Get Card View Token

curl -X POST 'https://crypto-api.yativo.com/api/yativo-card/yc_01HX9KZMB3F7VNQP8R2WDGT4E5/cards/card_01HX9KZMB3F7VNQP8R2WDGT4E5/view-token' \
  -H 'Authorization: Bearer YOUR_ACCESS_TOKEN' \
  -H 'Content-Type: application/json' \
  -d '{ "enabled_views": ["data"] }'

{
  "status": "success",
  "data": {
    "secure_view_url": "https://crypto-api.yativo.com/card-view?token=eyJhbGciOiJIUzI1NiIs...",
    "expires_at": "2026-03-26T12:01:00Z",
    "last_four": "4242",
    "enabled_views": ["data", "pin"],
    "requires_access_code": false
  }
}

POST

api

yativo-card

{yativoCardId}

cards

{cardId}

view-token

curl -X POST 'https://crypto-api.yativo.com/api/yativo-card/yc_01HX9KZMB3F7VNQP8R2WDGT4E5/cards/card_01HX9KZMB3F7VNQP8R2WDGT4E5/view-token' \
  -H 'Authorization: Bearer YOUR_ACCESS_TOKEN' \
  -H 'Content-Type: application/json' \
  -d '{ "enabled_views": ["data"] }'

{
  "status": "success",
  "data": {
    "secure_view_url": "https://crypto-api.yativo.com/card-view?token=eyJhbGciOiJIUzI1NiIs...",
    "expires_at": "2026-03-26T12:01:00Z",
    "last_four": "4242",
    "enabled_views": ["data", "pin"],
    "requires_access_code": false
  }
}

Card details and PIN are both served from a single hosted page. Control which views appear using enabled_views. The returned secure_view_url is ready to use as an iframe src — no additional SDK is required.

Authorization

string

required

Bearer token: Bearer YOUR_ACCESS_TOKEN

yativoCardId

string

required

The Yativo Card account ID (yativo_card_id) from onboarding.

cardId

string

required

The card ID from card creation.

enabled_views

array

Which views to enable. Accepted values: "data" (PAN, CVV, expiry), "pin" (view/set PIN). Omit to show all.

access_code

string

Optional unlock code the user must enter before card details are revealed.

theme

object

Optional theme overrides: accent_color, background_color, panel_color, text_color, muted_color, border_radius, font_family, logo_url.

Never cache or log secure_view_url. Always request a fresh token immediately before rendering.

curl -X POST 'https://crypto-api.yativo.com/api/yativo-card/yc_01HX9KZMB3F7VNQP8R2WDGT4E5/cards/card_01HX9KZMB3F7VNQP8R2WDGT4E5/view-token' \
  -H 'Authorization: Bearer YOUR_ACCESS_TOKEN' \
  -H 'Content-Type: application/json' \
  -d '{ "enabled_views": ["data"] }'

{
  "status": "success",
  "data": {
    "secure_view_url": "https://crypto-api.yativo.com/card-view?token=eyJhbGciOiJIUzI1NiIs...",
    "expires_at": "2026-03-26T12:01:00Z",
    "last_four": "4242",
    "enabled_views": ["data", "pin"],
    "requires_access_code": false
  }
}

Response Type Definitions

interface ViewTokenResponse {
  secure_view_url: string;        // Hosted page URL — use as iframe src
  expires_at: string;             // ISO 8601 expiry
  last_four: string;              // Safe to display without the iframe
  enabled_views: string[];        // Active views: ["data"] | ["pin"] | ["data", "pin"]
  requires_access_code: boolean;  // User must enter access_code before details are shown
}

Embedding the URL

<iframe
  src="SECURE_VIEW_URL"
  title="Secure Card View"
  width="420"
  height="740"
  style="border:0;border-radius:16px;"
  allow="clipboard-read; clipboard-write">
</iframe>

See the full integration guide — backend proxy pattern, React/vanilla JS examples, access code flow, and testing — in Secure Card Display.

Unfreeze Card Get Card Wallet

⌘I

Overview

Authentication

Accounts

Assets

Transactions

Swap

Yativo Card

Card Issuer Program

IBAN

Webhooks

Customers

Analytics

API Keys

Get Card View Token

Embedding the URL

Overview

Authentication

Accounts

Assets

Transactions

Swap

Yativo Card

Card Issuer Program

IBAN

Webhooks

Customers

Analytics

API Keys

​Embedding the URL

Embedding the URL