Third-party Wallet Providers
Push provisioning to third-party wallets provides an improved experience for cardholders, issuers and digital wallet providers by allowing issuer mobile applications to push customer's PAN data securely to participating third-party Wallet Providers.
MPP SDK enables push provisioning to both Mastercard MDES Token Connect and Visa VTS Push Provisioning using the same API.
Initialization
Before you can use MPP SDK in your application, you must initialize it MeaPushProvisioning.initialize(Context context). Application should initialize the library only once during it's lifetime.
Get Token Requestors
First the Issuer has to retrieve information about Token Requestors that are enabled for their account ranges. This information can be used to create the list of Token Requestors for the User.
There are two functions for the Issuer to use for building the list:
MeaPushProvisioning.getTokenRequestors(List accountRanges): to retrieve information such as Token Requestor type, user-friendly name, available user interfaces (Android/iOS app, web).MeaPushProvisioning.getAsset(String assetId): to retrieve the image (logo) associated with the Token Requestor. In case of Mastercard MDES the supplied images are square with a white background. For each Token Requestor, MDES supplies the logo in two formats: .svg (scalable) and .png (192 x 192 pixels).
The User Interface should filter out the Token Requestors that are not applicable, for example, Token Requestors with an inappropriate user interface.
Sync example:
List<String> accountRangesList = Arrays.asList("512345678901", "512345678902", "512345678903");
List<MppTokenRequestor> tokenRequestors = MeaPushProvisioning.getTokenRequestors(accountRangesList);
Async example:
List<String> accountRangesList = Arrays.asList("512345678901", "512345678902", "512345678903");
MeaPushProvisioning.getTokenRequestors(accountRangesList, new MppGetTokenRequestorsListener() {
@Override
public void onSuccess(List<MppTokenRequestor> list) {
...
}
@Override
public void onFailure(@NonNull MppError mppError) {
...
}
});
Get Tokenization Receipt
When the User has selected the target Token Requestor as well as the sourcing card(s), application has to invoke MeaPushProvisioning.getTokenizationReceipt(String tokenRequestorId, MppCardDataParameters cardData) method.
Card data can be provided in two ways - MppCardDataParameters.withCardSecret(...), MppCardDataParameters.withEncryptedPan(...).
MppCardDataParameters cardDataWithCardSecret =
MppCardDataParameters.withCardSecret("4C2044415441202D2074686", "41202D207468");
MppCardDataParameters cardDataWithEncryptedPan =
MppCardDataParameters.withEncryptedPan(encryptedCardData, publicKeyFingerprint, encryptedKey, initialVector);
The response will include a receipt (pushAccountReceipt) representing the card/account to be pushed.
Sync example:
MppCardDataParameters cardDataParameters =
MppCardDataParameters.withCardSecret("4C2044415441202D2074686", "41202D207468");
MppGetTokenizationReceiptResponseData responseData =
MeaPushProvisioning.getTokenizationReceipt("12345678901", cardDataParameters);
String pushAccountReceipt = responseData.getPushAccountReceipt();
List<MppAvailablePushMethod> pushMethods = responseData.getAvailablePushMethods();
Async example:
MppCardDataParameters cardDataParameters =
MppCardDataParameters.withCardSecret("4C2044415441202D2074686", "41202D207468");
MeaPushProvisioning.getTokenizationReceipt("12345678901", cardDataParameters, new MppGetTokenizationReceiptListener() {
@Override
public void onSuccess(String pushAccountReceipt, List<MppAvailablePushMethod> list) {
...
}
@Override
public void onFailure(@NonNull MppError mppError) {
...
}
});
Send User to Token Requestor (Deep-linking)
To send User to the Token Requestor the issuer has to use the pushAccountReceipt instead of the original card/account data to request tokenization.
Additionally to pushAccountReceipt, MeaPushProvisioning.getTokenizationReceipt(...) response includes list of push methods supported by the Token Requestor and their URI for redirecting the user.
Response list can hold up to 3 URIs - with a minimum of 1 URI:
- One URI for the Token Requestor's Android app.
- One URI for the Token Requestor's iOS app.
- One URI for the Token Requestor's web browser experience.
Issuer must respect specific rules when selecting the URI where they will send the consumer. Because Android or iOS mobile application provide a better mobile experience than the web browsers, Issuers should always try and direct the consumer to the Android or iOS application of the Token Requestor, when possible. If the Android or iOS app URI is supplied, the web browser should remain a backup solution only.
MPP SDK provides a helper method MeaPushProvisioning.sendUserToTokenRequestor(...) for handling user redirect to the right Token Requestor URI.
Method has parameters to provide both an application URI and WEB URI, if an application URI is provided it will check if it is safe to send user to this Token Requestor application, else if it is not safe or if application URI is not provided, method will redirect user to the WEB URI. In any case, if additional URI parameters are provided (pushAccountReceiptParameter, callbackUrlParameter, completeIssuerAppActivationParameter, completeWebsiteActivationParameter), method will build URI by appending them to final URI used for the redirect.
Receive Response from Token Requestor
If callbackUrlParameter is provided in the redirect to the Token Requestor, the response can include a map of results for the tokenization attempts.
The resulting URI called by the Token Requestor is:
moonbank://pushcallback?results[MCC-C307F0AE-298E-48EB-AA43-A7C40B32DDDE]=APPROVED|DWSPMC000000000132d72d4fcb2f4136a0532d3093ff1a45
The Issuer should use the response from the Token Requestor to display relevant messaging to the User, as well as to update their Issuer's back-end information if needed.