Introduction to In-App Provisioning
In-App Provisioning is a process where the Program Manager (i.e., your systems) pre-authenticates the cardholder before the first token provisioning message is sent to the token service provider (Visa/Mastercard). For information on the requirements for cardholder authentication, discuss with your mobile wallet token requestor.
In-App Provisioning requires you to share sensitive card data held on your system with the token service provider (without the cardholder needing to manually enter the PAN details into their mobile application). The cardholder must be logged into their account (i.e., logged in to their mobile application) in order to be able to authenticate.
The figure below describes the In-App Provisioning process.
- The cardholder confirms the card to be added to their mobile phone application for your service.
- Your mobile phone app requests encrypted card data for In-App Provisioning from the token requestor (e.g., Apple and Android).
- The token requestor returns the data.
- Your mobile app sends data to your server.
- Using a valid REST API authorisation token, your server calls either the Request Apple Payload endpoint (for Apple Wallet users), or the Request Google Payload endpoint (for Google Wallet users).
- Thredd creates an encrypted payload and returns it to your server.
- The server sends the encrypted data to the mobile phone app.
- The encrypted data is passed to the token requestor from the phone app.
- The token requestor initiates provisioning with the Token Service Provider, which decrypts the card data and starts the token provisioning flow.
Documentation
For more information on the In-App Provisioning endpoints, see:
Updated 5 months ago