# MDES Token Connect APIs
source: https://developer.mastercard.com/issuer-enrollment/documentation/use-cases/push-provisioning/mdes-token-connect/index.md

## Enrollment Steps {#enrollment-steps}

Ensure to read the [pre-requisites](https://developer.mastercard.com/issuer-enrollment/documentation/quick-start-guide/index.md#before-you-start) before the enrollment steps.

#### Step 1. Present Click to Pay to consumers. {#step-1-present-click-to-pay-to-consumers}

1. Once cardholder logs into the Issuer app they are presented with the option to enroll in Click to Pay.
2. To present the Click to Pay:
   * Call `GetEligibleTokenRequestors` endpoint from the [MDES Token Connect API](https://developer.mastercard.com/mdes-token-connect/documentation/api-reference/) to receive the `TokenRequestorInfo` from MDES.
   * Call the `GetAsset` endpoint from the MDES Token Connect API to present the Click to Pay logo asset on the banking app/website.

<br />

#### Step 2. Consumer selects the card to add in Click to Pay. {#step-2-consumer-selects-the-card-to-add-in-click-to-pay}

1. Consumer selects the card to add in Click to Pay, reviews the pre-populated information, provides consent and continues to enroll.
2. Initiate push provisioning and tokenization request by calling the `pushMultipleAccounts` from the MDES Token Connect API and passing the Token Requestor Identifier (TRID) for Click to Pay, and the card details to MDES.
3. After successful tokenization and provisioning, MDES responds back with `pushAccountReceipt`, and other necessary details for the issuer to create the Click to Pay URI for the web browser experience.

<br />

#### Step 3. Consumer is sent to Click to Pay page. {#step-3-consumer-is-sent-to-click-to-pay-page}

1. As a response to `pushMultipleAccounts` endpoint, and successful card provisioning, MDES returns the following parameters:
   * `callbackURL`
   * `pushAccountReceipt`
   * `signature` if `tokenRequestorSignatureSupport` is `true` and at least one `pushAccountReceipt` is successfully returned.
2. Issuer builds the [redirection URL](https://developer.mastercard.com/mdes-token-connect/documentation/tutorials-and-guides/issuer-implementation-guide/) by including the response parameters. This URI redirects consumer to Click to Pay page where they find more information on Click to Pay and an option to click on *Remember Me* .   

There are 2 ways to build this redirection URL:
If the Token Requester supports `signature` verification, the `tokenRequestorSignatureSupport` shows `true` in the response.

The Issuer builds the redirection URL:   

* Pass the `signature` in the `pushAccountData` parameter for enhanced security.   
* Set the `locale` information, for example, `locale=en_US`.   
* Include `callbackURL`. For example: `callbackURL=https%3A%2F%2Fpartnerbank.com%2Ftokenization-results`   
* Include the `extFlow=true` parameter to enable the *"Remember Me"* experience.   

Sample redirection URL:

```curl
 https://src.mastercard.com/provision?pushAccountData=eyJhbGciOiJSUzI1NiIsImtpZCI6IjIwMjEwOTI3MDkxMzQwLU1ERVMtdG9rZW4tY29ubmVjdC1tdGYifQ.eyJwdXNoQWNjb3VudFJlY2VpcHRzIjpbIk1DQy1TVEwtREMzNTEyNkMtMjgwQS00MDc3LThGNDMtOEZDRDAwQUU3MjQxIl0sImNhbGxiYWNrVVJMIjoiaHR0cHM6Ly9zdGFnZS50b2tlbmNvbm5lY3QubWNzcmN0ZXN0c3RvcmUuY29tL3Rva2VuaXphdGlvbi1yZXN1bHRzIiwiY29tcGxldGVXZWJzaXRlQWN0aXZhdGlvbiI6dHJ1ZSwiYWNjb3VudEhvbGRlckRhdGFTdXBwbGllZCI6dHJ1ZSwibG9jYWxlIjoiZW5fVVMifQ.FFEJjbOoEiJV18lTGlnlvjDt-b7s4DvGef5WMq-Ncm1neh5PXE-srcqBt_01tvDgXcAN_izj_624KPeEBbQg_F2EZ5CDmKC0GLNbZhWuefv1gT9pGE0wX_-e6Nz7wF6X8vRXE8uaulz7g-30wYz-Ek4vjIc_rSESP2_oZFCxbPLq-FVTls2QA3x8DF_mH8GBAVNe2pkT-Eh_IsnQ5OhrG3liVVVeshNqxmUmMgSdNdf-m6s5WE_fCytQ_Jrf4gH-Vq3pZMifko7uYxYK5cz6OsZ1O7UA_Pyes8UCFYrMPI9M8iEdoav6tsfpXyCA9rmufEOa-YnREwc4swjgbtXDSA&locale=en_US&extFlow=true
```

