m2pfintech
API LibraryToken Management

Retrieve digital wallet tokens for a card or specific token

Retrieve details about tokens associated with a card kit number or a specific token reference. One card (kitNo) can have multiple tokens, one per device or wallet.

Important - This endpoint does NOT use the /Yappay/ prefix. The full path is /itsp/issuer/getTokens.

There are two distinct response formats based on the searchSource value.

Search by KIT - Set searchSource to KIT and provide kitNo. Returns an array of all tokens associated with the card. The deviceType and deviceID fields may not be present if not found in local records.

Search by TOKEN - Set searchSource to TOKEN and provide tokenRequestorID and tokenReferenceID. Returns a single flat object for the specific token queried. Does not include deviceType or deviceID.

Token requestor IDs identify wallet providers (e.g. 40010030273 for Apple Pay). Token types include SECURE_ELEMENT (Apple Pay, Google Pay on-device), CLOUD (web payments), and DEVICE (device-specific).

POST
/itsp/issuer/getTokens

Authorization

BearerAuth TenantHeader
AuthorizationBearer <token>

JWT Bearer token obtained from the /auth/login endpoint

In: header

TENANT<token>

Tenant identifier provided by M2P (e.g. ENBDTABBY)

In: header

Request Body

application/json

business*string

Business identifier. Mandatory.

Lengthlength <= 50
corporate*string

Corporate identifier. Mandatory.

Lengthlength <= 50
network*string

Card network type.

Lengthlength <= 20
Value in"VISA" | "RUPAY" | "MASTERCARD"
searchSource*string

Search mode. KIT to find all tokens for a card. TOKEN to find a specific token by reference. DPAN to search by digital PAN.

Lengthlength <= 16
Value in"KIT" | "TOKEN" | "DPAN"
kitNo?string

Kit number. Required when searchSource is KIT or DPAN.

Lengthlength <= 20
tokenRequestorID?string

Token requestor ID (identifies the wallet provider). Required when searchSource is TOKEN.

Lengthlength <= 50
tokenReferenceID?string

Unique token reference ID. Required when searchSource is TOKEN.

Lengthlength <= 50

Response Body

application/json

application/json

curl -X POST "https://api.m2p.com/itsp/issuer/getTokens" \  -H "Content-Type: application/json" \  -d '{    "kitNo": "10000001",    "business": "ENBDTABBY",    "corporate": "ENBDTABBY",    "network": "VISA",    "searchSource": "KIT"  }'

{
  "result": {
    "tokenDetails": [
      {
        "tokenRequestorID": 40010030273,
        "tokenReferenceID": "DNITHE582509003801160266",
        "panReferenceID": "V-3025090037350668913308",
        "entityOfLastAction": "ISSUER",
        "walletAccountEmailAddressHash": "ED1CC77892426FEB425ABCDDD2334A07C8AF78DE90C8C656B3557D4365F848A",
        "clientWalletAccountID": "ED1CC77892426FEB425ABCDDD2334A07",
        "panSource": "KEY_ENTERED",
        "tokenType": "SECURE_ELEMENT",
        "autoFillIndicator": false,
        "tokenStatus": "DEACTIVATED",
        "deviceType": "MOBILE_PHONE",
        "deviceID": "04183A95BB1C90023237141136407392035DC6ECBE833422",
        "dPan": "4111111111111234",
        "merchantName": "Apple Pay",
        "merchantTypeName": "DIGITAL_WALLET"
      }
    ]
  },
  "exception": null,
  "pagination": null
}

{
  "result": null,
  "exception": {
    "detailMessage": "Business should not be empty",
    "shortMessage": "Business should not be empty",
    "errorCode": "Y505",
    "languageCode": "en"
  },
  "pagination": null
}

Get signed nonce for Apple Pay provisioning GET

Generate a signed nonce required for Apple Pay in-app provisioning flow. The nonce is a one-time use security token that must be passed to the encryptedCardData API. Important - This endpoint does NOT use the /Yappay/ prefix. The full path is /provision/v1/signedNonce/{appId}. The appId is your Apple Pay application identifier provided during onboarding.

Update, suspend, resume, or delete a digital wallet token POST

Update the status or information related to a digital wallet token. This API supports multiple operations through different parameter combinations based on the updateSource field. Supported networks are VISA (Visa Token Service), RUPAY (RuPay NPCI Token Service), and MASTERCARD (MasterCard Digital Enablement Service). Important - This endpoint does NOT use the /Yappay/ prefix. The full path is /itsp/issuer/updateToken. Update by TOKEN (suspend, resume, or delete a specific token) - Set updateSource to TOKEN. Provide tokenReferenceId and tokenRequesterId. Use tokenUpdateType SUSPEND to temporarily disable, RESUME to re-enable, DELETE to permanently remove, or REPLACED to mark as replaced. Use operationType UPDATE for suspend/resume/replaced, DELETE for delete. Update by KIT (update all tokens for a card) - Set updateSource to KIT. Provide kitNo and kitUpdateType. Use kitUpdateType RENEWAL for expiry date updates (requires oldExpiryDate and newExpiryDate). Other kitUpdateType values include ALLOCATED, BLOCKED, and LOCKED. Update by DPAN (update a digital PAN) - Set updateSource to DPAN. Provide the token (DPAN value) and tokenUpdateType. SUSPEND is reversible, DELETE is permanent. Always provide a meaningful reason for audit trail purposes.