Hey @tom_dcsinnov,
Thanks for reaching out to Visa Developer Support. I have an excellent resource for discussing your Visa In-App Provisioning questions that I'd like to introduce to you. Their names are Anup and Shahzad and I've included them on this thread. Anup and Shahzad are very knowledgeable and friendly so I’m sure you’ll enjoy working with them. Please reach out to Anup and Shahzad if you have questions and they will be happy to help.
Please find below the test data.
***************************************************************************************
Encryption Key
|
VisaPublicKey_ForEncryption_Sbx_Cert.pem
|
Visa Public Key used in JWE Asymmetric Encryption.
|
|
Q2AY3V5E3ICNBUU66D8K11hBmzqdXSvTiNzZ-YnpozWRXTo50
|
KID – To be used in JWE Header
|
Test Data – VDP Sandbox (sandbox.api.visa.com)
Google Pay
|
PAN
|
X51X23XX20053999 – Replace X with 4
X51X231XX7208143
|
|
deviceID
|
uztEQocBRFrbK5hCgcDbxqw_
|
Apple Pay
|
PAN
|
45X42344X3926268 – Replace X with 1
45X4236833852412
|
|
deviceCert
|
MIID/TCCA6OgAwIBAgIIMq/qUa9Z2nMwCgYIKoZIzj0EAwIwgYAxNDAyBgNVBAMMK0FwcGxlIFdvcmxkd2lkZSBEZXZlbG9wZXIgUmVsYXRpb25zIENBIC0gRzIxJjAkBgNVBAsMHUFwcGxlIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MRMwEQYDVQQKDApBcHBsZSBJbmMuMQswCQYDVQQGEwJVUzAeFw0xODA2MDEyMjAzMTBaFw0yMDA2MzAyMjAzMTBaMGwxNTAzBgNVBAMMLGVjYy1jcnlwdG8tc2VydmljZXMtZW5jaXBoZXJtZW50X1VDNi1TQU5EQk9YMREwDwYDVQQLDAhBcHBsZVBheTETMBEGA1UECgwKQXBwbGUgSW5jLjELMAkGA1UEBhMCVVMwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATGiJjmEMmvOZBGj+tdj2ED7xnc9y1C0vNVaqZva7lvKkbgrfcWdo0/NdIJZ5wDcZ0eBtPuRJ+q/eSP9FLXQ19wo4ICGDCCAhQwDAYDVR0TAQH/BAIwADAfBgNVHSMEGDAWgBSEtoTMOoZichZZlOgao71I3zrfCzBHBggrBgEFBQcBAQQ7MDkwNwYIKwYBBQUHMAGGK2h0dHA6Ly9vY3NwLmFwcGxlLmNvbS9vY3NwMDMtYXBwbGV3d2RyY2EyMDUwggEdBgNVHSAEggEUMIIBEDCCAQwGCSqGSIb3Y2QFATCB/jCBwwYIKwYBBQUHAgIwgbYMgbNSZWxpYW5jZSBvbiB0aGlzIGNlcnRpZmljYXRlIGJ5IGFueSBwYXJ0eSBhc3N1bWVzIGFjY2VwdGFuY2Ugb2YgdGhlIHRoZW4gYXBwbGljYWJsZSBzdGFuZGFyZCB0ZXJtcyBhbmQgY29uZGl0aW9ucyBvZiB1c2UsIGNlcnRpZmljYXRlIHBvbGljeSBhbmQgY2VydGlmaWNhdGlvbiBwcmFjdGljZSBzdGF0ZW1lbnRzLjA2BggrBgEFBQcCARYqaHR0cDovL3d3dy5hcHBsZS5jb20vY2VydGlmaWNhdGVhdXRob3JpdHkvMDYGA1UdHwQvMC0wK6ApoCeGJWh0dHA6Ly9jcmwuYXBwbGUuY29tL2FwcGxld3dkcmNhMi5jcmwwHQYDVR0OBBYEFMNruSHk5gH1LauD+wBI/9sgl/VpMA4GA1UdDwEB/wQEAwIDKDASBgkqhkiG92NkBicBAf8EAgUAMAoGCCqGSM49BAMCA0gAMEUCIQDhL+sL9bcrvAVO3UvswA805EHujfL7iVDrbEuJfOSJoAIgBPKehtuILl9x/SJ5kxReiml1zkJqUB8nTy0UOfUNIIQ=
|
|
nonceSignature
|
QHuLYArUCO2OZevP0rHc99g9RJp4O1dgsZuVpUdlA7zPWqCDhVQo9Mxr1uPS6GVyjZYo3YElIhHRV4Mv3wEJ3hGOaxK1gResup88QWDK1fL0
|
|
nonce
|
kauVuA==
|
Sample Card Object
Card Object
{
"accountNumber": "451X234413926268",
"nameOnCard": "Google",
"expirationDate": {
"month": "12",
"year": "2022"
},
"cvv2": "533",
"billingAddress": {
"name": "shankar",
"line1": "12301 Research Boulevard",
"line2": "Research Boulevard",
"line3": "Visa USA",
"city": "Austin",
"state": "TX",
"countryCode": "US",
"postalCode": "78759"
}
}
