# Create encrypted card data for Apple Pay Generate encrypted card data to provision a token via push-provisioning and the Apple SDK. Also returned is cardholder identifying information. **Notes:** * This is a PCI endpoint, use the https://gw-pci.pismolabs.io/cards-tokenization environment. * This endpoint takes an account token - an access token encoded with a Pismo account ID. # OpenAPI definition ```json { "openapi": "3.1.0", "info": { "title": "Card issuing - Tokenization", "description": "API endpoints for card tokenization.", "version": "1.0.0", "contact": { "name": "API Support", "url": "https://developers.pismo.io/support" }, "license": { "name": "Copyright Pismo" } }, "servers": [ { "url": "https://gw-pci.pismolabs.io/cards-tokenization", "description": "PCI API server for testing" }, { "url": "https://pci.pismolabs.io/cards-tokenization", "description": "Sandbox API server for testing" } ], "tags": [ { "name": "Pre-digitalization", "description": "Pre-digitalization endpoints" } ], "components": { "parameters": { "CardIDpath": { "name": "cardId", "in": "path", "schema": { "type": "string" }, "description": "Pismo card ID", "required": true } }, "schemas": { "ApplePayEncryptedDataResponse": { "type": "object", "properties": { "push_data": { "type": "object", "properties": { "ephemeralPublicKey": { "type": "string", "description": "Key pair for Apple SDK" }, "encryptedData": { "type": "string", "description": "Encrypted card data for Apple SDK" }, "activationData": { "type": "string", "description": "Encrypted data for Apple SDK in base64 format" } } }, "additional_info": { "type": "object", "properties": { "name": { "type": "string", "description": "Cardholder name" }, "address": { "type": "string", "description": "Cardholder address" }, "country": { "type": "string", "description": "Cardholder country" }, "city": { "type": "string", "description": "Cardholder city" }, "state": { "type": "string", "description": "Cardholder state" }, "phone": { "type": "string", "description": "Cardholder phone number" }, "printed_name": { "type": "string", "description": "Name printed on card" }, "last_4_digits": { "type": "string", "description": "Last 4 PAN digits" }, "has_address_info": { "$ref": "#/components/schemas/HasAddressInfo" }, "has_phone_info": { "$ref": "#/components/schemas/HasPhoneInfo" } }, "example": { "push_data": { "ephemeralPublicKey": "BLv5wb8HKPTlabxWW6z2at67jDqLZlFbGrOmq0bc2A0BbhRCmwWpzcf8ST2kEBctYX1nNZ9fE5MRSPf/4Tpz698=", "encryptedData": "uOt1....T9TOebjAM6DI43juahDiaMvpUaQZU2KNaICA==", "activationData": "ewogICJmdW5...PSIKfQ==" }, "additional_info": { "name": "Ron Rico", "address": "221B Baker Street", "country": "Elbonia", "city": "Raccoon", "phone": "867-5309", "state": "Siege", "zip_code": "8675309", "printed_name": "Tupper Weir", "last_4_digits": "9999", "has_address_info": false, "has_phone_info": true } } } } }, "ApplePayEncryptedDataRequest": { "type": "object", "required": [ "Apple_public_certificate_b64", "device_type", "app_version", "Nonce", "Nonce_signature" ], "properties": { "Apple_public_certificate_b64": { "description": "Apple SDK Base64 encoded certificate from Apple\n*You need to encode what you receive from Apple with Base64 and then send it here.\n", "type": "array", "items": { "type": "string", "example": "LS0tL...Q0FURS0tLS0t" } }, "device_type": { "type": "string", "description": "Device type that the token will be provisioned for.", "enum": [ "MOBILE_PHONE", "WATCH" ] }, "app_version": { "type": "string", "description": "Application version from the provisioning request." }, "Nonce": { "type": "string", "description": "From Apple SDK. Nonce = \"number used once\", a one-time-use random generated value.", "example": "48585930" }, "product_type": { "type": "string", "description": "From Apple SDK. Product type identifier. if a specific identifier needs to be passed, it **must** be entered in this field. if not passed, Pismo uses default values from the networks.", "example": "016:XX:A000000001010111101" }, "Nonce_signature": { "type": "string", "description": "From Apple SDK", "example": "vdt5543" }, "tav_version": { "$ref": "#/components/schemas/TAVversion" }, "key_alias": { "$ref": "#/components/schemas/TokenKeyAlias" }, "authcode": { "type": "string", "description": "An issuer-generated 6-character code specific to the current provisioning request. Issuer and Visa use this field to identify specific activation codes in problem resolution or authentication related questions. Format is alphanumeric. Allowed characters include 0-9 and A-Z. Characters must be in uppercase and not contain all zeros or all spaces. **REQUIRED** for Visa.