> ## Documentation Index
> Fetch the complete documentation index at: https://docs.treasuryprime.com/llms.txt
> Use this file to discover all available pages before exploring further.

# MarqetaJS

> Companies may use the Marqeta.js widget to reduce some of the PCI compliance burden on their end related to sensitive card info. The [Marqeta.js](https://www.marqeta.com/docs/developer-guides/using-marqeta-js) JavaScript library injects iframes into your webpage or application without you needing to store such data on your servers. Marqeta is fully PCI-Level 1 compliant.

<Warning>
  **Deprecation Notice**: Marqeta.js was originally scheduled to sunset on April 1, 2026. While Marqeta is not enforcing that deadline, customers have until the end of 2026 to complete their migration. Please migrate to the [Marqeta UX Toolkit](/docs/marqeta_uxtoolkit), which is the successor to Marqeta.js and provides enhanced security and functionality.
</Warning>

## PCI Fields

When [retrieving a card](https://developers.treasuryprime.com/docs/card#retrieve-a-card),
or [listing all cards](https://developers.treasuryprime.com/docs/card#list-all-cards),
you may have noticed that the `pan` and `cvv` fields within the Card object returned by
the Treasury Prime API are `null`, unless the respective `show_pan` and `show_cvv`
query parameters were set to a truthy value. To set these parameters to `true`, though,
requires PCI compliance on your end.

## The Marqeta Client Access Token

Every time you wish to use [Marqeta.js](https://www.marqeta.com/docs/developer-guides/using-marqeta-js) to retrieve a Marqeta-issued, virtual card's sensitive info, you must request a new
[client access token](https://www.marqeta.com/docs/developer-guides/using-marqeta-js#_step_6_request_a_client_access_token)
from the Marqeta platform. Each token expires after five minutes.

See the API for this [here](/reference/marqeta_js).
