# Fetch wallet payload for Apple Pay in-app provisioning Returns a wallet payload for adding the customer's card to their Apple Pay wallet via request to the Apple Pay API. This endpoint will trigger the process. The customer will receive a 2FA challenge to confirm the request. Endpoint: POST /v1/cards/{card_id}/sca_push_provision/apple_encrypted Version: 1.0 ## Path parameters: - `card_id` (string, required) card_id ## Request fields (application/json): - `certificates` (array) An array of leaf and sub-CA certificates provided by Apple. Each object contains a DER-encoded X.509 certificate, starting with the leaf and followed by the sub-CA. You must encode this value in Base64 format before providing it to the API. Example: ["MIID/DCCA6OgAwIBAgIIRBkEefDVkQ0wCgYIKoZIzj0EAwIwgYAxNDAyBgNVBAMMK0FwcGxlIFdvcmxkd2lkZSBEZXZlbG9wZXIgUmVsYXRpb25zIENBIC0gRzIxJjAkBgNVBAsMHUFwcGxlIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MRMwEQYDVQQKDApBcHBsZSBJbmMuMQswCQYDVQQGEwJVUzAeFw0yMDA2MDgxNzE3NDJaFw0yMjA3MDgxNzE3NDJaMGwxNTAzBgNVBAMMLGVjYy1jcnlwdG8tc2VydmljZXMtZW5jaXBoZXJtZW50X1VDNi1TQU5EQk9YMREwDwYDVQQLDAhBcHBsZVBheTETMBEGA1UECgwKQXBwbGUgSW5jLjELMAkGA1UEBhMCVVMwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATGiJjmEMmvOZBGj+tdj2ED7xnc9y1C0vNVaqZva7lvKkbgrfcWdo0/NdIJZ5wDcZ0eBtPuRJ+q/eSP9FLXQ19wo4ICGDCCAhQwDAYDVR0TAQH/BAIwADAfBgNVHSMEGDAWgBSEtoTMOoZichZZlOgao71I3zrfCzBHBggrBgEFBQcBAQQ7MDkwNwYIKwYBBQUHMAGGK2h0dHA6Ly9vY3NwLmFwcGxlLmNvbS9vY3NwMDMtYXBwbGV3d2RyY2EyMDUwggEdBgNVHSAEggEUMIIBEDCCAQwGCSqGSIb3Y2QFATCB/jCBwwYIKwYBBQUHAgIwgbYMgbNSZWxpYW5jZSBvbiB0aGlzIGNlcnRpZmljYXRlIGJ5IGFueSBwYXJ0eSBhc3N1bWVzIGFjY2VwdGFuY2Ugb2YgdGhlIHRoZW4gYXBwbGljYWJsZSBzdGFuZGFyZCB0ZXJtcyBhbmQgY29uZGl0aW9ucyBvZiB1c2UsIGNlcnRpZmljYXRlIHBvbGljeSBhbmQgY2VydGlmaWNhdGlvbiBwcmFjdGljZSBzdGF0ZW1lbnRzLjA2BggrBgEFBQcCARYqaHR0cDovL3d3dy5hcHBsZS5jb20vY2VydGlmaWNhdGVhdXRob3JpdHkvMDYGA1UdHwQvMC0wK6ApoCeGJWh0dHA6Ly9jcmwuYXBwbGUuY29tL2FwcGxld3dkcmNhMi5jcmwwHQYDVR0OBBYEFMNruSHk5gH1LauD+wBI/9sgl/VpMA4GA1UdDwEB/wQEAwIDKDASBgkqhkiG92NkBicBAf8EAgUAMAoGCCqGSM49BAMCA0cAMEQCID06q9UcsbqNKkjFq6mZ640b2sGalDxBBT0zd2QwymTvAiAgFoMAozhg3MFjkV4d0LSPvH8QldM+2cdemVT74+1+wA==","MIIC9zCCAnygAwIBAgIIb+/Y9emjp+4wCgYIKoZIzj0EAwIwZzEbMBkGA1UEAwwSQXBwbGUgUm9vdCBDQSAtIEczMSYwJAYDVQQLDB1BcHBsZSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTETMBEGA1UECgwKQXBwbGUgSW5jLjELMAkGA1UEBhMCVVMwHhcNMTQwNTA2MjM0MzI0WhcNMjkwNTA2MjM0MzI0WjCBgDE0MDIGA1UEAwwrQXBwbGUgV29ybGR3aWRlIERldmVsb3BlciBSZWxhdGlvbnMgQ0EgLSBHMjEmMCQGA1UECwwdQXBwbGUgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxEzARBgNVBAoMCkFwcGxlIEluYy4xCzAJBgNVBAYTAlVTMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE3fC3BkvP3XMEE8RDiQOTgPte9nStQmFSWAImUxnIYyIHCVJhysTZV+9tJmiLdJGMxPmAaCj8CWjwENrp0C7JGqOB9zCB9DBGBggrBgEFBQcBAQQ6MDgwNgYIKwYBBQUHMAGGKmh0dHA6Ly9vY3NwLmFwcGxlLmNvbS9vY3NwMDQtYXBwbGVyb290Y2FnMzAdBgNVHQ4EFgQUhLaEzDqGYnIWWZToGqO9SN863wswDwYDVR0TAQH/BAUwAwEB/zAfBgNVHSMEGDAWgBS7sN6hWDOImqSKmd6+veuv2sskqzA3BgNVHR8EMDAuMCygKqAohiZodHRwOi8vY3JsLmFwcGxlLmNvbS9hcHBsZXJvb3RjYWczLmNybDAOBgNVHQ8BAf8EBAMCAQYwEAYKKoZIhvdjZAYCDwQCBQAwCgYIKoZIzj0EAwIDaQAwZgIxANmxxzHGI/ZPTdDZR8V9GGkRh3En02it4Jtlmr5s3z9GppAJvm6hOyywUYlBPIfSvwIxAPxkUolLPF2/axzCiZgvcq61m6oaCyNUd1ToFUOixRLal1BzfF7QbrJcYlDXUfE6Wg=="] - `nonce` (string) A single-use nonce provided by Apple. You must hex-encode this value before providing it to the API. Example: "c5846fb5" - `nonce_signature` (string) Nonce signature provided by Apple. You must hex-encode this value before providing it to the API. Example: "4061d9d63ed34825f285d953274a6c5e06ebe011bf91d79660e1f7c6f6d21427abb3a62e6352e430abff987f6ec37e5dff9f3dbe40275156d03eeb594ab191d2792f37ef13ac528a65f56165c1d753463f" ## Response 