eWallet Tokens
eWallet Tokens APIs can be used for creating and retrieving push provisioning data, as well as retrieving eWallet Tokens for an account.
Overview
The eWallet Tokens feature allows partners to:
- Create push provisioning data
- Retrieve push provision configuration options for a specific account
- Retrieve eWallet tokens for a specific account
Note: Partners must be configured to use eWallet Token APIs. Contact your Green Dot representative to request configuration.
Digital Wallets
Digital wallets, such as Apple Pay and Google Pay, store digitized versions of payment instruments (cards) which provides customers with a secure and convenient way to store and use their payment instruments without carrying physical cards. The eWallet Tokens APIs allow Partners to offer digital wallet technology to their customers.
Tokenization
When using digital wallet technology, a customer’s card data, such as the PAN, CVV, and expiration date, is protected using card tokenization. Once a payment instrument is added to a digital wallet, the sensitive data is replaced with a token that serves as a reference to the payment instrument whenever it is used. For example, if a customer uses a payment instrument in their Google Pay digital wallet to purchase groceries, Google Pay will only provide the token at checkout without exposing any of the card data. Green Dot supports network tokenization where the card network (i.e., Visa, Mastercard, Discover, QUICPay) generates the tokens.
eWallet Tokens API Endpoints
Create Push Provisioning Data
Push provisioning allows customers to add credit and debit cards to their digital wallets (i.e. Google Pay or Apple Pay) directly from the card issuer’s (i.e. Visa or Mastercard) application. This endpoint can be used to create the data needed to add payment instruments to a digital wallet within the card issuer’s application.
API Call Structure
POST /programs/{programCode}/accounts/{accountIdentifier}/paymentInstruments/{paymentInstrumentIdentifier}/pushProvisionData
POST /programs/{programCode}/accounts/{accountIdentifier}/paymentInstruments/{paymentInstrumentIdentifier}/CreatepushProvisionData
API Call Structure Parameters
Field | Format | Required/Optional | Type |
---|---|---|---|
X-GD-RequestId | Header | Required | String |
programCode | Path | Required | String |
accountIdentifier | Path | Required | String |
paymentInstrumentIdentifier | Path | Required | String |
Sample Request
Sample Request Body – Apple Pay
{
"walletProvider":"apple",
"deviceData":{
"nonce":"fa5fa8f08186b3e52dd46a51cc22a638ab6badf69281aefce377ae7f7ca37c3d",
"nonceSignature":"ea83a9a6862149815a563d06f2b8dffb49ad00d9cfcb0ef683652f3ee0f16698",
"publicCertData":"30820413308203b8a003020102020812f0fd2adc53b95d300a06082a8648ce3d0403023081813
13b303906035504030c3254657374204170706c6520576f726c647769646520446576656c6f706572732052656c6
174696f6e73204341202d204543433120301e060355040b0c1743657274696669636174696f6e2041757
4686f7269747931133011060355040a0c0a4170706c6520496e632e310b3009060355040613025553301
e170d3137303532303034313535375a170d3139303631393034313535375a306d3136303406035504030
c2d6563632d63727970746f2d73657276696365732d656e6369706865726d656e745f5543362d496e4d6
56d6f72793111300f060355040b0c084170706c6550617931133011060355040a0c0a4170706c6520496e
632e310b30090603550406130255533059301306072a8648ce3d020106082a8648ce3d03010703420004
2e3e5ccf6b9ab04be7a22f3faccfde73c87e87155394a34815408a896ca18a374dac669af3bf6220fc863767f
4af47507c5bc221fc4a19874daf39b4074e3eb8a382022b30820227304f06082b060105050701010443304
1303f06082b060105050730018633687474703a2f2f6f6373702d7561742e636f72702e6170706c652e636
f6d2f6f63737030342d74657374777764726361656363301d0603551d0e04160414ad2ea3cb7e34c2edee
43684e27111fcc493339d0300c0603551d130101ff04023000301f0603551d23041830168014d6d6d55ae5
fffdc27c34c343debd68765c36a9be3082011d0603551d2004820114308201103082010c06092a864886f7
636405013081fe3081c306082b060105050702023081b60c81b352656c69616e6365206f6e20746869732
0636572746966696361746520627920616e7920706172747920617373756d657320616363657074616e
