Skip to content

Wallet token decryption API (1.0.0)

This API enables you to decrypt Apple Pay and Google Pay payment tokens on your backend systems. The decryption service processes encrypted wallet tokens and returns the decrypted payment data, including card details, cryptograms, and authentication information necessary for transaction processing.

Use cases

You may want to decrypt wallet token payloads for several reasons:

  • Transaction processing: Extract the payment account number (PAN/DPAN) and cryptogram required to authorise transactions through payment processors.
  • Fraud detection and risk assessment: Access device identifiers, authentication data, and assurance details to perform custom fraud screening and risk analysis.
  • Compliance and audit requirements: Retrieve transaction amounts, currency codes, and authentication responses for regulatory reporting and record-keeping.
  • Custom payment workflows: Implement specialised payment logic, such as split payments, conditional routing, or multi-step authorisation processes.
  • Token vault integration: Store decrypted payment credentials in a secure token vault for recurring payments or subscription management.
  • 3D Secure processing: Access cryptograms and ECI indicators for transactions requiring additional authentication steps.
Download OpenAPI description
wallets.json
wallets.yaml
Languages
Servers
Production environment
https://api-services.pxp.io/api/v1
Sandbox environment
https://api-services.test.pxp.io/api/v1

Decrypt a wallet payment token

Request

Decrypts an encrypted payment token from Apple Pay or Google Pay. This endpoint allows you to process wallet payment tokens on your backend, extracting the necessary payment and authentication data required for transaction authorisation. The decryption process validates the token integrity and returns structured payment information specific to the wallet provider.

Path
walletstringrequired

The wallet provider type. Specify ApplePay for Apple Pay tokens or GooglePay for Google Pay tokens.

Enum"ApplePay""GooglePay"
Example: ApplePay
Bodyapplication/jsonrequired

The encrypted wallet token and associated site identifier.

tokenstringnon-emptyrequired

The encrypted payment token provided by the wallet provider (Apple Pay or Google Pay). This token contains the encrypted payment data that needs to be decrypted to process the transaction.

Example: "encrypted-token-string-here"
sitestring[ 1 .. 100 ] charactersrequired

Your unique site identifier, as assigned by PXP. This value is used to validate the decryption request against your configuration.

