m2pfintech
API LibraryToken Management

Update, suspend, resume, or delete a digital wallet token

Update the status or information related to a digital wallet token. This API supports multiple operations through different parameter combinations based on the updateSource field.

Supported networks are VISA (Visa Token Service), RUPAY (RuPay NPCI Token Service), and MASTERCARD (MasterCard Digital Enablement Service).

Important - This endpoint does NOT use the /Yappay/ prefix. The full path is /itsp/issuer/updateToken.

Update by TOKEN (suspend, resume, or delete a specific token) - Set updateSource to TOKEN. Provide tokenReferenceId and tokenRequesterId. Use tokenUpdateType SUSPEND to temporarily disable, RESUME to re-enable, DELETE to permanently remove, or REPLACED to mark as replaced. Use operationType UPDATE for suspend/resume/replaced, DELETE for delete.

Update by KIT (update all tokens for a card) - Set updateSource to KIT. Provide kitNo and kitUpdateType. Use kitUpdateType RENEWAL for expiry date updates (requires oldExpiryDate and newExpiryDate). Other kitUpdateType values include ALLOCATED, BLOCKED, and LOCKED.

Update by DPAN (update a digital PAN) - Set updateSource to DPAN. Provide the token (DPAN value) and tokenUpdateType.

SUSPEND is reversible, DELETE is permanent. Always provide a meaningful reason for audit trail purposes.

POST
/itsp/issuer/updateToken

Authorization

BearerAuth TenantHeader
AuthorizationBearer <token>

JWT Bearer token obtained from the /auth/login endpoint

In: header

TENANT<token>

Tenant identifier provided by M2P (e.g. ENBDTABBY)

In: header

Request Body

application/json

business*string

Business identifier. Mandatory and validated with NotBlank.

Lengthlength <= 50
corporate*string

Corporate identifier. Mandatory and validated with NotBlank.

Lengthlength <= 50
network*string

Card network type. Mandatory. VISA for Visa Token Service, RUPAY for RuPay NPCI, MASTERCARD for MasterCard MDES.

Lengthlength <= 20
Value in"VISA" | "RUPAY" | "MASTERCARD"
updateSource*string

Determines which entity to update. TOKEN for a specific token by reference ID. KIT for all tokens associated with a card. DPAN for a digital PAN.

Lengthlength <= 16
Value in"TOKEN" | "KIT" | "DPAN"
operationType*string

Operation to perform. Use UPDATE for suspend, resume, or replaced operations. Use DELETE for permanent token removal.

Lengthlength <= 20
Value in"UPDATE" | "DELETE"
reason*string

Reason for the update operation. Mandatory for audit trail.

Lengthlength <= 50
kitNo?string

Kit number. Required when updateSource is KIT.

Lengthlength <= 20
kitUpdateType?string

Kit update type. Required when updateSource is KIT. Values include ALLOCATED, BLOCKED, LOCKED, and RENEWAL (for expiry updates).

Lengthlength <= 16
Value in"ALLOCATED" | "BLOCKED" | "LOCKED" | "RENEWAL"
replacedKitNo?string

New kit number for card replacement scenarios. Optional.

Lengthlength <= 20
oldExpiryDate?string

Previous expiry date in MMYYYY format (e.g. 082028 for August 2028). Required for RENEWAL operations.

Lengthlength <= 6
newExpiryDate?string

New expiry date in MMYYYY format (e.g. 082029 for August 2029). Required for RENEWAL operations.

Lengthlength <= 6
token?string

Digital PAN (DPAN) token value. Required when updateSource is DPAN.

Lengthlength <= 50
tokenUpdateType?string

Token status update type. Required when updateSource is TOKEN or DPAN. SUSPEND temporarily disables (reversible). RESUME re-enables a suspended token. DELETE permanently removes (irreversible). REPLACED marks token as replaced.

Lengthlength <= 16
Value in"SUSPEND" | "RESUME" | "DELETE" | "REPLACED"
tokenReferenceId?string

Unique token reference ID from the network. Required when updateSource is TOKEN.

Lengthlength <= 50
tokenRequesterId?string

Token requestor ID identifying the wallet provider (e.g. 40010030273 for Apple Pay). Required when updateSource is TOKEN.

Lengthlength <= 50
searchSource?string

Search source identifier. Optional.

Lengthlength <= 50

Response Body

application/json

application/json

curl -X POST "https://api.m2p.com/itsp/issuer/updateToken" \  -H "Content-Type: application/json" \  -d '{    "kitNo": null,    "replacedKitNo": null,    "business": "ENBDTABBY",    "corporate": "ENBDTABBY",    "tokenUpdateType": "SUSPEND",    "updateSource": "TOKEN",    "searchSource": null,    "network": "VISA",    "kitUpdateType": null,    "tokenReferenceId": "DNITHE301733846921837320",    "tokenRequesterId": "40010030273",    "reason": "Temporary suspension",    "oldExpiryDate": null,    "newExpiryDate": null,    "operationType": "UPDATE"  }'
{
  "result": "Success"
}

{
  "result": null,
  "exception": {
    "detailMessage": "Business should not be empty",
    "shortMessage": "Business should not be empty",
    "errorCode": "Y505",
    "languageCode": "en"
  },
  "pagination": null
}

Retrieve digital wallet tokens for a card or specific token POST

Retrieve details about tokens associated with a card kit number or a specific token reference. One card (kitNo) can have multiple tokens, one per device or wallet. Important - This endpoint does NOT use the /Yappay/ prefix. The full path is /itsp/issuer/getTokens. There are two distinct response formats based on the searchSource value. Search by KIT - Set searchSource to KIT and provide kitNo. Returns an array of all tokens associated with the card. The deviceType and deviceID fields may not be present if not found in local records. Search by TOKEN - Set searchSource to TOKEN and provide tokenRequestorID and tokenReferenceID. Returns a single flat object for the specific token queried. Does not include deviceType or deviceID. Token requestor IDs identify wallet providers (e.g. 40010030273 for Apple Pay). Token types include SECURE_ELEMENT (Apple Pay, Google Pay on-device), CLOUD (web payments), and DEVICE (device-specific).

Webhook Guide

Receive real-time event notifications from the M2P Platform via HTTP callbacks.