6365206f6620746865207468656e206170706c696361626c65207374616e64617264207465726d732061
6e6420636f6e646974696f6e73206f66207573652c20636572746966696361746520706f6c69637920616e
642063657274696669636174696f6e2070726163746963652073746174656d656e74732e303606082b06
010505070201162a687474703a2f2f7777772e6170706c652e636f6d2f636572746966696361746561757
4686f726974792f30410603551d1f043a30383036a034a0328630687474703a2f2f63726c2d7561742e636
f72702e6170706c652e636f6d2f6170706c657777647263616563632e63726c300e0603551d0f0101ff040
403020328301206092a864886f7636406270101ff04020500300a06082a8648ce3d040302034900304602
21008cbd4ab6614c58fd1a93584e05aac3d3afdcc6ca2942ba7214dc54a86ed7a9ee022100ded5771dc1d2
9ec34c2a971ddd3920fb1918b7480c6d4d4f13a4d8e8ff37b186"
}
}
Sample Request Body – Google Pay
{
"walletProvider":"google",
"deviceData":{
"clientDeviceId":"TdUHPKS07-Emnen8vpBtvCApt",
"clientWalletId":"oIm5zV9g0UObFJRuz92qZWhw"
}
}
Request Parameters
Field | Data Type | Required/Conditional | Description |
---|---|---|---|
walletProvider | Enum | Required | Provider of the digital wallet being used for provisioning. Options: • apple |
deviceData | Device Data | Required | Container for values needed from the device being used. This information varies by digital wallet provider. |
nonce | String | Conditional | Hex encoded unique value generated by the mobile device being used. Note: This field is only required for Apple Pay. |
nonceSignature | String | Conditional | Hex encoded signature generated by the mobile device’s secure element over the nonce field to prevent data tampering. Note: This field is only required for Apple Pay. |
publicCertData | String | Conditional | Hex encoded public certificate for which provisioning response data should be encrypted. Note: This field is only required for Apple Pay. |
clientDeviceId | String | Conditional | Stable hardware identifier obtained from the mobile device being used. Note: This field is only required for Google Pay. |
clientWalletId | String | Conditional | ID assigned by Google Pay. Note: This field is only required for Google Pay. |
Sample Response
Sample Response – Apple
{
"activationData":"FOqhkP1N4hvGoZ0DcUi/z6zQf6vOu0o/Zxdv7Ae6qb8=",
"encryptedPaymentData":{
"version":"EC_v3",
"ephemeralPublicKey":"ZZMsgjYmi0KDdxyFo12SfA==",
"publicKeyHash":"+OQASwQ/N06FeGjPAQ0X9w==",
"data":"jGQ8uoUK/0GVtTCsZNaE9Q=="
},
"displayName":"Super Product",
"paymentNetworkOperator":"Visa",
"responseDetails":[
{
"code":0,
"subCode":0,
"description":"Success",
"url":"http://tbd"
}
]
}
Sample Response – Google
{
"billingAddress":{
"addressLine1":"3465 E Foothill Blvd",
"addressLine2":"SUITE 100",
"city":"Pasadena",
"state":"CA",
"zipCode":"91107",
"countryCode":"USA",
"type":"Home",
"isDefault":true,
"isVerified":false,
"isReturned":false,
"lastUpdatedDateTime":"12/02/2019 01:34:13"
},
"phoneNumber":{
"number":"5555551234",
"type":"mobile",
"isDefault":true,
"isVerified":true,
"lastUpdatedDateTime":"12/02/2019 01:34:13"
},
"last4Pan":"1111",
"paymentNetworkOperator":"Visa",
"displayName":"Super Product",
"opc":"eyJraWQiOiJXOUdTOVFFWFJHVktWVE9MWFIxTzExa2VBSXdIVGF1aUtxdFBQWWxqM1A2bGdYLXVFIiwid
HlwIjoiSk9TRSIsImNoYW5uZWxTZWN1cml0eUNvbnRleHQiOiJTSEFSRURfU0VDUkVUIiwiZW5jIjoiQTI1NkdD
TSIsInRhZyI6IktCUWNRU2ZQUUpHYWtjRjdkMHh1VkEiLCJpYXQiOjE1NzUzMjE0NzIsImFsZyI6IkEyNTZHQ01
LVyIsIml2IjoiaV92blNMREZmaWthRGZwcyJ9.yF28yFIhoU-mreWRBbLA4HxHsjQg4kGfMARc5xCuDY0.9T-ZMi96DU-
yC9rP.48wfLg9F_bV8oiKnrxHfX8jRIKft2Xz2rLMDp9r6aHy25PI45X7VK54cTKtp-OG8wI1YCSlagoD2b3wZDGDITBdppvqo1GHRi_Hn7B4IUEENYRs0CleQq8ZltUL8zgfaGBP9iCOJD7Fk3ZPsxKtv
SZ5hkFgPAdkzjXH1EjHkib7o-zRkkX9NlpOJIctYQIpmubdUI95UKAN8WchXEV7kQXwsOukWxWo0rpoNSAmQwsGYBcfgEySQ7Fdg-
1mhI6fkkiOxqcKlTnszOYD9hQ77QwKmK6jYG6HpLwMia7nFmPMC4eG_P6qf6qTSmv6EtG57DjdW_AjEVKR
b3ZhH7PBjvl_5vdtxy448LxO_aHLqSK9b_Avkv5Q3faKRH5jzhe9l8t2D2YjYv-lf8zXED-
y1sSO5AqL4ScTwujs6QrVaYjwiC2c1MlTVxxUyMJIN7mE8pZYQOMt8U9H2juKYmG749qGgxzte0pEMoAK0D
TahifNMyzMQFzVl4vQz97cUxf04I71jMacjvNFs4DNk3GBls0eBixj8q5bytiTX371MBxsUATwdK7FuE85TcXzKJ
