Apple Pay
Implementation guide for the Apple Pay direct integration.
1. Integrate Apple Pay API and Payment button
You will need to set up Apple pay before requesting Apple Pay tokens.
Apple Pay payment button implementation
When you have completed the Apple Pay set up and request a payment, integrate the Apple Pay button according to the Apple brand guidelines on your checkout page to collect cards stored in the Apple wallet.
2. Convert Apple Pay tokens into PCI Proxy aliases
Look for the ApplePayPaymentToken
object. You will find it in the ApplePayPaymentAuthorizedEvent
object in the onpaymentauthorized
event handler of the Apple Pay API. It contains the encrypted Apple Pay token and is called after the cardholder has authorized the Apple Pay payment with Touch ID, Face ID or a passcode.
Submit the Apple Pay token to the PCI Proxy Vault endpoint to convert the Apple Pay token into a PCI Proxy token.
curl --request POST \
--url https://api.sandbox.datatrans.com/v1/aliases/tokenize \
--header 'Authorization: Basic {{basicAuth}}' \
--header 'Content-Type: application/json' \
--data '{
"requests": [
{
"type": "APPLE_PAY",
"token": "{\"data\":\"xbvylStxG+RF5i1YukbZxhcKa4UIxkDCQed/hdfEnhptSkiSZcPeth8CcuxR2cU2xS2DPtO+sCKx5meY9cprZLsMNTu8YQ7ebPGBw43E07+BLjQc/0xeY09gMEqn50MsIjgDaSD4q/LjXtNNFsmB3nMBy4elNlo4AbS6ifqzpkVT6O3SPfg3iwih8DfTbbSIHcnfumPdb4p6I79cui9reMBjR6wD80GJT6VXi/FxkhoMkWbdFCxQFhn99fzCYBj/dSdZ/x8n3qITfg7m8FShJlxObtraNb8MRrfyW9jysIHrZI4OuEGc/X5DGEjlJUvoZSyatr151tRQp5SqQiKSV874b3o9ZMsMC6TlUaqJ22hpRzqddZbnD3S1gXs/i5r/1VCDOZjQXNdK3D2kS6MB9sU4MvJ64RcImj535HaZIQ==\",\"signature\":\"MIAGCSqGSIb3DQEHAqCAMIACAQExDTALBglghkgBZQMEAgEwgAYJKoZIhvcNAQcBAACggDCCA+MwggOIoAMCAQICCEwwQUlRnVQ2MAoGCCqGSM49BAMCMHoxLjAsBgNVBAMMJUFwcGxlIEFwcGxpY2F0aW9uIEludGVncmF0aW9uIENBIC0gRzMxJjAkBgNVBAsMHUFwcGxlIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MRMwEQYDVQQKDApBcHBsZSBJbmMuMQswCQYDVQQGEwJVUzAeFw0xOTA1MTgwMTMyNTdaFw0yNDA1MTYwMTMyNTdaMF8xJTAjBgNVBAMMHGVjYy1zbXAtYnJva2VyLXNpZ25fVUM0LVBST0QxFDASBgNVBAsMC2lPUyBTeXN0ZW1zMRMwEQYDVQQKDApBcHBsZSBJbmMuMQswCQYDVQQGEwJVUzBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABMIVd+3r1seyIY9o3XCQoSGNx7C9bywoPYRgldlK9KVBG4NCDtgR80B+gzMfHFTD9+syINa61dTv9JKJiT58DxOjggIRMIICDTAMBgNVHRMBAf8EAjAAMB8GA1UdIwQYMBaAFCPyScRPk+TvJ+bE9ihsP6K7/S5LMEUGCCsGAQUFBwEBBDkwNzA1BggrBgEFBQcwAYYpaHR0cDovL29jc3AuYXBwbGUuY29tL29jc3AwNC1hcHBsZWFpY2EzMDIwggEdBgNVHSAEggEUMIIBEDCCAQwGCSqGSIb3Y2QFATCB/jCBwwYIKwYBBQUHAgIwgbYMgbNSZWxpYW5jZSBvbiB0aGlzIGNlcnRpZmljYXRlIGJ5IGFueSBwYXJ0eSBhc3N1bWVzIGFjY2VwdGFuY2Ugb2YgdGhlIHRoZW4gYXBwbGljYWJsZSBzdGFuZGFyZCB0ZXJtcyBhbmQgY29uZGl0aW9ucyBvZiB1c2UsIGNlcnRpZmljYXRlIHBvbGljeSBhbmQgY2VydGlmaWNhdGlvbiBwcmFjdGljZSBzdGF0ZW1lbnRzLjA2BggrBgEFBQcCARYqaHR0cDovL3d3dy5hcHBsZS5jb20vY2VydGlmaWNhdGVhdXRob3JpdHkvMDQGA1UdHwQtMCswKaAnoCWGI2h0dHA6Ly9jcmwuYXBwbGUuY29tL2FwcGxlYWljYTMuY3JsMB0GA1UdDgQWBBSUV9tv1XSBhomJdi9+V4UH55tYJDAOBgNVHQ8BAf8EBAMCB4AwDwYJKoZIhvdjZAYdBAIFADAKBggqhkjOPQQDAgNJADBGAiEAvglXH+ceHnNbVeWvrLTHL+tEXzAYUiLHJRACth69b1UCIQDRizUKXdbdbrF0YDWxHrLOh8+j5q9svYOAiQ3ILN2qYzCCAu4wggJ1oAMCAQICCEltL786mNqXMAoGCCqGSM49BAMCMGcxGzAZBgNVBAMMEkFwcGxlIFJvb3QgQ0EgLSBHMzEmMCQGA1UECwwdQXBwbGUgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxEzARBgNVBAoMCkFwcGxlIEluYy4xCzAJBgNVBAYTAlVTMB4XDTE0MDUwNjIzNDYzMFoXDTI5MDUwNjIzNDYzMFowejEuMCwGA1UEAwwlQXBwbGUgQXBwbGljYXRpb24gSW50ZWdyYXRpb24gQ0EgLSBHMzEmMCQGA1UECwwdQXBwbGUgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxEzARBgNVBAoMCkFwcGxlIEluYy4xCzAJBgNVBAYTAlVTMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE8BcRhBnXZIXVGl4lgQd26ICi7957rk3gjfxLk+EzVtVmWzWuItCXdg0iTnu6CP12F86Iy3a7ZnC+yOgphP9URaOB9zCB9DBGBggrBgEFBQcBAQQ6MDgwNgYIKwYBBQUHMAGGKmh0dHA6Ly9vY3NwLmFwcGxlLmNvbS9vY3NwMDQtYXBwbGVyb290Y2FnMzAdBgNVHQ4EFgQUI/JJxE+T5O8n5sT2KGw/orv9LkswDwYDVR0TAQH/BAUwAwEB/zAfBgNVHSMEGDAWgBS7sN6hWDOImqSKmd6+veuv2sskqzA3BgNVHR8EMDAuMCygKqAohiZodHRwOi8vY3JsLmFwcGxlLmNvbS9hcHBsZXJvb3RjYWczLmNybDAOBgNVHQ8BAf8EBAMCAQYwEAYKKoZIhvdjZAYCDgQCBQAwCgYIKoZIzj0EAwIDZwAwZAIwOs9yg1EWmbGG+zXDVspiv/QX7dkPdU2ijr7xnIFeQreJ+Jj3m1mfmNVBDY+d6cL+AjAyLdVEIbCjBXdsXfM4O5Bn/Rd8LCFtlk/GcmmCEm9U+Hp9G5nLmwmJIWEGmQ8Jkh0AADGCAYkwggGFAgEBMIGGMHoxLjAsBgNVBAMMJUFwcGxlIEFwcGxpY2F0aW9uIEludGVncmF0aW9uIENBIC0gRzMxJjAkBgNVBAsMHUFwcGxlIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MRMwEQYDVQQKDApBcHBsZSBJbmMuMQswCQYDVQQGEwJVUwIITDBBSVGdVDYwCwYJYIZIAWUDBAIBoIGTMBgGCSqGSIb3DQEJAzELBgkqhkiG9w0BBwEwHAYJKoZIhvcNAQkFMQ8XDTIzMDIyODEyMzI1MVowKAYJKoZIhvcNAQk0MRswGTALBglghkgBZQMEAgGhCgYIKoZIzj0EAwIwLwYJKoZIhvcNAQkEMSIEIGeOlwsxPCsC5D6LMyO0k2nrzFo41sfCeSOualoyRNxFMAoGCCqGSM49BAMCBEgwRgIhANh6KnQYjFePodYGxts7CpbJChbB7luMHtTYWTruoviVAiEArwbE/rNBot9X6uGZvW+OsUm8t52H8fs8GpxTmxqZ0akAAAAAAAA=\",\"header\":{\"publicKeyHash\":\"b9zDmQ+FYzEZJw9+q8idpA8fPtsSJ5+OpGiQDhCISQ0=\",\"ephemeralPublicKey\":\"MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEGZBfM5CWPdoTLorTKtVQDEeSu9bVdyxcYt0aAzR4HObZMqT98XlISVy2qjbg7Sq3kVLTHmhuIa6LW1nhyvy8PA==\",\"transactionId\":\"b1609bb088bd2995e043fcc2aeb6efad5545e55476bd933d0f3d75c1bfff7903\"},\"version\":\"EC_v1\"}"
}
]
}'
{
"overview": {
"total": 1,
"successful": 1,
"failed": 0
},
"responses": [
{
"type": "CARD",
"alias": "7LHXscqwAAEAAAGEiwgfM8CBTPrzACwH",
"maskedCC": "489537xxxxxx6287",
"fingerprint": "F-fgxnFwN-gsIw7y80T-kpBB"
}
]
}
3. Obtain card metadata and 3D information
Finally, use the alias and call the Token Status API to obtain the card metadata and 3D Secure related information.
