Apple Pay H2H

[ { "title":"Testing", "link":"https://docs.solidgate.com/payments/testing/", "text":"Simulate payments to test your integration before launching in production.", "imgSrc":"https://solidgate.com/wp-content/uploads/2022/06/icon-customizable.svg" } , { "title":"Create your payment form", "link":"https://docs.solidgate.com/payments/integrate/payment-form/create-your-payment-form/", "text":"Understand how to integrate the payment form into your product.", "imgSrc":"https://solidgate.com/wp-content/uploads/2022/06/icon-payments.svg" } , { "title":"Billing", "link":"https://docs.solidgate.com/billing/", "text":"Smart billing solutions designed for diverse business models.", "imgSrc":"https://solidgate.com/wp-content/uploads/2022/06/icon-global.svg" } ]

Get in touch
Sign in
Apple Pay H2H
Decrypt and handle Apple Pay tokens for payments

Apple Pay allows customers to authenticate card payments using Touch ID or Face ID, eliminating the need to enter card and shipping details manually. It is available on all iOS devices equipped with a Secure Element, a certified chip that securely stores payment information. On macOS, users can authorize payments using an iPhone, Apple Watch, or a Mac with Touch ID.

When a payment request is made through an app or website, the Secure Element generates an encrypted Apple Pay token containing transaction details. This token allows you to handle decryption on your side or securely transfer transaction details to Solidgate.

Let Solidgate handle decryption
anchor

If you are not compliant with PCI DSS, you should use the Solidgate service to decrypt the token. Once the payment is initiated, you will receive a token either from your application or website, which you will need to include its payment data in the Apple Pay API payment request.

For this to work, you need:

Payment flow
anchor


  1. The customer initiates a payment by clicking the Apple Pay button on the checkout page.
  2. The merchant invokes the Apple Pay button, and Apple handles the user authorization.
  3. The Apple Pay Merchant Identity certificate authorizes requests to the Apple Pay API.
  4. If authorization is successful and the user confirms the payment, Apple Pay provides the merchant with encrypted card data.
  5. The merchant sends the encrypted payment data to Solidgate via the Apple Pay API request, setting is_decrypted: false or excluding is_decrypted to complete the payment.
  6. Solidgate uses the Apple Pay Payment Processing Certificate to decrypt the data and process the transaction.

For further information about payment parameters, refer to the Apple Pay API method.

Handle decryption on your side
anchor

If you are PCI DSS-compliant, you can decrypt Apple Pay tokens on your side. For that, you will also need to:

  • Have an Apple Pay developer account
  • Have a H2H integration
  • Follow Appleā€™s guidelines to decrypt the token

To decrypt Apple Pay tokens, follow the steps on the Apple developer portal. Please note that you need to verify the Apple Pay certificate before proceeding to token decryption.

Payment flow
anchor


  1. Use the publicKeyHash value to identify the merchant's public key used by Apple, and retrieve the corresponding public key certificate and private key.
  2. Restore the symmetric key necessary for decryption.
  3. Use the symmetric key to decrypt the data key value.
  4. Check that the payment has not already been credited by ensuring no payment with the same transactionId appears as processed.
  5. Confirm the original transaction details from the Apple Pay payment request.
  6. Send the payment data to Solidgate via the Apple Pay API by specifying is_decrypted: true .

The use of is_decrypted: true implies that the data sent is decrypted and this parameter defines the required fields in the request.

If is_decrypted: true , the request must:

  • include the decrypted_data object
  • specify type: auth
  • exclude data and signature

Additionally, the version parameter becomes optional, and the paymentData object depends on the paymentDataType value, which can be either:

  • 3DSecure : for transactions that use 3D Secure authentication.
  • EMV : for EMV chip-based transactions, which require emvData

Example with 3DSecure :

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17

{
  "is_decrypted": true,
  "decrypted_data": {
    "applicationPrimaryAccountNumber": "537421XXXXXX4037",
    "applicationExpirationDate": 270131,
    "currencyCode": 840,
    "transactionAmount": 499,
    "cardholderName": null,
    "deviceManufacturerIdentifier": "050110XXXXXX0273",
    "paymentDataType": "3DSecure",
    "paymentData": {
      "onlinePaymentCryptogram": "MDnQeplHdAB8AXLU5I",
      "eciIndicator": null
    },
    "type": "auth"
  }
}
Looking for help? Contact us
Stay informed with Changelog