "US",
15  "reference": "X-123456-N11",
16  "metadata": {
17    "udf1": "metadata1",
18    "udf2": "metadata2",
19    "udf3": "metadata3",
20    "udf4": "metadata4",
21    "udf5": "metadata5"
22  },
23  "revocation_date": "2029-03-12",
24  "root_card_id": "crd_fa6psq242dcd6fdn5gifcq1491",
25  "created_date": "2025-09-09T19:41:39Z",
26  "last_modified_date": "2025-09-09T19:41:39Z",
27  "_links": {
28    "self": {
29      "href": "https://api.checkout.com/issuing/cards/crd_fa6psq42dcdd6fdn5gifcq1491",
30      "actions": [
31        "GET"
32      ],
33      "types": [
34        "application/json"
35      ]
36    },
37    "credentials": {
38      "href": "https://api.checkout.com/issuing/cards/crd_fa6psq42dcdd6fdn5gifcq1491/credentials",
39      "actions": [
40        "GET"
41      ],
42      "types": [
43        "application/json"
44      ]
45    },
46    "revoke": {
47      "href": "https://api.checkout.com/issuing/cards/crd_fa6psq42dcdd6fdn5gifcq1491/revoke",
48      "actions": [
49        "POST"
50      ],
51      "types": [
52        "application/json"
53      ]
54    },
55    "controls": {
56      "href": "https://api.checkout.com/issuing/controls?target_id=crd_fa6psq42dcdd6fdn5gifcq1491",
57      "actions": [
58        "GET"
59      ],
60      "types": [
61        "application/json"
62      ]
63    }
64  },
65  "is_single_use": false
66}

After you've integrated the Card Management Android SDK or iOS SDK, you can enable your cardholders to view their card details in your app.

Follow these steps:

Information

In the iOS SDK stub environment, you can provide any String instead of an access token, because all responses return mock data.

You are responsible for performing Strong Customer Authentication (SCA) on the cardholder for each session where they use functionality provided by the SDK. This applies to both the sandbox and production SDK environments.

Pass an access token that your app receives from your authentication back end.


1val token = "{Access_token}"
2cardManager.logInSession(token)


1let token = "{Access_token}"
2cardManager.logInSession(token: accessToken)

Once you’ve authenticated the cardholder and your app, call the getCards() method to retrieve and display a list of their cards and the following non-sensitive card details:

The last four digits of the primary account number (PAN)
The expiry month and year
The cardholder's name
The card's status – active, inactive, revoked, or suspended
The card ID – For example, crd_fa6psq242dcd6fdn5gifcq1491


1cardManager.getCards { result: Result<List<Card>> ->
2  result.onSuccess {
3    // You receive a list of the cardholder's cards that you can display in your UI
4    // Returned card details include the last four digits of the PAN, expiry date, cardholder name, card status, and card ID
5  }.onFailure {
6    // If something goes wrong, you receive an error with more information
7  }
8}


1cardManager.getCards { result in
2  switch result {
3  case .success(let cards):
4    // You receive a list of the cardholder's cards that you can display in your UI
5    // Returned card details include last four digits of the PAN, expiry date, cardholder name, card status, and card ID
6  case .failure(let error):
7    // If something goes wrong, you receive an error with more information
8  }
9}

Once you've retrieved a cardholder's cards, you can use the following methods to retrieve each card's sensitive details:

Card.getPin() – The personal identification number (PIN) for a physical card
Card.getPan() – The full PAN
Card.getSecurityCode() – The security code (CVC2)
Card.getPANAndSecurityCode() – The full PAN and CVC2

Every method is subject to a unique SCA flow. You can only request a single-use token after the SCA flow is completed. You must provide the token to the SDK to call the method.

The UI component protects the sensitive details and securely displays them to the cardholder only. They are never displayed to you, or sent to your server.


1val singleUseToken = "{Single_use_token_retrieved_after_SCA}"
2
3// Request sensitive details using the card object
4card.getPin(singleUseToken) { result: Result<AbstractComposeView> ->
5  result
6    .onSuccess {
7      // If successful, you receive a Compose view containing the sensitive that you can display to the cardholder
8    }.onFailure {
9      // If something goes wrong, you receive an error with more details
10    }
11}


1let singleUseToken = "{Single_use_token_retrieved_from_your_backend_after_SCA}"
2
3// Request sensitive details using the card object
4card.getPin(singleUseToken: singleUseToken) { result in
5    switch result {
6    case .success(let pinView):
7        // If successful, you receive a UI component that you can display to the cardholder
8    case .failure(let error):
9        // If something goes wrong, you receive an error with more information
10    }
11}

Note

Virtual cards do not have a PIN. If you call the getPin() method for a virtual card, you receive an Unauthenticated error.

