Card Widgets

With the Card Widgets, your customers can view and interact with sensitive card information inside the application. Since these widgets communicate directly between the client, card vendor and Synctera, they remove the need for the integrator to be PCI certified.

πŸ“˜

This is a short-term solution. We are currently advancing this functionality to make it more customizable and easier to integrate with.

Through the marqeta.js client library, you can display the following pieces of sensitive card information for a customer inside your application:

  • PAN (primary account number)
  • CVV (card verification value)
  • EXP (expiration date)
  • PIN (the card pin - v2.0.0+) πŸ†•

Through the Activate Card and Set PIN Widgets, you can interact with your card to activate it or to set card's PIN:

  • Activate Card (activates a physical card by entering in the card number and CVV)
  • Set PIN (sets the Card PIN for a newly activated card)

Getting Started

Make sure you've got the necessary components in place before integrating widgets with your application.

API Keys

First, ensure you have your Synctera API Keys working for your business.

Mobile applications

If you're integrating the widgets in a mobile application, you may need to use one of the following web views:


Upgrading from Marqeta 1.1.0 to 2.0.0 πŸ†•

To take advantage of the PIN reveal feature, you will need to upgrade from Marqeta 1.1.0 to 2.0.0. If you already implemented the Marqeta widget, read this section to quickly upgrade.

  1. Replace https://widgets.marqeta.com/marqetajs/1.1.0/marqeta.min.js with https://widgets.marqeta.com/marqetajs/2.0.0/marqeta.min.js

  2. For the config passed to window.marqeta.bootstrap({ .... }), the "showPan" field needs to wrapped in a "component" field:

   window.marqeta.bootstrap({
     ....
     component: {
        showPan: {
           cardPan: { domId: "display-card-pan", format: true },
           cardExp: { domId: "display-card-exp", format: true },
           cardCvv: { domId: "display-card-cvv" },
        },
     },
     ....
   });

That's it!


Display Card PAN, CVV, and EXP

πŸ“˜

Refer to Marqeta’s guide Using Marqeta.js for additional information on the widget configuration and styling.

The steps below describe how the application uses a client access token to show PAN, CVV and Card EXP using the marqeta.js client library:

  1. Load marqeta.js into the window object of the browser by adding the following script into the <head> tag of the required page:

    <script
      src="https://widgets.marqeta.com/marqetajs/2.0.0/marqeta.min.js"
      type="text/javascript"
    ></script>
    ;
    
  2. Request a client access token for a card from Synctera via the POST request for /cards/{card_id}/client_token endpoint. Pass clientAccessToken to your front-end via SSR or HTTP request. This token expires after five minutes and is only applicable to the given card, so it's a good idea to create a client access token on every page load:

    curl -X POST "https://api-sandbox.synctera.com/v0/cards/{cardId}/client_token" -H "Content-Length: 0" -H "Authorization: Bearer {apiKey}"
    
    {"client_token": ... }
    
  3. Add a separate HTML div element to your client page per each piece of the sensitive card data (Card PAN, Card CVV, Card EXP). You can attach this information to any HTML container:

<!DOCTYPE html>
<html lang="en">
  <head>
    <meta charset="utf-8" />
    <title>Synctera</title>
    <script
      src="https://widgets.marqeta.com/marqetajs/2.0.0/marqeta.min.js"
      type="text/javascript"
    ></script>
  </head>
  <body>
    <!-- each piece of sensitive information must have have it's
  own div -->
    <div id="display-card-pan"></div>
    <div id="display-card-cvv"></div>
    <div id="display-card-exp"></div>
  </body>
</html>
  1. Initialize marqeta.js via bootstrap with token by calling window.marqeta.bootstrap. It will create an HTML iframe element inside each HTML div element. You can style the div elements and inner contents for the card PAN, card CVV, card EXP containers. To do so, use the showPan object as described in Using Marqeta.js > The showPan object:

    window.marqeta.bootstrap({
      clientAccessToken: clientAccessToken,
      integrationType: "custom",
      component: {
        showPan: {
          cardPan: { domId: "display-card-pan", format: true },
          cardExp: { domId: "display-card-exp", format: true },
          cardCvv: { domId: "display-card-cvv" },
        },
      },
      callbackEvents: {
        onSuccess: () => console.log("Widget loaded!"),
        onFailure: () => console.warn("Widget failed to load."),
      },
    });
    
%%{init: {"fontFamily": "sans-serif"}}%%
sequenceDiagram
participant IFE as Integrator Frontend
participant MFE as Marqeta.js
participant IBE as Integrator Backend
participant S as Synctera API
participant M as Marqeta
IFE ->> IBE: Request client access token
IBE ->> S: `POST /v0/cards/:card_id/client_token`
S ->> M: Get token
M -->> S: Token
S -->> IBE: Response with client_token
IBE -->> IFE: Client access token
IFE ->> MFE: Marqeta.js display card PAN, CVV, and EXP
MFE ->> M: Request sensitive card data
M -->> MFE: Response with sensitive card data
MFE ->> MFE: Render sensitive card data

Display Card PIN

  1. Follow the first two steps from Display Card PAN, CVV, and EXP.

⚠️ NOTE: Loading the PIN must be done in its own call to window.marqeta.boostrap, however you may call two instances simultaneously.

