POST
/
customers
/
{customerID}
/
card_accounts
/
{cardAccountID}
/
ephemeral_keys
Generate an Ephemeral Key to Reveal Card Details
curl --request POST \
  --url https://api.bridge.xyz/v0/customers/{customerID}/card_accounts/{cardAccountID}/ephemeral_keys \
  --header 'Api-Key: <api-key>' \
  --header 'Content-Type: application/json' \
  --header 'Idempotency-Key: <idempotency-key>' \
  --data '{
  "client_nonce": "<string>"
}'
{
  "ephemeral_key": "<string>"
}

Authorizations

Api-Key
string
header
required

Headers

Idempotency-Key
string
required

Path Parameters

customerID
string
required

A UUID that uniquely identifies a resource

Required string length: 1 - 42
cardAccountID
string<uuid>
required

The ID of the card account

Body

application/json

The client-side nonce that will be associated with the ephemeral key

The request to create an ephemeral key to reveal card details

client_nonce
string
required

The client-side nonce that will be associated with the ephemeral key. This must be generated from the client secret and timestamp as per the integration guide in order to be usable for revealing card details.

Response

Ephemeral key to reveal card details

A response containing the ephemeral key to reveal card details

ephemeral_key
string
required

The ephemeral key to reveal card details. This key is only valid for 5 minutes. Your backend should return this key to the frontend instead of directly using it, to avoid putting your backend in PCI compliance scope. Please see the integration guide on safely revealing card details for more information.