Guides
SupportAPI StatusSubscribe To Updates

Overview

Suggest Edits

This document provides a short overview of the technical steps required on the backend, mobile, and frontend sides to integrate credit cards into Apple Pay and Google Pay.

Steps on Backend

  1. Provide TOTP:
    Generate and provide cardSecret and cardId.
  2. Integrate User Notifications:
    Mandatory notifications must be implemented to keep users informed about the status of card provisioning.

Steps on Frontend

  • Optional: Display an overview of Apple Pay / Google Pay integration status for different user cards.

Steps on Mobile App(s)

For detailed mobile development, refer to:

  1. Integrate the MeaWallet Push Provisioning SDK.
  2. Add a splash screen for Apple Pay to remind users to provision their credit cards.

Key Terms

TermDescription
VTSVisa Token Service: Tokenizes card details to replace sensitive account information (PAN) with a unique token for secure mobile payments.
Mobile WalletThe digital wallet on a smartphone (e.g., Apple Pay, Google Pay) that stores credit card information for payments.
TokenA unique representation of a credit card, replacing the PAN for secure transactions.
TokenizationThe process of generating a token from a credit card's PAN.
ProvisioningAdding a credit card to a mobile wallet.
Push ProvisioningAdding a credit card to a mobile wallet (Apple Pay or Google Pay) via the partner's mobile app.
MPPMeaWallet Push Provisioning SDK for enabling tokenization and provisioning within a mobile app.
Green FlowA user authenticated in the partner app starts the provisioning process without additional authentication.
Yellow FlowA user starts provisioning from the mobile wallet app and requires further authentication, such as entering an OTP.
Red FlowTokenization is declined by VISA, requiring a restart of the process.
OTPOne Time Password: A single-use password to authenticate a user. For Google Pay, the OTP is provided by VISA directly via SMS. For Apple Pay, the partner provides the OTP via email or SMS.
TOTPTime-based One Time Password: A password valid only for a short time (e.g., a few minutes).
PANPrimary Account Number: The credit card number printed on the card.

Implementation Overview

Implementation Overview

Mobile Apps

For mobile app integration, refer to:

Backend

  1. Subscribe and listen to callbacks for card provisioning status changes.
  2. Handle OTP delivery for Apple Pay provisioning (if VISA chooses the yellow flow).
  3. Implement APIs to fetch data about provisioned cards and associated mobile devices.
  4. Apple Pay-specific:
    • Send confirmation emails upon successful tokenization.
    • Provide an endpoint to determine if a splash screen is required to remind users to provision cards (mandatory for Apple certification).
      Important
      This is part of Apple’s certification process. A user who has not provisioned a card yet must be reminded for the first 3 months to do so. Provisioned cards are those with a provisioningStatus of either TOKEN_PROVISIONED or TOKEN_ACTIVATED. This data can be retrieved via callbacks or the GET endpoint .

Frontend

  • Optionally display information about provisioned cards for users or organizations.

Flow Overview

Green Flow (Initiated from Partner Mobile App)

  1. User starts provisioning in the partner app.
  2. Mobile wallet app requests confirmation of card details.
  3. User accepts T&Cs in the mobile wallet app.
  4. Tokenization and authentication occur in the background.
  5. Mobile wallet app confirms successful provisioning.
  6. User is redirected to the partner app for confirmation.

Green Flow Overview

Green Flow Status Changes

  1. TOKEN_CREATED: Token generated for the selected card.
  2. TOKEN_ACTIVATED: Token successfully activated (final status).

Yellow Flow (Initiated from Mobile Wallet)

  1. User starts provisioning in the mobile wallet app and enters card details.
  2. User selects provisioning method.
  3. Tokenization begins:
      1. As part of this, you may receive a OTP (one time password) which needs to be forwarded to the user by an appropriate method (email, push notifications, ...), depending on which method the cardholder selects in the mobile wallet. If they select SMS, the SMS is sent by our processor Thredd immediately. Only if another method is chosen Pliant receives the OTP and forwards it then to the partner as a callback.
  4. User receives OTP and enters it in the mobile wallet app.
  5. VISA validates the OTP and activates the token, completing the provisioning.

Yellow Flow Status Changes

  1. TOKEN_CREATED: Token generated for the card.
  2. TOKEN_PROVISIONED: Token provisioned, awaiting further verification.
  3. PASSCODE_SENT: OTP sent to the user.
  4. Final Status Options:
    • TOKEN_ACTIVATED: Token successfully activated.
    • TOKEN_ACTIVATION_FAILED: Activation failed.

provisioningStatus Behaviour

Card Changes in Wallet

tokenStatus ChangeDescription
ACTIVECard added to wallet.
DELETEDCard removed from wallet.
SUSPENDEDCard locked in wallet (reflected in the wallet).

Note: provisioningStatus does not change after reaching TOKEN_ACTIVATED.

Associated Email Notifications

Based on the behaviour described above, the following notifications are sent:

EventNotification
Card added to walletEmail sent.
Card locked/unlockedNo email sent.
Card removed from walletNo email sent.
Card added againEmail sent.

Updated 21 days ago