Detailed flow

Step 1 → 2 : Partner server is ready to show the user the "Add to SPay UI". Partner server
registers to Save2Pay and gets a regId and welcomeUrl back. regId uniquely identifies this session and should be cached by partner server and used throughout the entire flow. welcomeUrl provides the UI to lead the user to add the card to SPay.

Step 3 : The partner server shows the Welcome UI on the browser, presumably in an iframe. The Welcome UI would show QR code as well as necessary instructions.

Step 4 : User launches SPay WA and scans the QR code displayed on the Welcome UI. If SPay WA was not installed, the instructions on Welcome UI would lead the user to download the app(if necessary), register Samsung Account and login into the SPay client.

Step 5 → 6 : The SPay WA QR scanner would attempt to invoke the URL embedded in the QRCode, more specifically the "initiate" request to Save2Pay server. The server verifies the payload and notifies partner server that the SPay WA is ready. Device specific information such as the device ID, wallet ID & user ID will also be sent. This step essentially links the Samsung account with the regId. The Welcome UI would also show a message indicating the linking is successful.

Step 7 → 8 : Partner server talks to the issuer to pre-provision the card and get encrypted

Step 9 : Partner server returns the issuerBlob in the notify response. The issuerBlob will be encrypted and can only be decrypted by the issuer server. The blob will also have device and wallet specific information so it can only be provisioned to the device that made the 'initiate' request. The exact format of the issuerBlob depends on the issuer.

Step 10 : The issuerBlob and additional information are returned to the device in the 'initiate' response.

Steps 11 → 16 : SPay WA would go through the normal tokenization flow to add the token into SPay using the issuerBlob.

Step 17 : SPay WA report to S2P server that the provision is completed for this regId.

Step 18 : S2P notifies partner server that provisioning is completed for this regId.

Data Types

Type JSON Type Format Description
String string Size: 2048
Boolean boolean
Object object
Enum string Pattern: [A-Za-z0-9_]{1,256 Values from a limited set are only allowed. Each field of type Enum will define the values allowed.
PhoneNumber string Pattern: [0-9+()-]+
UUID string Pattern: [a-zA-Z0-9-_]{26,128} Unique identifie
URL string Size: 2048 Must be an absolute URL defined by RFC 2396: Uniform Resource Identifiers (URI): Generic Syntax. Supported schemes - http, https
Timestamp number int64 - signed 64 bits Unix epoch time in milliseconds.
CountryCode string Size: 2 Unique identifie