Skip to main content
GET
/
customers
/
{customer_id}
/
instruments
/
{instrument_id}
/
cryptogram
Fetch Cryptogram for a Saved Card Instrument
curl --request GET \
  --url https://sandbox.cashfree.com/pg/customers/{customer_id}/instruments/{instrument_id}/cryptogram \
  --header 'x-api-version: <x-api-version>' \
  --header 'x-client-id: <api-key>' \
  --header 'x-client-secret: <api-key>'
import requests

url = "https://sandbox.cashfree.com/pg/customers/{customer_id}/instruments/{instrument_id}/cryptogram"

headers = {
"x-api-version": "<x-api-version>",
"x-client-id": "<api-key>",
"x-client-secret": "<api-key>"
}

response = requests.get(url, headers=headers)

print(response.text)
const options = {
method: 'GET',
headers: {
'x-api-version': '<x-api-version>',
'x-client-id': '<api-key>',
'x-client-secret': '<api-key>'
}
};

fetch('https://sandbox.cashfree.com/pg/customers/{customer_id}/instruments/{instrument_id}/cryptogram', options)
.then(res => res.json())
.then(res => console.log(res))
.catch(err => console.error(err));
<?php

$curl = curl_init();

curl_setopt_array($curl, [
CURLOPT_URL => "https://sandbox.cashfree.com/pg/customers/{customer_id}/instruments/{instrument_id}/cryptogram",
CURLOPT_RETURNTRANSFER => true,
CURLOPT_ENCODING => "",
CURLOPT_MAXREDIRS => 10,
CURLOPT_TIMEOUT => 30,
CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
CURLOPT_CUSTOMREQUEST => "GET",
CURLOPT_HTTPHEADER => [
"x-api-version: <x-api-version>",
"x-client-id: <api-key>",
"x-client-secret: <api-key>"
],
]);

$response = curl_exec($curl);
$err = curl_error($curl);

curl_close($curl);

if ($err) {
echo "cURL Error #:" . $err;
} else {
echo $response;
}
package main

import (
"fmt"
"net/http"
"io"
)

func main() {

url := "https://sandbox.cashfree.com/pg/customers/{customer_id}/instruments/{instrument_id}/cryptogram"

req, _ := http.NewRequest("GET", url, nil)

req.Header.Add("x-api-version", "<x-api-version>")
req.Header.Add("x-client-id", "<api-key>")
req.Header.Add("x-client-secret", "<api-key>")

res, _ := http.DefaultClient.Do(req)

defer res.Body.Close()
body, _ := io.ReadAll(res.Body)

fmt.Println(string(body))

}
HttpResponse<String> response = Unirest.get("https://sandbox.cashfree.com/pg/customers/{customer_id}/instruments/{instrument_id}/cryptogram")
.header("x-api-version", "<x-api-version>")
.header("x-client-id", "<api-key>")
.header("x-client-secret", "<api-key>")
.asString();
require 'uri'
require 'net/http'

url = URI("https://sandbox.cashfree.com/pg/customers/{customer_id}/instruments/{instrument_id}/cryptogram")

http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true

request = Net::HTTP::Get.new(url)
request["x-api-version"] = '<x-api-version>'
request["x-client-id"] = '<api-key>'
request["x-client-secret"] = '<api-key>'

response = http.request(request)
puts response.read_body
{
  "instrument_id": "54deabb4-ba45-4a60-9e6a-9c016fe7ab10",
  "token_requestor_id": "22457512314",
  "card_number": "4491365621601472",
  "card_expiry_mm": "06",
  "card_expiry_yy": "2025",
  "cryptogram": "AQBBBBBBZatIlaIAmWKSghwBBBB=",
  "card_display": "1234"
}
{
"message": "bad URL, please check API documentation",
"help": "Check latest errors and resolution from Merchant Dashboard API logs: https://bit.ly/4glEd0W Help Document: https://bit.ly/4eeZYO9",
"code": "request_failed",
"type": "invalid_request_error"
}
{
"message": "authentication Failed",
"code": "request_failed",
"type": "authentication_error"
}
{
"message": "something is not found",
"help": "Check latest errors and resolution from Merchant Dashboard API logs: https://bit.ly/4glEd0W Help Document: https://bit.ly/4eeZYO9",
"code": "something_not_found",
"type": "invalid_request_error"
}
{
"message": "order with same id is already present",
"help": "Check latest errors and resolution from Merchant Dashboard API logs: https://bit.ly/4glEd0W Help Document: https://bit.ly/4eeZYO9",
"code": "order_already_exists",
"type": "invalid_request_error"
}
{
"message": "something is not found",
"help": "Check latest errors and resolution from Merchant Dashboard API logs: https://bit.ly/4glEd0W Help Document: https://bit.ly/4eeZYO9",
"code": "request_invalid",
"type": "idempotency_error"
}
{
"message": "Too many requests from IP. Check headers",
"code": "request_failed",
"type": "rate_limit_error"
}
{
"message": "internal Server Error",
"help": "Check latest errors and resolution from Merchant Dashboard API logs: https://bit.ly/4glEd0W Help Document: https://bit.ly/4eeZYO9",
"code": "internal_error",
"type": "api_error"
}
{
"message": "something is not found",
"help": "Check latest errors and resolution from Merchant Dashboard API logs: https://bit.ly/4glEd0W Help Document: https://bit.ly/4eeZYO9",
"code": "bank_processing_failure",
"type": "api_error"
}

Authorizations

x-client-id
string
header
required

Client app ID. You can find your app id in the Merchant Dashboard.

x-client-secret
string
header
required

Client secret key. You can find your secret key in the Merchant Dashboard.

Headers

x-api-version
string
default:2025-01-01
required

API version to be used.

x-request-id
string

Request ID for the API call. Can be used to resolve tech issues. Communicate this in your tech related queries to Cashfree.

x-idempotency-key
string<UUID>

An idempotency key is a unique identifier you include with your API call. If the request fails or times out, you can safely retry it using the same key to avoid duplicate actions.

Path Parameters

customer_id
string
required

The customer ID provided by the merchant during the Create Order API call, used to save cards for the customer.

instrument_id
string
required

Identifier for the specific card to fetch its details.

Response

Success response for retrieving the token and cryptogram for a specific saved card stored in Cashfree's Token Vault.

instrument_id
string

Identifier for the card saved at Cashfree.

token_requestor_id
string

TRID issued by respective card networks.

card_number
string

Token number.

card_expiry_mm
string

Token expiry month.

card_expiry_yy
string

Token expiry year.

cryptogram
string

A one-time code dynamically generated by the respective card network, required to process saved card payments.

card_display
string

Displays the last four digits of the actual card number.