When retrieving a card, or listing all cards, you may have noticed that the pan and cvv fields within the Card object returned by the Treasury Prime API are null, unless the respective show_pan and show_cvv query parameters were set to a truthy value. To set these parameters to true, though, requires PCI compliance on your end.
In specific cases, companies may use Marqeta.js to reduce some of the PCI compliance burden on their end via encrypted transmission of sensitive card info. The Marqeta.js JavaScript library injects iframes into your webpage or application without you needing to store such data on your servers. Marqeta is fully PCI-Level 1 compliant.
Token Expiration
Every time you wish to use Marqeta.js to retrieve a Marqeta-issued virtual card's sensitive info,
you must request a new client access token from the Marqeta platform. Each token expires after five minutes.