An Apple Pay token contains encrypted data of a transaction performed with Apple Pay. Apple Pay tokens enable you to securely pass the data of your shoppers to a payment service provider, like Adyen.
Choose a decryption method
If you are PCI-compliant you have a choice of letting Adyen handle the token decryption, or handling it on your own.
Only handle the token decryption on your own in advanced setup scenarios, like when you have to submit Merchant Plug-In (MPI) data in an Apple Pay request.
A benefit of handling the decryption on your own is that the auditing of transactions becomes easier with the availability of transaction data like shopper names.
If you are not PCI-compliant you must let Adyen handle the decryption.
Let Adyen handle the decryption
In-app
After initiating the Apple Pay payment on your mobile application, you receive a callback that includes a PKPayment
. This includes paymentData
, a stringified version of the payment token. You need to submit this data in your payment request to Adyen.
-
Stringify the paymentData from the token
When the request is completed, you receive a PKPayment which contains
paymentData
. Apple Pay returns more data than we need for authorization, for example a shipping address, but only thepaymentData
is necessary for authorization.Convert the
paymentData
to a String:func paymentAuthorizationViewController(_ controller: PKPaymentAuthorizationViewController, didAuthorizePayment payment: PKPayment, completion: @escaping (PKPaymentAuthorizationStatus) -> Void) { let token = payment.token.paymentData.base64EncodedString() }
-
Submit the API request
Include the encoded token from step 1 as the value of
applePayToken
in thepaymentMethod
object of your /payments request:
Web
After initiating the Apple Pay payment on your website you receive a token in the onPaymentAuthorized event.
Retrieve the paymentData
from the token and convert it to a string. Pass this to your server, and then submit it in a /payments
request to Adyen.
-
Stringify the paymentData from the token
Apple Pay returns more data than we need for authorization, for example a shipping address, but only the
PaymentData
is necessary for authorization. Take this data from the token and convert the JSON to a String and base64-encoded:session.onpaymentauthorized = function(event) { var token = btoa(JSON.stringify(event.payment.token.paymentData)); };
-
Submit the API request
Include the encoded token from step 1 as the value of
applePayToken
in thepaymentMethod
object of your /payments request:
Handle the decryption on your own
Requirements
To decrypt Apple Pay tokens on your own, you must:
- Have an Apple Developer account that is associated with either the Apple Developer Program, or the Apple Developer Enterprise Program.
- Be PCI-compliant to handle unencrypted card details.
- Have an API-only integration.
Decryption process
Verify the Apple Pay certificate before proceeding to token decryption.
To decrypt Apple Pay tokens, follow the detailed steps as outlined on the Apple developer portal.
Overview:
- Use the value of publicKeyHash to determine which merchant public key Apple used, and then retrieve the corresponding merchant public key certificate and private key.
- Restore the symmetric key.
- Use the symmetric key to decrypt the value of the data key.
- Confirm that you have not already credited this payment by verifying that no payment with the same
transactionId
shows as processed. - Verify the original transaction details of the Apple Pay payment request.
- Use the decrypted payment data to process the payment. See the API reference section below for details.
API reference
The parameters listed in this section are specific to using decrypted Apple Pay tokens. For descriptions of other parameters go to /payments.
There are two types of transactions, namely customer initiated and merchant initiated transactions, each with a specific set of parameters.