Check the walletIndicator
parameter to see the original wallet provider of the returned token. For Apple Pay, it returns APL
.
Strong customer authentication and liability shift
Visa Apple Pay tokens come with inbuilt 3D Secure data such as
caav
and theeci
value. For Mastercard tokens theeci
value is not available.If you're using the
multiTokenContexts
in the Apple Pay request, the different authentication values are returned in the 3D object of the Alias status response. See an example in the Response multiToken tab below.We still recommend you to check with your payment provider directly to find out if Apple Pay transactions grant liability shift by default, as this can vary based on issuer country and card scheme brand.
Example
curl --request GET \
--url https://api.sandbox.datatrans.com/v1/aliases/7LHXscqwAAEAAAGHLZMxjcu65Ep6AAhH \
--header 'Authorization: {merchantId}:{password}' \
--header 'Content-Type: application/json'
{
"alias": "-E2Jd7_gAAEAAAGKuCoxG0AvLPB-AH8d",
"fingerprint": "F-fmjpZO8Nv7FK2kNOO9XPPp",
"type": "CARD",
"masked": "489537xxxxxx6287",
"dateCreated": "2023-05-21T14:34:47Z",
"card": {
"panRemoved": false,
"expiryMonth": "06",
"expiryYear": "25",
"cardInfo": {
"brand": "VISA CREDIT",
"type": "credit",
"usage": "consumer",
"country": "GB",
"issuer": "DATATRANS",
"accountType": "TOKEN"
},
"3D": {
"cavv": "/wAAAAABQpFnQqQEs/JQgQhgAgA=",
"eci": "5"
},
"walletIndicator": "APL"
}
}
{
"alias": "7LHXscqwAAEAAAGRl_Fm1B7U3ggxAJ_w",
"fingerprint": "F-fRDgs-P2oomsUqABNSKqFq",
"type": "CARD",
"masked": "412374xxxxxx0013",
"dateCreated": "2023-08-28T07:44:25Z",
"card": {
"usage": "SIMPLE",
"expiryMonth": "06",
"expiryYear": "25",
"last4": "0013",
"panRemoved": false,
"cardInfo": {
"brand": "VISA",
"type": "credit",
"usage": "consumer",
"country": "US",
"issuer": ""
},
"walletIndicator": "APL",
"3D": {
"eci": "7",
"multiToken": [
{
"cavv": "YwAAAAEAKaKT+ywF21wcgOhgEwA=",
"merchantIdentifier": "6754e10dabc367773adf38d948549771664cccd379430aa0cc3b0d9f2c8074b0",
"amount": 100
},
{
"cavv": "YwAAAAIAMy1+rVkF21wcgOhgEwA=",
"merchantIdentifier": "6754e10dabc367773adf38d948549771664cccd379430aa0cc3b0d9f2c8074b0",
"amount": 200
}
]
}
}
}
Apple Pay only returns a tokenized device PAN (DPAN) and never the actual funding PAN (FPAN).
Hence, the values returned in the properties
masked
,expiryMonth
andexpiryYear
are based on the device pan (DPAN) and not the funding pan (FPAN). However, card meta information in thecardInfo
object are based on the FPAN value.To see the last 4 digits of the FPAN please check the response from the Apple API directly.
Testing your integration
Check out https://paymentbutton.datatrans.dev/ to see an example and test out the Apple Pay integration. Note that it only works with the Safari browser.
Make sure to toggle
Output Token Data
and ignore the rest of the options available.
Updated about 1 month ago