# Enable a Card for Click to Pay in Issuer’s Mobile App (through Mastercard Enroll API)
source: https://developer.mastercard.com/mastercard-processing-digital/documentation/use-cases/enable-card-click-to-pay-issuer-mobile-app-enroll/index.md

## Overview {#overview}

The use case describes the process for a cardholder to enable a card for Click to Pay using push provisioning in issuer's mobile application.
Note: The use case supports only one card per provisioning. If cardholders have multiple cards, issuers should pre-select one or allow them to select a preferred card before initiating the process. Alternatively, refer to [Auto-enable single or multiple cardholders in Click to Pay](https://developer.mastercard.com/mastercard-processing-digital/documentation/use-cases/auto-enable-cardholders-click-to-pay/index.md) if you want to enable Click to Pay for multiple cards in a single request. Tip: You can use Mastercard Processing Digital API to check if the cardholder's cards are already enabled for Click to Pay. If that is the case, the `getTokensByClient` API will return card contracts where `walletName` = `MDES for Merchants` and `tokenRequestorId` = `50123197928`.

Preconditions:

* The issuer is de-scoped from the PCI DSS regulation (you are PAN-less issuer).
* The issuer is integrated with Mastercard Digital Enablement Service (MDES).
* The issuer is onboarded to Mastercard Click to Pay and the API keys for Enroll API have been obtained.
* The card has been issued through the Mastercard Processing Core APIs and stored in the Mastercard Processing Card Management System with a corresponding `cardContractId` and `cardContractNumber` (PAN) in an active status.

## Sequence diagram {#sequence-diagram}

Diagram enable-card-click-to-pay-enroll

### Explanation {#explanation}

1. The cardholder logs into mobile application or website and is presented with an option to enroll their card in Click to Pay. They choose to proceed with the enrollment.
2. The mobile application sends a request to the issuer server to enroll the card in Click to Pay.
3. The issuer server sends the `POST` request to the Mastercard Processing Digital `/cards/searches` endpoint with the following properties:
   * `Enroll-Client-Encryption-Key` header: contains the Client Encryption Key, which you generated when requesting access to the Mastercard Enroll API in the [Mastercard Connect](https://developer.mastercard.com/issuer-enrollment/tutorial/issuer-onboarding-click2pay-production/).
   * `enrollType` = `SYNCHRONOUS`: specifies the Enroll API mode for which the encrypted object will be generated.
   * `synchronousRequest`: object containing
     * all the fields required by the Enroll API Synchronous for the encrypted card object as indicated [here](https://developer.mastercard.com/issuer-enrollment/tutorial/perform-encryption/step2/) except:
       * `primaryAccountNumber`
       * `panExpirationMonth`
       * `panExpirationYear`
       * `cardSecurityCode`
     * `cardContractId`: It is the card contract's identifier stored in the Mastercard Processing CMS that is generated and returned during the Mastercard Processing Core `createCardContract` API call.
4. The Mastercard Processing Digital API fetches PAN and `cardExpiryDate` from the CMS for the `cardContractId` sent in step 3. Tip: Make sure the card is active, as Mastercard Processing Digital does not verify its status when obtaining PAN and expiry date from the CMS. Note: In current version of the endpoint, `cardSecurityCode` is not fetched from the CMS and will not be part of an encrypted card object (`cardData`) returned in the response.
5. The Mastercard Processing Digital API generates, encrypted with `Enroll-Client-Encryption-Key`, card object (`cardData`) containing all properties provided in the request (excluding `cardContractId`), and the PAN and card expiry date obtained in step 4.
6. The Mastercard Processing Digital API responds to the issuer server with HTTP status code `200` together with the body built in step 5.
7. The issuer server takes encrypted `cardData` object from step 5 and together with other properties required as per your integration with Enroll API Synchronous (for example, `srcClientId`, `serviceId`, `consumer`, `complianceSettings`) sends `POST` request to the `/cards` Enroll API endpoint to enable card for Click to Pay.
8. The Click to Pay initiates the tokenization process.
9. The MDES sends the pre-digitization message, Tokenization Authorization Request (TAR), to Mastercard Processing for tokenization decision.
10. After internal checks (that is, card product tokenization eligibility, card status, and expiry date) done by the Mastercard Processing CMS, the Mastercard Processing sends the TAR response to the MDES with the response code = 00, meaning that the card can be tokenized without any additional authentication.
11. The Mastercard Processing concurrently sends the TAR notification to the issuer server.
12. The MDES returns Tokenization Complete Notification (TCN) to Click to Pay confirming successful tokenization.
13. The MDES concurrently to step 12 sends the Tokenization Complete Notification (TCN) to Mastercard Processing.
14. The Mastercard Processing sends the TCN acknowledgment to MDES.
15. The Mastercard Processing concurrently to step 14 sends a TCN notification to the issuer server.
16. The Enroll API returns to the issuer server HTTP status code `200` together with the response body containing masked details of a card that has been successfully enrolled along with assigned `srcDigitalCardId` and `srcConsumerId` that can be used later to [manage enrolled card and consumer's profile in the Click to Pay](https://developer.mastercard.com/issuer-enrollment/documentation/use-cases/auto-enrollment/life_cycle/) directory.
17. The mobile application shows that the Click to Pay enrollment is completed and starts presenting Click to Pay profile management. Note: Optionally, Mastercard Processing may send an SMS to inform the cardholder that their card has been added to Click to Pay.

Refer to [Sandbox testing](https://developer.mastercard.com/mastercard-processing-digital/documentation/sandbox-testing/enable-card-for-click-to-pay-enroll/index.md) for more information on how to execute the use case in the Sandbox environment.

## Endpoints {#endpoints}

##### Enroll API-Synchronous {#enroll-api-synchronous}

[POST /cards](https://developer.mastercard.com/issuer-enrollment/documentation/api-reference/apis/#enroll-api-synchronous)

<br />

##### Mastercard Processing {#mastercard-processing}


API Reference: `POST /cards/searches`