The PCaaSA Card Info API allows fintechs to retrieve virtual card information secure information using secure data tokens created via the Processor API as part of a multi-API flow:

First, the Processor API "Payment Instrument Secure Data Token Create" call would be executed privately by the fintech, creating a time-limited data token (120 seconds) that will permit retrieval of virtual card information. Additional confirmation parameters are available and recommended (an alphanumeric code that would ideally be generated on the cardholder device and then passed to this API, the public IP address of the cardholder device, a requirement that the cardholder postal code is confirmed, etc.)

Authentication to this API is performed via API keys issued by PCaaSA to each fintech, which are passed as part of the URL along with the "action" to be performed (in this case, the single "cardinfo-get") that identifies the API call. The body will contain the input data for the call in standard "form data" format, primarily the "secureDataToken" which was generated via the private Processor API and then provided to this API via the cardholder device along with any additional confirmation parameters.

All UUIDs in the PCaaSA system are using the 36-character V4 format.