Skip to main content
POST
/
cards
/
{id}
/
reveal
Reveal card details
curl --request POST \
  --url https://api.lightspark.com/grid/2025-10-13/cards/{id}/reveal \
  --header 'Authorization: Basic <encoded-value>'
const options = {method: 'POST', headers: {Authorization: 'Basic <encoded-value>'}};

fetch('https://api.lightspark.com/grid/2025-10-13/cards/{id}/reveal', options)
.then(res => res.json())
.then(res => console.log(res))
.catch(err => console.error(err));
val client = OkHttpClient()

val request = Request.Builder()
.url("https://api.lightspark.com/grid/2025-10-13/cards/{id}/reveal")
.post(null)
.addHeader("Authorization", "Basic <encoded-value>")
.build()

val response = client.newCall(request).execute()
{
  "panEmbedUrl": "https://embed.lithic.com/iframe/...?t=...",
  "expiresAt": "2026-05-08T14:16:00Z"
}
{
"status": 401,
"message": "<string>",
"details": {}
}
{
"status": 403,
"message": "<string>",
"details": {}
}
{
"status": 404,
"message": "<string>",
"details": {}
}
{
"status": 500,
"message": "<string>",
"details": {}
}
{
"status": 501,
"message": "<string>",
"details": {}
}

Authorizations

Authorization
string
header
required

API token authentication using format <api token id>:<api client secret>

Path Parameters

id
string
required

System-generated unique card identifier

Response

Reveal URL minted.

panEmbedUrl
string<uri>
required

Signed URL of the card processor's iframe that securely displays the PAN, CVV, and expiry to the cardholder. The full PAN and CVV never cross Grid's servers — render this URL in an iframe in your client to reveal card details. The URL is a short-lived bearer secret: render it immediately and never store, cache, or log it.

Example:

"https://embed.lithic.com/iframe/...?t=..."

expiresAt
string<date-time>
required

When the signed URL stops loading. Request a new reveal rather than re-rendering an expired URL.

Example:

"2026-05-08T14:16:00Z"