You can enable cardholders to securely copy their card's primary account number (PAN) to the clipboard of their device. This feature includes:

Secure authorization – Every method is subject to a unique SCA flow. You can only request a single-use token after the SCA flow is completed. The PAN is retrieved and copied asynchronously.
Security validation – The cardholder must view the PAN before copying to prevent unauthorized access.
Automatic logging – Successful and failed copy attempts are tracked for analytics.
Granular error handling – Specific error cases are returned for different failure scenarios to enable troubleshooting.

The minimum supported SDK version for this feature is Android 7, API 24.

Call one of the following methods to display the PAN to the cardholder:

displayPan()
displayPANAndSecurityCode()

Information

We recommend explaining this security requirement to the cardholder for a smooth user experience.

Call the copyPan method and provide the token:


1public fun copyPan(
2  singleUseToken: {Single_use_token_retrieved_after_SCA},
3  completionHandler: (Result<Unit>) -> Unit
4}

completionHandler is a closure executed on completion that returns a Result that indicates either success, or the reason for failure.


1func copyPan(singleUseToken: {Single_use_token_retrieved_after_SCA},
2             completionHandler: @escaping ((CheckoutCardManager.CardDetailCopyResult) -> Void))

completionHandler is a closure executed on completion that returns a CardDetailCopyResult that indicates either success, or the reason for failure.


1public enum CardDetailCopyResult: Equatable {
2    case success                              // PAN successfully copied to clipboard
3    case failure(CardManagementError)        // Operation failed with specific error case
4}

Note

To avoid errors, prevent the app from attempting multiple simultaneous copy operations.

You can receive the following error cases:

Error	Description	Recovery action
`AuthenticationFailure`	The token was invalid or expired.	Authenticate the cardholder before calling the `copyPan` method.
`PanNotViewedFailure`	The PAN was not viewed before copying.	Call one of the following methods before calling the `copyPan()` method: `displayPan()` `displayPANAndSecurityCode()`
`SecureOperationsFailure`	The app could not copy the PAN returned by the API.	Check the clipboard permissions and network availability of the cardholder's device.
`UnsupportedAPIVersion`	The Android version is not supported. This applies to API versions 29, 30, 31, and 32.	The `copyPan` method is not supported for these API versions due to operating system security requirements.

Error Description Recovery action

Error	Description	Recovery action
`.unableToCopy(failure: .copyFailure)`	The operation failed to copy the PAN to clipboard.	Check: The clipboard permissions and network availability of the cardholder's device If the token was valid
`.unableToCopy(failure: .dataNotViewed)`	The PAN was not viewed before copying.	Call one of the following methods before calling the `copyPan()` method: `displayPan()` `displayPANAndSecurityCode()`
`.unableToCopy(failure: .missingManager)`	The card manager was deallocated.	Ensure the card manager stays in memory.

.unableToCopy(failure: .copyFailure)

The operation failed to copy the PAN to clipboard.

Check:

The clipboard permissions and network availability of the cardholder's device
If the token was valid

.unableToCopy(failure: .dataNotViewed)

The PAN was not viewed before copying.

Call one of the following methods before calling the copyPan() method:

displayPan()
displayPANAndSecurityCode()

.unableToCopy(failure: .missingManager)

The card manager was deallocated.

Ensure the card manager stays in memory.


1card.copyPan(singleUseToken = "<single use token here>") { result ->
2    result.fold(
3        onSuccess = {
4
5        },
6        onFailure = {
7
8        }
9    )
10}


1card.copyPan(singleUseToken: "<single use token here>") { copyResult in  
2    switch copyResult {
3    case .success:
4        // handle success - indicates PAN is copied successfully.
5    case .failure(let error):
6        // handle error (either PAN is not viewed or another error)
7    }                    
8}

Checkout.com Support

Android version limitations for copyPan

Display card details

View card details in the Dashboard

Get card details using the API

Sensitive card details

Response example

Non-sensitive card details

Response example