************************************************************************************
To push provision a card to a Google or Apple Pay wallet using the Enroll Card API and VDEP SDK on the Visa Developer platform, you need to follow a specific implementation flow. Here’s a detailed guide on how to achieve this, addressing your concerns about constructing and encrypting the payload and PCI compliance.
1. Use the Enroll Card API:
- Firstly, you need to use the Enroll Card API to enroll the card and receive the `vCardId`.
2. GetSupportedWallets method:
- From your mobile app, call the `GetSupportedWallets` method provided by the VDEP SDK to determine which wallets (Google Pay, Apple Pay) are supported.
3. Construct and Encrypt the Payload:
- The payload that needs to be constructed from the `vCardId` must be encrypted before sending it to the mobile app. This should ideally be done on the server-side due to the sensitivity of the encryption keys and to maintain security.
- The encryption method and payload structure are specified in the VDEP SDK documentation. It typically involves using encryption keys provided by Visa or the wallet provider.
4. Encryption Specification:
- The encrypted payload should include details such as the PAN (Primary Account Number), expiration date, and other card details. This sensitive information must be encrypted using the specified encryption algorithms and keys.
- Refer to the [Visa Developer Documentation](https://developer.visa.com/) for exact specifications on how to construct and encrypt this payload.
5. PCI Compliance:
- Since your server is not PCI compliant, it should not handle or read the PAN directly. Instead, use Visa's services to handle sensitive card information.
- Visa provides tokenization services through which sensitive card details are converted into tokens. Your server can work with these tokens, which are PCI compliant.
- Ensure that the operation of constructing and encrypting the payload is done in a PCI compliant environment if it involves handling PAN or other sensitive information.
6. Server-Side Implementation:
- Implement server-side logic to construct the payload using the `vCardId`, then encrypt the payload using the encryption keys.
- Send the encrypted payload to the mobile app, where it can be used to provision the card to the wallet.
Here is a high-level implementation flow:
1. Enroll Card:
- Send a request to Enroll Card API and receive the `vCardId`.
2. Construct Payload:
- On the server-side, construct the payload including necessary card details.
3. Encrypt Payload:
- Encrypt the payload using the specified encryption method and keys.
4. Send Encrypted Payload:
- Send the encrypted payload to the mobile app.
5. Provision Card:
- Use the VDEP SDK on the mobile app to provision the card to the supported wallet using the encrypted payload.
For specific details on constructing and encrypting the payload, refer to the SDK documentation and API specifications on the Visa Developer Platform (https://developer.visa.com/).
Thanks,
Diana
Was your question answered? Don't forget to click on "Accept as Solution" to help other devs find the answer to the same question.
