Securely display a cardholder’s PIN directly in your application, with an auto-hide countdown.
The Reveal PIN widget allows you to securely display a card’s PIN directly in your application. The PIN is fetched, rendered, and auto-hidden entirely inside an isolated Synctera-origin iframe — it is never exposed to your page, never included in any event, and never logged — helping reduce your PCI scope.This is the Synctera replacement for the legacy Marqeta PIN reveal (pinReveal) flow. For the deprecated Marqeta integration, see Marqeta Widgets.
Widget tokens expire after 5 minutes and are scoped to a specific card. Generate a new token on each page load or when the user initiates a new reveal action.
By default the widget renders a placeholder (obscured dots) and waits for a reveal to be triggered — either by the built-in Show PIN button (set show-toggle) or by calling requestPin() from your own UI. Once revealed, the PIN displays with a live auto-hide countdown and is cleared automatically when the countdown ends.
The PIN auto-hides after auto-hide-seconds (default 5), mirroring the legacy Marqeta hidePinTimeout behavior. This is a PCI safeguard, not just a UX nicety: it limits how long the PIN is on screen.
Setting auto-hide-seconds="0" disables auto-hide entirely: the PIN stays visible with no countdown until the widget is torn down or the PIN is re-requested. This weakens your PCI posture — only disable it deliberately.
The Reveal PIN widget does not emit a copy event. The PIN cannot be copied to the clipboard and text selection is disabled inside the widget — both are intentional PCI safeguards.
You can subscribe with addEventListener or by assigning the matching callback property:
Dispatched once when the widget has finished initializing and is ready to use. Use this to reveal the widget UI only after it’s ready, or to dismiss a loading placeholder. Fires exactly once per iframe lifecycle.
Dispatched once when the widget fails to initialize — either because the underlying iframe could not load (network failure, blocked by Content Security Policy, etc.) or because the iframe loaded but never completed its handshake within 5 seconds. This is distinct from the failure event, which signals that a PIN reveal API call failed after the widget was already running.
Property
Type
Description
error
string
Human-readable error message (safe to display to end users)
failedFields
string[]
Logical surfaces that failed to initialize. The Reveal PIN widget has a single display surface, so this is always ['display-controller'].
instanceId
string
Unique ID for this widget instance
<script> document.getElementById('pin-widget').addEventListener('error', (event) => { const { error, failedFields } = event.detail; console.error('Widget initialization failed:', error, failedFields); // Show error UI or offer a retry button });</script>
Dispatched when the PIN is successfully retrieved and rendered inside the widget’s secure iframe. The PIN itself is never included in the event — only metadata.
The widget exposes methods for programmatic control. These are useful when you want to control the reveal behavior externally instead of using the built-in button (show-toggle).