adyen-apple-pay-provisioning-ios
Adyen Apple Pay Provisioning
In-App Provisioning enables cardholders to add their payment cards to Apple Wallet directly from your app. This feature provides a quick and secure way for users to add their payment information without having to manually enter card details.
Get the Adyen SDK
The Adyen Apple Pay Provisioning SDK is available on GitHub. Please follow the README.md file for detailed installation instructions.
System requirements
Before you start, make sure your environment meets the following requirements:
- Targets iOS 13.4 or later.
- Xcode 14 or later.
- Swift 5.7 or later.
In-app provisioning
With Apple Pay in-app provisioning, your cardholder can add their card directly from your app. During the in-app flow, the cardholder taps Add to Apple Wallet and the provisioning process starts and finishes within your app providing a seamless flow.
The following diagram walks you through the in-app provisioning flow. Green labels correspond to the steps described further on the page:
- Get activation data
- Check if a card can be added
- Initiate card provisioning
- Provision the card
- Finalize card provisioning
Get activation data
Before you can start card provisioning, you must get activation data for the payment instrument.
-
From your backend, make a
GETrequest to the/paymentInstruments/{id}/networkTokenActivationDataendpoint, specifying the ID of the payment instrument. Your API credential needs the following role:- Bank Issuing PaymentInstrument Network Token Activation Data role
curl https://balanceplatform-api-test.adyen.com/bcl/v2/paymentInstruments/{id}/networkTokenActivationData \ -H 'x-api-key: YOUR_BALANCE_PLATFORM_API_KEY' \ -H 'content-type: application/json' \The response contains the
sdkInputobject that you need to initialize the SDK in the next step. -
Pass the
sdkInputto your app.
Check if a card can be added
After receiving the sdkInput, initialize the ProvisioningService. Use it to check if the cardholder can add the card to Apple Wallet on the current device or a paired Apple Watch. If the card cannot be added, it means it’s already in the Wallet. You must determine watch availability yourself, for example by using our provided WatchAvailability helper class.
import AdyenApplePayProvisioning
// Create a single instance of WatchAvailability
let watchAvailability = WatchAvailability()
let provisioningService = try ProvisioningService(sdkInput: sdkInput)
let isWatchActivated = await watchAvailability.activate()
let state = provisioningService.canAddCardDetails(isWatchActivated: isWatchActivated)
if state.canAddCard {
// Show "Add to Apple Wallet" button
}
Use the canAddCard boolean to conditionally show or hide the Add to Apple Wallet button in your UI.
Initiate card provisioning
When the cardholder taps Add to Apple Wallet, initiate provisioning by calling the start() method, passing a delegate and a presentingViewController.
try provisioningService.start(
delegate: self,
presentingViewController: viewController
)
Provision the card
Implement ProvisioningServiceDelegate to receive the provision(sdkOutput:) callback from the SDK. In this callback:
- From your backend, make a
POSTrequest to thepaymentInstruments/{id}/networkTokenActivationDataendpoint. Include thesdkOutputfrom the delegate method in your request body to provision the payment instrument. The response from your backend will contain a newsdkInputobject. - Return the new
sdkInputfrom theprovisionmethod.
func provision(sdkOutput: Data, paymentInstrumentId: String) async -> Data? {
struct ProvisioningRequestBody: Encodable {
let sdkOutput: Data
}
// The server sends sdkInput as a Base64 encoded string; JSONDecoder decodes it into a Data object.
struct ProvisioningResponse: Decodable {
let sdkInput: Data
}
do {
let encoder = JSONEncoder()
encoder.dataEncodingStrategy = .base64
let body = try encoder.encode(ProvisioningRequestBody(sdkOutput: sdkOutput))
// TODO: POST the body to your server and receive data back.
let decoder = JSONDecoder()
decoder.dataDecodingStrategy = .base64
let response = try decoder.decode(ProvisioningResponse.self, from: data)
return response.sdkInput
} catch {
return nil
}
}
Finalize card provisioning
When provisioning is complete, the SDK calls the didFinishProvisioning delegate method. Use this callback to update your UI, for example by changing the button text to Added to Apple Wallet.
func didFinishProvisioning(with pass: PKPaymentPass?, error: Error?) {
// Update your UI
}
Provisioning from the Wallet App
You can also allow cardholders to provision cards directly from the Apple Wallet app. To enable this, you must implement a wallet extension. Your app’s name and icon will then appear in the Wallet’s list of apps that can provide cards.
