Digital wallets allow users to securely store payment credentials and perform electronic transactions using their mobile devices. These wallets enable contactless payments, in-app purchases, and online transactions without requiring a physical card.

Priority-issued debit cards can be added to supported digital wallets such as Apple Pay, Google Pay, and Samsung Pay.

The platform supports tokenized wallet provisioning through API-based integrations, enabling applications to provision cards securely to digital wallets while minimizing exposure to sensitive card data.

Wallet Provisioning Methods

Passport-issued cards can be added to a digital wallet using two provisioning methods.

Manual Provisioning: Cardholders manually enter their card details within their digital wallet application. This process requires no integration effort from the issuer’s application but typically results in higher friction and lower user engagement.
Push Provisioning: Push provisioning allows cardholders to add their card to a digital wallet directly from your application with a single user interaction. This method significantly improves the cardholder experience by enabling instant provisioning of tokenized cards without requiring manual entry of card details.

Priority supports push provisioning through API endpoints that generate encrypted card payloads for supported wallet providers.

Welcome to the content that you can only see inside the first Tab.

How Push Provisioning Works

The push provisioning flow enables your application to create a card and securely provision it to a supported digital wallet.

The process typically follows these steps:

The cardholder initiates the provisioning request from your application (for example, by selecting “Add to Wallet”).
Your application sends a POST request to the card creation endpoint to generate a new debit card.
Priority creates the card and returns the card identifier in the response.
Your application sends a provisioning request to the digital wallet provisioning endpoint.
Priority returns encrypted card payload data required by the wallet provider.
Your application forwards the encrypted payload to the digital wallet provider using their SDK or APIs.
The digital wallet requests a token from the card network.
The card network generates a device-specific payment token.
The digital wallet stores the active token on the device, enabling the cardholder to perform contactless or digital payments.

Pre-requisits

To support the push provisioning flow from your application, you must obtain approval from the digital wallet provider and integrate with their API’s, in addition to integrating with Passport API’s. To obtain entitlements, for

Apple Pay — have the owner of your Apple developer account send an email to [email protected] for whitelisting and entitlements
Google Pay – Go to Google Pay developer portal - https://developers.google.com/pay/issuers/apis
Samsung Pay — Go to the Samsung Pay developer portal - https://pay.samsung.com/developers

Provision a Card

You can provision a debit card to a digital wallet by sending a POST request to the /v1/customer/{id}/account/{id}/debitCard/{id}/provision endpoint. The provisioning request requires different parameters depending on the selected wallet provider.

Field	Description
`walletProvider`	Target wallet provider. Values: `APPLE_PAY`, `GOOGLE_PAY`, `SAMSUNG_PAY`.
`cert1`	Apple Pay leaf certificate (hex-encoded). Required for Apple Pay. To see certificate formatting please refer to this section.
`cert2`	Apple Pay sub-CA certificate (hex-encoded). Required for Apple Pay. To see certificate formatting please refer to this section.
`nonce`	One-time nonce generated by Apple. Required for Apple Pay.
`nonceSignature`	Nonce signature provided by Apple. Required for Apple Pay.
`walletAccountId`	Wallet account identifier for Google Pay or Samsung Pay.
`deviceId`	Device identifier provided by Google or Samsung during provisioning.

When a card is successfully provisioned to a digital wallet, the card network generates a device-specific network token that represents the underlying card account. This tokenized credential is securely stored within the digital wallet and is used for all subsequent payment transactions.

The network token functions as a surrogate for the original card number and is managed independently from the physical or virtual card. Each wallet and device combination typically receives a unique token, improving security and reducing the risk of card data exposure during transactions.

Operational Considerations

Card Reissuance and Wallet Updates: When a card that has already been provisioned to a digital wallet is reissued or replaced, the digital wallet does not automatically update the stored card credentials. As a result:

The wallet may continue to store the previous CVV or expiration date.
Transactions may be declined until the updated card is provisioned again.

To restore wallet functionality, the cardholder must either:

Re-provision the new card using push provisioning, or
Manually re-enter the card details into the wallet application.