Step 1 → 2 : Partner server is ready to show the user the "Add to SPay UI". Partner server
registers to Save2Pay and gets a regId and welcomeUrl back. regId uniquely identifies this session and should be cached by partner server and used throughout the entire flow. welcomeUrl provides the UI to lead the user to add the card to SPay.
Step 3 : The partner server shows the Welcome UI on the browser, presumably in an iframe. The Welcome UI would show QR code as well as necessary instructions.
Step 4 : User launches SPay WA and scans the QR code displayed on the Welcome UI. If SPay WA was not installed, the instructions on Welcome UI would lead the user to download the app(if necessary), register Samsung Account and login into the SPay client.
Step 5 → 6 : The SPay WA QR scanner would attempt to invoke the URL embedded in the QRCode, more specifically the "initiate" request to Save2Pay server. The server verifies the payload and notifies partner server that the SPay WA is ready. Device specific information such as the device ID, wallet ID & user ID will also be sent. This step essentially links the Samsung account with the regId. The Welcome UI would also show a message indicating the linking is successful.
Step 7 → 8 : Partner server talks to the issuer to pre-provision the card and get encrypted
issuerBlob.
Step 9 : Partner server returns the issuerBlob in the notify response. The issuerBlob will be encrypted and can only be decrypted by the issuer server. The blob will also have device and wallet specific information so it can only be provisioned to the device that made the 'initiate' request. The exact format of the issuerBlob depends on the issuer.
Step 10 : The issuerBlob and additional information are returned to the device in the 'initiate' response.
Steps 11 → 16 : SPay WA would go through the normal tokenization flow to add the token into SPay using the issuerBlob.
Step 17 : SPay WA report to S2P server that the provision is completed for this regId.
Step 18 : S2P notifies partner server that provisioning is completed for this regId.
Data Types
Type
JSON Type
Format
Description
String
string
Size: 2048
Boolean
boolean
Object
object
Enum
string
Pattern: [A-Za-z0-9_]{1,256
Values from a limited set are only allowed. Each field of type Enum will define the values allowed.
PhoneNumber
string
Pattern: [0-9+()-]+
UUID
string
Pattern: [a-zA-Z0-9-_]{26,128}
Unique identifie
URL
string
Size: 2048
Must be an absolute URL defined by RFC 2396: Uniform Resource Identifiers (URI): Generic Syntax. Supported schemes - http, https
Timestamp
number
int64 - signed 64 bits
Unix epoch time in milliseconds.
CountryCode
string
Size: 2
Unique identifie
Manage Your Cookies
We use cookies to improve your experience on our website and to show you relevant
advertising. Manage you settings for our cookies below.
Essential Cookies
These cookies are essential as they enable you to move around the website. This
category cannot be disabled.
Company
Domain
Samsung Electronics
.samsungdeveloperconference.com
Analytical/Performance Cookies
These cookies collect information about how you use our website. for example which
pages you visit most often. All information these cookies collect is used to improve
how the website works.
Company
Domain
LinkedIn
.linkedin.com
Meta (formerly Facebook)
.samsungdeveloperconference.com
Google Inc.
.samsungdeveloperconference.com
Functionality Cookies
These cookies allow our website to remember choices you make (such as your user name, language or the region your are in) and
tailor the website to provide enhanced features and content for you.
Company
Domain
LinkedIn
.ads.linkedin.com, .linkedin.com
Advertising Cookies
These cookies gather information about your browser habits. They remember that
you've visited our website and share this information with other organizations such
as advertisers.
Company
Domain
LinkedIn
.linkedin.com
Meta (formerly Facebook)
.samsungdeveloperconference.com
Google Inc.
.samsungdeveloperconference.com
Preferences Submitted
You have successfully updated your cookie preferences.
