To verify their payment card in the Samsung Wallet application, the user must accept the terms and conditions, after which Samsung Wallet initiates token provision through the Samsung Token Requestor (TR) from the Trust Service Provider (TSP). The TSP provides Samsung Wallet with the available ID&V methods and the data needed to perform user verification through your application.
When the user selects “Open banking app” in Samsung Wallet, an Android activity launches your application through an intent. The intent contains information from the TSP server.
You can implement app-to-app ID&V support in your banking application in 2 ways:
Token activation through bank server
After user verification, the token is activated through your bank’s backend and TSP APIs.
Token activation through Samsung Wallet application
After user verification, your bank server returns an authorization code to Samsung Wallet, which is used to activate the token the Samsung TR and TSP.
The following figure shows the app-to-app ID&V process flow.
Launch the application
To launch your application, the Samsung Wallet application calls the startActivityForResult() method, providing the following intent data from the TSP server:
Package name of your application
Intent action, whose specific name depends on the TSP
Additional data in the Intent.EXTRA_TEXT key, depending on the card type:
Mastercard: A Base64-encoded JSON object with the following elements: paymentAppProviderId, paymentAppInstanceId, tokenUniqueReference, accountPanSuffix, and accountExpiry
Visa: An encrypted JSON payload including PAN ID, TR ID, token reference ID, last 4 digits of PAN, device ID, and wallet account ID
Intent data is generated with the getApp2AppIntent() method in the Samsung Wallet application:
public Intent getApp2AppIntent() {
Intent app2appIntent = new Intent();
app2appIntent.setPackage(packageName);
app2appIntent.setAction(action);
if(!TextUtils.isEmpty(extraText)) {
app2appIntent.putExtra(Intent.EXTRA_TEXT, extraText);
}
return intent;
}
Note: For information about the data in the Intent.EXTRA_TEXT key, refer to the card network’s own specifications. The Samsung Wallet application only transfers the data to your application for handling.
Process the ID&V request
To enable your application to handle the intent data transmitted from the Samsung Wallet application, in your “AndroidManifest.xml” file, define an activity with the intent action used by the TSP:
When your application is called by Samsung Wallet, start the activity to process the ID&V request. The data passed by the intent can be processed through your backend server along with other data that the application already has, such as user and account information.
If user verification is successful, you can activate the token by calling the TSP API.
Return to Samsung Wallet
After the user has completed verification, your application must direct the user back to Samsung Wallet using the Activity.setResult(resultCode, resultIntent) method.
If the value of resultCode is RESULT_OK, the resultIntent object must contain extra bundle data.
The STEP_UP_RESPONSE key must have one of the following values depending on the scenario:
Intent result = new Intent();
// Authentication successful
result.putExtra("STEP_UP_RESPONSE", "accepted");
// Authentication failed; do not add the user’s card
result.putExtra("STEP_UP_RESPONSE", "declined");
// Authentication failed; allow user to retry or select another ID&V method
result.putExtra("STEP_UP_RESPONSE", "failure");
// Authentication failed because the application was not ready
result.putExtra("STEP_UP_RESPONSE", "appNotReady");
activity.setResult(RESULT_OK, result);
To use an authentication code to activate the token in Samsung Wallet, you must also include the ACTIVATION_CODE key-value:
Intent result = new Intent();
result.putExtra("STEP_UP_RESPONSE", "accepted");
result.putExtra("ACTIVATION_CODE", authCode);
activity.setResult(RESULT_OK, result);
Otherwise, the value of resultCode is RESULT_CANCEL, when the user has canceled the operation:
Intent result = new Intent();
activity.setResult(RESULT_CANCEL);
Manage Your Cookies
We use cookies to improve your experience on our website and to show you relevant
advertising. Manage you settings for our cookies below.
Essential Cookies
These cookies are essential as they enable you to move around the website. This
category cannot be disabled.
Company
Domain
Samsung Electronics
.samsungdeveloperconference.com
Analytical/Performance Cookies
These cookies collect information about how you use our website. for example which
pages you visit most often. All information these cookies collect is used to improve
how the website works.
Company
Domain
LinkedIn
.linkedin.com
Meta (formerly Facebook)
.samsungdeveloperconference.com
Google Inc.
.samsungdeveloperconference.com
Functionality Cookies
These cookies allow our website to remember choices you make (such as your user name, language or the region your are in) and
tailor the website to provide enhanced features and content for you.
Company
Domain
LinkedIn
.ads.linkedin.com, .linkedin.com
Advertising Cookies
These cookies gather information about your browser habits. They remember that
you've visited our website and share this information with other organizations such
as advertisers.
Company
Domain
LinkedIn
.linkedin.com
Meta (formerly Facebook)
.samsungdeveloperconference.com
Google Inc.
.samsungdeveloperconference.com
Preferences Submitted
You have successfully updated your cookie preferences.