Card
Handling full card PANs and CVV codes requires that you comply with the Payment Card Industry Data Security Standards (PCI DSS). Some clients choose to reduce their compliance obligations by leveraging our embedded card UI solution documented below.
In this setup, PANs and CVV codes are presented to the end-user via a card UI that we provide, optionally styled in the customer's branding using a specified css stylesheet. A user's browser makes the request directly to api.lithic.com, so card PANs and CVVs never touch the API customer's servers while full card data is displayed to their end-users. The response contains an HTML document (see Embedded Card UI or Changelog for upcoming changes in January). This means that the url for the request can be inserted straight into the src attribute of an iframe.
<iframe id="card-iframe"
src="https://sandbox.lithic.com/v1/embed/card?embed_request=eyJjc3MiO...;hmac=r8tx1..."
allow="clipboard-write" class="content"></iframe>You should compute the request payload on the server side. You can render it (or the whole iframe) on the server or make an ajax call from your front end code, but do not ever embed your API key into front end code, as doing so introduces a serious security vulnerability.
Types
Functions
Additional headers to send with the request.
Additional query param to send with the request.
The full set of query params in the parameters, including both fixed and additional query params.
A base64 encoded JSON string of an EmbedRequest to specify which card to load.