View Card Details (Full Card Number + CVV)
Retrieves the full (unmasked) card number, CVV, and expiry date for a card. This is a sensitive operation that reveals complete card details.
Security Requirements
Depending on the product configuration, this API may require one or more of:
- OTP verification — Generate and validate OTP before calling this API
- Card action rule — Provide card expiry date for server-side validation
- PIN verification — Verify PIN before revealing card details
Service Codes
The serviceCode field identifies the card type:
226— Forex card620— GPR (General Purpose Reloadable) card000— Default / auto-detect
When to Use
- "View Card Details" feature in mobile/web app
- Tokenization flows that require full card number
- Card-on-file registration for e-commerce
⚠️ PCI-DSS Compliance
Partners must ensure that card details are displayed securely and never stored in logs or databases. Follow PCI-DSS guidelines for handling sensitive card data.
Authorization
bearerAuth tenantId JWT Bearer token from the Authentication API
In: header
Your unique tenant identifier assigned during onboarding
In: header
Header Parameters
Your unique tenant identifier
Request Body
application/json
Card identification with security validation
Phone number with country code
Card kit number
Entity identifier
Card expiry date in YYMM format (e.g., 2708 = August 2027)
Service code identifying card type:
226— Forex card620— GPR card000— Default/auto-detect
Security validation rules (must include expiry in MM/YY format)
OTP verification (if required by product configuration)
Response Body
application/json
application/json
application/json
curl -X POST "https://sandbox-api.m2pprepaid.com/prepaid/customer/v1/cards/card/detail" \ -H "X-TENANT-ID: ACME_CORP" \ -H "Content-Type: application/json" \ -d '{ "mobile": { "value": "9600106382", "countryCode": 91 }, "kitNo": "20004574", "entityId": "858471735620004574050925", "expiryDate": "2708", "serviceCode": "226", "rule": { "expiryDate": "08/27" } }'{
"result": {
"kitNo": "20004574",
"entityId": "858471735620004574050925",
"expiryDate": "2708",
"cardNumber": "4678132800001004",
"cvv": "001"
},
"pagination": null
}{
"type": "https://www.m2pfintech.com/problem/constraint-violation",
"title": "Method argument not valid",
"status": 400,
"message": "error.validation",
"fieldErrors": [
{
"field": "mobile",
"message": "Invalid contact",
"objectName": "changeCardPin"
}
]
}{
"type": "https://www.m2pfintech.com/problem/problem-with-message",
"title": "Invalid request for card action, missing required parameters :Card Expiry",
"status": 409,
"detail": "Invalid request for card action, missing required parameters :Card Expiry",
"message": "error.business",
"businessCode": "PPCUST_119"
}Validate Card PIN POST
Verifies whether the provided PIN is correct for the given card. This is a read-only check — it does not modify the PIN. ### When to Use - Pre-validate PIN before a sensitive operation (e.g., viewing card details) - Implement "confirm PIN" flows in your mobile/web app - PIN-based authentication for in-app transactions ### Important Notes - Returns `{ valid: true/false }` — never reveals the actual PIN - Uses the same `ChangeCardPinDto` as Set/Update PIN but only reads `oldPin` - No OTP required for validation
De-Duplicate Check (PAN & Mobile) POST
Checks if a customer with the given PAN and/or mobile number already exists. This is a **pre-issuance validation** step to prevent duplicate forex card issuance. ### Response Interpretation | Mobile | PAN | Meaning | |--------|-----|---------| | `null` | `null` | ✅ No duplicate — safe to proceed | | Masked mobile | `null` | ⚠️ Mobile match found, no PAN match | | `null` | Masked PAN | ⚠️ PAN match found, no mobile match | | Masked mobile | Masked PAN | ⚠️ Both match — same customer exists | ### Masked Values Returned PAN/mobile values are partially masked for privacy: - Mobile: `709****999` - PAN: `BMX****23B`