Apple Pay setup

Requirements to set up Apple Pay direct integrations

You will need to follow these instructions to set up Apple Pay on your PCI Proxy Merchant ID to use direct integrations such as the Apple Pay Mobile SDK or self-hosted buttons on the web.

1. Sign up for an Apple developer account

Make sure to use an email address which is linked to a generic group inbox when creating an Apple account so you get notified in case of a certificate expiration. The assigned account role should be either Account Holder or Admin role.

A merchant identifier uniquely identifies you as the merchant to accept and process Apple Pay transactions. We recommend setting up separate Apple Pay merchantIDs, domains and certificates corresponding to test and productive environments. This information should have unique and clearly identifiable names to avoid mismatches between environments.

A payment processing certificate is associated with your merchant identifier and is used to encrypt payment information. The payment processing certificate expires every 25 months.

  1. Instead of creating a .csr file with the KeyChain Access tool as described in the Apple tutorial, you should navigate to the Apple Pay tab within the Settings menu of your project in the PCI Proxy Dashboard to download the file in the Apple Pay Certificate section.
  1. Click the 'Add certificate' followed by the 'Download CSR' button
  2. Login to your Apple Developer account and create a Certificate (Apple Pay Payment Processing Certificate). Select the Merchant identifier in the previous step, upload the .csr file provided by PCI Proxy and then click Download to get your .cer file.
  3. Go back to Apple Pay in the PCI Proxy Dashboard and then upload your Apple Payment Processing Certificate.

Register all domains and subdomains where you plan to call the Apple Pay API from.

Use the merchant identity certificate to authenticate your communication with the Apple Pay servers.

  1. Instead of creating a .csr file with the KeyChain Access tool as described in the Apple tutorial, we recommend using openssl. Issue the following command to create a certificate signing request for the Apple Pay Merchant Identity:
openssl req -sha256 -nodes -newkey rsa:2048 -keyout applepaytls.key -out applepaytls.csr
  1. Login to your Apple Developer account. In Certificates, Identifiers & Profiles, click Identifiers in the sidebar, then select Merchant IDs from the pop-up menu on the top right. Select the merchant identified previously.
  2. Navigate to the Apple Pay Merchant Identity Certificate section and select Create Certificate.
  3. Upload the applepaytls.csr file you created in your terminal, select Continue and then Download to get your .cer file.
  4. Convert the .cer certificate to a .pem certificate using the following command:
openssl x509 -inform der -in certFromApple.cer -out applepaytls.pem

What’s Next