Show a Card

Shows the full card information including card number, expiry and CVV.
Show a Card
 last updated: 
March 31, 2022

To stay in PCI compliance, you need to tokenize the card to show the full card information including card number, expiry and CVV. We have partnered with VGS to bring this functionality to you.

There are two steps involved in showing the full card information:
Step 1: Create a Show Token
Step 2: Show a Card

Step 1: Create a Show Token


  1. POST /v1/card/:id/showtoken


  1. {
  2.     "id": "crd-7b7df7c0-2adf-46f2-8110-15c903030267",
  3.     "showToken": "card-show-test-66449e66-14b5-4f9e-838c-74807268db09"
  4. }

Step 2: Show a Card

Note: If you are PCI Compliant, you can directly use the API. If you are not, see the steps below to show the card information to your end user by staying out of scope.


  1. GET

Do not include the sd-api-key and sd-person-id in the header. Include sd-show-token (it is the showToken that you receive in Step 1). Token is valid for 5 minutes and can be used only once.
See example of the cURL request below:

  1. curl --location --request GET '' \
  2. --header 'sd-show-token: card-show-test-1b9c92ae-4d0c-4eb0-9ed0-859c7c3a9b0f' \
  3. --data-raw ''

Note: In LIVE mode, replace sandbox with live in the URL. Please create a ticket and solid tech support will share the LIVE vault id to include at the start of the URL.


  1. {
  2.     "id": "crd-7b7df7c0-2adf-46f2-8110-15c903030267",
  3.     "cardNumber": "6088850019458041",
  4.     "cvv": "837",
  5.     "expiryMonth": "12",
  6.     "expiryYear": "2022"
  7. }

How to use VGS Show with to view a Solid card

Step 1: Add the VGS Show SDK to your app

The VGS Show SDK allows displaying PCI-sensitive card data by keeping customers out of scope. This model enables unredacted PCI data to flow through the VGS network, preventing sensitive information from flowing through the customer's network.


Web SDK :
Android SDK :
Note: The VGS widget allows for customization to your UI specifications.

Step 2: Create a Show Token (see above)

Note: The show token call must be made via the API from your server, not from the client

Step 3: Call the Show a Card api via VGS SDK

Call the Solid Platform's Card Show API from inside the VGS SDK with the above token (see Show a Card)

Sample VGS Web Config

  1. // Show.js script file
  2. <script type="text/javascript" src="{org-id}.js">
  3. </script>

  4. // Show.js initialization
  5. const show = VGSShow.create('<vault-id>', function(state) {
  6.     console.log(state);
  7. });

  8. // Request configuration
  9. const iframe = show.request({
  10.     name: '<name-of-request>',
  11.     method: 'GET',
  12.     headers: {
  13.         sd-show-token: {{showToken}}
  14.     },
  15.     path: '/v1/card/<card-id>/show',
  16.     payload: {'card_number': '<alias>'},
  17.     htmlWrapper: 'text',
  18.     jsonPathSelector: 'json.card_number'
  19. });
  20. Sample Response
  21. {
  22.     "id": "crd-4c5817af-33c2-4a60-8bad-33fbc57db9ad",
  23.     "cardNumber": "4000009990005152", 
  24.     "cvv": "123",
  25.     "expiryMonth": "06",
  26.     "expiryYear": "2024"
  27. }