Apple Pay
Get started
Sign In
Apple Pay
Apple Pay offers a secure and convenient payment option for iOS users

Apple Pay is a wallet app that allows customers to conveniently and securely make payments in iOS apps and on the web by adding their preferred payment method to their device. It is supported on iPhone, iPad, Mac, and Apple Watch. Users can add their credit and debit cards to the service, and then use it to make payments by authenticating purchases with Touch ID, Face ID, or a passcode.

Please be advised that the last 4 digits shown for Apple Pay transactions do not correspond to the credit card number used for payment. Instead, they originate from a device-specific Device Account Number (DPAN). Whenever a payment card is added to Apple Pay, the combination of that card and that device is given a unique DPAN. This number replaces the real card number within the Apple Pay wallet, enhancing its security measures. While viewing the complete DPAN is impossible due to Apple’s security protocols, the last 4 digits can help verify the Apple Pay wallet transactions.

When considering Apple Pay as a payment option, it is worth ensuring that you offer your products and services in a region Reference that supports Apple Pay.

Integration setup

To initiate the integration with Apple Pay for payment processing on the web, complete the following set of steps:

  1. Configure Apple Merchant ID
    Acquire an Apple Merchant ID by registering for a new identifier Website on the Apple Developer website. The Apple Merchant ID is a crucial component for securely processing payments through Apple Pay. Once obtained, it serves as a unique identifier for your merchant account within the Apple ecosystem, facilitating seamless and secure transactions.
  2. Create Payment processing certificate
    Once you have the merchant ID, create the Payment processing certificate that is linked to merchant ID and used for securing transaction data. For that, get a certificate signing request (.csr) file from Solidgate Support. Then follow the instructions for creating the certificate Reference in the Apple developer guide and use the Solidgate file for creating the signing request. When the certificate is created, download your Payment processing certificate (.cer file) and send it to Solidgate Support.
  3. Register and verify your domain
    Follow the Apple developer documentation to register Reference and verify Reference your merchant domain. Ensure that you register and verify all top-level domains and subdomains where you intend to display the Apple Pay button.
  4. Create Merchant identity certificate
    The identity certificate is required when merchants intend to process Apple Pay payments initiated from a web page. Apple verifies the ownership of the domain from which the payment originates. One identity certificate may be used to identify multiple domains. The steps for creating and exporting the certificate Reference are the same as for Payment processing certificate, differing only in the key size (2048 bits) and algorithm (RSA).
Please note that while the merchant ID never expires, the payment processing certificate, merchant identity certificate, and domain verification expire. Refer to Maintaining your environment Reference in Apple documentation for more details.

Complete the Apple Pay integration Reference into your checkout system ensuring its alignment with your existing transaction process and display the Apple Pay button Reference on your checkout interface.

For information about the Apple Pay configuration, please refer to the following resources:

The Apple Pay payment processing flow is the following:

  1. The customer clicks on the Apple Pay button and selects a payment method.
  2. Merchant captures the payment details from customers via Apple Pay.
  3. Merchant transmits this data to Solidgate using the Solidgate API reference.
  4. Solidgate processes the transaction.
  5. Upon successful processing, Solidgate sends a confirmation to the merchant, and the transaction status is displayed for the customer.
Please note that not all devices and browsers support Apple Pay.

Handling integration errors

While integrating Apple Pay into your website, store, or app, you may encounter an error after submitting a request or receiving a response for an Apple Pay payment. If you encounter an error, depending on its nature:

  • Verify if all parameters are added when connecting Apple Pay as a payment method.
  • In case of the Guide
    Processing error. Verify the merchant’s settings and configurations.
    error, verify your Guide
    Learn to authenticate API requests and fix validation errors effectively.
    API keys
    by navigating to HUB > Developers > Channels.
  • In case of the Guide
    The customer entered an incorrect card number.
    error, check the card and its expiration date.
  • If the domain is verified and the button appears, but the payment is cancelled automatically during biometric verification, ensure there is no unnecessary .txt file at https://[DOMAIN_NAME]/.well-known/apple-developer-merchantid-domain-association.txt. If present, delete this file to resolve the issue.
Please be informed that Apple Pay cannot be used within the sandbox environment.

You can test the Apple Pay payments when setting up the integration. If the outlined steps do not resolve the issue, please contact the Solidgate support team for further assistance. When contacting, share the details of the issue and the steps you have taken to resolve it.

Apple Pay guidelines

As a merchant seeking to integrate Apple Pay into your platform, it is crucial to follow the guidelines established by Apple to ensure compliance and deliver a seamless experience for your customers.

Liability shift

The concept of liability shift in the payment card industry is crucial for understanding the financial responsibility transfer in fraudulent transactions. This shift occurs when card issuers or payment processors take on the financial burden for fraudulent transactions approved despite the implementation of security measures like 3D Secure or EMV chip technology.

For merchants, this means a reduced risk of bearing the cost associated with chargebacks and related fees in case of fraud.

Apple Pay transactions using Mastercard, Discover, JCB, and American Express offer merchants liability protection similar to 3D Secure transactions. Merchants are commonly exempt from responsibility for unauthorized transactions made through Apple Pay, as the usage of tokenization protocols ensures the protection of cardholder details.

For Visa, Apple Pay supports liability shift only in Europe. In the case of Visa, the transfer of liability is applicable solely to the first transactions initiated by the customer (CITs). This protection is not extended to transactions initiated by the merchant (MITs) due to the absence of the cardholder during the on-session biometric authentication process.

To complete Apple Pay transactions, customers are required to employ Touch or Face ID for verification. While this authentication method aligns with the criteria for liability shift set by American Express, Discover, JCB, and Mastercard, it does not meet the security standards established by Visa.

Although this is a common practice, the issuers are not bound by these terms and can change the liability agreement at any time. Merchants are advised to consult with their acquiring bank or payment gateway provider to clarify the exact liability guidelines applicable to Apple Pay transactions.

Disabling CloudFlare SSL/TLS

Apple Pay currently does not support CloudFlare SSL/TLS.

Steps to Disable CloudFlare SSL/TLS:

  1. Access Cloudflare dashboard: Log in to your Cloudflare account and select your domain.
  2. Navigate to SSL/TLS settings: Go to the SSL/TLS section and then to Edge Certificates.
  3. Disable universal SSL: Choose the option to disable Universal SSL.

In the Acknowledgement and Confirmation process, it is important to carefully review the warnings presented in the Acknowledgement section. After understanding the implications, you should select the “I Understand” option. Following this, you need to confirm your choice by clicking on the “Confirm” button to complete the process. This step ensures that you are fully aware of the changes being made and their potential impact.

Remember to review and select an SSL certificate that aligns with Apple Pay's requirements after disabling Cloudflare's Universal SSL.