\n", "example": "0CVBD9" } } }, "ErrorObject": { "type": "object", "description": "Standard error object", "properties": { "error_code": { "type": "string", "description": "Error code" }, "message": { "type": "string", "description": "Error message" } } }, "HasAddressInfo": { "type": "boolean", "description": "If `true`, cardholder address information exists on Pismo platform. If `false`, some fields inside `additional_info` are not returned. \n" }, "HasPhoneInfo": { "type": "boolean", "description": "If `true`, cardholder phone information exists on Pismo platform. If `false`, some fields inside `additional_info` are not returned. \n" }, "TAVversion": { "type": "string", "description": "The Token Authorization Value (TAV) version. The TAV value contains the issuer's digital signature that approves the token digitization for a Primary Account Number (PAN). **REQUIRED** for Mastercard if the issuer wants to use model `TAV4`.\n", "enum": [ "TAV3", "TAV4" ], "example": "TAV4" }, "TokenKeyAlias": { "type": "string", "description": "Mastercard provided Key alias value used to generate the signature on a TAV body request. **REQUIRED** if Mastercard and `TAV4` version.\n", "example": "2023-abd-deeg" } }, "securitySchemes": { "BearerAuth": { "type": "http", "scheme": "bearer", "description": "Account token - token encoded with a Pismo account ID. Tokens can expire quickly, which can result in a \"**401 Unauthorized**\" error.", "bearerFormat": "JWT" } }, "responses": { "200MasterApplePayPushProvisioning": { "description": "Success", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ApplePayEncryptedDataResponse" }, "example": { "push_data": { "ephemeralPublicKey": "BLv5wb8HKPTlabxWW6z2at67jDqLZlFbGrOmq0bc2A0BbhRCmwWpzcf8ST2kEBctYX1nNZ9fE5MRSPf/4Tpz698=", "encryptedData": "uOt1....T9TOebjAM6DI43juahDiaMvpUaQZU2KNaICA==", "activationData": "ewogICJmdW5...PSIKfQ==" }, "additional_info": { "name": "Ron Rico", "address": "221B Baker Street", "country": "Elbonia", "city": "Raccoon", "phone": "867-5309", "state": "Siege", "zip_code": "8675309", "printed_name": "Tupper Weir", "last_4_digits": "9999", "has_address_info": false, "has_phone_info": true } } } } }, "400BadRequest": { "description": "Bad request", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorObject" }, "examples": { "example-1": { "value": { "error_code": "ERR93836", "message": "Card profile can't be null" } } } } } }, "401Unauthorized": { "description": "Access token is missing or invalid", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorObject" }, "examples": { "example-1": { "value": { "error_code": "ERR9786", "message": "Access token is missing or invalid" } } } } } }, "500InternalServerError": { "description": "Internal Server Error", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorObject" }, "examples": { "example-1": { "value": { "error_code": "ERR5446", "message": "Internal server error" } } } } } } } }, "security": [ { "BearerAuth": [] } ], "paths": { "/v1/cards/{cardId}/network-tokens/push-provisioning/wallets/applepay": { "post": { "summary": "Create encrypted card data for Apple Pay", "description": "Generate encrypted card data to provision a token via push-provisioning and the Apple SDK. Also returned is cardholder identifying information.\n\n**Notes:** \n * This is a PCI endpoint, use the https://gw-pci.pismolabs.io/cards-tokenization environment.\n * This endpoint takes an account token - an access token encoded with a Pismo account ID.\n", "operationId": "post-encrypted-applepay-data", "tags": [ "Pre-digitalization" ], "parameters": [ { "$ref": "#/components/parameters/CardIDpath" } ], "requestBody": { "required": true, "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ApplePayEncryptedDataRequest" } } } }, "responses": { "200": { "$ref": "#/components/responses/200MasterApplePayPushProvisioning" }, "400": { "$ref": "#/components/responses/400BadRequest" }, "401": { "$ref": "#/components/responses/401Unauthorized" }, "500": { "$ref": "#/components/responses/500InternalServerError" } } } } } } ```