qzLOkXo108m-TAsXyI6muMDCAfm_3D17fwnePlMsNeEAg.HOhMDW0PdmesJtzCtk3Bjg",
"responseDetails":[
{
"code":0,
"subCode":0,
"description":"Success",
"url":"http://tbd"
}
]
}
Response Parameters
Field | Data Type | Required/Conditional | Description |
---|---|---|---|
activationData | String | Conditional | Base 64 encoded provisioning activation data used when provisioning request is for Apple. |
encryptedPaymentData | EncryptedData | Conditional | Container for Base64 encoded encrypted data and Base64 encoded ephemeral public key when the provisioning request is for Apple. |
ephemeralPublicKey | String | Conditional | Base64 encoded ephemeral public key. Included when provisioning request is for Apple. |
publicKeyHash | String | Conditional | Base 64 encoded encrypted data. Included when provisioning request is for Apple. |
data | String | Conditional | Base 64 encoded encrypted data. Included when provisioning request is for Apple. |
displayName | String | Conditional | Description of associated product. Included when provisioning request is for Apple. |
paymentNetworkOperator | String | Required | Identifier for payment network operator. Options: • Visa • MasterCard • Discover • QUICPay |
billingAddress | Billing Address | Conditional | Container for billing address information required when digital wallet provider is Google. |
addressLine1 | String | Conditional | Line 1 of customer’s primary billing address. Included when provisioning request is for Google. |
city | String | Conditional | City of customer’s primary billing address. Included when provisioning request is for Google. |
state | String | Conditional | State of customer’s primary billing address. Included when provisioning request is for Google. |
zipCode | String | Conditional | Zip code of customer’s primary billing address. Included when provisioning request is for Google. |
countryCode | String | Conditional | Country code of customer’s primary billing address. Included when provisioning request is for Google. |
isDefault | Boolean | Conditional | Indicates if billing address was verified. Included when provisioning request is for Google |
isVerified | Boolean | Conditional | Indicates if billing address was verified. Included when provisioning request is for Google |
isReturned | Boolean | Conditional | Indicates if mail was previously returned from this billing address. Included when provisioning request is for Google. |
lastUpdatedDateTime | String | Conditional | Date and time address was last updated. Included when provisioning request is for Google. |
phoneNumber | Phone Number | Conditional | Container for customer’s billing phone number information required when digital wallet provider is Google. |
number | String | Conditional | Customer’s phone number. Included when provisioning request is for Google. |
type | String | Conditional | Indicates if the phone number was verified. Included when provisioning request is for Google. |
isDefault | Boolean | Conditional | Indicates if the phone number was verified. Included when provisioning request is for Google. |
isVerified | Boolean | Conditional | Indicates if the phone number was verified. Included when provisioning request is for Google. |
lastUpdatedDateTime | String | Conditional | Date and time phone number was last updated. Included when provisioning request is for Google. |
opc | String | Conditional | Opaque payment card required when digital wallet provider is Google. |
last4Pan | String | Conditional | Last four digits of the payment card required when the digital wallet provider is Google. |
Response Codes
Code | subCode | Description |
---|---|---|
403 | 0 | Auth token is not valid |
10 | 0 | Account Not Found or Payment Instrument Not Found |
500 | 0 | Server Error |
503 | 0 | A downstream system is unavailable. It may be transient so the client may retry automatically. |
Obtain List of Push Provision Configuration Options
This endpoint allows Partners to retrieve a list of options that can be used to add payment instruments to a digital wallet for a specific account.
