# Push multiple accounts
Push card and account(s) to a token requestor.
A token requestor is an entity that initiates the tokenization process. Wallets, merchants, payments service providers (PSPs) are collectively referred to as **token requestors**.
**Notes:**
* Pismo acts as a proxy for the Mastercard Token Connect API
* This endpoint does not generate an event
* For more information, refer to the [MDES Token Connect](doc:mdes-token-connect) guide.
# OpenAPI definition
```json
{
"openapi": "3.1.0",
"info": {
"title": "Card issuing - Tokenization",
"description": "API endpoints for card tokenization.",
"version": "1.0.0",
"contact": {
"name": "API Support",
"url": "https://developers.pismo.io/support"
},
"license": {
"name": "Copyright Pismo"
}
},
"servers": [
{
"url": "https://gw-pci.pismolabs.io/cards-tokenization",
"description": "PCI API server for testing"
},
{
"url": "https://pci.pismolabs.io/cards-tokenization",
"description": "Sandbox API server for testing"
}
],
"tags": [
{
"name": "MDES Token Connect [Beta]",
"description": "Mastercard's Token Connect service endpoints"
}
],
"components": {
"parameters": {
"accessTokenHeader": {
"name": "access_token",
"in": "header",
"required": true,
"schema": {
"type": "string"
},
"description": "Access token. Tokens can expire quickly, which can result in a **401 Unauthorized** error."
},
"AccountIdHeader": {
"in": "header",
"name": "x-account-id",
"required": true,
"schema": {
"type": "integer",
"format": "int64"
},
"description": "Account ID"
},
"CustomerIDheader": {
"name": "x-customer-id",
"in": "header",
"required": true,
"schema": {
"type": "integer"
},
"description": "Customer ID"
},
"TenantHeader": {
"name": "x-tenant",
"in": "header",
"schema": {
"type": "string"
},
"description": "Pismo organization/tenant ID",
"required": true
}
},
"schemas": {
"AccountData": {
"type": "object",
"required": [
"holder_details",
"validity_details"
],
"properties": {
"holder_details": {
"$ref": "#/components/schemas/HolderDetails"
},
"validity_details": {
"$ref": "#/components/schemas/ValidityDetails"
}
}
},
"Address": {
"type": "object",
"required": [
"country"
],
"properties": {
"line1": {
"type": "string",
"description": "Address line one",
"maxLength": 64,
"example": "1313 Mockingbird Lane"
},
"line2": {
"type": "string",
"description": "Address line two",
"maxLength": 64,
"example": "Apt 4B"
},
"country": {
"type": "string",
"description": "Billing address country - ISO-3166-1 3-letter code.\n",
"maxLength": 3,
"example": "USA"
},
"country_subdivision": {
"type": "string",
"description": "Country subdivision such as state or sultanate",
"maxLength": 12,
"example": "CA"
},
"city": {
"type": "string",
"description": "Billing address city",
"maxLength": 32,
"example": "San Francisco"
},
"postal_code": {
"type": "string",
"description": "Billing address postal code, such as zip code in the United States.",
"maxLength": 16,
"example": "8675309"
}
}
},
"CardID": {
"type": "number",
"description": "Card ID",
"example": 6743052
},
"Contact": {
"type": "object",
"description": "Contact object",
"properties": {
"email_address": {
"type": "string",
"description": "Email address",
"format": "email",
"maxLength": 320,
"example": "barbie_kew@roadhouse.com"
},
"country_dial_in_code": {
"type": "string",
"description": "International dial-in prefix code associated with country.\n",
"maxLength": 4,
"example": "1"
},
"phone_number": {
"type": "string",
"description": "Phone number following `country_dial_in_code` prefix.",
"maxLength": 20,
"example": "4155551234"
}
}
},
"HolderDetails": {
"type": "object",
"description": "Account holder details object",
"properties": {
"name": {
"type": "string",
"description": "Account holder name in the format Last name/First name or first name last name.",
"maxLength": 27,
"example": "Cee Biskit"
},
"address": {
"$ref": "#/components/schemas/Address"
},
"contact": {
"$ref": "#/components/schemas/Contact"
}
}
},
"Locale": {
"type": "string",
"description": "Consumer preferred locale (language and country). \n\n**Format**: two-letter ISO-639-1 language in lowercase + underscore (\"_\") + two-letter ISO 3166-1 country code in uppercase.\n",
"example": "en_US"
},
"PushAccountReceipt": {
"type": "object",
"description": "Push account receipts object",
"required": [
"push_account_id",
"push_account_receipt"
],
"properties": {
"push_account_id": {
"type": "string",
"description": "Push account ID",
"maxLength": 36,
"example": "pa_123456789"
},
"push_account_receipt": {
"type": "string",
"description": "Push account receipt to token requestor. Contains pushed account details and expires after 15 minutes. \n\nA valid receipt = 3-character prefix identifying product associated with funding account + UUID.\n\nPrefic values: \n * `MCC` - Mastercard credit \n * `DMC` - Mastercard debit \n * `MSI` - Maestro \n * `PVL` - Private label\n",
"maxLength": 64,
"example": "MCC-C307FOAE-298E-48EB-AA43-A7C40B32DDDE"
},
"issuer_initiated_digitization_data": {
"type": "string",
"description": "Base64 encoded string issuer can pass to token requestor proprietary communication. Present if `request_issuer_initiated_digitization_data` is `true` in the request.\n",
"maxLength": 256000
}
}
},
"PushAccountsRequest": {
"type": "object",
"required": [
"card_id",
"accounts",
"token_requestor_id",
"locale"
],
"properties": {
"card_id": {
"$ref": "#/components/schemas/CardID"
},
