Apple Pay Processing
Apple Pay
Apple Pay is a mobile payment and digital wallet service by Apple Inc. that lets users make payments using the iOS apps and on the web. It is supported on the iPhone, Apple Watch, iPad and Mac. Apple Pay does not require Apple-specific contactless payment terminals and will work with Visa's PayWave, MasterCard's PayPass, and American Express's ExpressPay terminals. It digitizes and replaces the credit or debit magnetic stripe card transaction at credit card terminals. The service lets Apple devices wirelessly communicate with point of sale systems using a near field communication (NFC) antenna, a dedicated chip that stores encrypted payment information (known as the Secure Element), and Apple's Touch ID and Passbook.
To check out at brick and mortar stores, users hold their authenticated Apple device to the point of sale system. iPhone users authenticate by holding their fingerprint to the phone's Touch ID sensor, and Apple Watch users authenticate by double clicking a button on the device.
To check out online in supported mobile apps, users choose Apple Pay as their payment method and authenticate with Touch ID.
How does Apple Pay work?
User's Initial Setup
In order to use Apple Pay, a user must first add a credit card to their Apple device/service. Users can add credit cards to the service in any of three ways: through their iTunes accounts, by taking a photo of the card, or by entering the card information manually.
During initial setup, the user's card information is encrypted and sent to Apple's servers, where Apple decrypts the data and determines the card network or card issuer. Apple then re-encrypts the data with a key and issues a token called a Device Account Number (DAN). The device account number is received by the device and stored for future use.
Purchasing using Apple Pay
When a customer wants to make a payment with Apple Pay, they bring the phone to an NFC-enabled terminal. The phone asks the customer to authenticate the payment with TouchID. That authentication signals to the phone that it can transmit the Device Account Number and its accompanying dynamic security code to the merchant's terminal, and the transaction then proceeds as a normal credit card transaction would.
Payment Service Support for Apple Pay Integration
Radial's Payment Service provides APIs that can be used to integrate Apple Pay for both in-app mobile purchase integration and Apple Pay for the Web integration through the Safari browser. Two Radial APIs are involved in completing the integration.
Apple Pay Integration Single Request Flow
This is the data flow to complete an Apple Pay transaction. The sequence diagram below shows the series of system interactions in Apple Pay for the single request integration.
- In the merchant's iOS application, the user (customer) clicks the Checkout with Apple Pay button.
- The PassKit framework connects to the Apple server and receives encrypted payment data in JSON format
- The IOS Application creates a CreditCardAuth request including the AppleTransactionId, EphemeralPublicKey, PublicKeyHash, Signature, and Encrypted Token Value
- The iOS application calls Payment Service for CreditCardAuth.
- Payment Service uses the .cer file and the p12 file provided by the merchant, along with the ephemeral public key passed in the API call, to decrypt the payment data.
- Payment Service processes the request as a regular Card Not Present transaction and returns a success or failure response.
- The iOS application receives the success or failure response and prompts the user accordingly
APIs Used
Apple Pay integration uses the following API operations
- Credit Card Auth API
Credit Card Auth API
Request Example
