# Get card PIN

Fetches the card's PIN.

Requires an encrypted JWE payload for security. See the sensitive card details guide for implementation details.

{% admonition type="warning" %}
This endpoint is SCA protected when applicable. If your profile is registered within the UK and/or EEA, SCA most likely applies. For more information, see implementing SCA.
{% /admonition %}

Endpoint: POST /twcard-data/v1/sensitive-card-data/pin
Security: UserToken

## Header parameters:

  - `x-tw-twcard-card-token` (string, required)
    The card token identifying which card to retrieve the PIN for.
    Example: "ca0c8154-1e14-4464-a1ce-dcea7dc3de52"

## Request fields (application/json):

  - `keyVersion` (integer, required)
    The version of the encryption key to use. Always set to 1.
    Example: 1

  - `encryptedPayload` (string, required)
    Your JWE encrypted payload.
    Example: "<your JWE>"

## Response 200 fields (application/json):

  - `nonce` (string)
    An arbitrary UUID issued from the cryptographic communication.
    Example: "33d51227-9ad6-4624-b4b7-7853b56076dd"

  - `pin` (string)
    The card PIN.
    Example: "1234"