> For the complete documentation index, see [llms.txt](https://docs.payments.thalescloud.io/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.payments.thalescloud.io/classic-push-provisioning/developer-guide/issuer-onboarding.md).

# Issuer onboarding

### TSH onboarding portal <a href="#tsh-onboarding-portal" id="tsh-onboarding-portal"></a>

The issuer can sign in to the [TSH Onboarding Portal (TOP)](https://portal.dbp.thalescloud.io/) using credentials provided by Thales.

After signing in, the issuer can:

* Download the certificate provided by Thales to [encrypt card data](/classic-push-provisioning/developer-guide/data-encryption-and-authentication/card-data-encryption-pkcs-7-format.md).
* Upload the issuer certificate that Thales uses to verify the issuer [authorization code](/classic-push-provisioning/developer-guide/data-encryption-and-authentication/authorization-code-jwt-format.md).

### Google Pay <a href="#google-pay" id="google-pay"></a>

For customers planning to integrate push provisioning to the Google Pay wallet, follow these steps.

#### Request Access to Google's Documentation <a href="#request-access-to-googles-documentation" id="request-access-to-googles-documentation"></a>

Google's [Android Push Provisioning API documentation](https://developers.google.com/pay/issuers/apis/push-provisioning/android) is not public. If the page loads for you, your Google account is already authorized to access it. Otherwise, sign in or [request access](https://developers.google.com/pay/issuers/request-access).

> <i class="fa-info-circle">:info-circle:</i>
>
> Note the following from the documentation:
>
> * The content is intended for **card issuing financial institutions that have a signed contract to integrate with Google Pay**.
> * Partners must use a **Google Account** associated with their **corporate email address** rather than a personal account. Personal email accounts (i.e. gmail, yahoo, msn, etc.) cannot be associated with an NDA and therefore will not be given access.

#### Request Application Access to Push Provisioning API <a href="#request-application-access-to-push-provisioning-api" id="request-application-access-to-push-provisioning-api"></a>

Application developers must [request access](https://developers.google.com/pay/issuers/apis/push-provisioning/android/allowlist) before their application can use Google's push provisioning API and, therefore, Thales' Push Provisioning service.

Google grants access based on the app package name and its fingerprint. App developers must register these fields by submitting a [Push Provisioning API Access Request form](https://support.google.com/faqs/contact/pp_api_allowlist).

This step is especially important for internal and test builds of the application.

> <i class="fa-info-circle">:info-circle:</i>
>
> Problems getting access to the Push Provisioning API typically lead to an error reported by the Push Provisioning SDK: `Google Pay Unavailable` during the [configuration step](/classic-push-provisioning/developer-guide/sdk-configuration/android.md).
>
> If this happens, review the app package name and fingerprint against the values submitted in the form.

#### Best Practices & Branding Guidelines <a href="#best-practices--branding-guidelines" id="best-practices--branding-guidelines"></a>

Developers should review the [best practices guide](https://developers.google.com/pay/issuers/apis/push-provisioning/android/best-practices), which covers general integration recommendations for provisioning cards into Google Pay.

Developers must also follow [Google's branding guidelines](https://developers.google.com/pay/issuers/apis/push-provisioning/android/branding-guidelines), which define, for example, the style of the "Add to Google Pay" button.

#### TSP Configuration <a href="#tsp-configuration" id="tsp-configuration"></a>

The issuer must configure certain settings in the TSP system to comply with Google Pay requirements. These include:

* Terms of Service
* Card metadata, including card art

For details, review [Google's guide on TSP configuration](https://developers.google.com/pay/issuers/tsp-integration/tsp-config).

> <i class="fa-exclamation-circle">:exclamation-circle:</i>
>
> A common issue is that issuers misconfigure the application package name in the TSP system, as explained in the [Common issues with metadata](https://developers.google.com/pay/issuers/tsp-integration/tsp-config) section of Google's guide.
>
> This issue most commonly results in the app being unable to read the [card digitization state](/classic-push-provisioning/use-cases/push-provisioning-to-xpay-wallets/android.md) from the Google Pay wallet.

#### Google Pay Launch Process <a href="#google-pay-launch-process" id="google-pay-launch-process"></a>

Before the application can be deployed to the Google Play Store, the development team must pass several review and testing steps with Google. These activities are described in [Google's launch process](https://developers.google.com/pay/issuers/apis/push-provisioning/android/launch-process).

### Samsung Pay <a href="#samsung-pay" id="samsung-pay"></a>

For Samsung Pay, set the following configurations before integrating the Push Provisioning SDK into your mobile application.

* Register your mobile application.
  * Go to [Samsung Pay Developers](https://pay.samsung.com/developers/signup) and create an account.
  * Follow the [Getting Started](https://pay.samsung.com/developers/tour/memberguide) guide to onboard as a Samsung Pay developer.
* **Service ID** -

  You can create the Service ID in the Samsung Developer portal. The Service ID combines `Application` and [`CSR`](https://info.ssl.com/what-is-a-csr/), or other parameters that identify the partner application.

  For more information, refer to [Samsung Developers Guide](https://pay.samsung.com/developers/tour/svcguide) on Service Creation.

  Pass the Service ID to the `Config` class when configuring the Push Provisioning SDK. An example Service ID is shown below:

```
Service 1 = <com.issuer.walletapp, CSR1_US>
```

* > <i class="fa-info-circle">:info-circle:</i>
  >
  > #### Note <a href="#note" id="note"></a>
  >
  > For issuers using Visa and Mastercard tokenization (that is, VTS or MDES), a CSR is not required.
* **Debug API Key** -

  This data verifies the application when it interacts with the Samsung Pay application. You can retrieve a Debug API key by registering a new service in the Samsung Pay Developers portal. Note the following about the Debug API key:

  * It is valid for only 3 months and may be changed at the discretion of Samsung.
  * The value may be revoked by Samsung for unresolved issues caused by the application.
  * The application is able to request an additional Debug API key after 90 days.
  * The total number of devices that can use the key is unlimited. However, a partner is limited to ten Samsung accounts for testing before Samsung certification.
  * The application should not display this value in the debug log.
  * It is to be removed in the release configuration.

  The following snippet shows how to add the Debug API key to the `AndroidManifest.xml` file:

```xml
<application
    ......
    <meta-data android:name="spay_debug_api_key" 
              android:value="qwertyuiop1234567" />
    ......
</application>
```

For details, refer to the [SDK configuration guide](/classic-push-provisioning/developer-guide/sdk-configuration/android.md).


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.payments.thalescloud.io/classic-push-provisioning/developer-guide/issuer-onboarding.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.