# Push Provisioning for Apple Pay

Returns encrypted cardholder information and other metadata needed for Apple Pay push provisioning.

{% admonition type="warning" %}
This API is not available for sandbox testing.
{% /admonition %}

Endpoint: POST /twcard-data/v1/push-provisioning/encrypted-payload/apple-pay
Security: UserToken

## Header parameters:

  - `x-tw-twcard-card-token` (string, required)
    The card token identifying which card to retrieve push provisioning data for.
    Example: "a3f90c98-1cd1-4488-9050-2e32c696f8fa"

## Request fields (application/json):

  - `certificates` (array, required)
    DER encoded X.509 ECC leaf and sub CA certificates, each encoded in Base64.
    Example: ["MIICpTCCAkqgAwIBAgIIB...","MIICpTCCAYmgAwIBAgIIX..."]

  - `nonce` (string, required)
    One time use nonce generated by Apple Servers and HEX encoded on iOS app.
    Example: "a1b2c3d4e5f6"

  - `nonceSignature` (string, required)
    The device and account specific signature of the nonce generated by Apple and HEX encoded on iOS app.
    Example: "f6e5d4c3b2a1"

## Response 200 fields (application/json):

  - `encryptedPassData` (string)
    Encrypted authentication data following card scheme and wallet provider specifications. The response is encoded in Base64.
    Example: "443232323637393045DDE321469537FE461E824AA55BA67BF645454330A32433610DE1D1461475BEB6D815F31764DDC20298BD779FBE37EE5AB3CBDA9F9825E1"

  - `activationData` (string)
    Encrypted activation data following card scheme and wallet provider specifications. The response is encoded in Base64.
    Example: "KDlTthhZTGufMY…….xPSUrfmqCHXaI9wOGY="

  - `ephemeralKey` (string)
    Ephemeral key used to encrypt authentication data. The response is encoded in Base64.
    Example: "A1B2C3D4E5F6112233445566"