Example: "SITE-1"
curl -i -X POST \
  https://api-services.pxp.io/api/v1/wallets/ApplePay/decrypt-token \
  -H 'Content-Type: application/json' \
  -d '{
    "token": "eyJzaWduYXR1cmUiOiJNSUFHQ1NxR1NJYjNEUUVIQXFDQU1JQUNBUUV4RHpBTkJnbGdoa2dCWlFNRUFnRUZBRENBQmdrcWhraUc5dzBCQndFQUFLQ0FNSUlEV2pDQ0FrS2dBd0lCQWdJSWRrdXpHbmkzK0lBd0NnWUlLb1pJemowRUF3SXdlakV1TUMwR0ExVUVBd3dtUVhCd2JHVWdRWEJ3YkdsallYUnBiMjRnU1c1MFpXZHlZWFJwYjI0Z1EwRWdMU0JITXpFbU1DUUdBMVVFQ3d3ZFFYQndiR1VnUTJWeWRHbG1hV05oZEdsdmJpQkJkWFJvYjNKcGRIa3hFekFSQmdOVkJBb01Da0Z3Y0d4bElFbHVZeTR4Q3pBSkJnTlZCQVlUQWxWVE1CNFhEVEU1TURreU5USXhORFF4TmxvWERUSTBNRGt5TXpJeE5EUXhObG93WGpFeU1EQUdBMVVFQXd3cFFYQndiR1VnVUdGNWJXVnVkQ0JRY21samFXNW5JRk5sY25acFkyVnpJRTFsY21Ob1lXNTBJRWxFTVJNd0VRWURWUVFLREFwQmNIQnNaU0JKYm1NdU1Rc3dDUVlEVlFRR0V3SlZVekJaTUJNR0J5cUdTTTQ5QWdFR0NDcUdTTTQ5QXdFSEEwSUFCT09raUFCYzROY3Z5aU5oT3kwREFWc1A2SStGWk5KVjk2Z2VBa25nZGhtVUlGWGJOb1ltTlRQQ3VpM2s0SlNVOGJrU0VHUnFlbjl6a1h3Q3crVGMrQXpDamdnRlJNSUlCVFRBTUJnTlZIUk1CQWY4RUFqQUFNQjhHQTFVZEl3UVlNQmFBRkRjN2pIb0ppRGIzZHhlNmdoV09aWWFaNFo4Z01FY0dDQ3NHQVFVRkJ3RUJCRHN3T1RBM0JnZ3JCZ0VGQlFjd0FZWXJhSFIwY0RvdkwyOWpjM0F1WVhCd2JHVXVZMjl0TDI5amMzQXdNeTFoY0hCc1pXRnBZV05oTXpBeU1ERE1CSUdBMVVkSUFRTk1Bc3dDUVlIWTJGb1lXRkhNQkFHQ2lxR1NJYjNZMlFGQmdRQ0FnUUFNRFFHQTFVZEh3UXRNQ3N3S2FBbm9DV0dJMmgwZEhBNkx5OWpjbXd1WVhCd2JHVXVZMjl0TDJGd2NHeGxZV2xqWVRNdVkzSnNNQjBHQTFVZERnUVdCQlNIb1pUWnE5VnM0L3NKY2RhczJFbGJqb29Bb2pBT0JnTlZIUThCQWY4RUJBTUNCNEF3RHdZSktvWklodmRqWkFZZEJBSWZBQUFLQmdncWhrak9QUVFEQWdOSUFEQkZBaUF6U0tQUGxheWU3a0t3Q2RnTjdybjRIcStFenVSREZXTzdPR2RRMjBZZnp3SWhBTjlGaGd6Y01wOFJ4ZFQ4NWxPdk5kZnhGbXBCTzNGN1V2bE9jVm9LaEdTT01JSURMRENDQXErZ0F3SUJBZ0lJREZsUVAvcVdQYjR3Q2dZSUtvWkl6ajBFQXdJd2F6RXBNQ2NHQTFVRUF3d2dRWEJ3YkdVZ1FYQndiR2xqWVhScGIyNGdTVzUwWldkeVlYUnBiMjRnUTBFeEdqQVlCZ05WQkFzTUVVRndjR3hsSUVObGNuUnBabWxqWVhScGIyNHhFekFSQmdOVkJBb01Da0Z3Y0d4bElFbHVZeTR4Q3pBSkJnTlZCQVlUQWxWVE1CNFhEVEl3TURReE5qRXlOVEF6TmxvWERUSTFNRFF4TlRFeU5UQXpObG93ZWpFdU1Dd0dBMVVFQXd3bFFYQndiR1VnUVhCd2JHbGpZWFJwYjI0Z1NXNTBaV2R5WVhScGIyNGdRMEVnTFNCSE16RW1NQ1FHQTFVRUN3d2RRWEJ3YkdVZ1EyVnlkR2xtYVdOaGRHbHZiaUJCZFhSb2IzSnBkSGt4RXpBUkJnTlZCQW9NQ2tGd2NHeGxJRWx1WXk0eEN6QUpCZ05WQkFZVEFsVlRNRmt3RXdZSEtvWkl6ajBDQVFZSUtvWkl6ajBEQVFjRFFnQUU3NHU3ODFHekJJZUljUTU0cXJsV2JSQVJtbVU3RUI0bW50VjhkdFJYMzdPNXhmMWlFdHFLNDB5eGgyRFhtS0tNMjk3ME5ZT3hFdUxXVmQ3Z2lSNXh6QUtPQjh6Q0I4REFQQmdOVkhSTUJBZjhFQlRBREFRSC9NQjhHQTFVZEl3UVlNQmFBRkI4R0hhMHp3TURhVUxYWno4VWVTVFBmU1RuOE1