# Get sensitive card details

Fetches the card's Primary Account Number (PAN), security code (CVV2), expiry date, and cardholder name.

Requires an encrypted JWE payload for security. See the sensitive card details guide for implementation details.

To retrieve sensitive card details, the card must be in either ACTIVE or FROZEN status. A 403 response will be returned for cards in any other status.

{% admonition type="warning" %}
This endpoint is SCA protected when applicable. If your profile is registered within the UK and/or EEA, SCA most likely applies. For more information, see implementing SCA.
{% /admonition %}

Endpoint: POST /twcard-data/v1/sensitive-card-data/details
Security: UserToken

## Header parameters:

  - `x-tw-twcard-card-token` (string, required)
    The card token identifying which card to retrieve details for.
    Example: "ca0c8154-1e14-4464-a1ce-dcea7dc3de52"

## Request fields (application/json):

  - `keyVersion` (integer, required)
    The version of the encryption key to use. Always set to 1.
    Example: 1

  - `encryptedPayload` (string, required)
    Your JWE encrypted payload.
    Example: "<your JWE>"

## Response 200 fields (application/json):

  - `nonce` (string)
    An arbitrary UUID issued from the cryptographic communication.
    Example: "33d51227-9ad6-4624-b4b7-7853b56076dd"

  - `cvv2` (string)
    The card CVV2 security code.
    Example: "111"

  - `pan` (string)
    The card Primary Account Number.
    Example: "4396910000012345"

  - `expiryDate` (string)
    The card expiry date in MM/YY format.
    Example: "10/31"

  - `cardholderName` (string)
    Name on the card.
    Example: "John Smith"