Push Provisioning
These APIs provide encrypted cardholder information which are needed to implement push provisioning in your own mobile App.
You can retrieve the payment tokens of a card to help find out whether it has already been added to a particular wallet.
Card token
Wallet name, e.g. GOOGLE_PAY or APPLE_PAY
Unique reference of the payment token
Unique reference of the PAN
Payment token status, e.g. ACTIVE, SUSPENDED or INACTIVE
Table of available provisioning status and descriptions
| Code | Description |
|---|---|
| ACTIVE | The token is active and available for payments |
| SUSPENDED | The token has been temporarily suspended |
| INACTIVE | The token is in the active wallet, but requires additional user authentication for use |
| DEACTIVATED | The status will not be visible, you can safely ignore it |
{"cardToken": "a3f90c98-1cd1-4488-9050-2e32c696f8fa","walletName": "GOOGLE_PAY","paymentTokenUniqueReference": "DSHRMC0000255389d1106783179b420aa5b5ca09ba2f12b8","panUniqueReference": "FSHRMC000025538959679bc73c9d4fdc8031b20fa91d0e3b","provisioningStatus": "ACTIVE"}
Deactivated payment tokens will not be included in the response
POST /v3/spend/profiles/{{profileId}}/cards/{{cardToken}}/payment-tokens
List of supported wallet types, namely APPLE_PAY and GOOGLE_PAY
curl -X POST 'https://api.sandbox.transferwise.tech/v3/spend/profiles/{{profile_id}}/cards/{{card_token}}/payment-tokens'-H 'Authorization: Bearer <your api token>'-H 'Content-Type: application/json'-d '{"walletNames": ["APPLE_PAY", "GOOGLE_PAY"]}'
Response
Returns all the payment tokens except deactivated
{"paymentTokens": [{"cardToken": "a3f90c98-1cd1-4488-9050-2e32c696f8fa","walletName": "GOOGLE_PAY","paymentTokenUniqueReference": "DSHRMC0000255389d1106783179b420aa5b5ca09ba2f12b8","panUniqueReference": "FSHRMC000025538959679bc73c9d4fdc8031b20fa91d0e3b","provisioningStatus": "ACTIVE"},{"cardToken": "a3f90c98-1cd1-4488-9050-2e32c696f8fa","walletName": "GOOGLE_PAY","paymentTokenUniqueReference": "DSHRMC0000255389e2f7133754ab4e2f87fc323730fdfd8e","panUniqueReference": "","provisioningStatus": "INACTIVE"},{"cardToken": "a3f90c98-1cd1-4488-9050-2e32c696f8fa","walletName": "APPLE_PAY","paymentTokenUniqueReference": "DAPLMC000025538967ea1d7972414a93a6544a07dae27a8c","panUniqueReference": "FAPLMC0000255389d7df244df7244803aa2c4ce2a29c242a","provisioningStatus": "ACTIVE"},{"cardToken": "a3f90c98-1cd1-4488-9050-2e32c696f8fa","walletName": "APPLE_PAY","paymentTokenUniqueReference": "DAPLMC0000255389c25cd65bf8084c168dbc4aa59708841a","panUniqueReference": "FAPLMC0000255389d7df244df7244803aa2c4ce2a29c242a","provisioningStatus": "SUSPENDED"}]}
POST /twcard-data/v1/push-provisioning/encrypted-payload/google-pay
This API is not available for sandbox testing.
Stable device identification set by Wallet Provider. Could be computer identifier or ID tied to hardware such as TEE_ID or SE_ID. This field must match the clientDeviceId wallet provider will send in token provision request
Client-provided consumer ID that identifies the Wallet Account Holder entity
curl -X POST 'https://twcard.wise.com/twcard-data/v1/push-provisioning/encrypted-payload/google-pay'-H 'Authorization: Bearer <your api token>'-H 'x-tw-twcard-card-token: <your card token>'-H 'Content-Type: application/json'-d '{"clientDeviceId": "ed6abb56323ba656521ac476","clientWalletAccountId: "walletid"}'
Response
Returns encrypted cardholder information and other metadata
Encrypted authentication and activation data following card scheme and wallet provider specifications. The response is base64 encoded.
CARD_NETWORK_VISA or CARD_NETWORK_MASTERCARD
TOKEN_PROVIDER_VISA or TOKEN_PROVIDER_MASTERCARD
Default card name that will be displayed in wallet
Last 4 digits of the card PAN
Entire address and phone number associated with the card
{"opaquePaymentCard":"eyJraWQiOiIwQk...","cardNetwork":"CARD_NETWORK_VISA","tokenServiceProvider": "TOKEN_PROVIDER_VISA","cardDisplayName":"Wise Card","cardLastDigits":"1234","userAddress": {"addressLine1":"56 Shoreditch High St","addressLine2": "The Tea Bldg","countryCode":"GB","locality":"London","administrativeArea":"","name":"John Smith","phoneNumber":"+441234567890","postalCode":"E1 6JJ"}}
POST /twcard-data/v1/push-provisioning/encrypted-payload/apple-pay
This API is not available for sandbox testing.
DER encoded X.509 ECC leaf and sub CA certificate
One time use nonce generated by Apple Servers and HEX encoded on iOS app
The device and account specific signature of the nonce generated by Apple and HEX encoded on iOS app
curl -X POST 'https://twcard.wise.com/twcard-data/v1/push-provisioning/encrypted-payload/apple-pay'-H 'Authorization: Bearer <your api token>'-H 'x-tw-twcard-card-token: <your card token>'-H 'Content-Type: application/json'-d '{"certificates": [<DER encoded X.509 ECC leaf certificate>,<DER encoded X.509 ECC sub CA certificate>],"nonce": "nonce","nonceSignature": "nonce signature"}'
Response
Returns encrypted cardholder information and other metadata
Encrypted authentication data following card scheme and wallet provider specifications
Encrypted activation data following card scheme and wallet provider specifications
Ephemeral key used to encrypt authentication data
{"encryptedPassData": "443232323637393045DDE321469537FE461E824AA55BA67BF645454330A32433610DE1D1461475BEB6D815F31764DDC20298BD779FBE37EE5AB3CBDA9F9825E1","activationData": "KDlTthhZTGufMY…….xPSUrfmqCHXaI9wOGY=","ephemeralKey": "A1B2C3D4E5F6112233445566"}