Apple Pay setup
Requirements to set up Apple Pay direct integrations
You will need to follow these instructions to set up Apple Pay on your PCI Proxy Merchant ID to use direct integrations such as the Apple Pay Mobile SDK or self-hosted buttons on the web.
1. Sign up for an Apple developer account
Make sure to use an email address which is linked to a generic group inbox when creating an Apple account so you get notified in case of a certificate expiration. The assigned account role should be either Account Holder or Admin role.
2. Create a merchant identifier
A merchant identifier uniquely identifies you as the merchant to accept and process Apple Pay transactions. We recommend setting up separate Apple Pay merchantIDs, domains and certificates corresponding to test and productive environments. This information should have unique and clearly identifiable names to avoid mismatches between environments.
3. Create a payment processing certificate
A payment processing certificate is associated with your merchant identifier and is used to encrypt payment information. The payment processing certificate expires every 25 months.
- Instead of creating a
.csr
file with the KeyChain Access tool as described in the Apple tutorial, you should navigate to theApple Pay
tab within theSettings
menu of your project in the PCI Proxy Dashboard to download the file in theApple Pay Certificate
section.
- Click the 'Add certificate' followed by the 'Download CSR' button
- Login to your Apple Developer account and create a
Certificate
(Apple Pay Payment Processing Certificate). Select the Merchant identifier in the previous step, upload the.csr
file provided by PCI Proxy and then click Download to get your.cer
file. - Go back to
Apple Pay
in the PCI Proxy Dashboard and then upload yourApple Payment Processing Certificate
.
Register all domains and subdomains where you plan to call the Apple Pay API from.
5. Create a merchant identity certificate
Use the merchant identity certificate to authenticate your communication with the Apple Pay servers.
- Instead of creating a
.csr
file with the KeyChain Access tool as described in the Apple tutorial, we recommend using openssl. Issue the following command to create a certificate signing request for the Apple Pay Merchant Identity:
openssl req -sha256 -nodes -newkey rsa:2048 -keyout applepaytls.key -out applepaytls.csr
- Login to your Apple Developer account. In Certificates, Identifiers & Profiles, click Identifiers in the sidebar, then select Merchant IDs from the pop-up menu on the top right. Select the merchant identified previously.
- Navigate to the Apple Pay Merchant Identity Certificate section and select Create Certificate.
- Upload the
applepaytls.csr
file you created in your terminal, select Continue and then Download to get your.cer
file. - Convert the
.cer
certificate to a.pem
certificate using the following command:
openssl x509 -inform der -in certFromApple.cer -out applepaytls.pem
Updated 9 months ago