Retrieve card PIN (v1)

Query GET

GET (/internal/v1/cards/{token}/pin)

Parameters

  • token (path) (required): Internal unique identifier for the card. See CardToken model.
  • X-Client-Public-Key (header) (required): Base64-encoded ECDH client public key using secp256r1 elliptic curve. See XClientPublicKey model.

Responses

200 OK

The card PIN is encrypted in the encryptedPayload field.

After decryption, the JSON structure will conform to DecryptedCardPin structure.

400 Bad Request

Bad Request Response

500 Internal Server Error

Internal server error response

Architecture

5 properties

The card PIN is encrypted in the `encryptedPayload` field. After decryption, the JSON structure will conform to `DecryptedCardPin` structure.

encryptedPayload object
required

Encrypted payload using AES-256-GCM. The encryption algorithm and KDF are fixed by convention: 1. Symmetric encryption: AES-256-GCM 2. Key derivation: HKDF-SHA256 from ECDH shared secret

7 properties

Bad Request Response

code string
Allowed values: urn:plmr:cards:connector:CARD_NOT_FOUND urn:plmr:cards:connector:CARD_ALREADY_TERMINATED urn:plmr:cards:connector:INVALID_CLIENT_PUBLIC_KEY urn:plmr:cards:connector:INVALID_CARD_STATE urn:plmr:cards:connector:IN_APP_PROVISION_NOT_ALLOWED urn:plmr:cards:connector:INVALID_CERTIFICATE_CHAIN
message string
requestId string
fieldErrors array [object]
7 properties

Internal server error response

code string
Allowed values: urn:plmr:cards:connector:CARD_NOT_FOUND urn:plmr:cards:connector:CARD_ALREADY_TERMINATED urn:plmr:cards:connector:INVALID_CLIENT_PUBLIC_KEY urn:plmr:cards:connector:INVALID_CARD_STATE urn:plmr:cards:connector:IN_APP_PROVISION_NOT_ALLOWED urn:plmr:cards:connector:INVALID_CERTIFICATE_CHAIN
message string
requestId string
fieldErrors array [object]