View sensitive information
The cardUrl
available in the card
query leads to website that displays the card with its design and its sensitive hidden information.
Consider integrating it into your product with an iframe or a webview.
This URL is available for one hour after you query it.
After one hour, renew the query to get another cardUrl
.
If information fails to become visible despite having the appropriate permissions, it may remain hidden due to regulatory restrictions based on your location.
View physical card numbers​
View the physical card numbers, which is different from the virtual card numbers, by calling the viewPhysicalCardNumbers
mutation which returns a consent.
When you do this, make sure you are authenticated with a user access token using the name of the card's account member.
Then a consentUrl
is returned, inviting the user to start the Strong Customer Authentication with Swan.
After the consent is accepted, the card's sensitive information is displayed for five minutes. The link to view the information is also valid for five minutes; the user can close and reopen the link anytime within those five minutes.
The user can click to copy any of the sensitive information to their clipboard.
After they're done with the card info, they can click okay to be redirected to the redirectUrl
set up during the viewCardNumbers
mutation.
consentId
To avoid repeating the Strong Customer Authentication each time the client wants to reveal the card numbers, the same consentUrl
can be called anytime for five minutes after the consent.
We advise you to store the consentId
on your side and run a consent query to check the consent status is Accepted
and the updateAt
is less than five minutes, before reusing the consentUrl
.
The consentUrl
only works in the cardholder's browser where the consent was completed.
View PIN​
You can display the physical card's PIN by calling the viewPhysicalCardPinmutation
which returns a consent.
When you do this, make sure you are authenticated with a user access token using the name of the card's account member.
Then a consentUrl
is returned which invites the user to start the Strong Customer Authentication with Swan.
If your card was created before 19:00 Central European [Summer] Time (CET/CEST), you can call the mutation starting from 19:00 the same day. Otherwise, you'll have to wait until the next day at 19:00 to start calling the mutation.
You can check the isPINReady
boolean (true/false) in the physical card's statusInfo
, with ToActivate
status.
It is true
when the PIN is available.
Refer to the section on PIN availability to understand when a PIN should be ready.
Mutation​
🔎 Open the mutation in API Explorer
mutation viewPin {
viewPhysicalCardPin(
input: {
cardId: "$YOUR_CARD_ID"
consentRedirectUrl: "$YOUR_REDIRECT_URL"
}
) {
... on ViewPhysicalCardPinSuccessPayload {
__typename
consent {
consentUrl
}
}
... on PINNotReadyRejection {
__typename
message
physicalCardIdentifier
}
}
}
Payload​
Open the consentUrl
returned by the mutation to provide consent, then view the PIN.
{
"data": {
"viewPhysicalCardPin": {
"__typename": "ViewPhysicalCardPinSuccessPayload",
"consent": {
"consentUrl": "$CONSENT_URL"
}
}
}
}