If the Token Requester does not support `signature` verification, the Issuer builds the redirection URL:   

* Set the `locale` information, for example, `locale=en_US`.   
* Include `callbackURL`. For example: `callbackURL=https%3A%2F%2Fpartnerbank.com%2Ftokenization-results`   
* Include the `extFlow=true` parameter to enable the *'Remember Me'* experience.   

Sample redirection URL:

```curl
 https://src.mastercard.com/provision?pushAccountReceipts=MCC-STL-04FB7337-2308-4312-9433-C608BC1C391B&accountHolderDataSupplied=true&locale=en_US&completeIssuerAppActivation=false&completeWebsiteActivation=false&extFlow=true&callbackURL=https%3A%2F%2Fpartnerbank.com%2Ftokenization-results
```

<br />

#### Step 4. Card provisioning is complete and consumer returns to the issuer app/website {#step-4-card-provisioning-is-complete-and-consumer-returns-to-the-issuer-appwebsite}

1. Consumer is notified that the card has been added and provisioned and Click to Pay is ready to use.

2. Click to Pay returns the consumer back to the issuer app/website using the callBackURL in the redirection URL, supplied by Issuer in the previous step.

   ```curl
   https://partnerbank.com/tokenization-results?results%5BMCC-STL-04FB7337-2308-4312-9433-C608BC1C391B%5D=APPROVED%7CDWSPMC000000000132d72d4fcb2f4136a053
   ```

3. Click to Pay provides the result of the card provisioning to the Issuer after successfully tokenizing the card with a reference. Know how to receive results from Mastercard Click to Pay, refer to [Receive Response from Token Requester](https://developer.mastercard.com/mdes-token-connect/documentation/tutorials-and-guides/issuer-implementation-guide/#receive-response-from-token-requestor).

Diagram pp_addcards_pii_srcprofile1

## User Experience {#user-experience}

Consumers may experience three different scenarios during push provisioning and card enrollment.

### 1. Enrollment without additional verification {#1-enrollment-without-additional-verification}

Consumer's profile is created by adding and enrolling the card to Click to Pay through the Issuer's app/website. Issuer pre-fills their Personal Identifiable Information (PII) and hence no additional verification is required from the consumer.

![Provision cards into SRC](https://static.developer.mastercard.com/content/issuer-enrollment/documentation/img/demo_provision_cards_src_returntoappR020_updated.png "Provision Cards into SRC")

### 2. Enrollment with additional verification {#2-enrollment-with-additional-verification}

Consumer requests to add a new card to an already existing Click to Pay profile from the issuer app/website.
Click to Pay determines if a consumer requires additional verification and if an OTP verification is required.

![OTP Verification](https://static.developer.mastercard.com/content/issuer-enrollment/documentation/img/pp_otp_verification_02.png "Mastercard Click to Pay Push Provisioning OTP Verification")

### 3. Consumer cancels card provisioning {#3-consumer-cancels-card-provisioning}

After logging into the issuer's app/website, and selecting a card to add and enroll in Click to Pay, consumers can choose to click on Cancel instead of Continue.
In this case, card enrollment gets cancelled and consumers are redirected to the Issuer's app.

![Provision Cancelling](https://static.developer.mastercard.com/content/issuer-enrollment/documentation/img/pp_cancelling_03.png "Mastercard Click to Pay Push Provisioning Cancellation")
Note: The UX images used in the documentation are for illustration purposes only.