# Push Provisioning with MDES Token Connect
source: https://developer.mastercard.com/mdes-digital-enablement/documentation/use-cases/push-provisioning-merchant-use-case/index.md

## Overview {#overview}

Consumers continue to store credentials with merchants for recurring payments and card-on-file scenarios.

MDES Token Connect allows consumers to push payment information from their issuers website or mobile banking app to participating merchant websites and apps for secure, convenient online checkouts.

MDES Token Connect is available for MDES token requestors (such as merchants) and MDES issuers.

### Related Documents: {#related-documents}

* MDES Token Connect - Token Requestor Implementation Guide and Specification [mdesrq_manual.pdf](https://static.developer.mastercard.com/content/mdes-digital-enablement/uploads/mdesrq_manual.pdf) (1MB)

### Available for Use By {#available-for-use-by}

* Merchants integrated with MDES
* Merchant Payment Service Providers (mobile app, website suppliers, etc.)

### Regional Availability: {#regional-availability}

* Global

### Scenario {#scenario}

Susan likes the convenience of making purchases online using her mobile phone. She opens her mobile banking app to check her account balance. She sees a new service that lets her load her account or cards into participating merchants and digital wallets and recognizes her favorite merchant in the list of suggestions. She decides to take advantage of this new service by loading her card into her favorite merchant. She can now shop with confidence knowing her purchases are convenient and secure.

![End-to-End Flow](https://static.developer.mastercard.com/content/mdes-digital-enablement/documentation/use-cases/push-provisioning-merchant-use-case/img/complete-flow.png)

## Key Benefits {#key-benefits}

#### Merchants {#merchants}

* **Greater brand visibility** through the issuer's interface
* **Increase in consumer accounts** from issuers for future transactions
* **Scalable and interoperable framework** with a single integration: once connected to *MDES Token Connect,* merchants can accept push provisioning requests from any MDES issuer that has implemented the framework

#### Consumers {#consumers}

* **Instant issuance:** Consumers can use their digital credentials as soon as they have been approved, even before their plastic card has been shipped
* **Convenient:** Load new cards or accounts into favorite merchants and digital wallets simply and easily. Rather than entering their payment information manually, consumers simply select the card or account they want to digitize and choose from an up-to-date list of participating merchants
* **Secure:** Provisioned card or accounts are tokenized so consumers can shop online and in-app knowing their transactions are secure

### APIs used {#apis-used}

* MDES Token Connect uses *tokenize* function from the [MDES Digital Enablement API](https://developer.mastercard.com/mdes-digital-enablement/documentation/api-reference/index.md), allowing merchants to tokenize accounts.
  * The token connect specific parameters for *tokenize* are available in the [Tokenize API - Token Connect Specification](https://static.developer.mastercard.com/content/mdes-digital-enablement/swagger/mdes-digital-enablement-tokenize-TCC.yaml).

### Preliminary steps {#preliminary-steps}

#### Merchant setup {#merchant-setup}

Merchants must be integrated with the Mastercard Digital Enablement System (MDES) to participate in Push Provisioning. Supporting *MDES Token Connect* is optional for MDES token requestors.

The Merchant must be integrated to MDES through [MDES Digital Enablement API](https://developer.mastercard.com/mdes-digital-enablement/documentation/api-reference/index.md) version 1.2.9 or higher version and with the [Tokenize API - Token Connect Specification](https://static.developer.mastercard.com/content/mdes-digital-enablement/swagger/mdes-digital-enablement-tokenize-TCC.yaml).

A merchant supporting *MDES Token Connect* supplies additional setup parameters to MDES, including:

* An **image** that consumers will see from their issuer app or website. The image provided should be a logo that consumers associate with the merchant's brand

* A **consumer-facing name** that will be displayed next to the merchant's logo in the issuer app or website. This name may differ from the merchant's legal name

* The URI(s) that the issuer app or website will invoke to launch the merchant's app or website. URIs can be provided for several user interfaces, but at least one is required:

* URI for Android app

* URI for iOS app

* URI for web browser

* Whether the merchant accepts multiple cards and accounts (a maximum of five) simultaneously

* Which additional consumer information (name, billing address, email address, phone number) the merchant agrees to receive from the issuer

#### Issuer fetches eligible token requestors {#issuer-fetches-eligible-token-requestors}

When enabled for *MDES Token Connect*, an issuer is able to retrieve from MDES the Token Connect parameters of each token requestor (including merchants) for which they have enabled their account range(s).