200 fields (application/json): - `id` (string) ID of the change request. Example: "d6c778822b2d7bd3b778935bcfd0d1d3csc" - `status` (string) The current status of the change request. Enum: "ACCEPTED", "AUTHORIZATION_REQUIRED", "CONFIRMATION_REQUIRED", "COMPLETED", "FAILED" - `updated_at` (string) UTC timestamp from the last time the change request was updated. Example: "2022-04-21T13:59:52+00:00" - `url` (string) URL to use to authorize the change request. Example: "https://example.com/authorize" ## Response 201 fields (application/json): - `wallet_payload` (object) - `wallet_payload.activation_data` (string) The request's activation data. Example: "TUJQQUMtMS1GSy0xMjM0NTYuMS0tVERFQS1DQUY2MDEzRTdCM0ExQzRDQ0UyRTI1RTEzMzhCMkFBMjE4REY3ODZERDUyOEQ5MDkxRDQ0NUNFQUU1ODI3QzlCMTY4QzQ5OTYzQUU0MjNDQThBRTI0OEEyNzY4NjlDN0M=" - `wallet_payload.encrypted_pass_data` (string) An encrypted JSON file containing the sensitive information needed to add the card to the customer's Apple Pay wallet. Example: "C81C62879B07661A835D53CD39DC67DC1FC011912B4234EF0C9C39638AA0FBD038C2666EBC22C180F1F4E079E8B4EEB40322D2DB2E37B0D410331E07084116F988E501DE10F7201F42B314135DD050F253C8F4C3797BB6A33FBD2DEBC815D7EC827C2BDAF4FE8D8A31778F349F57C0CF672582601F423B9E109B57B819444E6ABE2D860671D8D87F93EF1055E4B97218037ADCD82A51017A375B90AD442F207E36E06F8BDDE500A142BDD54287C9EDA58284C808FEB9782CB54F72DE1F428266DFB6C20BE24B2279E63FF3AF6292DBA50DF61E54730CDB4C925F0853D998156423DD60833A46C05D7BC783C8C0EBDA9E245ABC1CB074D4A769790E9F81405E413D7F0D80CB3561B332B063B0766FBF6191AFC1CA3C49035B3EEEB821CFB4115A92E96933A8D8A65EFACDF80254EE9C8FEA81D10BF2CBC1CFF186DF7A67A046B21E551985ADE724CCAC04AD00813949B40EFCDC75B6EA64D6FA31999C1A4CA10BFD85B9A16B4B7789DA1A50B65C4CB3BF247D7982A6AC209F0744668E1B139E5DD2336D0F31D16DBB700A49D02F8A96A39BB4ED3F585AD9E5392520AE4355087152AE2BE0899FBC56695F1525C24E9B91530651D23BA77852FC934F7AF9F6827D7837C258D7890827F53733992B0309A511514D1ACE055EA4AA2CB5B98BFE4D48FD9F" - `wallet_payload.ephemeral_public_key` (string) The ephemeral public key used by elliptic curve cryptography (ECC). Example: "040E245432914D9CBB00DC27BA9E6437F8F5F5140A3C44D10B3F736F49583A9F98023DA94FE008D371163FBA4768E226E4702CB757C1E892A0286143753E291C4E" ## Response 400 fields (application/json): - `errors` (array) Example: [{"id":"jhPSfNcJ9rB5F4IppoXoWkSetZGolcrINS","status":400,"code":"validation_error","title":"Validation Error","detail":"Failed to validate chain of trust for apple certificates with error - Certification path could not be validated."}] - `errors.id` (string) Error identifier - `errors.status` (integer) Error status - `errors.code` (string) Error code - `errors.title` (string) Error title - `errors.detail` (string) Error detail ## Response 403 fields (application/json): - `id` (string) Example: "a95f2aaf-4e0c-4d49-8021-8a16a884ed86" - `status` (string) Example: "403" - `code` (string) Example: "unauthorized_action" - `title` (string) Example: "Unauthorized Action" - `detail` (string) Example: "Unauthorized action is not allowed." ## Response 404 fields (application/json): - `id` (string) Example: "a95f2aaf-4e0c-4d49-8021-8a16a884ed86" - `status` (string) Example: "404" - `code` (string) Example: "model_not_found" - `title` (string) Example: "Model Not Found" - `detail` (string) Example: "Couldn't find 'Solaris::Identification' for id 'bbbcccfff388923eb899a5852df6cidt'." ## Response 500 fields (application/json): - `id` (string) Example: "e8915041-9d8c-4d96-9dd1-04e8522ecdbf" - `status` (string) Example: "500" - `code` (string) Example: "generic_error" - `title` (string) Example: "Generic Error" - `detail` (string) Example: "There was an error."