Personal Identification Numbers (PINs) are an important security control and help keep your user’s funds safe and card program low-risk. By providing an easy to use PIN management flow you can keep your users safe and ensure that transactions are not blocked.
PINs are sensitive data, so we take special caution to never transmit directly through your serversIn order to address both security and regulatory concerns (PCI) all PIN operations are mediated via time-limited, single-use URLs surfaced in hosted frames.
To allow a customer to update their PIN you will need to request a signed URL from the Bridge API, and then use that URL to render an iframe in your application or a webview.To do so, you should use the Create Card PIN Update URL API to request a signed URL which your user can use to kick off a PIN editing session.
Copy
Ask AI
curl -x POST https\://<https://api.bridge.xyz/customers/>\<CUSTOMER_ID>/card_accounts/\<CARD_ACCOUNT_ID>/pin-H "Content-Type: application/json" -H "Api-Key: YOUR_API_KEY"
You can listen for events from the PIN management iframe to determine when operations are complete:
Copy
Ask AI
if (window.addEventListener) { window.addEventListener("message", function (event) { // Modify URL to match environment if (event.origin !== "\<BRIDGE_ORIGIN>") { return; } var statusCode = event.data; // Do something with the statusCode... }, false); }
Bridge provides a default set of styles for the PIN edit form, which are designed to be legible and easy to use across a variety of locales. Custom styles which match the design of your application are also supported.