This page explains how to enable Apple Pay on your website with your own Apple Pay certificate.
Requirements
Before you begin, take into account the following requirements, limitations, and preparations.
Requirement | Description |
---|---|
Integration type | Make sure that you have built a Web Drop-in/Components integration using the Advanced or Sessions flow. |
Customer Area roles | Make sure that you have one of the following roles:
|
Setup steps | Before you begin:
|
How it works
To add Apple Pay to your website with your own Apple Pay certificate, you must:
- Create merchant identifiers in your Apple developer account, and enter them in your Customer Area. You must create separate merchant identifiers for test transactions and live transactions.
- Create a payment processing certificate for each merchant identifier, and add each certificate to the correct user in your Customer Area. Apple Pay uses this certificate to encrypt payment information, and we need to have this certificate to be able to decrypt and process the payment.
- Register and validate your merchant domain with Apple.
- Create a merchant identity certificate, convert it to a PEM file, and upload it to your server. This certificate is used to authenticate communication with the Apple Pay servers.
- Add Apple Pay as a payment method in your Customer Area.
For information about server requirements for Apple Pay on the web, refer to the Apple Developer portal.
Create merchant identifiers
A merchant identifier uniquely identifies you as a merchant who is able to accept Apple Pay payments.
You can use the same merchant identifier for multiple websites and iOS apps.
To create merchant identifiers:
-
Log in to your Apple Developer account at https://developer.apple.com.
-
Follow the Apple Developer Account Help instructions to create a merchant identifier. Your merchant identifier must include the prefix merchant.. We recommend to use the prefix merchant.com.adyen. For example: merchant.com.adyen.merchantAccount.
For test transactions, we recommend creating a merchant identifier with .test at the end. For example: merchant.com.adyen.merchantAccount.test -
Log in to your Adyen Customer Area and go to Developers > API credentials. Select the web service user that will execute your Apple Pay transactions (ws@Company.[YourCompanyAccount]).
-
In Wallet payment methods > Apple Pay, select + Add.
-
Select Use your own certificate > Continue.
-
Enter the merchant identifier and select Download CSR > Continue.
-
Save the CSR. You will need it to create the payment processing certificate.
Create payment processing certificate
-
Log in to your Apple Developer account at https://developer.apple.com.
-
Follow the Apple Developer Account Help instructions to create a payment processing certificate for a website:
- Select a merchant identifier that you created when you created your merchant identifiers.
- Skip the step to create a certificate signing request.
- In the step to select the certificate signing request file, select the CSR you created when you created your merchant identifiers.
- If at any time a question Will payments associated with this Merchant ID be processed exclusively in China? or similar appears, answer No and continue.
- Download and save the generated payment processing certificate (CER or .cer file).
-
When you have completed the instructions from Apple, return to your Adyen Customer Area and go to Developers > API credentials. Select the web service user that will execute your Apple Pay transactions (ws@Company.[YourCompanyAccount]).
-
Select the merchant identifier.
-
Upload the payment processing certificate and select Continue.
Renew a payment processing certificate
When your certificate expires, you have to renew it. Apple Pay requires time to fully activate your new payment processing certificate. During that time period, transactions may still use the old certificate.
To renew a certificate:
-
Log in to your Adyen Customer Area and go to Developers > API credentials.
-
Select the relevant web service user.
-
Under Apple Pay Certificates select Add.
-
Enter the merchant identifier and download the CSR. Write down the start of the
KeyID
to help you locate it in step 6. -
Go to the Apple development environment and follow the steps described there to get the CER.
-
In the Apple Pay Certificates section, select the certificate with the
KeyID
you noted in step 4. This will have the Input needed status. -
Select the eye icon .
-
In the dialog that pops up, click Continue, and upload the certificate.
-
Activate the new certificate on Apple's Developer Portal. Until this is completed, the old certificate will still be used.
After the activation of the new certificate, the old certificate will continue to be used for about 4 hours after the activation of the new certificate.
-
Verify that the new certificate is in use for payments (see steps below).
Verify which certificate is in use
Apple gradually rolls out new certificates. This means that the old certificate remains active and might be used while the new certificate is being rolled out.
To see which certificate is in use for a payment, follow these steps:
-
In the /payments request, find the Base64-encoded JSON object
paymentMethod.applePayToken
: -
Decode the
paymentMethod.applePayToken
object:The
publicKeyHash
contains theKeyID
value of the certificate that was used for the payment. -
In your Customer Area, go to Developers > API credentials, and find the relevant web service user that made the payments. Under wallet payment methods, go to Apple Pay Certificates, and check the
KeyID
.
If you see the KeyID
for your old certificate, this may be due to the gradual rollout of Apple Certificates, and it does not mean that your setup is not successful. Four hours after the activation the rollout should be completed and you will no longer see payments using the old certificate. When you see the new certificate for an authorized payment, this confirms that all steps have been completed successfully.
To remove the old certificate from the Customer Area, go to Apple Pay Certificates, select the certificate with the applicable KeyID
, and click the bin icon .
Register and validate your merchant domain
This step doesn't apply when you are using our Salesforce Commerce Cloud plugin. Refer to our Apple Pay documentation for the plugin instead.
-
Log in to your Apple Developer account at https://developer.apple.com.
-
Follow the Apple Developer Account Help instructions to register a merchant domain, but note the following:
- In the step to select a merchant identifier, make sure you select the merchant identifier you created in Step 1.
Create a merchant identity certificate
This step doesn't apply when you are using our Salesforce Commerce Cloud plugin. Refer to our Apple Pay documentation for the plugin instead.
For each transaction, you need to request an Apple Pay payment session using your Merchant Identity Certificate. In this step, you will create that certificate.
-
Log in to your Apple Developer account at https://developer.apple.com.
-
Follow the Apple Developer Account Help instructions to create a merchant identity certificate, but note the following:
- In the step to select a merchant identifier, make sure you select the merchant identifier you created in Step 1.
- Follow the instructions from Apple to create a CSR yourself. The CSR you received from us cannot be used for creating a merchant identity certificate.
- Download and save the generated merchant identity certificate (.cer file).
-
When you have completed the instructions from Apple, add the merchant identity certificate to your keychain.
-
Export the certificate from your keychain as a p12 file.
-
Convert the p12 file to a PEM file using the following command:
openssl pkcs12 -in your-file.p12 -out apple-pay-cert.pem -nodes -clcerts
-
Upload the apple-pay-cert.pem file to your server.
When requesting an Apple Pay payment session, use the full path to the apple-pay-cert.pem file.
Add Apple Pay in your Customer Area
Add Apple Pay in your Customer Area. You need to provide your:
- Merchant name: the merchant account for which you want to set up Apple Pay.
- Merchant identifier: the merchant identifier you created.