Guides
Log into Sandbox

Setup for Push Provisioning

Suggest Edits

This guide describes developer implementation for in-app and web push provisioning. This procedure is not valid for instant-issue cards, which must use manual provisioning. For general information, see Mobile wallet support in Choose a Card Strategy.

🚧

Important

Before you start this procedure, you must set up manual provisioning and be live in Production.

Contact wallet providers

For both in-app and web provisioning, you must integrate with the mobile wallet provider’s SDK to allow your users to provision cards and credentials directly to their devices.

To get started, contact the wallet providers to request access to their developer portals and obtain the relevant wallet interface documentation:

Once access has been granted, your developers can also reach out to the wallet provider with any inquiries.

Push-provisioning methods

Select a push-provisioning method:

In-app provisioning

With in-app provisioning, the cardholder requests that a card in your program be added to a mobile wallet using a control in your mobile app.

In-app provisioning workflow

The in-app provisioning process involves these entities:

  • The cardholder's mobile wallet
  • The card network
  • The mobile wallet provider
  • Your mobile app interface
  • Galileo (and you, if you are using the Auth API)

This is the workflow when you push-provision cards to mobile wallets from your app:

  1. The cardholder requests a tokenized card in your mobile app.
  2. You send a provisioning request to the mobile wallet provider.
  3. The wallet provider returns certificates, keys, and other data.
  4. You send a Create Provisioning Request call to Galileo with the data supplied by the wallet provider. Follow the instructions in the Creating a Provisioning Request guide.
  5. Galileo encrypts the payload and returns the response to you.
  6. You create a tokenization request with the encrypted payload and send it to the wallet provider via its SDK.
  7. The wallet provider decrypts the payload and verifies whether the tokenization request is valid.
  8. Because the cardholder's identity has already been verified in your app, there are no red, yellow, or green-path checks. All provisioning attempts are by-definition on the green path.
  9. The card network creates the card token and sends it to the wallet provider.
  10. The wallet provider activates the token to provision the card to the wallet.

Web provisioning

You should have already contacted the wallet providers as an initial step. When doing web provisioning, you must perform additional steps for Apple Pay:

  • Contact Apple at [email protected] to request access to the Apple Business Register.
    • It generally takes 7–10 business days for Apple to review and approve the request. This is a one-time registration.
    • Once enrolled, you’ll gain access to detailed implementation guides and API reference documentation for your integration with Apple Pay.

Web provisioning workflow

The web push-provisioning process involves these entities:

  • The cardholder's mobile wallet
  • The card network
  • The mobile wallet provider
  • Your website
  • Galileo (and you, if you are using the Auth API)

Web provisioning follows the same general workflow as in-app, with the expectation that Galileo is responsible for the certificate validation and encryption during card provisioning.

Updated 17 days ago

© Galileo Financial Technologies, LLC 2025    Privacy Disclosure

All documentation, including but not limited to text, graphics, images, and any other content, are the exclusive property of Galileo Financial Technologies, LLC and are protected by copyright laws. These materials may not be reproduced, distributed, transmitted, displayed, or otherwise used without the prior written permission of Galileo Financial Technologies, LLC. Any unauthorized use or reproduction of these materials are expressly prohibited.