Skip to main content

Overview

This recipe is a guide to using our “Get Sensitive Card Info” endpoint to retrieve a client-facing URL for fetching sensitive card information from your client-facing application.

Step 1: Get client IP Address

Extract client IP address from your client’s browser or application in your API request handler. 
# On your server, when your client requests full card details
# Retrieve a URL from our server
curl --request GET \
     --url https://access.sandbox.utgl.io/v1/cards/card-sensitive-info \
     --header 'accept: application/json' \
     -d "cardId=41e079e6-7b92-57e6-ae7f-3644ed5cbdee" \
     -d "cardAccountId=0f48154c-723b-4e3e-99c5-df618b90123f" \
     -d "ipAddress=128.111.222.3"

// On your client facing application, using XMLHttpRequest, consume the returned url
fetch('https://sandbox.acesss.utgl.io:/v1/cards/card-sensitive-info/ca607a597c9ab99d75813a601d1cac724a3bd6619d6928709619c59778b7925e')
  .then((response) => response.json())
  .then((data) => {
    /*
    API Response contains:
    {
      "securityCode": "000",
      "cardNumber": "4242424242491806",
      "expiryMonth": "12",
      "expiryYear": "2023"
    }
    */
    console.log(data);
  })

Step 2: Get card sensitive info retrieval URL

Pass in the card account id, card id, and client’s IP address to retrieve a client facing URL for fetching card-sensitive info securely without card information passing through your backend servers. 
# On your server, when your client requests full card details
# Retrieve a URL from our server
curl --request GET \
     --url https://access.sandbox.utgl.io/v1/cards/card-sensitive-info \
     --header 'accept: application/json' \
     -d "cardId=41e079e6-7b92-57e6-ae7f-3644ed5cbdee" \
     -d "cardAccountId=0f48154c-723b-4e3e-99c5-df618b90123f" \
     -d "ipAddress=128.111.222.3"

// On your client facing application, using XMLHttpRequest, consume the returned url
fetch('https://sandbox.acesss.utgl.io:/v1/cards/card-sensitive-info/ca607a597c9ab99d75813a601d1cac724a3bd6619d6928709619c59778b7925e')
  .then((response) => response.json())
  .then((data) => {
    /*
    API Response contains:
    {
      "securityCode": "000",
      "cardNumber": "4242424242491806",
      "expiryMonth": "12",
      "expiryYear": "2023"
    }
    */
    console.log(data);
  })

Step 3: Directly consume URL from client

Consume the URL obtained in the previous step to access sensitive card information securely and display the full card details. 
# On your server, when your client requests full card details
# Retrieve a URL from our server
curl --request GET \
     --url https://access.sandbox.utgl.io/v1/cards/card-sensitive-info \
     --header 'accept: application/json' \
     -d "cardId=41e079e6-7b92-57e6-ae7f-3644ed5cbdee" \
     -d "cardAccountId=0f48154c-723b-4e3e-99c5-df618b90123f" \
     -d "ipAddress=128.111.222.3"

// On your client facing application, using XMLHttpRequest, consume the returned url
fetch('https://sandbox.acesss.utgl.io:/v1/cards/card-sensitive-info/ca607a597c9ab99d75813a601d1cac724a3bd6619d6928709619c59778b7925e')
  .then((response) => response.json())
  .then((data) => {
    /*
    API Response contains:
    {
      "securityCode": "000",
      "cardNumber": "4242424242491806",
      "expiryMonth": "12",
      "expiryYear": "2023"
    }
    */
    console.log(data);
  })

Security Benefits

This approach ensures that sensitive card information never passes through your backend servers, reducing your PCI DSS compliance scope and improving security.

Next Steps