FUUdDQ3NHQVFVRkJ3RUJCRGN3TlRBekJnZ3JCZ0VGQlFjd0FZWW5hSFIwY0RvdkwyOWpjM0F1WVhCd2JHVXVZMjl0TDI5amMzQXdNeTFoY0hCc1lXbGpZVE13TURNR0ExVWRId1FzTUNvd0tLQW1vQ1NHSW1oMGRIQTZMeTlqY214dVlYQndiR1V1WTI5dEwyRndjR3hsWVdsallTNWpjbXd3SFFZRFZSME9CQllFRkRjN2pIb0ppRGIzZHhlNmdoV09aWWFaNFo4Z01BNEdBMVVkRHdFQi93UUVBd0lCQmpBUUJnb3Foa2lHOTJOa0JnSUJCQUlGQURBS0JnZ3Foa2pPUFFRREFnTklBREJGQWlCZkgyZGlLTjc0NWVLb21rSUFKT2xYMmdLZ0RDRUE3QklVV0pFUTdUY0hiQUloQU1lTjdrMVU5TGpVcStWdmRKM0lQQzN3Z1lQOHRyeE51OXlVQWNMSlBNcUZyTUlJQ1BqQ0NBY09nQXdJQkFnSUJBVEFLQmdncWhrak9QUVFEQWpCbk1SczBZVFkRVkJBME1FRndjR3hsSUZKdmIzUWdRMEVnTFNCSEpERXBNQ2NHQTFVRUN3d2dRWEJ3YkdVZ1EyVnlkR2xtYVdOaGRHbHZiaUJCZFhSb2IzSnBkSGt4RXpBUkJnTlZCQW9NQ2tGd2NHeGxJRWx1WXk0eEN6QUpCZ05WQkFZVEFsVlRNQjRYRFRFME1EUXpNREU0TURrd05Gb1hEVE01TURRek1ERTRNRGt3TkZvd2F6RXBNQll3SzlBY0dBMVVFQXd3Z1FYQndiR1VnUVhCd2JHbGpZWFJwYjI0Z1NXNTBaV2R5WVhScGIyNGdRMEV4R2pBWUJnTlZCQXNNRVVGd2NHeGxJRU5sY25ScFptbGpZWFJwYjI0eEV6QVJCZ05WQkFvTUNrRndjR3hsSUVsdVl5NHhDekFKQmdOVkJBWVRBbFZUTUZrd0V3WUhLb1pJemowQ0FRWUlLb1pJemowREFRY0RRZ0FFOE5waDBlbjBwdjFYMFFqWVdsVGRtNWpMdG10bzJ3ZWIrc1crNmpCM1BBVERHRTE3Z2REUTNLZmxuY3dOWUJrY1RjcXE3bTFGeHdQRXJNcWlJZFRIZEtLTkNNRUF3SFFZRFZSME9CQllFRkI4R0hhMHp3TURhVUxYWno4VWVTVFBmU1RuOE1BOEdBMVVkRXdFQi93UUZNQU1CQWY4d0RnWURWUjBQQVFIL0JBUURBZ0VHTUFvR0NDcUdTTTQ5QkFNQ0EyZ0FNR1VDTVFDUi9xM0NnYjFIWDhxRW9KSzFrREhtekQrMGhRajk3WGZVd0xYSGlqcy9EdHorUmh4SFJjR2JOK2ZwT0psYzFjQ01CemhKOWNUc1BlYUFvdS9XcG5TVytPdTZkTzBvWU8zL0hIcUJDdHhlN05RQ1NWNFM3K0w4UVFjYld3VlBtVXNBPT0iLCJoZWFkZXIiOnsiZXBoZW1lcmFsUHVibGljS2V5IjoiTUZrd0V3WUhLb1pJemowQ0FRWUlLb1pJemowREFRY0RRZ0FFMkNCQ2tHZmdNWUVBTkgwRXVIcER1bUhqcHhKK1BSVVdETzNzL3pNV216bXZtcUhZZkNCZGJDeFo5RjJRd3RYa05YVTNUMHhqNUxyNjJBS3pqcHlCQT09IiwicHVibGljS2V5SGFzaCI6ImxKbWhTUktwZ1ZaN29yYmxNVnBybGRWTkFmVjJRY2o0OVpWc1BqeVJ0VlE9IiwidHJhbnNhY3Rpb25JZCI6IjI1NTEwZjMwMGQxOTk5NDhkOWI3YmFiYzk4MTI5ZGU2ODVkNjM5YjJjOWYyMjZjYmUxYmU2ZDkwZWUyYTdmNzAifSwiZGF0YSI6IjQ4ZEVHdU9sUHJJQTJUNkFWYnFUVGxkek8vRW95bWhDWjhhSXlzekQ2TkpqcW1ibWEzY1RXVTBzK3RFT0xpajdMZ1dpeEE3VzhVMUR2d2xtMEgvQTNKQWlENEVWK1FFS3lKNU80SDFSL2VrZVBLOVVWTWp0RHprbG1DUGoxWEpOV0pmQzFtUGNrdjcvUllwMmVaL0hJbXUxT29JcDdJN0JNN29rSkJaQlhxeGpTZlBhZ2JtaW1IQ0lSQUdPZ01RN0RGd2F0OGhDK3FhRmVkd01hN2J4QW5QMTJzTlN4dzZMNUZnLzNUTE9VV0pCSEw4Mjc0QXpjN3lsNlVBWk9ENmwyV21ZRmI1MEdVQ3RieGRxTmdyenhTL0lUUTUxL2lieFRqSGlsZlJSQ05RbHBRQzk1dUdYSnhPRXJpZm1GZy90U2YxWXpqRDJCZ0NEYnhkcVNIZk5qPSIsInZlcnNpb24iOiJFQ192MSJ9",
    "site": "SITE-1"
  }'

