> ## Documentation Index
> Fetch the complete documentation index at: https://docs.reap.global/llms.txt
> Use this file to discover all available pages before exploring further.

# Overview

> Add cards to Apple Pay and Google Pay through tokenization.

Cardholders can add their cards to a mobile wallet like Apple Pay or Google Pay and pay with their phone or watch. This page explains how that works and the two ways a card gets into a wallet.

***

## Tokenization

When a card is added to a wallet, the wallet does not store the real card number. Instead the card details (number, expiry, CVV) are replaced with a unique token that is specific to that card on that device. Payments made from the wallet use the token, not the card number.

A few consequences worth knowing:

* Each token represents one card on one device. The same card added to a phone and a watch produces two separate tokens.
* The real card number is never exposed to the merchant or stored on the device.

Tokens are managed by the wallet and the card networks, not through the Reap API.

***

## Provisioning

Provisioning is the act of adding a card to a wallet. There are two ways to do it.

| Method                                                            | How the card gets in                                                 | Integration work                                          |
| ----------------------------------------------------------------- | -------------------------------------------------------------------- | --------------------------------------------------------- |
| [Manual provisioning](/cards/digital-wallets/manual-provisioning) | The cardholder opens their wallet app and types in the card details. | None. Works for every program.                            |
| [Push provisioning](/cards/digital-wallets/push-provisioning)     | The cardholder taps an "Add to Wallet" button inside your app.       | Build the button and a backend call. Requires onboarding. |

The two methods are not exclusive. Manual provisioning always works, so most programs offer it even when they also build push provisioning for the smoother in-app flow.

***

## Identity verification

During provisioning the wallet provider usually asks the cardholder to verify the card with a one-time passcode (OTP). This is the same regardless of which provisioning method is used.

The cardholder chooses whether to receive the passcode by email or SMS. Reap sends it automatically to the `email` or `phoneNumber` on the [user record](/api-reference/users/create-user). Keep both accurate, since you cannot know in advance which one the cardholder will pick. Update them with [Update user email address](/api-reference/users/update-user-email) or [Update user phone number](/api-reference/users/update-user-phone) if they change.

If the cardholder chooses to receive the passcode by SMS and you want a fallback channel (for example, to show the code in your app when the SMS is slow to arrive), subscribe to the [`CARD_TOKENIZATION_REQUESTED`](/api-reference/card-tokenization-requested) webhook. It delivers the SMS passcode as soon as verification is requested. The code is short-lived, so pass it to the cardholder right away.

<Note>
  Email is more reliable than SMS for OTP delivery. Encourage cardholders to choose email when the wallet app offers a choice.
</Note>