The following diagram walks you through the wallet extension provisioning flow. The green labels correspond to the steps described below:
- Return extension status
- Return pass entries
- Provision the card
- Generate a request to add a payment pass
Before you begin
Before implementing the Wallet provisioning flow:
Add the Apple Wallet extension
-
Add a new target to your Xcode project with any Extension template. Then, change the values under the
NSExtensiondictionary in theInfo.plistas follows: -
In the target’s
Info.plist, find theNSExtensiondictionary and set the following values:Key Type Value NSExtensionPointIdentifierString com.apple.PassKit.issuer-provisioning NSExtensionPrincipalClassString $(PRODUCT_MODULE_NAME).WalletExtensionHandler -
Create an
WalletExtensionHandlerclass that is a subclass ofPKIssuerProvisioningExtensionHandler.
import PassKit
class WalletExtensionHandler: PKIssuerProvisioningExtensionHandler {
}
Add the Apple Wallet UI extension
The Apple Wallet can use an extension from your app to authenticate the cardholder before provisioning.
-
Add another Target to your Xcode project for the UI extension. In its
Info.plist, set the following values in theNSExtensiondictionary:Key Type Value NSExtensionPointIdentifierString com.apple.PassKit.issuer-provisioning.authorization NSExtensionPrincipalClassString $(PRODUCT_MODULE_NAME).WalletUIExtensionHandler -
Create an
WalletUIExtensionHandlerclass that is a subclass ofUIViewControllerand conforms to thePKIssuerProvisioningExtensionAuthorizationProvidingprotocol. Use thecompletionHandlerto communicate the result of the authentication.
Return extension status
The Wallet app calls your extension with strict time limits. The first method, status(), must complete within 100 ms. Because a network call is not feasible, you must use cached activation data (e.g., stored in the keychain) for this step.
- In your main app, save the
sdkInputafter fetching it. Retrieve this stored value in your extension. - Initialize the
ExtensionProvisioningService.
import AdyenApplePayExtensionProvisioning
// For one payment instrument:
let provisioningService = try ExtensionProvisioningService(sdkInput: sdkInput)
// For multiple payment instruments:
let provisioningService = try ExtensionProvisioningService(sdkInputs: [sdkInput1, sdkInput2, ..])
- Implement the
status()method by callingextensionStatus()on the SDK. Use therequiresAuthenticationparameter if you provide a UI extension.
func status() async -> PKIssuerProvisioningExtensionStatus {
// Initialize the service from a cached sdkInput
// ...
return provisioningService.extensionStatus(requiresAuthentication: true)
// If the service could not be initialized from cache:
return ExtensionProvisioningService.entriesUnavailableExtensionStatus
}
Return pass entries
To return available passes, you must implement passEntries() and remotePassEntries(). These methods have a 20-second time limit, which allows for a network call to refresh the sdkInput.
- From your backend, fetch a fresh
sdkInputfor each payment instrument you want to display. - Initialize the
ExtensionProvisioningServicewith the new data. - The Wallet app shows a preview of the card. To provide the card image, implement the
ExtensionProvisioningServiceDelegateand itscardArt(paymentInstrumentId:)method. Return aCGImagethat accurately represents the payment card.
func cardArt(paymentInstrumentId: String) -> CGImage {
// Return card art for the given ID
}
- Implement
passEntries()andremotePassEntries()by calling the corresponding methods on the SDK and passing your delegate.
func passEntries() async -> [PKIssuerProvisioningExtensionPassEntry] {
return await provisioningService.passEntries(withDelegate: self)
}
func remotePassEntries() async -> [PKIssuerProvisioningExtensionPassEntry] {
return await provisioningService.remotePassEntries(withDelegate: self)
}
Provision the card from the extension
To provision the card when the extension requests it:
- Implement
ExtensionProvisioningServiceDelegateto receive theprovision(paymentInstrumentId:sdkOutput:)callback. - In the callback, make a
POSTrequest to your backend with thesdkOutputto provision the card. - Return the new
sdkInputreceived from your backend.
func provision(paymentInstrumentId: String, sdkOutput: Data) async -> Data? {
// Make a network call to your backend with the sdkOutput
// and return the new sdkInput from the response.
// This logic is identical to the in-app provisioning flow.
}
Generate a request to add a payment pass
The WalletExtensionHandler is re-instantiated for each method call, so you must re-initialize the SDK each time.
- Re-initialize the
ExtensionProvisioningServiceby fetching freshsdkInputdata, as described in the earlier steps. - Implement the
generateAddPaymentPassRequestForPassEntryWithIdentifier(...)method by calling the corresponding method on the SDK. Pass your delegate to handle the provisioning call.
func generateAddPaymentPassRequestForPassEntryWithIdentifier(
_ identifier: String,
configuration: PKAddPaymentPassRequestConfiguration,
certificateChain certificates: [Data],
nonce: Data,
nonceSignature: Data
) async -> PKAddPaymentPassRequest? {
// Re-initialize provisioningService here...
return try? await provisioningService.generateAddPaymentPassRequestForPassEntryWithIdentifier(
identifier,
configuration: configuration,
certificateChain: certificates,
nonce: nonce,
nonceSignature: nonceSignature,
delegate: self
)
}