Apto SDKs

Mobile SDKs

Apto also offers SDKs that wrap the Mobile API so that you don’t need to deal with network requests. Convenient classes are exposed in these mobile SDKs, available for iOS (Swift orObjective-C) and Android (Kotlin and Java).

To access our SDKs, visit our GitHub repository and select a specific SDK:

White-label flows (UI SDKs)

For speed-to-market, we also offer a compiled version of the SDKs, which means you can take this white label mobile application and drop it into your existing application or you can distribute it as standalone mobile applications. The Android and iOS applications implement a standard cardholder experience but are configurable to match your branding look and feel.

To initialize and operate the white label flows, simply pass your Mobile API key. Two lines of code can present all the functionality that your users will need.

To access our SDKs, visit our GitHub repository and select a specific SDK:


If you want to present PCI data in your mobile app or within your website, but your platform is not PCI certified, you can still show that information to your users by using the Apto PCI SDK.

To access our SDKs, visit our GitHub repository and select a specific SDK:

The Apto PCI SDK is a small package that’s available for iOS, Android, and Web, and contains a single UI component that can securely obtain the card’s PCI protected data and show it on screen within any UI of your application.

The Apto PCI SDK executes two main functions:

  1. Securely obtain the PCI card data from Apto’s servers.
  2. Show the PCI-protected card information to the cardholder.

The PCI SDK uses a secure user token, which can be obtained only by the card’s owner, to ensure that the PCI protected data is only delivered to the final user.

Obtain PCI Card Data

The PCIView UI component exposes a method that reveals the card’s PCI data, and must be integrated into your UI. The component implements logic that verifies the cardholder using both of their primary credentials, and then securely sends the card details to the PCI SDK using two layers of encryption: SSL and an additional encryption of the PCI data using a single-use key that’s generated during the process. The PCI SDK receives the encrypted data and decrypts it before showing it on screen. This mechanism protects the PCI data from:

  1. Being displayed to a requester who is not the cardholder themselves.
  2. Network sniffing techniques (the data is double-encrypted)
  3. Exposing any PCI data to the logic of your app, so you cannot be in violation of PCI rules.

The PCI SDK prevents unauthorised entities from accessing the PCI data, which will only ever be made available to the cardholder.

To view their PCI data in the Instant Issuance program, your users must enter their D.O.B. (or, in the example apps, verify via biometrics) and enter a OTP that is delivered to them via SMS.

Displaying PCI Data

The Apto PCI SDK isolates the card data from your application by using an embedded IFrame.

The PCI SDK can show the card’s PAN, CVV, and Expiration Date, within your UI. Allowing, for example, you to render a card image in your UI showing appropriate card data.

Each label can be positioned independently, and the whole PCIView can also be positioned in your application layout. Using CSS styles, you can customise the look and feel of these three labels to make them feel part of your application.

Building a cardholder app

In the table below, we outline how to use our developer tools to quickly build your applications. We list the various use cases typically needed in an application, and identify whether you should use our SDK or our API.

Cardholder UX JourneyExecution Responsibility
SectionSub-SectionDescriptionDeveloperApto Developer Tools
Mobile SDKPCI SDKAPIMobile App
Welcome screen
Welcome screenThe potential cardholder views the product marketing and the call to action initiates the onboarding flowβœ”----
Cardholder onboarding
AuthenticationThe cardholder must verify their mobile phone and their email and submit their date of birth-βœ”--βœ”
Personally identifiable information ("PII")The cardholder must agree to the legal disclosures and submit their legal name, address, and tax ID-βœ”--
KYC verificationApto uses the PII to verify the cardholder's identity-βœ”--
Application passcode / biometrics
Create passcodeThe cardholder can create a passcode to unlock the application-βœ”--βœ”
Forgot passcodeThe cardholder can reset their passcode-βœ”--
Change passcodeThe cardholder can change their passcode-βœ”--
Enable BiometricsThe cardholder can enable biometrics to unlock the application-βœ”--
Disable BiometricsThe cardholder can disable biometrics-βœ”--
Card details
View card detailsThe cardholder can view their card number, expiration date, and security code--βœ”-βœ”
Card management
Activate physical cardThe cardholder can activate their physical card-βœ”--βœ”
Set PINThe cardholder can create their PIN-βœ”--
Change PINThe cardholder can change their PIN-βœ”--
Deactivate cardThe cardholder can freeze their card-βœ”--
Reactivate cardThe cardholder can unfreeze their card-βœ”--
Report card lost or stolenThe cardholder can report their card is lost or stolen and he/she can request a new card-βœ”--
Transaction historyThe cardholder can view their full transaction history-βœ”-βœ”βœ”
Transaction detailsThe cardholder can view details of any transaction-βœ”-βœ”
Monthly statements
Monthly statement listThe cardholder can view their historical monthly statements-βœ”--βœ”
Monthly statementThe cardholder can view their historical monthly statement-βœ”-βœ”
Spending charts
Monthly activity by merchant typeThe cardholder can view their activity by merchant type-βœ”-βœ”βœ”
Cardholder support
FAQThe cardholder can view the FAQsβœ”---βœ”
EmailThe cardholder can email supportβœ”---
PhoneThe cardholder can call a toll-free line for automated supportβœ”βœ”--
ChatbotThe cardholder can interact with the chatbot-βœ”--βœ”
Program disclosures
View card program agreementsThe cardholder can view the Cardholder Agreement and E-Sign Agreementβœ”βœ”--βœ”
View privacy policyThe cardholder can view the Privacy Policyβœ”βœ”--