m2pfintech
API LibraryToken Management

Get encrypted card data for digital wallet provisioning

Retrieve encrypted card details (account number, expiration, billing address) for secure card provisioning into digital wallets such as Apple Pay and Google Pay.

Important - This endpoint does NOT use the /Yappay/ prefix. The full path is /provision/v1/encryptedCardData.

The signedNonce is a one-time use security token. The response contains encrypted card data suitable for passing to wallet SDKs for in-app provisioning.

The billing address in the response is populated from the customer registration address on file. If an address is provided in the request, it overrides the address on file.

Ensure PCI DSS compliant handling of all encrypted card data in the response.

POST
/provision/v1/encryptedCardData

Authorization

BearerAuth TenantHeader
AuthorizationBearer <token>

JWT Bearer token obtained from the /auth/login endpoint

In: header

TENANT<token>

Tenant identifier provided by M2P (e.g. ENBDTABBY)

In: header

Request Body

application/json

signedNonce*string

Signed one-time use nonce token for security. Generated from the signedNonce endpoint.

Lengthlength <= 200
corpId*string

Corporate identifier

Lengthlength <= 20
reqId*string

Unique request identifier for idempotency and tracking

Lengthlength <= 20
nameOnAccount*string

Name associated with the card account

Lengthlength <= 50
cardData*

Nested object containing card identification details

address?

Optional billing address override. If provided, this overrides the address on file from registration.

Response Body

application/json

application/json

curl -X POST "https://api.m2p.com/provision/v1/encryptedCardData" \  -H "Content-Type: application/json" \  -d '{    "signedNonce": "eyJleHAiOjE3MTA5MTg1NDgsImlhdCI6MTcxMDkxODQyOCwiYWxnIjoiSFMyNTYifQ.ZWZiMzliOTMtYTE5Zi1kNGNhLWNlYjQtMWFhOGZmM2FlOTAx.OYoLds9Bn6cgnOLpCWgdmVvOgUw8qqqw8-L7KGTL97h0",    "corpId": "ENBDTABBY",    "reqId": "34123456TW",    "nameOnAccount": "ABCD EFGH",    "cardData": {      "kitNo": "10000001",      "cardType": "PREPAID",      "cardBrand": "VISA"    },    "address": {      "addressLine1": "123 Main St",      "city": "Dubai",      "countryCode": "AE"    }  }'
{
  "nonce": "{encrypted_nonce}",
  "accountNumber": "{encrypted_account_number}",
  "expirationMonth": "04",
  "expirationYear": "2028",
  "nameOnAccount": "ABCD EFGH",
  "cardType": "PREPAID",
  "cardBrand": "VISA",
  "billingAddress": {
    "addressLine1": "123 Main St",
    "city": "Dubai",
    "countryCode": "AE"
  },
  "source": "ENBDTABBY"
}
{
  "result": null,
  "exception": {
    "detailMessage": "Mandatory field signedNonce is missing",
    "shortMessage": "Missing mandatory field",
    "errorCode": "Y105",
    "languageCode": "en"
  },
  "pagination": null
}

Set or change the card PIN POST

Set or change the PIN for a customer card. The PIN never travels in cleartext. It must be encrypted using ISO 9564 Format 0 PIN block with AES encryption and then Base64 encoded before sending. All fields (entityId, pin, kitNo, expiryDate, dob) are explicitly validated by the backend. Missing any field returns a specific error code. PIN Block Creation Process - Step 1: Take the 4-digit clear PIN. Step 2: Create an ISO 9564 Format 0 PIN block by XOR-ing the plain text PIN field with the account number field (both are 16 four-bit nibbles / 64 bits). Step 3: Encrypt the PIN block using AES with the pre-shared key provided by M2P. Step 4: Base64 encode the encrypted result. Step 5: Send the encoded value in the pin field. Plain Text PIN Field Format - Nibble 1 is 0 (format identifier). Nibble 2 is N (PIN length, typically 4). Nibbles 3 to N+2 are the PIN digits. Nibbles N+3 to 16 are filled with F (hex). Example for PIN 1234: 0 4 1 2 3 4 F F F F F F F F F F Account Number Field Format - Nibbles 1-4 are 0000. Nibbles 5-16 are the rightmost 12 digits of the PAN (excluding check digit). Kit Number Padding - The kit number must be exactly 16 digits for PIN block generation. If shorter, prepend zeros. For example, a 9-digit kit 130005054 becomes 0000000130005054. The PIN can be changed by calling this API again with the new encrypted PIN. The DOB must match the specialDate from the original registration. The expiryDate must be in MMYY format.

Get signed nonce for Apple Pay provisioning GET

Generate a signed nonce required for Apple Pay in-app provisioning flow. The nonce is a one-time use security token that must be passed to the encryptedCardData API. Important - This endpoint does NOT use the /Yappay/ prefix. The full path is /provision/v1/signedNonce/{appId}. The appId is your Apple Pay application identifier provided during onboarding.