Get Card View Token

curl -X POST 'https://crypto-api.yativo.com/api/v1/yativo-card/yc_01HX9KZMB3F7VNQP8R2WDGT4E5/cards/card_01HX9KZMB3F7VNQP8R2WDGT4E5/view-token' \
  -H 'Authorization: Bearer YOUR_ACCESS_TOKEN' \
  -H 'Content-Type: application/json' \
  -d '{ "enabled_views": ["data"] }'

{
  "status": "success",
  "data": {
    "secure_view_url": "https://crypto-api.yativo.com/card-view?token=eyJhbGciOiJIUzI1NiIs...",
    "expires_at": "2026-03-26T12:01:00Z",
    "last_four": "4242",
    "enabled_views": ["data", "pin"],
    "requires_access_code": false
  }
}

POST

yativo-card

{yativoCardId}

cards

{cardId}

view-token

curl -X POST 'https://crypto-api.yativo.com/api/v1/yativo-card/yc_01HX9KZMB3F7VNQP8R2WDGT4E5/cards/card_01HX9KZMB3F7VNQP8R2WDGT4E5/view-token' \
  -H 'Authorization: Bearer YOUR_ACCESS_TOKEN' \
  -H 'Content-Type: application/json' \
  -d '{ "enabled_views": ["data"] }'

{
  "status": "success",
  "data": {
    "secure_view_url": "https://crypto-api.yativo.com/card-view?token=eyJhbGciOiJIUzI1NiIs...",
    "expires_at": "2026-03-26T12:01:00Z",
    "last_four": "4242",
    "enabled_views": ["data", "pin"],
    "requires_access_code": false
  }
}

Card details and PIN are both served from a single hosted page. Control which views appear using enabled_views. The returned secure_view_url is ready to use as an iframe src — no additional SDK is required.

Authorization

string

required

Bearer token: Bearer YOUR_ACCESS_TOKEN

yativoCardId

string

required

The Yativo Card account ID (yativo_card_id) from onboarding.

cardId

string

required

The card ID from card creation.

enabled_views

array

Which views to enable. Accepted values: "data" (PAN, CVV, expiry), "pin" (view/set PIN). Omit to show all.

access_code

string

Optional unlock code the user must enter before card details are revealed.

theme

object

Optional theme overrides: accent_color, background_color, panel_color, text_color, muted_color, border_radius, font_family, logo_url.

Never cache or log secure_view_url. Always request a fresh token immediately before rendering.

curl -X POST 'https://crypto-api.yativo.com/api/v1/yativo-card/yc_01HX9KZMB3F7VNQP8R2WDGT4E5/cards/card_01HX9KZMB3F7VNQP8R2WDGT4E5/view-token' \
  -H 'Authorization: Bearer YOUR_ACCESS_TOKEN' \
  -H 'Content-Type: application/json' \
  -d '{ "enabled_views": ["data"] }'

{
  "status": "success",
  "data": {
    "secure_view_url": "https://crypto-api.yativo.com/card-view?token=eyJhbGciOiJIUzI1NiIs...",
    "expires_at": "2026-03-26T12:01:00Z",
    "last_four": "4242",
    "enabled_views": ["data", "pin"],
    "requires_access_code": false
  }
}

Response Type Definitions

interface ViewTokenResponse {
  secure_view_url: string;        // Hosted page URL — use as iframe src
  expires_at: string;             // ISO 8601 expiry
  last_four: string;              // Safe to display without the iframe
  enabled_views: string[];        // Active views: ["data"] | ["pin"] | ["data", "pin"]
  requires_access_code: boolean;  // User must enter access_code before details are shown
}

Embedding the URL

<iframe
  src="SECURE_VIEW_URL"
  title="Secure Card View"
  width="420"
  height="740"
  style="border:0;border-radius:16px;"
  allow="clipboard-read; clipboard-write">
</iframe>

See the full integration guide — backend proxy pattern, React/vanilla JS examples, access code flow, and testing — in Secure Card Display.

Set Card PIN Get Card Wallet

Documentation Index

​Embedding the URL

Embedding the URL