Push provisioning flow is mandatory to offer tokenization, except for Google Pay in Argentina and Mexico.

Provisioning

Discover the differences between manual and automatic token provisioning flows.

Push provisioning

It is a process that allows you to quickly add a card to Apple Pay or Google Pay from the bank's or card issuer's application. In addition to being more convenient, it enhances security by avoiding manual entry of information that could be vulnerable to errors or fraud.

Let's go through the steps to add a card using Push provisioning:

Push provisioning flow

  1. Your customer opens your app and taps the "Add to Apple Wallet" or "Add to Google Pay" button.
  2. The Google or Apple Wallet application communicates with their servers to generate certificates and cryptographic values and shares them with the application.
  3. You share the information sent to you by Apple or Google using this API.
  4. We verify the information, generate the cryptographic data, and send it to your customer's application.
  5. The application receives the cryptographic data and sends it to Apple or Google.
  6. Apple or Google validate the cryptographic data and complete the tokenization of the card.

Manual provisioning

In order for your customers to complete their tokenization request, we recommend that you keep their data up-to-date using our User API.

This flow is triggered when Apple or Google need to verify that the person attempting to add the card is indeed the cardholder.

Let's go through the step-by-step process:

  1. Your customer opens Apple Wallet or Google Wallet and taps the Add Card button.
  2. They manually enter their card details.
  3. Pomelo verifies the card information and determines that additional information is needed to verify its authenticity.

  4. The yellow flow is triggered and your customer is asked to enter the OTP (One-Time Password) verification code. There are two available delivery options:

    • Direct delivery by Pomelo: Pomelo sends the OTP directly to your customers using the registered channel (SMS or email), with no additional integration required.

    • Delivery via Webhook: we generates the OTP and send the notification to the configured URL. You decide how and through which channel to communicate the OTP to your customer. For example: branded (e.g., branded SMS, push notification in your app, email). The key requirements for sending OTPs for Apple Pay can be found in Apple’s official documentation.

  5. Apple or Google validate the code entered and determine its authenticity.
  6. If everything goes well, the card is added. If not, your customer will be given the option to re-enter the correct code or contact your support team.

For more details on the technical integration of the OTP delivery webhook in Manual Provisioning, please refer to our technical documentation.

Did you find the content of this document helpful?