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<CreditCardAuthRequest xmlns="http://api.gsicommerce.com/schema/checkout/1.0" requestId="1234567">
<WalletPaymentInformation>
<ApplePayTransactionId>84a7e17570c940f6a268d9121a4c090f1d2e22bab4da0f2054c7ba53035dc79a</ApplePayTransactionId>
<EphemeralPublicKey>MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEAtpj8+ZI9S3gQ7QHCM/dLYTjdSgKdXlDDI/ezdwmHc4HosSYFdYYE/v8t2CcFwJHmceet/GNE1VRO57W3VxeAg==</EphemeralPublicKey>
<PublicKeyHash>i3F+FlIbyhjfYqMqm3M/dpeWRO9tnD+U9BJng3tkkig=</PublicKeyHash>
<Version>EC_v1</Version>
<Data>GcUsL3ZgQVf9Raf7fBY+0AXsoO/5REeQWE6mROAJM4QvxJgOO6mxW1CuM1P7Ox9hQo1Qt1dg/VIS5fszNq7YhB0oQNgoEwAh7bTXEUBtmx0lzvN5EWxah0ScMbv/v+7CuakmRG6c6hO4xQlayCNGV6diFK1Ng6zNphSW53b1Di6vhqJcDnGs2tvu6wHyGfqIH6AeUmCNsiBvkHsaiiHbiWcL6BPpWuoW7y5bZK3mMxgygYgzZec/XnlV5lcJocpPDcL8ouuVU/oBMZn9ox/Ql3r9E8f3g7+uTdKZ+TEoyKIH52VQUb1/YXU3SZ2Fr2J/oidUPz9+fTvGZkFPQvSX4G+jzYWlCQmrx6qZ0cfTY/ZcGmITSSbzKcgy35kTTNJdqmL8wqmOzfr202R3sXeGBjS1BqAm5DNzbgWHGrOoc/I=</Data>
<Signature>MIAGCSqGSIb3DQEHAqCAMIACAQExDzANBglghkgBZQMEAgEFADCABgkqhkiG9w0BBwEAAKCAMIID4jCCA4igAwIBAgIIJEPyqAad9XcwCgYIKoZIzj0EAwIwejEuMCwGA1UEAwwlQXBwbGUgQXBwbGljYXRpb24gSW50ZWdyYXRpb24gQ0EgLSBHMzEmMCQGA1UECwwdQXBwbGUgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxEzARBgNVBAoMCkFwcGxlIEluYy4xCzAJBgNVBAYTAlVTMB4XDTE0MDkyNTIyMDYxMVoXDTE5MDkyNDIyMDYxMVowXzElMCMGA1UEAwwcZWNjLXNtcC1icm9rZXItc2lnbl9VQzQtUFJPRDEUMBIGA1UECwwLaU9TIFN5c3RlbXMxEzARBgNVBAoMCkFwcGxlIEluYy4xCzAJBgNVBAYTAlVTMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEwhV37evWx7Ihj2jdcJChIY3HsL1vLCg9hGCV2Ur0pUEbg0IO2BHzQH6DMx8cVMP36zIg1rrV1O/0komJPnwPE6OCAhEwggINMEUGCCsGAQUFBwEBBDkwNzA1BggrBgEFBQcwAYYpaHR0cDovL29jc3AuYXBwbGUuY29tL29jc3AwNC1hcHBsZWFpY2EzMDEwHQYDVR0OBBYEFJRX22/VdIGGiYl2L35XhQfnm1gkMAwGA1UdEwEB/wQCMAAwHwYDVR0jBBgwFoAUI/JJxE+T5O8n5sT2KGw/orv9LkswggEdBgNVHSAEggEUMIIBEDCCAQwGCSqGSIb3Y2QFATCB/jCBwwYIKwYBBQUHAgIwgbYMgbNSZWxpYW5jZSBvbiB0aGlzIGNlcnRpZmljYXRlIGJ5IGFueSBwYXJ0eSBhc3N1bWVzIGFjY2VwdGFuY2Ugb2YgdGhlIHRoZW4gYXBwbGljYWJsZSBzdGFuZGFyZCB0ZXJtcyBhbmQgY29uZGl0aW9ucyBvZiB1c2UsIGNlcnRpZmljYXRlIHBvbGljeSBhbmQgY2VydGlmaWNhdGlvbiBwcmFjdGljZSBzdGF0ZW1lbnRzLjA2BggrBgEFBQcCARYqaHR0cDovL3d3dy5hcHBsZS5jb20vY2VydGlmaWNhdGVhdXRob3JpdHkvMDQGA1UdHwQtMCswKaAnoCWGI2h0dHA6Ly9jcmwuYXBwbGUuY29tL2FwcGxlYWljYTMuY3JsMA4GA1UdDwEB/wQEAwIHgDAPBgkqhkiG92NkBh0EAgUAMAoGCCqGSM49BAMCA0gAMEUCIHKKnw+Soyq5mXQr1V62c0BXKpaHodYu9TWXEPUWPpbpAiEAkTecfW6+W5l0r0ADfzTCPq2YtbS39w01XIayqBNy8bEwggLuMIICdaADAgECAghJbS+/OpjalzAKBggqhkjOPQQDAjBnMRswGQYDVQQDDBJBcHBsZSBSb290IENBIC0gRzMxJjAkBgNVBAsMHUFwcGxlIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MRMwEQYDVQQKDApBcHBsZSBJbmMuMQswCQYDVQQGEwJVUzAeFw0xNDA1MDYyMzQ2MzBaFw0yOTA1MDYyMzQ2MzBaMHoxLjAsBgNVBAMMJUFwcGxlIEFwcGxpY2F0aW9uIEludGVncmF0aW9uIENBIC0gRzMxJjAkBgNVBAsMHUFwcGxlIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MRMwEQYDVQQKDApBcHBsZSBJbmMuMQswCQYDVQQGEwJVUzBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABPAXEYQZ12SF1RpeJYEHduiAou/ee65N4I38S5PhM1bVZls1riLQl3YNIk57ugj9dhfOiMt2u2ZwvsjoKYT/VEWjgfcwgfQwRgYIKwYBBQUHAQEEOjA4MDYGCCsGAQUFBzABhipodHRwOi8vb2NzcC5hcHBsZS5jb20vb2NzcDA0LWFwcGxlcm9vdGNhZzMwHQYDVR0OBBYEFCPyScRPk+TvJ+bE9ihsP6K7/S5LMA8GA1UdEwEB/wQFMAMBAf8wHwYDVR0jBBgwFoAUu7DeoVgziJqkipnevr3rr9rLJKswNwYDVR0fBDAwLjAsoCqgKIYmaHR0cDovL2NybC5hcHBsZS5jb20vYXBwbGVyb290Y2FnMy5jcmwwDgYDVR0PAQH/BAQDAgEGMBAGCiqGSIb3Y2QGAg4EAgUAMAoGCCqGSM49BAMCA2cAMGQCMDrPcoNRFpmxhvs1w1bKYr/0F+3ZD3VNoo6+8ZyBXkK3ifiY95tZn5jVQQ2PnenC/gIwMi3VRCGwowV3bF3zODuQZ/0XfCwhbZZPxnJpghJvVPh6fRuZy5sJiSFhBpkPCZIdAAAxggFeMIIBWgIBATCBhjB6MS4wLAYDVQQDDCVBcHBsZSBBcHBsaWNhdGlvbiBJbnRlZ3JhdGlvbiBDQSAtIEczMSYwJAYDVQQLDB1BcHBsZSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTETMBEGA1UECgwKQXBwbGUgSW5jLjELMAkGA1UEBhMCVVMCCCRD8qgGnfV3MA0GCWCGSAFlAwQCAQUAoGkwGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAcBgkqhkiG9w0BCQUxDxcNMTUxMjEwMTc0NDEwWjAvBgkqhkiG9w0BCQQxIgQgUiRZSvu2i+zIK3pRHZsuhRIVtn71HWaUfewTPrqSm8MwCgYIKoZIzj0EAwIERjBEAiBIumc6vmek/PlaZBYgiIsNNV99jmbRFnwnmhLMQ3REXQIgNpC4d79eJmnCLnkQS1g/WgL3g+7RXszwNXQvK+Quzx0AAAAAAAA</Signature>
