# 2021 November (Q4)
source: https://developer.mastercard.com/mdes-token-connect/documentation/pre-release-notes/prereleasenote_nov2021/index.md

### Release Change Summary {#release-change-summary}

The MDES Platform will add a new functionality to the Token Connect API in 2021 November (Q4) Release:

* Token Connect v2.04 will introduce a new API called `pushMultipleAccounts` to push multiple cards and/or Financial Accounts with additional security measures to a given Token Requestor.

### Dates for Introduction of Release November 2021 (Q4) {#dates-for-introduction-of-release-november-2021-q4}

* MTF - 18 October 2021
* Production - 19 January 2022

### Change Description for Token Connect API in V2021 November (Q4) Release {#change-description-for-token-connect-api-in-v2021-november-q4-release}

A new API called `pushMultipleAccounts` will be introduced and the existing `pushAccount` API will be deprecated. The `pushMultipleAccounts` API will support a signature so that the token requestor can validate that the request has not been altered during redirection.

#### Key Benefits {#key-benefits}

* Issuer can push multiple accounts to a given token requestor in a single request.
* Issuer can pass the complete Request payload, which contains the signature generated by MDES, to the token requestor in redirection.
* Token requestor can validate the request has not been altered during redirection using the signature contained in the Request payload.

![](https://static.developer.mastercard.com/content/mdes-token-connect/documentation/pre-release-notes/img/SignatureSupport.png)

#### Integration {#integration}

Starting February 1, 2022, all new issuers that integrate with MDES Token Connect must use `pushMultipleAccounts` instead of the `pushAccount` API.

#### Onboarding/Configuration {#onboardingconfiguration}

* No change in existing issuer onboarding process to Token Connect.
* No immediate impact to the existing integrations for issuers already onboarded to Token Connect. However, by the end of February 2023, issuers will need to ensure that the new API is integrated.

#### Implementation Guide {#implementation-guide}

* Issuer will need to include all Token Connect defined request parameters for redirection in the `pushMultipleAccounts` API request. This data will be included in the signature to verify that the request has not been altered during redirection.

* Issuer will need to generate a unique `pushAccountId` for each funding account/financial account for each request and must pass it in the request.

  * Issuers must include the applicable pre-defined value(s) in the pushAccountId:
    * For Credit Card, Debit Card, Maestro Card: CA
    * For Financial Account: BA
* A single request can support a maximum of 5 accounts (includes all types of accounts such as Credit Card, Debit Card, Maestro Card, Financial Account). MDES will respond with a `pushAccountReceipt` or an error for each requested funding account(s).

  * There is no change in account eligibility business requirements (same as `pushAccount` API)
  * If the account is not eligible for Token Connect, then the error information will be provided for a given `pushAccountId`
  * Issuer must display a list of eligible account data (PAN, Financial Account) and a list of ineligible account data (PAN, Financial Account) to the consumer before redirecting to the token requestor system (when issuer is pushing multiple accounts).
  * If none of the accounts are eligible, then the issuer will display an error response to the consumer, and push provisioning use case ends.
* If in the response, the value of `tokenRequestorSignatureSupport` is true, then issuer must pass the signature value as a query string to the token requestor.

  For example:  

  Token Requestor URL: https://myTR.com/pushAccount/

  Signature Value:  ew0KImFsZyI6ICJSUzI1NiIsDQoNCiJraWQiOiAiYXNkZmctcXdlcnR5LXp4Y3ZiIg0KfQ.ew0KDQrCoCJwdXNoQWNjb3VudFJlY2VpcHQiOiAiTUNDLVNUTC0xMzQzMTNCRi01NTg1LTRFNzEtQUIyNC1FQ0RCQzI4RjIzRjEiLA0KImlzc3VlckNhbGxCYWNrIjogImh0dHBzOi8vaXNzdWVyY2FsbGJhY2sudXJsIiwNCiJjYWxsYmFja1JlcXVpcmVkIjogdHJ1ZSwNCiJjb21wbGV0ZVdlYnNpdGVBY3RpdmF0aW9uIjogdHJ1ZSwNCiJhY2NvdW50SG9sZGVyRGF0YVN1cHBsaWVkIjogdHJ1ZSwNCiJsb2NhbGUiOiAiZW5fVVMiDQoNCn0.dBjftJeZ4CVP-mB92K27uhbUJU1p1r_wW1gFWFOEjXk

