> For the complete documentation index, see [llms.txt](https://docs.payments.thalescloud.io/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.payments.thalescloud.io/push-provisioning/get-started/push-provisioning-overview/quick-start-guide/apple-pay.md).

# Apple Pay

### Phase 1: Apple Onboarding

{% stepper %}
{% step %}

### Request special Entitlement and Whitelist from Apple

[**Request special Entitlement and Whitelist from Apple**](/push-provisioning/integrate-the-d1-sdk/getting-started/configuration/2.-onboarding/onboard-push-provisioning-for-wallets.md): The issuer must request the Entitlement and Whitelist for their application by sending the specific information to <apple-pay-provisioning@apple.com>.

{% hint style="info" %}
Along with the confirmation about granting the entitlement the issuers should receive from Apple a set of documents which should guide them in their application UX and functional design. It is essential to review those documents early in the project to avoid any rework of the issuer's integration.
{% endhint %}
{% endstep %}

{% step %}

### Configuring the Entitlement in Apple Developer Website

[**Configuring the Entitlement in Apple Developer Website**](/push-provisioning/integrate-the-d1-sdk/getting-started/configuration/2.-onboarding/onboard-push-provisioning-for-wallets.md): The issuer must configure Entitlement in Apple Developer Website to get aproval to use In-App Provisioning Service.
{% endstep %}

{% step %}

### Configuring the Entitlement in Xcode

[**Configuring the Entitlement in Xcode**](/push-provisioning/integrate-the-d1-sdk/getting-started/configuration/2.-onboarding/onboard-push-provisioning-for-wallets.md): The issuer must configure Entitlement in Xcode to declare that the app whants to use In-App Provisioning Service.
{% endstep %}

{% step %}

### TSP system configuration

Configure necessary settings on the TSP system according to [Apple Pay's requirements](/push-provisioning/integrate-the-d1-sdk/getting-started/configuration/2.-onboarding/onboard-push-provisioning-for-wallets.md), paying close attention to the associatedApplicationIdentifiers.
{% endstep %}
{% endstepper %}

### Phase 2: Thales D1 Backend Integration

{% stepper %}
{% step %}

### Onboarding

**Onboarding**: The Thales integrator provides the Thales D1 Onboarding Form to gather all necessary configuration parameters to connect to D1, including Connectivity, Keys, D1 Services Configuration, and Card Products.

{% hint style="info" %}
The issuers are required to open a project with TSP(s) (Visa/Mastercard) for their push provisioning integration projects. This activity is recommended to be initiated in parallel to the onboarding with Thales.
{% endhint %}
{% endstep %}

{% step %}

### Connectivity

[**Connectivity**](/push-provisioning/integrate-the-d1-api/set-up-tls-mutual-authentication.md): The APIs exposed by D1 require TLS mutual authentication for all API calls, necessitating explicit setup for both pre-production and production environments with a client certificate signed by Thales CA.
{% endstep %}

{% step %}

### Backend authorisation

[**Backend authorisation**](/push-provisioning/integrate-the-d1-api/get-oauth-2.0-access-token.md): Incoming D1 APIs are secured by OAuth JWT Bearer Credentials Flow, where your backend sends a signed JWT to obtain a D1 access token for accessing D1 APIs.
{% endstep %}

{% step %}

### Data encryption

[**Data encryption**](/push-provisioning/integrate-the-d1-api/encrypt-sensitive-data.md): Sensitive information exchanged with the D1 backend must be encrypted using the standard JWE format with specific algorithms and the recipient's EC public key.
{% endstep %}

{% step %}

### Consumer and Card Registration via API

[**Consumer**](/push-provisioning/get-started/manage-end-users.md) **and** [**Card**](/push-provisioning/get-started/manage-cards.md) **Registration via API**: As a prerequisite for most D1 services, you must register end users, accounts, and cards in D1 via backend-to-backend APIs using unique identifiers.
{% endstep %}