Responses

Successful decryption

Bodyapplication/json
One of:

The decrypted Apple Pay payment token containing all necessary payment and authentication data for processing the transaction.

decryptedAtstring(date-time)required

The timestamp when the token was decrypted, in ISO 8601 format with UTC timezone.

Example: "2025-10-09T04:44:37.7062965Z"
applicationPrimaryAccountNumberstring^[0-9]{13,19}$required

The device-specific account number (DPAN) or funding primary account number (FPAN) for the payment card. This number is used to process the transaction and may differ from the actual card number.

Example: "5204240492932939"
applicationExpirationDatestring^[0-9]{6}$required

The expiration date of the payment card, in YYMMDD format.

Example: "280930"
currencyCodestring^[0-9]{3}$required

The currency code for the transaction, in ISO 4217 format.

Example: "840"
transactionAmountnumber(decimal)>= 0required

The transaction amount in the smallest currency unit (e.g., cents for USD). For example, 2599 represents $25.99.

Example: 2599
cardholderNamestring or null

The name of the cardholder as it appears on the card. May be null if not provided by Apple Pay.

Example: "John Doe"
deviceManufacturerIdentifierstringrequired

A unique identifier for the device manufacturer, used for fraud detection and device verification.

Example: "050110030273"
paymentDataTypestringrequired

The type of payment data included in the token, indicating the authentication method used.

Enum"3DSecure""EMV"
Example: "3DSecure"
paymentDataobjectrequired

The payment cryptogram and additional authentication data required for transaction authorisation. This is a flexible object that may contain various properties depending on the payment data type.

paymentData.​onlinePaymentCryptogramstring

The cryptogram generated by the secure element for online payment authentication. This is used to verify the authenticity of the transaction.

Example: "APTMvCowhE0lATGzpcW9AoABFA=="
paymentData.​eciIndicatorstring

The Electronic Commerce Indicator (ECI) value for 3D Secure transactions.

Example: "7"
paymentData.​property name*anyadditional property
authenticationResponsesArray of objectsrequired

An array of authentication responses from various verification methods. May be empty if no additional authentication was performed.

authenticationResponses[].​merchantIdentifierstring or null

The merchant identifier associated with the authentication.

authenticationResponses[].​authenticationDatastring or null

Authentication data provided during the verification process.

authenticationResponses[].​transactionAmountstring or null

The transaction amount associated with this authentication response.

merchantTokenIdentifierstring or null

A unique identifier for merchant tokens, used when the payment is associated with a recurring or subscription payment.

Example: "MTK-1234567890"
merchantTokenMetadataobject or null

Additional metadata associated with the merchant token, used for recurring or subscription payments. Contains card artwork and metadata provided by the issuer.

siteIdstring<= 20 charactersrequired

The site identifier that was used for the decryption request.

Example: "SITE-1"
Response
application/json
{
  "decryptedAt": "2025-10-09T04:44:37.7062965Z",
  "applicationPrimaryAccountNumber": "5204240492932939",
  "applicationExpirationDate": "280930",
  "currencyCode": "840",
  "transactionAmount": 2599,
  "cardholderName": null,
  "deviceManufacturerIdentifier": "050110030273",
  "paymentDataType": "3DSecure",
  "paymentData": {
    "onlinePaymentCryptogram": "APTMvCowhE0lATGzpcW9AoABFA=="
  },
  "authenticationResponses": [],
  "merchantTokenIdentifier": null,
  "merchantTokenMetadata": null,
  "siteId": "SITE-1"
}
©2026 PXP. PXP Registered Office: The Corn Mill - 1 Roydon Road - Stanstead Abbotts - Hertfordshire - SG12 8XL - United Kingdom Phone +44 2038850598. PXP Financial is Authorised By The Financial Conduct Authority And Our Financial Services Register Number is 504318.