View sensitive information
Prepare to view sensitive information​
The cardUrl
available in the card
query leads to a website that displays the card with its design and its sensitive hidden information.
Consider integrating it into your product with an iframe or a webview.
This URL is available for one hour after you query it.
After one hour, renew the query to get another cardUrl
.
If information fails to become visible despite having the appropriate permissions, it may remain hidden due to regulatory restrictions based on your location.
View virtual card numbers​
To make online payments you usually need to provide the card numbers, the expiration date, and the CVC. All of this data is considered sensitive and is not directly available through the Web Banking interface or the API.
- When the Account member wants to display sensitive information, you must call the
viewCardNumbers
mutation which returns a consent. - Replace $YOUR_CARD_ID with your card ID, and $YOUR_REDIRECT_URL with the URL you want to redirect the user to after viewing the card numbers.
- Make sure you are authenticated with a user access token using the name of the card's account member.
- Then a
consentUrl
is returned which invites the user to start the Strong Customer Authentication with Swan. You need to open a native pop-up to display theconsentUrl
. This URL will redirect the user to a page with the card numbers displayed with the card design.
Mutation​
🔎 Open the mutation in API Explorer
mutation ViewSensitiveInfo {
viewCardNumbers(
input: {
cardId: "$YOUR_CARD_ID"
consentRedirectUrl: "$YOUR_REDIRECT_URL"
}
) {
... on ViewCardNumbersSuccessPayload {
__typename
consent {
consentUrl
id
}
}
}
}
Payload​
{
"data": {
"viewCardNumbers": {
"__typename": "ViewCardNumbersSuccessPayload",
"consent": {
"consentUrl": "$YOUR_CONSENT_URL",
"id": "$YOUR_CONSENT_ID"
}
}
}
}
After consent​
After the consent is accepted, the card's sensitive information is displayed for five minutes. The link to view the information is also valid for five minutes; the user can close and reopen the link anytime within those five minutes.
The user can click to copy any of the sensitive information to their clipboard.
After they're done with the card info, they can click okay to be redirected to the redirectUrl
set up during the viewCardNumbers
mutation.