{% step %}

### Batch Registration

[**Batch Registration**](/push-provisioning/register-cards-via-batch-file/batch-file-overview.md): D1 offers a service to execute certain operations (such as consumer & card registration) in batch mode using batch files uploaded via SFTP.
{% endstep %}
{% endstepper %}

### Phase 3: Thales D1 SDK Integration

{% stepper %}
{% step %}

### Binary Integration

[**Binary Integration**](/push-provisioning/integrate-the-d1-sdk/getting-started/configuration/1.-binary-integration/ios.md): The issuer must integrate the D1 SDK binary into its application project.
{% endstep %}

{% step %}

### SDK Initialisation

[**SDK Initialisation**](/push-provisioning/integrate-the-d1-sdk/getting-started/configuration/3.-initialization/ios-initialization.md): The issuer app must initialize the D1 SDK before it could call its APIs.
{% endstep %}

{% step %}

### User Authentication

[**User Authentication**](/push-provisioning/integrate-the-d1-sdk/getting-started/configuration/5.-authentication/sdk-login.md): The issuer application must provide a proof of the end user authentication before it could consume D1 services.
{% endstep %}

{% step %}

### Check Card State in Apple Pay Wallet

[**Check Card State in Apple Pay Wallet**](/push-provisioning/implement-push-provisioning/implement-push-to-digital-wallets/get-the-card-digitization-state.md): The issuer app must check the card's digitization state in the Apple Pay wallet using the `d1Task.cardDigitizationState()` API to determine the next action.
{% endstep %}

{% step %}

### Pushing Card to Apple Pay Wallet

[**Pushing Card to Apple Pay Wallet**](/push-provisioning/implement-push-provisioning/implement-push-to-digital-wallets/push-to-the-digital-wallet.md): When the user taps "Add to Apple Pay", invoke the `d1Task.addDigitalCardToOEM()` API to tokenize the card.
{% endstep %}

{% step %}

### Apple Wallet Extensions

[**Apple Wallet Extensions**](/push-provisioning/implement-push-provisioning/implement-push-to-digital-wallets/apple-wallet-extension.md): Card issuers with an iOS mobile banking app must support Wallet Extensions to enable card issuer mobile app customers to provision new cards directly from the iOS Wallet app for all eligible Apple iOS devices.
{% endstep %}
{% endstepper %}

### Phase 4: Testing & Troubleshooting

{% stepper %}
{% step %}

### Apple Pay sandbox testing

The issuer is required to test their integration using first [Apple Pay sandbox mode](/push-provisioning/integrate-the-d1-sdk/getting-started/enviroments/push-provisioning-sandbox-testing.md).
{% endstep %}

{% step %}

### Error management and reporting

If issuers face [errors ](/push-provisioning/integrate-the-d1-sdk/troubleshooting/d1-sdk-error-management.md)in their tests they are required to first consult [common errors](/push-provisioning/integrate-the-d1-sdk/troubleshooting/push-provisioning-troubleshooting/ios.md) before [reporting the problem to Thales](/push-provisioning/integrate-the-d1-sdk/troubleshooting/report-issues.md).
{% endstep %}

{% step %}

### Production testing

Once issuers complete testing on Sandbox they should move to production environment and test there as well.
{% endstep %}
{% endstepper %}

### Phase 5: Certification & Launch

{% stepper %}
{% step %}

### E2E certification by independent lab

The issuers are required by Apple to get their application end-to-end certified by an independent certification lab, which the issuers need to contract and which will validate that all Apple's functional requirements are met.
{% endstep %}

{% step %}

### Submit app for App Store review

Once the E2E certification is complete the issuers could submit their final version of the app for review to the App Store.
{% endstep %}

{% step %}

### Plan go-live with Apple

After the final version of the app is approved by the App Store for publication the issuers could plan their go live date with Apple.
{% endstep %}
{% endstepper %}


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter:

```
GET https://docs.payments.thalescloud.io/push-provisioning/get-started/push-provisioning-overview/quick-start-guide/apple-pay.md?ask=<question>&goal=<endgoal>
```

`ask` is the immediate question: it should be specific, self-contained, and written in natural language.
`goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal.

The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.