Home

Card Viewer SDK

Overview

Highnote's card viewer SDK allows you to embed sensitive card data into your UI using iframes. This prevents PCI-scoped data from flowing through your servers or being accessible to scripts running on your page.

This guide provides an overview of requirements, installation steps, and usage guidelines for the card viewer SDK.

Prerequisites

  1. A Highnote account
  2. A server-side integration using an API key
  3. Payment card ID

Installation

You can install the card viewer SDK using JavaScript package managers or CDN. For more installation information, see the SDK Installation guide.

Usage

To render card details in your UI, you must set up elements to hold each field. This involves the following steps:

  1. Prepare your HTML with card detail elements.
  2. Fetch a client token.
  3. Initialize card viewer.

Prepare your HTML

To use the card viewer SDK, you must provide elements for each field you want to render iframes for. The following example uses:

  • Card number
  • CVV
  • Expiration date
Prepare HTML

Fetch a client token

To obtain a client token from your server for the card viewer SDK, use the generatePaymentCardClientToken mutation.

Refer to the following guidelines when generating a payment card client token:

  • When generating the client token, you must provide the paymentCardId of the payment card you are rendering.
  • The client token is only valid for 10 minutes, but can be used multiple times.
  • Once a token expires, you must generate a new one to render payment card details.

Use the following mutation to generate a payment card client token:

Initialize card viewer

The card viewer library works by injecting an iframe into each provided element to render the appropriate data. You can style the content inside each iframe by passing any combination of styling options.

You can initialize the card viewer by using a renderFields function. This returns a Promise that contains a reference to the cardViewer instance. This is useful for lifecycle management and interactions such as card number masking.

The following example shows how to initialize the card viewer:

Render Fields

Error handling

Note: The card viewer doesn’t render error messages or update your UI inside iframes when errors occur. You must introspect and handle errors accordingly.

When initializing the card viewer, you can pass an onError handler to the renderFields function. This callback is invoked whenever an error is raised from the integration.

Error types

The following error types are supported for the card viewer SDK:

ErrorDescription
InvalidCredentialErrorOccurs when the provided client token is invalid or expired. The payload will contain the requestId which can be used for support and debugging.
CardViewerRequestErrorRepresents errors encountered when communicating with the Highnote API. The payload will contain the requestId which can be used for support and debugging.
CardViewerFieldsInputErrorRaised when an invalid configuration is provided at runtime.
CopyToClipboardErrorRaised when there is an issue copying a field value to a user's clipboard.
CardViewerErrorA generic catchall error.

Example errors

The following code sample provides examples of card viewer errors:

Card Viewer Errors

Styling options

The following styling options are available for use in elements for your card viewer:

PropertyExamplesDocs
color#55f5a3, rgba(85,245,163,1), #springgreenMDN Docs
cursorpointer, noneMDN Docs
fontFamilysans-serif, serif, monospace System fonts onlyMDN Docs
fontSize12px, 1em, 1.1remMDN Docs
fontWeightbold, normalMDN Docs
letterSpacingnormal, .2remMDN Docs
lineHeightnormal, 150%MDN Docs
userSelectnone, auto, inheritMDN Docs

iframe defaults

Highnote injects card viewer iframes with the following defaults. Your CSS styling can override each of these:

The document and body inside the frame will have transparent backgrounds and default to margin: 0, padding: 0.

Custom fonts

The card viewer SDK only supports system fonts.

Layout

The layout of payment card fields in the card viewer is customizable. Highnote injects iframes into the provided container elements, which will inherit the width of the container.

You can customize the width and height of the container to accommodate your UI as needed.

The following code sample provides an example of custom layout styling:

Card Styling

Using the live environment

By default, the card viewer library will make requests against the test environment. When you are ready to switch to the live environment, set the environment configuration option using the following function call:

Live Environment

Lifecycle

The card viewer SDK has a lifecycle that consists of a loading state, which resolves with payment card details. You can also unmount payment card details as needed.

Loading state

When rendering card viewer fields, the library writes the required iframes into your UI and renders them in a loading state. While in the loading state, the fields will be populated with placeholder characters:

  • Card number: •••• •••• •••• ••••
  • CVV: •••
  • Expiration Date: ••/••

You can't change these values. Once the configuration has been validated and the fields rendered, the library will request the card details from the Highnote API and replace the loading values with the corresponding data.

Unmount fields

If you need to unmount payment card fields, use the unmount method on the returned reference. This is useful when you need to “restart” the integration, or navigate to a new view client-side. Using this will ensure the cleanup of any DOM and event handlers.

The following code sample provides an example function to unmount fields:

Unmounting Fields

Interactions

The card viewer SDK supports the following end-user interactions:

  • Allows account holders to toggle sensitive data via card number masking
  • Allows account holders to copy their payment card details to their clipboard to complete payments

Card number masking

By default, the payment card number will be masked (•••• •••• •••• ••••). Only the last four digits will be shown when the card number is available.

You can toggle the masking on and off using the toggleCardNumberMask method on the returned card viewer reference.

The following code sample is an example of a card number masking configuration:

Card masking config

Copy to clipboard

By default, users can select and copy payment card detail values to their clipboard. You can use the enableClipboard configuration property to toggle the "copy to clipboard" feature on or off.

When enabled, clicking the card number, expiration date, or CVV field will copy the underlying value to the account holder's clipboard. This results in a copy event.

In addition to the copy event, two callback functions allow customization when a user copies or fails to copy a value:

callbackdescription
onCopyToClipboardSuccessInvoked when an account holder successfully copies a value to their clipboard. This function will also receive an object with the property field and a property __typename of COPY_TO_CLIPBOARD_SUCCESS
onErrorinvoked with an error of type COPY_TO_CLIPBOARD_ERROR in the event this functionality fails.

The following code sample is an example of a copy to clipboard configuration:

Copy To Clipboard Config

Content security policy

If your application enforces a content security policy, you must set the frame-src header to allow iframes from the Highnote domain:

Content security policy

Provide Feedback

Was this content helpful?