Skip to main content
Deprecation Notice: Marqeta.js was originally scheduled to sunset on April 1, 2026. While Marqeta is not enforcing that deadline, customers have until the end of 2026 to complete their migration. Please migrate to the Marqeta UX Toolkit, which is the successor to Marqeta.js and provides enhanced security and functionality.

PCI Fields

When retrieving a card, or listing all cards, you may have noticed that the pan and cvv fields within the Card object returned by the Treasury Prime API are null, unless the respective show_pan and show_cvv query parameters were set to a truthy value. To set these parameters to true, though, requires PCI compliance on your end.

The Marqeta Client Access Token

Every time you wish to use Marqeta.js to retrieve a Marqeta-issued, virtual card’s sensitive info, you must request a new client access token from the Marqeta platform. Each token expires after five minutes. See the API for this here.