[
{
"title":"Testing",
"link":"https://docs.solidgate.com/payments/testing/",
"text":"Simulate payments to test your integration before launching in production.",
"imgSrc":"https://solidgate.com/wp-content/uploads/2022/06/icon-customizable.svg"
}
,
{
"title":"Create your payment form",
"link":"https://docs.solidgate.com/payments/integrate/payment-form/create-your-payment-form/",
"text":"Understand how to integrate the payment form into your product.",
"imgSrc":"https://solidgate.com/wp-content/uploads/2022/06/icon-payments.svg"
}
,
{
"title":"Billing",
"link":"https://docs.solidgate.com/billing/",
"text":"Smart billing solutions designed for diverse business models.",
"imgSrc":"https://solidgate.com/wp-content/uploads/2022/06/icon-global.svg"
}
]
Apple Pay allows customers to authenticate card payments using Touch ID or Face ID, eliminating the need to enter card and shipping details manually. It is available on all iOS devices equipped with a Secure Element, a certified chip that securely stores payment information. On macOS, users can authorize payments using an iPhone, Apple Watch, or a Mac with Touch ID.
When a payment request is made through an app or website, the Secure Element generates an encrypted Apple Pay token containing transaction details. This token allows you to handle decryption on your side or securely transfer transaction details to Solidgate.
Let Solidgate handle decryption
If you are not compliant with PCI DSS, you should use the Solidgate service to decrypt the token.
Once the payment is initiated, you will receive a token either from your application or website, which you will need to include its payment data in the
Apple Pay
API
payment request.
The customer initiates a payment by clicking the Apple Pay button on the checkout page.
The merchant invokes the Apple Pay button, and Apple handles the user authorization.
The Apple Pay Merchant Identity certificate authorizes requests to the Apple Pay API.
If authorization is successful and the user confirms the payment, Apple Pay provides the merchant with encrypted card data.
The merchant sends the encrypted payment data to Solidgate via the
Apple Pay
API
request, setting is_decrypted:
false
or excluding is_decrypted to complete the payment.
Solidgate uses the Apple Pay Payment Processing Certificate to decrypt the data and process the transaction.
For further information about payment parameters, refer to the
Apple Pay
API
method.
Handle decryption on your side
If you are PCI DSS-compliant, you can decrypt Apple Pay tokens on your side. For that, you will also need to:
To decrypt Apple Pay tokens, follow the steps on the Apple
developer portal
Reference
.
Please note that you need to verify the Apple Pay certificate before proceeding to token decryption.
Payment flow
Use the publicKeyHash value to identify the merchant's public key used by Apple, and retrieve the corresponding public key certificate and private key.
Restore the symmetric key necessary for decryption.
Use the symmetric key to decrypt the data key value.
Check that the payment has not already been credited by ensuring no payment with the same transactionId appears as processed.
Confirm the original transaction details from the Apple Pay payment request.
Send the payment data to Solidgate via the
Apple Pay
API
by specifying is_decrypted:
true
.
The use of is_decrypted:
true
implies that the data sent is decrypted and this parameter defines the required fields in the request.
If is_decrypted:
true
, the request must:
include the decrypted_data object
specifytype:
auth
excludedata and signature
Additionally, the version parameter becomes optional, and the paymentData object depends on the paymentDataType value, which can be either:
3DSecure
: for transactions that use 3D Secure authentication.
Highly recommended to provide with paymentDataType:
3DSecure
the eciIndicator
Guide
ECI value represents authentication, affects authorization and liability protection.
value
for better transaction success rate
EMV
: for EMV chip-based transactions, which require emvData