Guides
Start typing to search…

Embedded Partner Web Applications

The mCards platform supports integrations where external partners provide web-based applications that are launched directly from the mCards mobile app. These applications are used to onboard cardholders with partner services while preserving a seamless, secure user experience.

This guide describes the Embedded Partner Web Application pattern, which is used in two areas of the mCards platform:

  • Feature onboarding
  • Payment gateway onboarding

What Is an Embedded Partner Web Application?

An Embedded Partner Web Application is a partner-hosted web app that is displayed to the cardholder inside the mCards mobile app, typically using a secure webview.

In this pattern:

  • The partner hosts and operates the web application
  • The mCards mobile app navigates the cardholder to the partner application
  • The partner application is responsible for:
    • Cardholder onboarding
    • Partner-specific setup and configuration
  • mCards provides a secure user context to the partner application at launch time

This pattern allows partners to control their onboarding experience without embedding partner-specific logic directly into the mCards mobile app.

Where Embedded Partner Web Applications Are Used

Embedded Partner Web Applications are currently used in two specific areas of the mCards platform.

Feature Onboarding

Feature providers use embedded web applications to onboard cardholders when a feature is enabled from within the mCards mobile app.

In this flow:

  • The cardholder selects a feature in the mCards app
  • The app launches the feature provider’s onboarding web application
  • The feature provider uses the provided user context to:
    • Identify the cardholder
    • Complete feature enrollment

This integration uses the Feature SSO Token, which is described in a separate guide.

Payment Gateway Onboarding

Payment gateway providers use embedded web applications to onboard cardholders and create payment accounts that can be used during transaction processing.

In this flow:

  • The cardholder chooses to add a payment method
  • The mCards mobile app launches the payment gateway’s onboarding web application
  • The payment gateway uses the provided user context to:
    • Identify the cardholder
    • Collect required information
    • Create payment accounts

This integration uses the Payments User Token and is tightly coupled with the Payments API and Webhooks API.

High-Level Flow

At a high level, the embedded onboarding flow follows this sequence:

  1. A cardholder initiates an onboarding action in the mCards mobile app
    (for example, enabling a feature or adding a payment method)

  2. The mCards mobile app navigates to the partner’s onboarding web application

  3. mCards provides a secure token to the partner application at launch time

  4. The partner application:

    • Validates the token
    • Identifies the cardholder and context
    • Guides the cardholder through onboarding

  5. Onboarding completes and the cardholder returns to the mCards mobile app

While the details differ between features and payment gateways, the underlying pattern is consistent.

Responsibilities

Embedded Partner Web Applications introduce clear responsibility boundaries.

mCards Responsibilities

  • Launch the partner onboarding application at the appropriate time
  • Provide a secure, signed token representing the cardholder and context
  • Ensure navigation occurs within a trusted mobile experience

Partner Responsibilities

  • Host and secure the onboarding web application
  • Validate the token provided by mCards
  • Protect cardholder data and session state
  • Implement onboarding logic

mCards does not host or operate partner web applications, and partners do not have access to mCards mobile app internals.

Relationship to APIs

Embedded Partner Web Applications are part of user onboarding, not system-to-system integration.

  • APIs are used for backend integration and transaction processing
  • Embedded web applications are used when cardholder interaction is required

For example:

  • A payment gateway uses:
    • An embedded onboarding web application for cardholder setup
    • The Payments API and Webhooks API for transaction authorization and processing

Keeping these responsibilities separate helps ensure clean, maintainable integrations.

Related Guides

To continue learning about embedded partner onboarding, see:

  • Tokens for Embedded Web Applications
    Explains how mCards securely provides user context to partner onboarding apps.

  • Feature SSO Token
    Describes the token used for feature onboarding.

  • Payments User Token
    Describes the token used for payment gateway onboarding.

Next step

Next, read Tokens for Embedded Web Applications to understand how user context is securely passed to partner onboarding applications.

Updated about 2 months ago