</WalletPaymentInformation>
<OrderId>1</OrderId>
<BillingFirstName>John</BillingFirstName>
<BillingLastName>Smith</BillingLastName>
<BillingPhoneNo>6101234567</BillingPhoneNo>
<BillingAddress>
<Line1>123 Main St</Line1>
<Line2>Building 123</Line2>
<Line3>4th Floor</Line3>
<Line4>Apt 12</Line4>
<City>Philadelphia</City>
<MainDivision>PA</MainDivision>
<CountryCode>US</CountryCode>
<PostalCode>19019</PostalCode>
</BillingAddress>
<CustomerEmail>customer@sample.com</CustomerEmail>
<CustomerIPAddress>208.247.73.130</CustomerIPAddress>
<ShipToFirstName>John</ShipToFirstName>
<ShipToLastName>Smith</ShipToLastName>
<ShipToPhoneNo>6101234567</ShipToPhoneNo>
<ShippingAddress>
<Line1>123 Main St</Line1>
<Line2>Building 123</Line2>
<Line3>4th Floor</Line3>
<Line4>Apt 12</Line4>
<City>Philadelphia</City>
<MainDivision>PA</MainDivision>
<CountryCode>US</CountryCode>
<PostalCode>19019</PostalCode>
</ShippingAddress>
<Features>
<IncludePaymentAccountInformation>true</IncludePaymentAccountInformation>
</Features>
</CreditCardAuthRequest>Request Elements
| Element | Required | Description | Type | Restriction |
|---|---|---|---|---|
| CreditCardAuthRequest/WalletPaymentInformation | Yes | Digital Wallet Payment Information | ComplexType | |
| CreditCardAuthRequest/WalletPaymentInformation/ ApplePayTransactionId |
Yes | Transaction Identifier, generated on the device. | String | |
| CreditCardAuthRequest /WalletPaymentInformation/EphemeralPublicKey | Yes | Hash of the X.509 encoded public key bytes of the merchant's certificate. | String | |
| CreditCardAuthRequest/WalletPaymentInformation/ PublicKeyHash |
Yes | Compares the Signature to the Private/Public Key for validation. | String | |
| CreditCardAuthRequest/WalletPaymentInformation/ Version |
Yes | Signature of the Payment and header data. The signature includes the signing certificate, its intermediate CA certificate, and information about the signing algorithm. | String | |
| CreditCardAuthRequest/WalletPaymentInformation/ Data |
Yes | Encrypted Payment Data. | A payment data dictionary, Base64 encoded as a string. | |
| CreditCardAuthRequest/WalletPaymentInformation/ Signature |
Yes | Signature of the payment and header data. The signature includes the signing certificate, its intermediate CA certificate, and information about the signing algorithm. | Detached PKCS 37 signature, Base64 encoded as string. | |
| CreditCardAuthRequest/OrderId | Yes | Unique identifier of the order. The client must ensure uniqueness of OrderIds across all orders that the client initiates with this service. | String | Min 1 character Max 20 characters |
| CreditCardAuthRequest/BillingFirstName | Yes | First name of the person on the billing address of the credit card | String | |
| CreditCardAuthRequest/BillingLastName | Yes | Last name of the person on the billing address of the credit card | String | |
| CreditCardAuthRequest/BillingPhoneNo | Yes | Phone number of the person on the billing address of the credit card | String | |
| CreditCardAuthRequest/BillingAddress | Yes (for AVS verification) | Billing address of the credit card | ComplexType | |
| CreditCardAuthRequest/BillingAddress/Line1 | Yes |
Line# components of the street address and, if necessary, suite and building identifiers for the physical address. Line1 is required. Line2, Line3, and Line4 are optional. Include them only if the data exists. A blank AddressLine element will fail validation. |