API Call Structure
GET /programs/{programCode}/accounts/{accountIdentifier}/pushProvisionConfig
Request Parameters
Field | Format | Required/Optional | Type |
---|---|---|---|
X-GD-RequestId | Header | Required | String |
programCode | Path | Required | String |
accountIdentifier | Path | Required | String |
Sample Response Body
{
"provisionConfigs":[
{
"walletProvider":"apple",
"tokenServiceProviderEncryptionVersion":"EV_ECC_v2",
"paymentNetworkOperator":"Visa"
},
{
"walletProvider":"google",
"tokenServiceProviderEncryptionVersion":"opc",
"paymentNetworkOperator":"Visa"
}
],
"responseDetails":[
{
"code":0,
"subCode":0,
"description":"Success",
"url":"http://tbd"
}
]
}
Response Parameters
Field | Data Type | Required/Optional | Description |
---|---|---|---|
provisionConfigs | Array | Required | Container for provision configuration options available for a specific accountIdentifier. |
walletProvider | String | Required | Provider of the digital wallet being used for provisioning. Options: • apple |
tokenServiceProviderEncryptionVersion | String | Required | Reference to internal encryption version to be used when create push provisioning data (POST /pushProvisionData) is called with the associated walletProvider. |
paymentNetworkOperator | String | Required | Identifier for the payment network operator. Options: • Visa • MasterCard • Discover • QUICPay |
Response Codes
Code | subCode | Description |
---|---|---|
10 | 0 | Account Not Found |
500 | 0 | Internal Server Error |
403 | 0 | Auth token is not valid |
503 | 0 | A downstream system is unavailable. It may be transient so the client may retry automatically. |
Obtain List of Previously Provisioned eWallet Tokens
This endpoint allows the retrieval of all eWallet tokens previously provisioned into a digital wallet for a specific account based on the accountIdentifier provided in the request.
API Call Structure
GET /programs/{programCode}/accounts/{accountIdentifier}/tokens
API Call Structure Parameters
Field | Format | Required/Optional | Type |
---|---|---|---|
X-GD-RequestId | Path | Required | String |
programCode | Path | Required | String |
accountIdentifier | Path | Required | String |
Sample Response Body
{
"tokens":[
{
"paymentIdentifier":"358d4590-c705-4897-8b8f-6a41b0ddcb3b",
"deviceId":"string",
"last4Pan":"6800",
"DPANID":"DNITHE301908474895150373",
"FPANID":"V-3019084710557757067789",
"PAR":"V0010013019084710556681691761",
"last4DPAN":"0858",
"wallet":"Apple Pay",
"walletType":"digitalWallet",
"status":"active"
},
{
"paymentIdentifier":"358d4590-c705-4897-8b8f-6a41b0ddcb3b",
"last4Pan":"6800",
"DPANID":"DNITHE301908476980456666",
"FPANID":"V-3019084710556356039764",
"PAR":"V0010013019084710556109830817",
"last4DPAN":"2256",
"wallet":"Google Pay",
"walletType":"digitalWallet",
"status":"active"
},
{
"paymentIdentifier":"358d4590-c705-4897-8b8f-6a41b0ddcb3b",
"last4Pan":"6800",
"DPANID":"DNITHE301908477007877450",
"FPANID":"V-3019084710554673407693",
"PAR":"V0010013019084710555813032289",
"last4DPAN":"6401",
"wallet":"Samsung Pay",
"walletType":"digitalWallet",
"status":"active"
}
],
"responseDetails":[
{
"code":0,
"subCode":0,
"description":"Success",
"url":"http://tbd"
}
]
}
Response Parameters
Field | Data Type | Required/Optional | Description |
---|---|---|---|
tokens | Array | Optional | Container for an array of eWallet tokens associated with the provided accountIdentifier |
paymentIdentifier | String | Required | Unique identifier for the Payment Instrument number. |
deviceId | String | Required | Identifier for the mobile device being used. |
last4Pan | String | Required | Last 4 digits of the payment instrument number. |
DPANID | String | Required | Network proxy representation of a digital card number. This ID will be unique to the mobile device being used. |
FPANID | String | Required | Network proxy representation of a payment identifier. This ID will be the same for the payment identifier on all mobile devices used. |
PAR | String | Required | Network proxy representation of an account. This number will be the same for all payment identifiers. |
last4DPAN | String | Required | Last 4 digits of a digital card number. |
wallet | String | Required | The digital wallet the payment identifier is being added to. Options: • Apple Pay • Google Pay |
walletType | String | Required | The type of digital wallet being used. Options: • digitalWallet • merchantToken |
status | String | Required | The status of the digital card number. Options: • active • suspended • deactivated • deleted • inactive • suspended • resume • tokenization • exception • replacement |
Response Codes
Code | subCode | Description |
---|---|---|
11 | 0 | No tokens exist for this account |
403 | 0 | Auth token is not valid |
10 | 0 | Account Not Found |
500 | 0 | Internal Server Error |
503 | 0 | A downstream system is unavailable. It may be transient so the client may retry automatically. |
Updated 12 months ago