Reveal Instrument Tokens

RevOps automatically redacts sensitive PCI and PII data through a secure tokenization process. We never store or have access to the information used to create an instrument.

However, sometimes tokens need to be revealed so that information can be displayed to an end user. For example, displaying a credit card expiration date or card holder's name on an instrument management page. For these situations, a request can be made to reveal tokens.

Note: RevOps does not have access to the information revealed through this API.

Instruments Reveal Endpoints

Each endpoint assumes a default base url: https://vault.revops.io/v1/

Instruments List Reveal

https://vault.revops.io/v1/accounts/:acct_id/instruments/reveal

Supported Methods:

  • GET - Reveals tokens for a list of Instruments

URL Parameters

Name Description Required Schema
acct_id RevOps account identifier Yes string

API Key Accessibility

HTTP Method Public Key Secret Key
GET N/A

GET INSTRUMENTS

GET /v1/accounts/:acct_id/instruments/reveal

Summary:

Returns a list of Instruments for the Account with secure tokens revealed.

Note: This operation should only be used from secure environments since sensitive information is revealed and transmitted.

Example

$> curl  https://vault.revops.io/v1/accounts/:acct_id/instruments/reveal \
        -X GET \
        -H 'Authorization: Bearer <secret_key>' \
        -H 'Content-type: application/json'

HTTP Response Codes

Code Description Schema
201 Instrument Instrument
400 Invalid request. API Error

Instrument Instance Reveal

https://vault.revops.io/v1/accounts/:acct_id/instruments/:inst_id/reveal

Supported Methods:

  • GET - Reveal Instrument Tokens
URL Parameters
Name Description Required Schema
acct_id RevOps Account Identifier Yes string
inst_id Unique identifier for the Instrument generated by the API. Yes string

API Key Accessibility

Instrument reveal methods are only accessible with secret key.

HTTP Method Public Key Secret Key
GET N/A

REVEALING INSTRUMENT TOKENS

GET /v1/accounts/:acct_id/instruments/:inst_id/reveal

Summary:

Account holder and credit card expiration date information can be revealed for display to end users, e.g., payment instrument management page.

Note: This operation should only be used from secure environments since sensitive information is revealed and transmitted.

HTTP Response Codes

Code Description Schema
200 Instrument verified N/A
400 Invalid request. API Error

Example

$> curl  https://vault.revops.io/v1/accounts/:acct_id/instruments/:inst_id/reveal \
        -X GET \
        -H 'Authorization: Bearer <secret_key>' \
        -H 'Content-type: application/json'