String |
1 to 70 characters. |
| CreditCardAuthRequest/BillingAddress/Line2 | No |
String |
1 to 70 characters. |
|
| CreditCardAuthRequest/BillingAddress/Line3 | No |
String |
1 to 70 characters. |
|
| CreditCardAuthRequest/BillingAddres/Line4 | No |
String |
1 to 70 characters. |
|
| CreditCardAuthRequest/BillingAddress/City | Yes | Name of the city | String | Min 1 character Max 40 characters |
| CreditCardAuthRequest/BillingAddress/MainDivision | No | Two- or three-digit postal abbreviation for the state or province. The ISO 3166-2 code is recommended, but not required. See http://en.wikipedia.org/wiki/ISO_3166-2. | String | Min 1 character Max 35 characters |
| CreditCardAuthRequest/BillingAddress/CountryCode | Yes | Two digit ISO 3166 alpha 2 code country code. See: http://en.wikipedia.org/wiki/ISO_3166-1_alpha-2 | String | Min 2 characters Max 40 characters |
| CreditCardAuthRequest/BillingAddress/PostalCode | No | String of letters and/or numbers that specifies the delivery area more closely than the city alone (for example, US ZIP code) | String | Min 1 character Max 15 characters |
| CreditCardAuthRequest/CustomerEmail | Yes | Email address of the customer who is making the purchase. Used for realtime fraud checking by our API and payment processors. | String | Min 1 character Max 70 characters |
| CreditCardAuthRequest/CustomerIPAddress | Yes | IP address of the customer who is making the purchase. Used for realtime fraud checking by our API and payment processors. | IPv4Address | Valid dotted quad IPv4 Address |
| CreditCardAuthRequest/ShipToFirstName | Yes | First name of the person on the first/primary shipping address of the order. Used for realtime fraud checking by our API and payment processors. | String | |
| CreditCardAuthRequest/ShipToLastName | Yes | Last name of the person on the first/primary shipping address of the order. Used for realtime fraud checking by our API and payment processors. | String | |
| CreditCardAuthRequest/ShipToPhoneNo | No | Phone number of the person on the first/primary shipping address of the order. Used for realtime fraud checking by our API and payment processors. | String | |
| CreditCardAuthRequest/ShippingAddress | Yes | First/primary shipping address of the order. Used for realtime fraud checking by our API and payment processors. For orders that do not have a shipping address, pass the billing address as the shipping address. | ComplexType | |
| CreditCardAuthRequest/ShippingAddress/Line1 | Yes |
Line# components of the street address and, if necessary, suite and building identifiers for the physical address. Line1 is required. Line2, Line3, and Line4 are optional. Include them only if the data exists. A blank AddressLine element will fail validation. |
String |
1 to 70 characters. |
| CreditCardAuthRequest /ShippingAddress/Line2 | No |
String |
1 to 70 characters. |
|
| CreditCardAuthRequest/ShippingAddress/Line3 | No |
String |
1 to 70 characters. |
|
| CreditCardAuthRequest/ShippingAddress/Line4 | No |
String |
1 to 70 characters. |
|
| CreditCardAuthRequest/ShippingAddress/City | Yes | Name of the city | String | Min 1 character Max 40 characters |
| CreditCardAuthRequest/ShippingAddress/MainDivision | No |
Two- or three-digit postal abbreviation for the state or province. The ISO 3166-2 code is recommended, but not required. See http://en.wikipedia.org/wiki/ISO_3166-2. |
String | Min 1 character Max 35 characters |
| CreditCardAuthRequest/ShippingAddress/CountryCode | Yes | Two digit ISO 3166 alpha 2 code country code. See: http://en.wikipedia.org/wiki/ISO_3166-1_alpha-2 | String | Min 2 characters Max 40 characters |
| CreditCardAuthRequest/ShippingAddress/PostalCode | No |
