Reveal card details
Mint a signed, short-lived URL for the card processor’s iframe that displays the card’s full PAN, CVV, and expiry to the cardholder. This is the only way to obtain a reveal URL — the Card resource never carries one.
Request the reveal right before rendering the iframe and render the returned panEmbedUrl immediately; it expires at expiresAt (within minutes). Never store, cache, or log the URL — it is a bearer secret for the full card details. The card data renders inside the processor’s iframe and never crosses Grid’s or your servers.
Every reveal is audit-logged with the requesting actor.
Authorizations
API token authentication using format <api token id>:<api client secret>
Path Parameters
System-generated unique card identifier
Response
Reveal URL minted.
Signed URL of the card processor's iframe that securely displays the PAN, CVV, and expiry to the cardholder. The full PAN and CVV never cross Grid's servers — render this URL in an iframe in your client to reveal card details. The URL is a short-lived bearer secret: render it immediately and never store, cache, or log it.
"https://embed.lithic.com/iframe/...?t=..."
When the signed URL stops loading. Request a new reveal rather than re-rendering an expired URL.
"2026-05-08T14:16:00Z"