# Enable a Card in a Wallet App with Token Activation in the Issuer’s App
source: https://developer.mastercard.com/mastercard-processing-digital/documentation/use-cases/enable-card-in-wallet-app-with-token-act-in-iss-app/index.md

## Overview {#overview}

The use case describes the process for a cardholder to enable a card in a specified wallet application where the cardholder selects the issuer's mobile application to activate the token. This process is applicable when Mastercard Processing (MP) exchanges Tokenization Authentication Value (TAV) keys with Mastercard MDES on behalf of the issuer.

## Sequence diagram {#sequence-diagram}

Diagram enable-card-in-wallet-app

### Explanation {#explanation}

1. The cardholder decides to add a card to the wallet directly through the wallet application.
2. The wallet application sends the request to the MDES with encrypted card data provided by the cardholder in step 1 to check if the card is eligible to be tokenized.
3. The MDES returns a successful response that the card can be tokenized and provides terms and conditions (T\&C) to the wallet server.
4. The wallet application displays T\&C to the cardholder.
5. The cardholder accepts the T\&C in the wallet application.
6. The wallet server sends a token activation request to the MDES.
7. The MDES sends the pre-digitization message, Tokenization Authorization Request (TAR), to the Mastercard Processing for tokenization decision.
8. After internal checks (that is, card product tokenization eligibility, card status and expiry date, and so on) are done by the Mastercard Processing CMS, Mastercard Processing sends the TAR response back to the MDES with the response code = 85 based on the applied tokenization rule. It means that the card can be tokenized after additional authentication with the ID\&V method. Note: During the onboarding process, the Mastercard Processing applies to every selected wallet a default set of tokenization rules that covers specific functional requirements of wallet providers, schemes, or fraud recommendations linked with, applying the appropriate path whether to:
   * Approve tokenization request (green path, Mastercard Processing returns response code 00 in the TAR response),
   * Decline (red path, Mastercard Processing returns response code 05 in the TAR response),
   * Or approval is subject to further cardholder authentication (yellow or orange path, Mastercard Processing returns response code 85 in the TAR response).

   In case of the yellow or orange path, you must configure cardholder identification and verification (ID\&V) methods that are supported by you and the MDES:
   * Authentication by activation code generated by the MDES and delivered to the cardholder by SMS (by Mastercard Processing or by you) or e-mail (by you).
   * Authentication by your call center.
   * Authentication by your website.
   * Authentication by your mobile application. It is not recommended to use your mobile application both for push provisioning and in-app verification. It is recommended for tokenization initiated in the wallet application.

   The use case describes one of the scenarios when a yellow or orange path is applied, and the cardholder selects authentication by your mobile application.
9. The Mastercard Processing concurrently sends a TAR notification to the issuer server.
10. The MDES returns the pre-digitization TAR response to the wallet server. The pre-digitization TAR response contains the following details:
    * Token number (last four digits).
    * Token unique reference (TUR).
    * Token expiry date.
    * Response code indicating that the token can be activated after additional ID\&V method execution.
11. The wallet application displays a list of possible ID\&V methods (to be used to activate the token) to the cardholder.
12. The cardholder selects the name of the issuer mobile application to activate the token.
13. The wallet application launches the issuer application to authenticate the cardholder in the issuer application. The request contains the following information:
    * Payment App Provider ID.
    * Payment App Instance ID.
    * Token Unique Reference (TUR).
    * Primary Account Number (PAN) Suffix.
    * Account Expiry.
    * Call Back URL (specific to iOS).   
      Refer to the respective wallet documentation to understand the communication and parameters to be shared between the two applications.
14. The cardholder authenticates themselves in the issuer application, and the application sends the requests to the issuer server to generate TAV if token activation via TAV is supported by the wallet provider. Note: If TAV-based activation is not supported by the respective wallet, the issuer shall build the new flow leveraging [MDES Customer Service API](https://developer.mastercard.com/mdes-customer-service/documentation/api-reference/) to activate the token.
15. The issuer server sends the `POST` request to the `/cards/{card_contract_id}/tavs/searches` endpoint with the `tokenUniqueReference` field in the request body containing the value of Token Unique Reference for the token waiting for activation.
16. The Mastercard Processing API returns the `tokenAuthenticationValue` containing Base64-encoded digital signature generated for a specified `cardContractId`, `cardExpiryDate`, and `tokenUniqueReference`. Note: To generate TAV for you, during the onboarding project, Mastercard Processing must first exchange TAV keys with Mastercard MDES on your behalf.
17. The issuer server forwards the TAV, generated in step 16, to the issuer application.
18. The issuer application forwards the TAV, received in step 17, to the wallet application.
19. The wallet application passes TAV to the MDES to activate the token.
20. The MDES activates the token and sends the Tokenization Complete Notification (TCN) to Mastercard Processing.
21. The Mastercard Processing sends the TCN acknowledgment to MDES.
22. The Mastercard Processing concurrently sends the TCN notification to the issuer server. Note: Optionally, Mastercard Processing can send an SMS to the cardholder with confirmation that their card has been added to the respective wallet.
23. The MDES sends the TCN notification, informing that the token has been activated, to the wallet server.
24. The cardholder is notified through the wallet application that the card has been added to a selected wallet. Note: Not all interactions between the wallet application and the corresponding wallet server have been described in the diagram.

Refer to [Sandbox testing](https://developer.mastercard.com/mastercard-processing-digital/documentation/sandbox-testing/enable-card-in-wallet-app/index.md) for more information on how to execute the use case in the Sandbox environment.

## Endpoint {#endpoint}


API Reference: `POST /cards/{card_contract_id}/tavs/searches`