String of letters and/or numbers that specifies the delivery area more closely than the city alone (for example, U.S. ZIP code) |
String | Min 1 character Max 15 characters |
| SchemaVersion | Yes |
Although marked as optional in the the schema, this element must be passed at all times with a value of 1.2 or greater in order to receive elements like 'ResponseCode' and 'TenderType' in the Response message. |
String |
pattern = "([0-9]+\.)*[0-9]+". |
| Features/IncludePaymentAccountInformation | No | Flag to get bin prefix, pan suffix and original pan suffix in reply | Boolean | true or false |
Reply Example
The response is a CreditCardAuthReply message.
<?xml version="1.0" encoding="UTF-8"?>
<CreditCardAuthReply xmlns="http://api.gsicommerce.com/schema/checkout/1.0">
<PaymentContext>
<OrderId>1</OrderId>
<!-- You will receive a token in the response, which is a scrambled version of the Credit Card number.
This token gets passed to the Order Service, not the original credit card number -->
<PaymentAccountUniqueId isToken="true">4054131ImpMJ6965</PaymentAccountUniqueId>
</PaymentContext>
<ResponseCode>APPROVED</ResponseCode>
<AuthorizationResponseCode>AP01</AuthorizationResponseCode>
<BankAuthorizationCode>614653</BankAuthorizationCode>
<CVV2ResponseCode>0</CVV2ResponseCode>
<AVSResponseCode>E</AVSResponseCode>
<PhoneResponseCode></PhoneResponseCode> <!-- AmEX only -->
<NameResponseCode></NameResponseCode> <!-- AmEX only -->
<EmailResponseCode></EmailResponseCode> <!-- AmEX only -->
<AmountAuthorized currencyCode="USD">14.99</AmountAuthorized>
<TenderType>VC</TenderType>
<PaymentAccountInformation>
<BinPrefix>4054131</BinPrefix>
<PanSuffix>6965</PanSuffix>
<OriginalPanSuffix>3238</OriginalPanSuffix>
</PaymentAccountInformation>
</CreditCardAuthReply> Response Elements
| Element | Required | Description | Type | Restriction |
|---|---|---|---|---|
| CreditCardAuthReply/PaymentContext | Yes |
Unique identifier of the payment transaction for the order |
ComplexType | |
| CreditCardAuthReply/PaymentContext/ OrderId |
Yes | Unique identifier of the order. The client must ensure uniqueness of OrderIds across all orders that the client initiates with this service. | String | Min 1 character Max 20 characters |
| CreditCardAuthReply/PaymentContext/ PaymentAccountUniqueId |
Yes |
Token (scrambled version) of the PAN (payment account number such as a credit card number). When passing the PAN for the PaymentAuthCancelRequest and the PaymentSettlementRequest messages, always use the returned token, not the original PAN. |
String | Min 1 character Max 22 characters |
| CreditCardAuthReply/PaymentContext/ PaymentAccountUniqueId/ @isToken |
Yes | Attribute that indicates whether the PAN is tokenized. In the CreditCardAuthReply message, this attribute is always set to true. | String | true |
| CreditCardAuthReply/ResponseCode | No |
Response code of the credit card authorization. Includes approved, timeout, and several decline codes. Only orders with an approved or timeout response code are submitted to the Order Service. See Authorization Response Codes for a list of codes. |
String |
SchemaVersion in the Request Message has to be equal to or greater than 1.1 in order to receive this element |
| CreditCardAuthReply/ AuthorizationResponseCode |
Yes |
Response code of the credit card authorization. This includes approval, timeout, and several decline codes. See Authorization Response Codes for a list of codes. |
String | |
| CreditCardAuthReply/BankAuthorizationCode | Yes |
Authorization code returned by the payment processor upon a successful credit card authorization. Any order taken by the Order Service and paid by credit card MUST have this authorization code. |
String | |
| CreditCardAuthReply/CVV2ResponseCode | Yes |
