Skip to main content
Deprecation Notice: Marqeta.js is planned for deprecation later this year. Please migrate to the Marqeta UX Toolkit, which is the successor to Marqeta.js and provides enhanced security and functionality.

PCI Fields

When retrieving a card, or listing all cards, you may have noticed that the pan and cvv fields within the Card object returned by the Treasury Prime API are null, unless the respective show_pan and show_cvv query parameters were set to a truthy value. To set these parameters to true, though, requires PCI compliance on your end.

The Marqeta Client Access Token

Every time you wish to use Marqeta.js to retrieve a Marqeta-issued, virtual card’s sensitive info, you must request a new client access token from the Marqeta platform. Each token expires after five minutes. See the API for this here.