Integration Guides

Apple Pay Payments

Suggest Edits

Prerequisites


Before integrating Apple Pay, ensure the following:

Sign Certificates on the Apple Pay Console and obtain

  1. Merchant Certificate (merchant-certificate.cer) and its Private Key
  2. Payment Processing Certificate and its Private Key
  3. Add and Verify Merchant Domain: Merchant domain verification is required for successful integration.

Certificate Usage

(1) Merchant Certificate and Private Key: Used in Mutual TLS for secure communication.
(2) Payment Processing Certificate and Private Key: Used for decrypting the payment payload.

Note: Merchant domain verification is mandatory for integration to succeed.

Configuring the Merchant Certificate for Mutual TLS

Steps to Add Merchant Certificate and Private Key

(1) Export Certificate in Correct Format Open the merchant certificate in Key Store Explorer and export it.

(2) Prepare the Private KeyEnsure the private key contains the following headers

-----BEGIN PRIVATE KEY-----
-----END PRIVATE KEY-----

(3) Convert Certificate and Private Key to P12 Format

openssl pkcs12 -export -out output.p12 -inkey privatekey -in new_merchant_id-uat.cer

Where,  output.p12 is output file name, privatekey is  private key file, new_merchant_id-uat.cer is name of merchant cetificate

(4) Update the Keystore File

  • Download and decode the keystore.file configuration (if stored in Base64).
  • Open the decoded file in Key Store Explorer.
  • Add the P12 file to the keystore with a user-defined alias (e.g., applepay). Use the same password as the existing keystore file.
  • Save the file.

(5) Re-encode the Keystore File Convert the updated keystore file to Base64 format:

cat <keystore file> | base64 -w0

(6) Update the Keystore Configuration in Eclipse

  • Add the Base64-encoded value to the keystore.file configuration.
keystore.file=<base64 encode value>
  • Update the http.client.config and add following:
alias:applepay=https://qa-secureintegration.nedsecure.co.za:443
keystore.file.useHostBasedKeyManager=true

Where applepay is the name of the alias
keystore.file is the name of the keystore.file config
https://qa-secureintegration.nedsecure.co.za:443: base url of apple pay
  • change the triggered for the following both property one after another
(1) http.client.reinit
(2) change.trigger

Configuring Payment Processing Private Key

The private key for payment processing is typically in EC format. Follow these steps to configure it:

(1) Convert the Private Key to DER Format

openssl pkcs8 -topk8 -inform PEM -outform DER -in private_key.pem -nocrypt -out private_key.der
cat private_key.der | base64 -w0

(2) Update the eclipse config add the above encoded value to below property

apple.pay.config -> base64EncodedPrivateKey

where apple.pay.config is global config and and base64EncodedPrivateKey is the sub property

once done the update the change.trigger

Verifying the Domain

  • Sandbox Environment: Domain verification is not required in the sandbox environment.

  • Production Environment

    1. Obtain the apple-developer-merchant-id-association.txt file from the Apple Pay Console.

    2. Update Eclipse Configuration: create the below property on global level if not exists.

    3. Global property
apple-developer-merchantid-domain-association = <content from  apple-developer-merchant-id-association.txt the file>

Global property
arch.conductor.static.responses = .well-known/apple-developer-merchant-id-association.txt=200,text/plain,apple-developer-merchantid-domain-association

Where apple-developer-merchantid-domain-association is the name of the above created global property.

Updated 15 days ago