Helper for the client access token step of Marqeta.js — the widget that lets you display a Marqeta-issued virtual card's PAN/CVV directly to a cardholder via secure iframes, without that data ever touching your servers (reducing your PCI compliance scope).
Important: unlike everything else in this library, requesting a
Marqeta.js client access token is a call to Marqeta's API directly
(POST https://{subdomain}.marqeta.com/v3/users/auth/clientaccesstoken),
authenticated with your Marqeta application token + admin access
token — not your Treasury Prime API key. Treasury Prime's docs describe
this flow but don't proxy it through api.treasuryprime.com. Your bank
partner / Treasury Prime gives you the Marqeta credentials and subdomain
needed once your card program is provisioned.
Usage
{:ok, %{"token" => client_access_token}} =
TreasuryPrime.Marqeta.JS.request_access_token(
"yoursubdomain",
marqeta_application_token,
marqeta_admin_access_token,
marqeta_card_token
)Pass client_access_token to marqeta.bootstrap(...) in your frontend
per Marqeta's Marqeta.js guide.
See also TreasuryPrime.Card.get/3 with show_pan/show_cvv for the
(PCI-scope-increasing) alternative of fetching PAN/CVV onto your own
servers instead of using a client-side widget.
Summary
Functions
Requests a Marqeta.js client access token (expires after 5 minutes)
scoped to marqeta_card_token, by calling Marqeta's API directly.
Functions
@spec request_access_token(String.t(), String.t(), String.t(), String.t(), module()) :: {:ok, map()} | {:error, TreasuryPrime.Error.t()}
Requests a Marqeta.js client access token (expires after 5 minutes)
scoped to marqeta_card_token, by calling Marqeta's API directly.
http_client defaults to TreasuryPrime.HTTPClient.Httpc (this
library's zero-dependency adapter) but accepts the same
TreasuryPrime.HTTPClient behaviour used everywhere else, in case
you've configured a different one on your TreasuryPrime.Client.