  1. Add separate HTML elements to your client page for the card PIN (see example). You can attach this information to any HTML container:
<!DOCTYPE html>
<html lang="en">
  <head>
    <meta charset="utf-8" />
    <title>Synctera</title>
    <script
      src="https://widgets.marqeta.com/marqetajs/2.0.0/marqeta.min.js"
      type="text/javascript"
    ></script>
  </head>
  <body>
    <!-- PIN provides three different features -->
    <span>
      <div id="display-card-pin"></div>
      <button id='toggle-card-pin'>Toggle</button>
      <div id='pin-timeout'></div>
    </span>
  </body>
</html>
  1. Initialize marqeta.js via bootstrap with token by calling window.marqeta.bootstrap. It will create an HTML iframe element inside each HTML element. You can style the elements and inner contents for the card PIN containers. To do so, use the pinReveal object as described in Using Marqeta.js > The pinReveal object:

    window.marqeta.bootstrap({
      clientAccessToken: clientAccessToken,
      integrationType: "custom",
      component: {
        pinReveal: {
          cardPin: { domId: "display-card-pin" },
          toggleCardPin: { domId: "toggle-card-pin", mode: "transparent" },
          hidePinTimeout: {
            domId: "pin-timeout",
            hideTimeout: 10, // A value between 5 and 15
            styles: {}, // Requires styles object, can be empty
          },
        },
      },
      callbackEvents: {
        onSuccess: () => console.log("Widget loaded!"),
        onFailure: () => console.warn("Widget failed to load."),
      },
    });
    

Display Activate Card and Set PIN Widgets

The Activate Card widget and Set PIN widget are displayed inside HTML iframe elements, with source URLs provided by the /cards/card_widget_url route.

πŸ“˜

Refer to Marqeta’s guide Using Activate Card and Set PIN Widgets for additional information.

  1. Fetch the card widget URL from the related endpoint. On the server, make a request to /cards/card_widget_url. For the Activate Card widget (widget_type === 'activate_card'), you can omit the card_id param in the query:

    curl -X GET "https://api-sandbox.synctera.com/v0/cards/card_widget_url?card_id={cardId}&customer_id={customerId}&account_id={accountId}&widget_type={widgetType}" -H "Content-Type: application/json" -H "Authorization: Bearer {apiKey}"
    
    {"url": ... }
    
  2. Pass the acquired URL to your front-end via SSR or HTTP request. Include the URL into an iframe on your client page. The desired widget will be rendered inside the iframe, allowing the user to input either card PAN or card PIN and press submit:

<!DOCTYPE html>
<html lang="en">
  <head>
    <meta charset="utf-8" />
    <title>Synctera</title>
  </head>
  <body>
    <iframe
      src="{cardWidgetUrl}"
      title="Card
    Widget Url"
    />
  </body>
</html>
%%{init: {"fontFamily": "sans-serif"}}%%
sequenceDiagram
participant IFE as Integrator Frontend
participant IBE as Integrator Backend
participant S as Synctera API
participant M as Marqeta
IFE ->> IBE: Request card widget
IBE ->> S: `GET /v0/cards/card_widget_url`
S ->> M: Get card widget URL
M -->> S: Card widget URL
S -->> IBE: Response with card_widget_url
IBE -->> IFE: Card widget URL
IFE ->> IFE: Render Activate Card or Set PIN widget

Additional Information

As of version 2.0.0 of the Marqeta library allows for some customization of the fields' appearances, including the css hover state.
Supported CSS attributes generally include: color, font-family, font-size, background, font-weight and letter-spacing.

For the particulars on stying, please review the Using Marqeta.js > Concepts

(From Marqeta's documentation: "CSS importing schemes such as @import and @url are not supported. Marqeta.js only supports web-safe/system fonts that can be displayed on modern web browsers without a specific download.")


We use Typescript at Synctera and find it helpful to type our window properties. See the example typescript below for the window.marqeta version 2.0.0 object provided by marqeta.js:

// global.d.ts
declare interface Window {
   marqeta: {
     bootstrap(params: MarqetaShowPanParams | MarqetaPinRevealParams): void;
   }
}

// marqeta.d.ts
interface MarqetaBaseParams {
  clientAccessToken: string;
  options?: {
     // Must be included if using PIN reveal
    cardholderVerificationMethod: 'OTHER';
  };
  integrationType: 'custom';
  callbackEvents?: {
    onSuccess?: () => void;
    onFailure: () => void;
  };
}

export interface MarqetaShowPanParams extends MarqetaBaseParams {
  component: {
    showPan: {
      cardPan?: MarqetaShowItem;
      cardExp?: MarqetaShowItem;
      cardCvv?: Omit<MarqetaShowItem, 'format'>;
    };
    pinReveal?: undefined;
  };
}

export interface MarqetaPinRevealParams extends MarqetaBaseParams {
  component: {
    showPan?: undefined;
    pinReveal: {
      cardPin: Omit<MarqetaShowItem, 'format'>;
      toggleCardPin?: {
        domId: string;
        mode: 'transparent';
        onRevealSuccess?: () => void;
        onHideSuccess?: () => void;
      };
      hidePinTimeout?: {
        domId: string;
        hideTimeout: 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15;
        styles: CSSProperties;
        onSuccess?: () => void;
        onFailure?: () => void;
      };
    };
  };
}

export interface MarqetaShowItem {
  domId: string;
  format?: boolean;
  styles?: {
    span?: CSSProperties;
    'span:hover'?: CSSProperties;
  };
  mode?: 'transparent';
  onCopySuccess?: () => void;
  onCopyFailure?: () => void;
}