Method: paycache.getApplePayPassData

Gets an issuer encrypted pass data object for a given card, suitable for use in Apple Pay Push Provisioning (aka Issuer Provisioning).

An example request looks like:


{
  "requestHeader": {
    "protocolVersion": {
      "major": 1
    },
    "requestId": "G1MQ0YERJ0Q7LPM",
    "requestTimestamp": {
      "epochMillis":1481899949606
    },
    "paymentIntegratorAccountId": "abcdef123456"
  },
  "googleInstrumentToken": "Instrument12345",
  "certificateChain": ["base64UrlEncodedLeafCert1234", "base64UrlEncodedSubCaCert1234"],
  "nonce": "base64UrlEncodedNonce",
  "nonceSignature": "base64UrlEncodedNonceSignature"
}

An example success response looks like:


 {
   "responseHeader": {
     "responseTimestamp": {
       "epochMillis":1481899950236
     }
   },
   "result": {
     "applePayPassDataDetails": {
       "encryptedPassData": "base64UrlEncodedEncryptedPassData1234",
       "activationData": "base64UrlEncodedActivationData1234",
       "ephemeralPublicKey": "base64UrlEncodedEphemeralPublicKey1234"
     }
   }
 }

HTTP request

POST https://www.integratordomain.com/v1/paycache/getApplePayPassData

Request body

The request body contains data with the following structure:

JSON representation
{
  "requestHeader": {
    object (RequestHeader)
  },
  "googleInstrumentToken": string,
  "certificateChain": [
    string
  ],
  "nonce": string,
  "nonceSignature": string
}
Fields
requestHeader

object (RequestHeader)

REQUIRED: Common header for all requests.

googleInstrumentToken

string

REQUIRED: Contains the googleInstrumentToken value that was provided during the issueCard call.

certificateChain[]

string

REQUIRED: An array of certificate provided by Apple. Each object contains a DER encoded X.509 certificate, with the leaf first and root last. Must contain at least a root and a leaf. Partner bank should validate the chain, including that it is rooted in the Apple Certificate Authority. They are Base64url-encoded. See https://developer.apple.com/documentation/passkit/pkaddpaymentpassviewcontrollerdelegate/1615915-addpaymentpassviewcontroller for further details.

nonce

string

REQUIRED: One-time-use nonce provided by Apple servers for security purposes. Base64url encoded. See https://developer.apple.com/documentation/passkit/pkaddpaymentpassviewcontrollerdelegate/1615915-addpaymentpassviewcontroller for further details.

nonceSignature

string

REQUIRED: Signature of the nonce field, signed by the secure element on the device. Base64url encoded. See https://developer.apple.com/documentation/passkit/pkaddpaymentpassviewcontrollerdelegate/1615915-addpaymentpassviewcontroller for further details.

Response body

If successful, the response body contains data with the following structure:

Response object for the paycache.getApplePayPassData method.

JSON representation
{
  "responseHeader": {
    object (ResponseHeader)
  },
  "result": {
    object (GetApplePayPassDataResult)
  }
}
Fields
responseHeader

object (ResponseHeader)

REQUIRED: Common header for all responses.

result

object (GetApplePayPassDataResult)

REQUIRED: Details corresponding to the result.

GetApplePayPassDataResult

Details corresponding to the result.

JSON representation
{
  "applePayPassDataDetails": {
    object (ApplePayPassDataDetails)
  }
}
Fields
applePayPassDataDetails

object (ApplePayPassDataDetails)

The Apple Pay Pass Data has been successfully retrieved.

ApplePayPassDataDetails

The full details of the Apple Pay Encrypted Pass Data and related fields.

JSON representation
{
  "encryptedPassData": string,
  "activationData": string,
  "ephemeralPublicKey": string
}
Fields
encryptedPassData

string

REQUIRED: The encrypted pass data, which contains sensitive card details used for provisioning to Apple Pay, along with the nonce and nonceSignature from the request. See ephemeralPublicKey for a description of the encryption process. This field corresponds to a similar field of Apple's PKAddPaymentPassRequest. Base64url encoded. See https://developer.apple.com/documentation/passkit/PKAddPaymentPassRequest for further details.

activationData

string

REQUIRED: The activation data, which is an OTP authorizing this provisioning attempt from the partner bank to the payment network operator ("PNO", also known as the Token Service Provider or "TSP"). The exact details of this field must be agreed to between the partner bank and the PNO. Mastercard refers to this field as the Tokenization Authentication Value. This field corresponds to a similar field of Apple's PKAddPaymentPassRequest. Base64url encoded. See https://developer.apple.com/documentation/passkit/PKAddPaymentPassRequest for further details.

ephemeralPublicKey

string

REQUIRED: An ephemeral public key, half of an ephmeral key pair generated by the partner bank for this provisioning attempt. The private key is combined with the Apple public leaf certificate given in the request, to produce a shared key, which is used to encrypt encryptedPassData. This field corresponds to a similar field of Apple's PKAddPaymentPassRequest. Base64url encoded. See https://developer.apple.com/documentation/passkit/PKAddPaymentPassRequest for further details.