# Push provisioning

Push provisioning allows cardholders to add their card to a digital wallet at the tap of a button instead of having to manually type in the card details.

## Apple Pay

### In-app push provisioning

#### Prerequisites

Enabling push provisioning to Apple Pay wallets in your iOS application requires an Apple Pay Entitlement to be issued by Apple for your application. Please reach out to [support@increase.com](mailto:support@increase.com) and we will guide you through the process and any other setup needed.

Note that in-app push provisioning will only function when your application is distributed using TestFlight or the App Store.

#### Push provisioning flow

- Add a [`AddPassToWalletButton`](https://developer.apple.com/documentation/passkit/addpasstowalletbutton) to a view. Please refer to Apple's documentation on guidelines for proper presentation of the button.

- When the button is tapped, present a [`PKAddPaymentPassViewController`](https://developer.apple.com/documentation/passkit/pkaddpaymentpassviewcontroller) to the user, configured for the card:

```swift
let requestConfiguration = PKAddPaymentPassRequestConfiguration.init(
  encryptionScheme: PKEncryptionScheme.ECC_V2,
)!

requestConfiguration.paymentNetwork = .visa
requestConfiguration.cardholderName = "Ian Crease"
requestConfiguration.primaryAccountSuffix = "1288"
requestConfiguration.localizedDescription = "Crease Card"

let controller = PKAddPaymentPassViewController(
  requestConfiguration: requestConfiguration,
  delegate: delegate,
)
```

- Implement the [`PKAddPaymentPassViewControllerDelegate`](https://developer.apple.com/documentation/passkit/pkaddpaymentpassviewcontrollerdelegate) protocol. In the [`generateRequestWithCertificateChain`](<https://developer.apple.com/documentation/passkit/pkaddpaymentpassviewcontrollerdelegate/addpaymentpassviewcontroller(_:generaterequestwithcertificatechain:nonce:noncesignature:completionhandler:)>) method, pass the certificates, nonce, and nonce signature to your servers as Base64-encoded data.

- Implement an endpoint that receives the certificates, nonce, and nonce signature and relays it to Increase's API at `POST /cards/:card_id/push_provision` and passes the data back to your application:

```curl
curl -X POST https://api.increase.com/cards/${CARD_ID}/push_provision
  -d $'{
    "channel": "apple_pay_in_app",
    "cardholder_name": "Ian Crease",
    "apple_pay_in_app": {
      "certificates": [
        {
          "certificate": "..."
        },
        {
          "certificate": "..."
        }
      ],
      "nonce": "...",
      "nonce_signature": "..."
    }
  }'

200 OK
{
  "channel": "apple_pay_in_app",
  "apple_pay_in_app": {
    "activation_data": "...",
    "encrypted_pass_data": "...",
    "encryption_version": "EV_ECC_v2",
    "ephemeral_public_key": "..."
  }
}
```

- In the [`generateRequestWithCertificateChain`](<https://developer.apple.com/documentation/passkit/pkaddpaymentpassviewcontrollerdelegate/addpaymentpassviewcontroller(_:generaterequestwithcertificatechain:nonce:noncesignature:completionhandler:)>) method, Base64-decode the data elements to construct a `PKAddPaymentPassRequest`:

```swift
let addPaymentPassRequest = PKAddPaymentPassRequest()
addPaymentPassRequest.activationData = Data(base64Encoded: backendResponse.apple_pay_in_app.activation_data)
addPaymentPassRequest.ephemeralPublicKey = Data(base64Encoded: backendResponse.apple_pay_in_app.ephemeral_public_key)
addPaymentPassRequest.encryptedPassData = Data(base64Encoded: backendResponse.apple_pay_in_app.encrypted_pass_data)
return addPaymentPassRequest
```

- Wait for the [`didFinishAdding`](<https://developer.apple.com/documentation/passkit/pkaddpaymentpassviewcontrollerdelegate/addpaymentpassviewcontroller(_:didfinishadding:error:)>) delegate method to be called to determine the outcome of the push provisioning flow. As the flow progresses, a [Digital Wallet Token](/documentation/api/digital-wallet-tokens) will be created and receive updates.