Issuers refresh this information periodically. They use this information to build up the consumer experience of their issuer app or website: a consumer-friendly list of merchants, digital wallets and commerce platforms to which consumers can push their cards or accounts to.

## How it Works {#how-it-works}

1. Consumer selects card(s) and destination in issuer website or app.
2. Consumer is sent to merchant website or app.
3. Consumer sees confirmation in issuer website or app.

### Step 1 -- Consumer selects card(s) and destination in issuer website or app {#step-1--consumer-selects-cards-and-destination-in-issuer-website-or-app}

The consumer logs into their issuer's website or mobile banking app and navigates to the features and benefits of push provisioning. They are invited to select the cards or accounts they wish to push provision. *Note: financial accounts may also be eligible for push provisioning.*   

Next, they select from a list of available participating merchants, digital wallets and commerce platforms.

![Merchant Selection](https://static.developer.mastercard.com/content/mdes-digital-enablement/documentation/use-cases/push-provisioning-merchant-use-case/img/merchant-selection.png)

#### Details {#details}

![Card Push Provisioning with MDES Token Connect](https://static.developer.mastercard.com/content/mdes-digital-enablement/documentation/use-cases/push-provisioning-merchant-use-case/img/user-selects-token-requestor-and-cards.png)

1. The consumer is logged in to their issuer's app or website.
2. While navigating, they select the target merchant (token requestor) as well as the cards or accounts to push.
3. The issuer app or browser calls the issuer back-end with the consumer's choice.
4. Using MDES Token Connect API, the issuer contacts MDES to request the push of the selected cards or accounts to the target merchant. The issuer may include consumer data (e.g., billing address) in the request, if supported by the merchant. If the request is valid, MDES generates and returns a *pushAccountReceipt* -- a string voucher valid for the next 15 minutes to be used by the target merchant for the tokenization of the cards or accounts. MDES also returns the URI(s) of the available interface(s) for this merchant.
5. The issuer returns the *pushAccountReceipt* and the URI(s) to the issuer interface on the device.
6. The issuer interface selects the URI provided by the merchant and corresponding to the device environment, then appends dynamic parameters to this URI, among others.
   * If a token requestor supports signature verification, then:
     * Append signature value that is received in the response as a *pushAccountData* parameter.
   * If a token requestor does not support signature verification, then:
     * Append the *pushAccountReceipt* of the cards or accounts being pushed. If the merchant supports the simultaneous push of multiple cards, multiple *pushAccountReceipts* may be appended.
     * the callback URL: the issuer URL that the merchant must call out upon completion of tokenization to return the consumer to the issuer's interface where they started their journey. The issuer interface invokes the resulting URI, and the merchant's app or website is displayed.

### Step 2 -- Consumer is sent to merchant website or app {#step-2--consumer-is-sent-to-merchant-website-or-app}

The merchant website or app is launched. Now the consumer experience mostly depends on the merchant's implementation.  

* If necessary, the consumer authenticates with the merchant app or website by logging in or signing up. This allows merchants to associate a valid consumer account with the cards or accounts being pushed. Note: This may not be needed if the consumer has remained logged in since their previous visit
* Upon successful log in, merchant proceeds to tokenize the cards or accounts with MDES. If necessary, they may display a waiting screen during the tokenization process
* Merchant may display a confirmation before sending the consumer back to the issuer interface

![alt text](https://static.developer.mastercard.com/content/mdes-digital-enablement/documentation/use-cases/push-provisioning-merchant-use-case/img/tokenization-merchant.png)

#### Details {#details-1}

![Card Push Provisioning with MDES Token Connect - Merchant Token Requestor](https://static.developer.mastercard.com/content/mdes-digital-enablement/documentation/use-cases/push-provisioning-merchant-use-case/img/merchant-token-requestor.png)

1. The merchant interface asks the consumer to sign in or sign up.
2. The merchant interface calls out the merchant back-end to complete sign in or sign up and to pass the *pushAccountReceipt(s)*.
3. The merchant requests tokenization with MDES. The only difference with a 'regular' tokenization initiated from the merchant's interface is that the enciphered account data is replaced by the *pushAccountReceipt* that was supplied by the issuer. MDES matches the *pushAccountReceipt* with the account data that was supplied by the issuer. The issuer receives the tokenization authorization message. If supplied by the issuer, consumer data is transmitted to the token requestor (when tokenization is approved).
4. When tokenization is successfully completed, MDES notifies the issuer and the merchant. When multiple cards or accounts are pushed, the tokenization process (steps 3 through 4) is repeated for each *pushAccountReceipt*.
5. The merchant includes the list of *pushAccountReceipts*, with their respective results, in the callback URL that the issuer interface provided. The token requestor invokes the resulting URI, and the consumer is taken back to the issuer app or website.