  Redirection URL:  https://myTR.com/pushAccount?pushAccountData=ew0KImFsZyI6ICJSUzI1NiIsDQoNCiJraWQiOiAiYXNkZmctcXdlcnR5LXp4Y3ZiIg0KfQ.ew0KDQrCoCJwdXNoQWNjb3VudFJlY2VpcHQiOiAiTUNDLVNUTC0xMzQzMTNCRi01NTg1LTRFNzEtQUIyNC1FQ0RCQzI4RjIzRjEiLA0KImlzc3VlckNhbGxCYWNrIjogImh0dHBzOi8vaXNzdWVyY2FsbGJhY2sudXJsIiwNCiJjYWxsYmFja1JlcXVpcmVkIjogdHJ1ZSwNCiJjb21wbGV0ZVdlYnNpdGVBY3RpdmF0aW9uIjogdHJ1ZSwNCiJhY2NvdW50SG9sZGVyRGF0YVN1cHBsaWVkIjogdHJ1ZSwNCiJsb2NhbGUiOiAiZW5fVVMiDQoNCn0.dBjftJeZ4CVP-mB92K27uhbUJU1p1r_wW1gFWFOEjXk
  * If an issuer wants to pass additional parameter, such as sessionId = sdsdw232u34oo32o2sdoo   
    Redirection URL: [https://myTR.com/pushAccount?pushAccountData=ew0KImFsZyI6ICJSUzI1NiIsDQoNCiJraWQiOiAiYXNkZmctcXdlcnR5LXp4Y3ZiIg0KfQ.ew0KDQrCoCJwdXNoQWNjb3VudFJlY2VpcHQiOiAiTUNDLVNUTC0xMzQzMTNCRi01NTg1LTRFNzEtQUIyNC1FQ0RCQzI4RjIzRjEiLA0KImlzc3VlckNhbGxCYWNrIjogImh0dHBzOi8vaXNzdWVyY2FsbGJhY2sudXJsIiwNCiJjYWxsYmFja1JlcXVpcmVkIjogdHJ1ZSwNCiJjb21wbGV0ZVdlYnNpdGVBY3RpdmF0aW9uIjogdHJ1ZSwNCiJhY2NvdW50SG9sZGVyRGF0YVN1cHBsaWVkIjogdHJ1ZSwNCiJsb2NhbGUiOiAiZW5fVVMiDQoNCn0.dBjftJeZ4CVP-mB92K27uhbUJU1p1r_wW1gFWFOEjXk\&sessionId](https://myTR.com/pushAccount?pushAccountData=ew0KImFsZyI6ICJSUzI1NiIsDQoNCiJraWQiOiAiYXNkZmctcXdlcnR5LXp4Y3ZiIg0KfQ.ew0KDQrCoCJwdXNoQWNjb3VudFJlY2VpcHQiOiAiTUNDLVNUTC0xMzQzMTNCRi01NTg1LTRFNzEtQUIyNC1FQ0RCQzI4RjIzRjEiLA0KImlzc3VlckNhbGxCYWNrIjogImh0dHBzOi8vaXNzdWVyY2FsbGJhY2sudXJsIiwNCiJjYWxsYmFja1JlcXVpcmVkIjogdHJ1ZSwNCiJjb21wbGV0ZVdlYnNpdGVBY3RpdmF0aW9uIjogdHJ1ZSwNCiJhY2NvdW50SG9sZGVyRGF0YVN1cHBsaWVkIjogdHJ1ZSwNCiJsb2NhbGUiOiAiZW5fVVMiDQoNCn0.dBjftJeZ4CVP-mB92K27uhbUJU1p1r_wW1gFWFOEjXk&sessionId) = sdsdw232u34oo32o2sdoo
* If in the response, the value of `tokenRequestorSignatureSupport` is false then issuer builds the redirection URL as follows:

  For example:  

  Token Requestor URL: https://myTR.com/pushAccount

  Received pushAccountReceipts=MCC-C307F0AE-298E-48EB-AA43-A7C40B32DDDE,MSI-1E8GTJ94-9D5T-96MO-WV36-56AZN95Y8DUL

  Redirection URL:  https://myTR.com/pushAccount?pushAccountReceipt=MCC-C307F0AE-298E-48EB-AA43-A7C40B32DDDE,MSI-1E8GTJ94-9D5T-96MO-WV36-56AZN95Y8DUL\&callbackURL=issuer%3A%2F%2FpushToken%2Fcallback

<!-- -->

* There is no change in callback functionality for an issuer.
* If the signature verification fails, then the token requestor responds with an HTTP 400 error code to the issuer.


API Reference: `GET /connect/1/0/pushMultipleAccounts`

Note: This enhancement will be automatically available to all issuers implementing MDES Token Connect.

### Mandate for Implementation {#mandate-for-implementation}

From February 1, 2022, new MDES Token Connect issuer implementations must use the `pushMultipleAccounts` API.

By the end of February 2023, existing MDES Token Connect issuers will be expected to support `pushMultipleAccounts` and to cease using Push Account API.
Note: Any future changes related to push account will be only available to the `pushMultipleAccounts` API and will not be supported in the depreciated `pushAccount` API.

### Personal data \& Privacy Note {#personal-data--privacy-note}

Issuers are reminded that the information presented via the Token Connect API includes personal data which is subject to data privacy laws. Issuer must satisfy themselves that the processing of such personal data is compliant with applicable privacy laws.