Skip to main content

MarqetaJS Deprecation (April 1, 2026)

Marqeta is sunsetting their MarqetaJS widget April 1st, 2026 and migrating to their new UX Toolkit. In order to continue retrieving details about cards in a PCI compliant way you will need to migrate onto the Toolkit.

Authentication Endpoint

You will need to implement an Authentication API. When the UX Toolkit is bootstrapped on your webpage it will need to be passed the URL of this endpoint as a parameter. The Toolkit SDK will generate a Demonstrating Proof of Posession (DPoP) header as a short-lived JSON Web Token (JWT) and pass it to your endpoint.
  • This endpoint must validate that the end user is authenticated in your systems
  • Lookup the Treasury Prime person ID for the end user (e.g psn_123456)
  • Send a request to the new Treasury Prime /person/:id/uxt_access_token endpoint (documented below)

UX Toolkit Bootstrapping

Follow Marqeta’s instructions on embedding and boostrapping here. Embedding the Toolkit in your webpage is as simple as adding: 
<script type="module" src="https://web.ux-toolkit.marqeta.com/trprime/releases/1/index.js" async crossorigin="require-credentials"></script>
to your HTML. NOTE: this includes a reference to the Treasury Prime specific release tprime.

Treasury Prime Endpoint

Treasury Prime will manage the RSA key generation and secret passing on your behalf within the new /person/:id/uxt_access_token endpoint. The endpoint must receive the DPoP header Marqeta passed you via your Authentication Endpoint as a string parameter. On a successful authentication Treasury Prime will send back a response containing an access_token that must be sent back to the UX Toolkit client. See the API endpoint documentation for an OpenAPI schema.