### Step 3 -- Consumer sees confirmation in issuer website or app {#step-3--consumer-sees-confirmation-in-issuer-website-or-app}

The consumer is returned to the issuer's website or banking app and sees a confirmation for successful provisioning.

![alt text](https://static.developer.mastercard.com/content/mdes-digital-enablement/documentation/use-cases/push-provisioning-merchant-use-case/img/back-to-issuer.png)

## Get Started {#get-started}

### 1. Plan {#1-plan}

#### Check Prerequisites {#check-prerequisites}

Merchants must be integrated with Mastercard Digital Enablement System (MDES) as a merchant to participate in Push Provisioning with *MDES Token Connect*.

The Merchant must be integrated to MDES through [MDES Digital Enablement API](https://developer.mastercard.com/mdes-digital-enablement/documentation/api-reference/index.md) version 1.2.9 or higher version and with the [Tokenize API - Token Connect Specification](https://static.developer.mastercard.com/content/mdes-digital-enablement/swagger/mdes-digital-enablement-tokenize-TCC.yaml).

#### Get Informed {#get-informed}

Read document \[MDES Token Connect - Token Requestor Implementation Guide and Specification\]
[mdesrq_manual.pdf](https://static.developer.mastercard.com/content/mdes-digital-enablement/uploads/mdesrq_manual.pdf) (1MB) to learn more about *MDES Token Connect* implementation.

#### Scope your Project {#scope-your-project}

Answer the following questions:

* Will you support a mobile app? If yes, which mobile OS (Android, iOS)? Will the mobile app be mandatory or optional?
* Will you support the simultaneous push of multiple cards or accounts?
* Will you accept some consumer data elements from the issuer? If yes, which ones: name, billing address, email address, mobile phone number? How will you process this information if it differs from the information you already have on file for the consumer?

### 2. Develop {#2-develop}

#### Create {#create}

* Design wireframes for desktop and mobile web user experiences, as well as for mobile apps (as applicable).
* Prepare a square-sized logo that consumers associate with your brand. The image will be displayed to consumers in their issuer app or website when presented with a list of destinations to push their cards or accounts to

Refer to the (MDES Token Connect - Token Requestor Implementation Guide and Specification)
[mdesrq_manual.pdf](https://static.developer.mastercard.com/content/mdes-digital-enablement/uploads/mdesrq_manual.pdf) (1MB) for details about how to create wireframes and precise requirements for the logo.

#### Implement {#implement}

With the help of the instructions given in \[MDES Token Connect - Token Requestor Implementation Guide and Specification\]
[mdesrq_manual.pdf](https://static.developer.mastercard.com/content/mdes-digital-enablement/uploads/mdesrq_manual.pdf) (1MB):

* Implement the wireframes for mobile apps and web browser
* Implement your deep linking solution. You may implement it in-house, or rely on a third party solution, or have a hybrid solution
* Implement the reception of issuers' requests with their incoming parameters, and map them with your deep linking solution
* Implement the changes to use the *pushAccountReceipt* when calling MDES, using [MDES Digital Enablement API Reference](https://developer.mastercard.com/mdes-digital-enablement/documentation/api-reference/index.md)
* Implement changes to user activation to support streamlined activation
* Implement the response to the issuer with the issuer callback URL and associated output parameters

### 3. Deploy {#3-deploy}

#### Contact Us {#contact-us}

* Contact your Mastercard Customer Delivery Manager to open a Customer Integration Services (CIS) project for your MDES Token Connect implementation. Note it usually takes several days to obtain a CIS project number

* Once the CIS project is open, your CIS project manager will contact you to set up the MDES Token Connect parameters associated to your token requestor ID (TRID):

  * The logo that consumers will be see from their issuer app or website  
  * A consumer-facing name for your brand, as it will appear next to the logo in the issuers' apps and websites. This name may differ from the company legal name  
  * URI for Android application interface  
  * URI for iOS application interface  
  * URI for web browser interface  
  * Whether you accept multiple cards or accounts (a maximum of five) simultaneously   
  * Consumer data elements you accept from issuers

#### Test {#test}

* Follow the instructions of your CIS Implementation Manager to test your implementation in the MTF environment
* Once your CIS Implementation Manager grants you access to the Production environment, perform Friendly User Testing in the Production environment. Your CIS Implementation Manager will guide you to select the most meaningful tests.
* You're ready to go live!