[
{
"title":"Testing",
"link":"https://docs.solidgate.com/payments/testing/",
"text":"Simulate payments to test your integration before launching in production.",
"imgSrc":"https://solidgate.com/wp-content/uploads/2022/06/icon-customizable.svg"
}
,
{
"title":"Create your payment form",
"link":"https://docs.solidgate.com/payments/integrate/payment-form/create-your-payment-form/",
"text":"Understand how to integrate the payment form into your product.",
"imgSrc":"https://solidgate.com/wp-content/uploads/2022/06/icon-payments.svg"
}
,
{
"title":"Subscriptions",
"link":"https://docs.solidgate.com/subscriptions/",
"text":"Create and maintain a stable and healthy business subscription model.",
"imgSrc":"https://solidgate.com/wp-content/uploads/2022/06/icon-global.svg"
}
]
Apple Pay offers a secure and convenient payment option for iOS users
Apple Pay is a wallet app that allows customers to conveniently and securely make payments in iOS apps and on the web by adding their preferred payment method to their device. It is supported on iPhone, iPad, Mac, and Apple Watch. Users can add their credit and debit cards to the service, and then use it to make payments by authenticating purchases with Touch ID, Face ID, or a passcode.
Please be advised that the last 4 digits shown for Apple Pay transactions do not correspond to the credit card number used for payment. Instead, they originate from a device-specific Device Account Number (DPAN).
Whenever a payment card is added to Apple Pay, the combination of that card and that device is given a unique DPAN. This number replaces the real card number within the Apple Pay wallet, enhancing its security measures.
While viewing the complete DPAN is impossible due to Apple’s security protocols, the last 4 digits can help verify the Apple Pay wallet transactions.
When considering Apple Pay as a payment option, it is worth ensuring that you offer your products and services in a
region
Reference
that supports Apple Pay.
Integration setup
To initiate the integration with Apple Pay for payment processing on the web, complete the following set of steps:
Configure Apple Merchant ID
Acquire an Apple Merchant ID by
registering for a new identifier
Reference
in the
Apple Developer
Website
settings. The Apple Merchant ID is a crucial component for securely processing payments through Apple Pay. Once obtained, it serves as a unique identifier for your merchant account within the Apple ecosystem for seamless and secure transactions.
Create Payment processing certificate
Once you have the merchant ID, create the Payment processing certificate that is linked to merchant ID and used for securing transaction data. For that, get a certificate signing request (.csr) file from Solidgate Support. Then follow the instructions for
creating the certificate
Reference
in the Apple developer guide and use the Solidgate file for creating the signing request. When the certificate is created, download your Payment processing certificate (.cer file) and send it to Solidgate Support.
Register and verify your domain
Follow the Apple developer documentation to
register
Reference
and
verify
Reference
your merchant domain. Ensure that you register and verify all top-level domains and subdomains where you intend to display the Apple Pay button.
Create Merchant identity certificate
The identity certificate is required when merchants intend to process Apple Pay payments initiated from a web page. Apple verifies the ownership of the domain from which the payment originates. One identity certificate may be used to identify multiple domains. The steps for
creating and exporting the certificate
Reference
are the same as for Payment processing certificate, differing only in the key size (2048 bits) and algorithm (RSA).
Please note that while the merchant ID never expires, the payment processing certificate, merchant identity certificate, and domain verification expire. Refer to
Maintaining your environment
Reference
in Apple documentation for more details.
While integrating Apple Pay into your website, store, or app, you may encounter an error after submitting a request or receiving a response for an Apple Pay payment. If you encounter an error, depending on its nature:
Verify if all parameters are added when connecting Apple Pay as a payment method.
Include all required fields from the Solidgate
Apple Pay
API
In case of the
Guide
Processing error. Verify the merchant’s settings and configurations.
5.04
error, verify your
Guide
Learn to authenticate API requests and fix validation errors effectively.
API keys
by navigating to HUB > Developers > Channels.
In case of the
Guide
The customer entered an incorrect card number.
2.08
error, check the card and its expiration date.
If the domain is verified and the button appears, but the payment is cancelled automatically during biometric verification, ensure there is no unnecessary .txt file at https://[DOMAIN_NAME]/.well-known/apple-developer-merchantid-domain-association.txt. If present, delete this file to resolve the issue.
Please be informed that Apple Pay cannot be used within the sandbox environment.
You can test the Apple Pay payments when setting up the integration. If the outlined steps do not resolve the issue, please contact the Solidgate support team for further assistance. When contacting, share the details of the issue and the steps you have taken to resolve it.
Apple Pay guidelines
As a merchant seeking to integrate Apple Pay into your platform, it is crucial to follow the guidelines established by Apple to ensure compliance and deliver a seamless experience for your customers.
The concept of liability shift in the payment card industry is crucial for understanding the financial responsibility transfer in fraudulent transactions. This shift occurs when card issuers or payment processors take on the financial burden for fraudulent transactions approved despite the implementation of security measures like 3D Secure or EMV chip technology.
For merchants, this means a reduced risk of bearing the cost associated with chargebacks and related fees in case of fraud.
Apple Pay transactions using Mastercard, Discover, JCB, and American Express offer merchants liability protection similar to 3D Secure transactions. Merchants are commonly exempt from responsibility for unauthorized transactions made through Apple Pay, as the usage of tokenization protocols ensures the protection of cardholder details.
For Visa, Apple Pay supports liability shift only in Europe. In the case of Visa, the transfer of liability is applicable solely to the first transactions initiated by the customer (CITs). This protection is not extended to transactions initiated by the merchant (MITs) due to the absence of the cardholder during the on-session biometric authentication process.
To complete Apple Pay transactions, customers are required to employ Touch or Face ID for verification. While this authentication method aligns with the criteria for liability shift set by American Express, Discover, JCB, and Mastercard, it does not meet the security standards established by Visa.
Although this is a common practice, the issuers are not bound by these terms and can change the liability agreement at any time.
Merchants are advised to consult with their acquiring bank or payment gateway provider to clarify the exact liability guidelines applicable to Apple Pay transactions.
Apple Pay currently does not support CloudFlare SSL/TLS.
Steps to Disable CloudFlare SSL/TLS:
Access Cloudflare dashboard: Log in to your Cloudflare account and select your domain.
Navigate to SSL/TLS settings: Go to the SSL/TLS section and then to Edge Certificates.
Disable universal SSL: Choose the option to disable Universal SSL.
In the Acknowledgement and Confirmation process, it is important to carefully review the warnings presented in the Acknowledgement section. After understanding the implications, you should select the “I Understand” option. Following this, you need to confirm your choice by clicking on the “Confirm” button to complete the process. This step ensures that you are fully aware of the changes being made and their potential impact.
Remember to review and select an SSL certificate that aligns with Apple Pay's requirements after disabling Cloudflare's Universal SSL.