> ## Documentation Index
> Fetch the complete documentation index at: https://docs.reap.global/llms.txt
> Use this file to discover all available pages before exploring further.

# Push Provisioning

> Add a card to a wallet with one tap from your app.

Push provisioning lets a cardholder add their card to a wallet by tapping an "Add to Wallet" button inside your app. There is no manual entry of card details. Your app requests a provisioning credential from Reap, hands it to the wallet SDK, and the card is tokenized.

<Note>
  Push provisioning currently supports **Google Pay**. Apple Pay push provisioning is not supported. Manual entry remains available for both wallets through [manual provisioning](/cards/digital-wallets/manual-provisioning).
</Note>

***

## Before you start

Push provisioning has to be registered and approved before you can offer it. Reap requires you to:

* Tell your Reap account manager you intend to offer push provisioning, and complete Reap's registration to obtain approval.
* Request access to Google's device tokenization documentation and sign Google's non-disclosure agreement.

Your account manager guides you through these steps. They involve Google, so start early.

Manual provisioning has no such requirement, so you can ship that first and add the in-app button once approval is in place.

***

## How it works

```mermaid theme={null}
sequenceDiagram
  participant Cardholder
  participant App as Your app
  participant Backend as Your backend
  participant Reap
  participant Wallet as Google Pay

  Cardholder->>App: Taps "Add to Google Pay"
  App->>Backend: Card ID + device context
  Backend->>Reap: POST /cards/:id/push-provisioning
  Reap->>Backend: Provisioning credential
  Backend->>App: Provisioning credential
  App->>Wallet: Hand credential to the wallet SDK
  Wallet->>Cardholder: Card added (verify if prompted)
```

<Steps>
  <Step title="Read the device context">
    On the device, use the Google Pay SDK to read the active wallet ID (`getActiveWalletId()`) and the stable hardware ID (`getStableHardwareId()`). Send these to your backend along with the card ID.
  </Step>

  <Step title="Request the credential">
    From your backend, call [Generate push provisioning credentials](/api-reference/cards/push-provision-card) with `provider: GOOGLE_PAY` and the two device values as `walletAccountId` and `deviceId`.

    The response returns `opc`, the credential to pass to the wallet SDK, and `last4`, the last four digits of the card number. Each call returns a fresh credential, so request one per provisioning attempt rather than caching it.
  </Step>

  <Step title="Hand the credential to the wallet">
    Pass the `opc` and `last4` to the Google Pay push tokenization request in your app. The wallet SDK takes over from here.
  </Step>

  <Step title="Verify if prompted">
    The wallet provider may ask the cardholder to confirm the card with a one-time passcode. Reap delivers it automatically. See [Identity verification](/cards/digital-wallets/overview#identity-verification).
  </Step>
</Steps>

<Warning>
  Generate the provisioning credential on your backend, never on the device, and do not store it. Request a fresh one for each provisioning attempt.
</Warning>

***

## Google provisioning flow support

Reap currently supports Google's standard push provisioning flow, where the credential is used to create a device token. Google's newer Unified Android Push Provisioning (UAPP) is not yet supported. Build your Android integration against the standard flow for now.

Support for UAPP is planned. When it is added, the existing flow keeps working.

***

## Next steps

* Offer [manual provisioning](/cards/digital-wallets/manual-provisioning) as well, so cardholders can always add their card even outside your app.
* Keep each cardholder's contact details accurate so the verification passcode reaches them. See [Identity verification](/cards/digital-wallets/overview#identity-verification).
