Guides
SupportAPI StatusSubscribe To Updates

PCI API

Suggest Edits

❗️

Important – For PCI-DSS Compliant Companies Only

We provide an API endpoint to fetch sensitive card data (PAN and CVV).
This endpoint is ONLY available to companies that are PCI-DSS certified.
If you're not certified, you must use the PCI widget solution.

Accessing Sensitive Card Data (PCI-DSS)

Introduction

For PCI-DSS certified companies, Pliant offers access to sensitive card information such as:

  • PAN (Primary Account Number)
  • CVV (Card Verification Value)

Accessing this data requires a secure encryption flow, ensuring that only the authorized API consumer can decrypt and use the information — in compliance with PCI-DSS standards.

Prerequisites

Before using any PCI-related endpoints, partners must:

  • Submit a valid and active PCI-DSS certification to Pliant
  • Receive approval and credentials for the PCI environment

This ensures all parties meet compliance and security requirements.

💳

PCI-DSS Compliance Required

Handle all sensitive card data in accordance with the PCI-DSS framework.

How to Access Sensitive Card Data

🔹 Recommended: Synchronous Method

The simplest way to retrieve sensitive card data is to issue and retrieve it in a single API call:

This will issue the card, activate it, and return PAN/CVV data — all at once.

🔸 Alternative: Asynchronous Methods

If your architecture does not support the synchronous call, use one of the following multi-step flows:

Option 1: With Instant Issuance

  1. Call POST /cards/{cardholderId}/instant
    → A 200 OK response means the card is already active
  2. Call GET /card-details/{cardId}
    → Fetch the card's PAN and CVV

Option 2: With Regular Issuance and Callback

  1. Call POST /cards/{cardholderId}
  2. Wait for the card callback to confirm activation
  3. Call GET /card-details/{cardId}

Example: Requesting PAN and CVV

🔐 HTTP Request

Endpoint:

GET /card-details/{cardId}

Host: pci-sandbox.partner-api.getpliant.com

Headers:

  • Authorization: Bearer YOUR_TOKEN
  • Pliant-API-Version: 2.1.0
  • accept: application/json

Example curl:

ParameterExample DataDescription
cardId9b5959d4-cb3b-4f4b-b53f-52cfefb652d5Pliant's card id
curl --request GET \
     --url https://pci-sandbox.partner-api.getpliant.com/card-details/9b5959d4-cb3b-4f4b-b53f-52cfefb652d5 \
     --header 'Authorization: Bearer YOUR_TOKEN' \
     --header 'Pliant-API-Version: 2.1.0' \
     --header 'accept: application/json'

HTTP Response

{
  "pan": "1234123412341234",
  "cvv": "123",
  "expiryMonth": 6,
  "expiryYear": 2025
}

Additional Information

For any questions or to submit your PCI-DSS certification, contact us at
📧 [email protected]

Updated 7 days ago