"accounts": {
"$ref": "#/components/schemas/AccountData"
},
"token_requestor_id": {
"$ref": "#/components/schemas/TokenRequestorId"
},
"locale": {
"$ref": "#/components/schemas/Locale"
},
"callback_url": {
"type": "string",
"description": "Callback URL token requestor uses to pass control back to the issuer.\n",
"maxLength": 256,
"example": "https://callback.example.com"
},
"complete_issuer_app_activation": {
"type": "boolean",
"description": "Should token requestor complete app activation if provisioning request receives a `REQUIRE_ADDITIONAL_AUTHENTICATION` and the cardholder chooses the `CARDHOLDER_TO_USE_ISSUER_MOBILE_APP` authentication method?\n",
"default": false
},
"complete_website_activation": {
"type": "boolean",
"description": "Should token requestor complete website activation if provisioning request receives a `REQUIRE_ADDITIONAL_AUTHENTICATION` and the cardholder chooses the `CARDHOLDER_TO_VISIT_WEBSITE` authentication method?\n",
"default": false
},
"account_holder_data_supplied": {
"type": "boolean",
"description": "Is cardholder information stored in MDES along with funding account information?",
"default": false
},
"request_issuer_initiated_digitization_data": {
"type": "boolean",
"description": "Return issuer initiated digitization data?",
"default": false
},
"push_account_receipts_validity_period": {
"type": "number",
"description": "Push account receipts validity period in minutes. If issuer is pushing more than one account, the provided value is applicable to all receipts.\n\nDefault is `15`. **Must** be greater or equal to `5` and less than or equal to `15`.\n",
"enum": [
5,
6,
7,
8,
9,
10,
11,
12,
13,
14,
15
],
"minimum": 5,
"maximum": 15,
"default": 15,
"example": 15
}
}
},
"PushAccountsResponse": {
"type": "object",
"properties": {
"push_account_receipts": {
"type": "array",
"description": "Push account receipts",
"items": {
"$ref": "#/components/schemas/PushAccountReceipt"
}
},
"available_push_methods": {
"type": "array",
"description": "Available push methods",
"items": {
"$ref": "#/components/schemas/PushMethod"
}
},
"signature": {
"type": "string",
"description": "JWS signature output. **REQUIRED** if `token_reqiest_signature_support` is `true` and at least one push account receipt is returned.\n"
},
"token_requestor_signature_support": {
"type": "boolean",
"description": "Does token requestor support signature verification?"
}
}
},
"PushMethod": {
"type": "object",
"required": [
"type",
"uri"
],
"properties": {
"type": {
"type": "string",
"description": "Push method type\n\n* `ANDROID` - Android app intent URI\n* `IOS` - iOS app intent URI\n* `WEB` - Browser URL\n",
"enum": [
"ANDROID",
"IOS",
"WEB"
],
"example": "WEB"
},
"uri": {
"type": "string",
"description": "URI to open the token requestor's application or website.",
"maxLength": 128,
"format": "uri",
"example": "https://tokenize.example.com"
}
}
},
"TokenRequestorId": {
"type": "string",
"description": "Token requestor ID (TRID), a numeric 11-digit value. \n\nA token requestor is an entity that initiates the tokenization process. Wallets, merchants, payments service providers (PSPs) are collectively referred to as **token requestors**. \n\nCard networks use TRIDs to enforce usage boundaries at the network level, know who is reponsible if fraud occurs, and to prevent tokens from being used elsewhere.\n",
"maxLength": 11,
"example": "01234567890"
},
"ValidityDetails": {
"type": "object",
"properties": {
"data_valid_until_timestamp": {
"type": "string",
"description": "Data valid until timestamp. \nFormat: ISO 8601 extended format as one of the following: * YYYY-MM-DDThh:mm:ss[.sss]Z * YYYY-MM-DDThh:mm:ss[.sss]±hh:mm where [.sss] is optional and can be 1 to 3 digits\n",
"format": "date-time",
"maxLength": 29,
"example": "2025-12-31T23:59:59Z"
}
}
}
},
"securitySchemes": {
"BearerAuth": {
"type": "http",
"scheme": "bearer",
"description": "Account token - token encoded with a Pismo account ID. Tokens can expire quickly, which can result in a \"**401 Unauthorized**\" error.",
"bearerFormat": "JWT"
}
}
},
"security": [
{
"BearerAuth": []
}
],
"paths": {
"/v1/token-connect/push-multiple-accounts": {
"post": {
"summary": "Push multiple accounts",
"description": "Push card and account(s) to a token requestor. \n\nA token requestor is an entity that initiates the tokenization process. Wallets, merchants, payments service providers (PSPs) are collectively referred to as **token requestors**. \n\n**Notes:**\n\n * Pismo acts as a proxy for the Mastercard Token Connect API\n\n * This endpoint does not generate an event\n\n * For more information, refer to the [MDES Token Connect](https://developers.pismo.io/pismo-docs/docs/mdes-token-connect) guide.\n",
"operationId": "token_connet_push_multiple_accounts",
"tags": [
"MDES Token Connect [Beta]"
],
"parameters": [
{
"$ref": "#/components/parameters/accessTokenHeader"
},
{
"$ref": "#/components/parameters/AccountIdHeader"
},
{
"$ref": "#/components/parameters/CustomerIDheader"
},
{
"$ref": "#/components/parameters/TenantHeader"
}
],
"requestBody": {
"required": true,
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/PushAccountsRequest"
}
}
}
},
"responses": {
"200": {
"description": "Successful response",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/PushAccountsResponse"
}
}
}
},
"400": {
"description": "Bad request"
},
"500": {
"description": "Internal server error"
}
}
}
}
}
}
```