Payment processor response code for the CVV2 (card verification value) check. For most credit cards, you get an approval on the ResponseCode even if the CVV2ResponseCode returns a CVV2 failure. You CANNOT accept an order if the CVV2ResponseCode returns a CVV2 failure code. See CVV2 Response Codes for a list of codes. |
String | |
| CreditCardAuthReply/AVSResponseCode | Yes |
Payment processor response for the Address Verification System (AVS) check. For most credit cards, you get an approval on the ResponseCode even if the AVSResponseCode returns an AVS failure code. It is typically considered a significant fraud risk to accept an order if the AVSResponseCode returns an AVS failure code. See AVS Response Codes for a list of codes. |
String | |
| CreditCardAuthReply/PhoneResponseCode | No (Amex only) |
Response code for customer phone number verification. Only applies to Amex authorizations. To support downstream fraud processing, this data should be included in the OrderCreateRequest for orders paid with Amex. |
String | |
| CreditCardAuthReply/NameResponseCode | No (Amex only) |
Response code for customer name verification. Only applies to Amex authorizations. To support downstream fraud processing, this data should be included in the OrderCreateRequest for orders paid with Amex. |
String | |
| CreditCardAuthReply/EmailResponseCode | No (Amex only) |
Response code for customer email verification. Only applies to Amex authorizations. To support downstream fraud processing, this data should be included in the OrderCreateRequest for orders paid with Amex. |
String | |
| CreditCardAuthReply/AmountAuthorized | Yes | Currency amount authorized on the credit card | String |
Positive decimal, up to two decimal places(for example, 4.75) |
| CreditCardAuthReply/AmountAuthorized/ @currencyCode |
Yes | Type of currency used for the order | String | 3-character ISO 4217 code (for example, USD, CAD, EUR). See http://en.wikipedia.org/wiki/ISO_4217. |
| CreditCardAuthReply/TenderType | No (Always present for Digital Wallet transactions) | This element identifies the
tender type used for the transaction
*Note that this value might be corrected based on Bin Range identification |
String | Min 2 characters Max 4 Characters SchemaVersion in the Request Message has to be equal to or greater than 1.2 in order to receive this element |
| CreditCardAuthReply/Extension | No | This element indicates that future optional elements may show up in this location of the XML document in the responses returned from the service. | ||
| PaymentAccountInformation/BinPrefix | No | Bin prefix (first 6 digits of PAN) | String | Max 10 characters |
| PaymentAccountInformation/PanSuffix | No | Pan Suffix (last 4 digits of a PAN) | String | Max 10 characters |
| PaymentAccountInformation/OriginalPanSuffix | No | Original Pan Suffix (last 4 digits of PAN) Subject to availability of the data |
String | Max 10 characters |
Configuration Setup
To be configured for Apple Pay, a webstore must complete a certificate setup process. For information on this process, see Apple Pay Web Integration.
When an Apple Pay user clicks to authorize a payment, the following sequence is initiated:
- iOS makes a Decrypt Request API call to decrypt the encrypted blob that Apple Server sends.
- Payment Service decrypts the encrypted blob using the .cer file, private key and the ephemeral public key and sends it back to the iOS application.
- iOS application uses the decrypted payment data to create a CreditCardAuthRequest.
- iOS application calls Payment Service for CreditCardAuth.
- Payment Service processes the request as a regular card not present transaction and returns a response.
- iOS application receives a success or failure response and prompts the user accordingly.