diff --git a/apiserver/apiserver/api/management/commands/delete_old_static.py b/apiserver/apiserver/api/management/commands/delete_old_static.py
index 9f77677..c123654 100644
--- a/apiserver/apiserver/api/management/commands/delete_old_static.py
+++ b/apiserver/apiserver/api/management/commands/delete_old_static.py
@@ -19,7 +19,7 @@ class Command(BaseCommand):
         members = models.Member.objects
 
         good_files = []
-        for static_field in ['photo_large', 'photo_medium', 'photo_small', 'member_forms', 'card_photo']:
+        for static_field in ['photo_large', 'photo_medium', 'photo_small', 'member_forms']:
             good_files.extend(members.values_list(static_field, flat=True))
 
         count = 0
diff --git a/apiserver/apiserver/api/models.py b/apiserver/apiserver/api/models.py
index a681355..faf6459 100644
--- a/apiserver/apiserver/api/models.py
+++ b/apiserver/apiserver/api/models.py
@@ -21,7 +21,6 @@ class Member(models.Model):
     photo_medium = models.CharField(max_length=64, blank=True, null=True)
     photo_small = models.CharField(max_length=64, blank=True, null=True)
     member_forms = models.CharField(max_length=64, blank=True, null=True)
-    card_photo = models.CharField(max_length=64, blank=True, null=True)
 
     set_details = models.BooleanField(default=False)
     first_name = models.CharField(max_length=32)
diff --git a/apiserver/apiserver/api/utils.py b/apiserver/apiserver/api/utils.py
index 4e91712..37dec74 100644
--- a/apiserver/apiserver/api/utils.py
+++ b/apiserver/apiserver/api/utils.py
@@ -247,10 +247,11 @@ def gen_card_photo(member):
     y = CARD_PHOTO_MARGIN_SIDE
     draw.text((475, y), str(member.id), (0,0,0), font=font)
 
-    file_name = str(uuid4()) + '.jpg'
-    card_template.save(STATIC_FOLDER + file_name, quality=95)
+    bio = io.BytesIO()
+    card_template.save(bio, 'JPEG', quality=95)
+    bio.seek(0)
 
-    return file_name
+    return bio
 
 
 ALLOWED_TAGS = [
diff --git a/apiserver/apiserver/api/views.py b/apiserver/apiserver/api/views.py
index 622c14e..caa2e83 100644
--- a/apiserver/apiserver/api/views.py
+++ b/apiserver/apiserver/api/views.py
@@ -4,7 +4,7 @@ logger = logging.getLogger(__name__)
 from django.contrib.auth.models import User, Group
 from django.shortcuts import get_object_or_404, redirect
 from django.db.models import Max
-from django.http import HttpResponse, Http404
+from django.http import HttpResponse, Http404, FileResponse
 from django.core.files.base import File
 from django.core.cache import cache
 from django.utils.timezone import now
@@ -145,6 +145,14 @@ class MemberViewSet(Base, Retrieve, Update):
         utils_stats.changed_card()
         return Response(200)
 
+    @action(detail=True, methods=['get'])
+    def card_photo(self, request, pk=None):
+        if not is_admin_director(self.request.user):
+            raise exceptions.PermissionDenied()
+        member = self.get_object()
+        card_photo = utils.gen_card_photo(member)
+        return FileResponse(card_photo, filename='card.jpg')
+
 
 class CardViewSet(Base, Create, Retrieve, Update, Destroy):
     permission_classes = [AllowMetadata | IsAdmin]