Apple Pay Payments

Apple Pay is a mobile payment and digital wallet service by Apple Inc. that allows payers to make payments with supported iOS and macOS devices. Apple Pay is a supported device payment in the Mastercard Payment Gateway.

This page describes integration details specific to Apple Pay. It's recommended that you read the integration guidelines for device payments, before building your Apple Pay integration.

Prerequisites

To accept Apple Pay payments:

  • You must sign up with Apple and create your merchant ID.
  • Your merchant profile on the gateway must be enabled for Device Payments by your payment service provider.
  • If you want the gateway to perform the decryption of the payment token, your merchant profile on the gateway must have "Enable Decryption of Apple Pay Device Payments" permission.

Adding Support for Apple Pay to your Integration

You can integrate Apple Pay into your mobile app or the checkout page of your website using Direct Payment.

Gateway support for decrypting Apple Pay payment token is available from API version 46 onwards.
  1. Procure a signed certificate from Apple and upload to the gateway via Merchant Administration.

    If you want to decrypt the payment token on your server, see Decrypting the Payment Token.

  2. On payment confirmation, provide the following fields in the Authorize/Pay or an Update Session request.
    • order.walletProvider=APPLE_PAY
    • order.amount: The value you provide must be the final amount of the order (including shipping and other additional amounts).
    • order.currency
    • sourceOfFunds.provided.card.devicePayment.paymentToken: The encrypted payment token obtained from the Apple Pay SDK. For example, the value in PKPaymentToken.paymentData

    sourceOfFunds.provided.card.devicePayment.paymentToken [REST][NVP]

  3. The gateway will decrypt the payment token for you and process the transaction using the decrypted data.

    In addition to the standard fields, the following response fields are returned for a successful authorization using the payment token.

    • sourceOfFunds.provided.card.encryption=DEVICE
    • sourceOfFunds.provided.card.deviceSpecificNumber: The DPAN in masked format.
    • sourceOfFunds.provided.card.deviceSpecificExpiry.month
    • sourceOfFunds.provided.card.deviceSpecificExpiry.year
    • sourceOfFunds.provided.card.number: The FPAN in masked format.
    • sourceOfFunds.provided.card.expiry.month: The expiry month of the card.
    • sourceOfFunds.provided.card.expiry.year: The expiry year of the card.
    • sourceOfFunds.provided.card.devicePayment.cryptogramFormat
Example Request

Here's a sample Authorization Request in REST where payment token is decrypted by the gateway.

URL https://na.gateway.mastercard.com/api/rest/version/57/merchant/{merchantId}/order/{orderid}/transaction/{transactionid}
HTTP Method PUT
{
    "apiOperation":"AUTHORIZE",
    "device":{
        "mobilePhoneModel":"Apple iPhone 6S Plus"
    },
    "order":{
        "amount":61.00,
        "currency":"EUR",
        "walletProvider":"APPLE_PAY"
    },
    "sourceOfFunds":{
        "provided":{
            "card":{
                "devicePayment":{
                    "paymentToken":"{\r\n\t\"version\": \"EC_v1\",\r\n\t\"data\": \"WO\/fTbdARsB1Rg3tS4ISwNG4cWDRk3JZDSbP32iDdeMP7UFouS...\",\r\n\t\"signature\": \"MIAGCSqGSIb3DQEHAqCAMIACAQExDzANBglghkg...\",\r\n\t\"header\": {\r\n\t\t\"transactionId\": \"c162557e7ae1c69a47583bc2364d1a3e531428d13fb664032f9e09fa37381fc1\",\r\n\t\t\"ephemeralPublicKey\": \"MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEMeuRqVEOZAQ...\",\r\n\t\t\"publicKeyHash\": \"tBGp1mEoHLiHwfOkazpKVbf3cMKmVS98PGufUJ2Q3ys=\"\r\n\t}\r\n}"
//This is only a sample token and will not pass validation. You should substitute this with an actual payment token returned from Apple Pay (PKPaymentToken.paymentData).   
//The gateway considers this value to be a string, NOT JSON itself. The parenthesis are a part of the string. 
                }
            }
        },
        "type":"CARD"
    },
    "transaction":{
        "frequency:"SINGLE",
        "source":"INTERNET"
    }
}
 
Example Response
{
  "authorizationResponse": {
    "posData": "10091Z500010",
    "transactionIdentifier": "000000285377253"
  },
  "device": {
    "mobilePhoneModel": "Apple iPhone 6S Plus"
  },
  "gatewayEntryPoint": "WEB_SERVICES_API",
  "merchant": "TEST_MERCHANT",
  "order": {
    "amount": 30.1,
    "creationTime": "2016-11-09T23:20:58.675Z",
    "currency": "USD",
    "id": "01",
    "status": "AUTHORIZED",
    "totalAuthorizedAmount": 30.1,
    "totalCapturedAmount": 0,
    "totalRefundedAmount": 0,
    "walletProvider": "APPLE_PAY"
  },
  "posTerminal": {
    "location": "PAYER_TERMINAL_OFF_PREMISES"
  },
  "response": {
    "acquirerCode": "000",
    "cardholderVerification": {
      "avs": {
        "acquirerCode": "N",
        "gatewayCode": "NO_MATCH"
      }
    },
    "gatewayCode": "APPROVED"
  },
  "result": "SUCCESS",
  "sourceOfFunds": {
    "provided": {
      "card": {
        "brand": "MASTERCARD",
        "deviceSpecificExpiry": {
            "month": "05",
            "year": "21"
        },
        "deviceSpecificNumber": "512345xxxxxx0008",
        "encryption": "DEVICE",
        "expiry": {
          "month": "05",
          "year": "28"
        },
        "fundingMethod": "UNKNOWN",
        "devicePayment": {
          "cryptogramFormat": "3DSECURE"
        },
        "number": "xxxxxxxxxxxx0023",
        "scheme": "MASTERCARD"
      }
    },
    "type": "CARD"
  },
  "timeOfRecord": "2016-11-09T23:20:58.675Z",
  "transaction": {
    "acquirer": {
      "batch": 3,
      "id": "TESTACQUIRER",
      "merchantId": "6465720084"
    },
    "amount": 30.1,
    "authorizationCode": "377253",
    "currency": "USD",
    "frequency": "SINGLE",
    "id": "1",
    "receipt": "001611092532",
    "source": "INTERNET",
    "terminal": "12333",
    "type": "AUTHORIZATION"
  },
  "version": "46"
}

Decrypting the Payment Token

You can choose to decrypt the payment token on your server instead of providing the payment token for decryption to the gateway. In this case, you will need to take responsibility for storing the encryption credentials and executing the decryption.

Support for Apple Pay with merchant-managed decryption of payment token is available from API version 40 onwards.
  1. On payment confirmation, submit the encrypted payment token returned by Apple Pay to your server.
  2. Decrypt the payment token on your server using your private key. See decryption steps here.
  3. Provide the payment data keys from the decrypted token in the corresponding transaction fields on the Authorize/Pay request or the Update Session request.

    Apple Pay JSON Key
    Corresponding API Request Field
    Description
    applicationPrimaryAccountNumber sourceOfFunds.provided.card.number The device-specific primary account number (i.e., token or DPAN) of the card that funds this transaction.
    applicationExpirationDate sourceOfFunds.provided.card.expiry.month
    sourceOfFunds.provided.card.expiry.year
    The expiration date of the applicationPrimaryAccountNumber.
    cardholderName sourceOfFunds.provided.card.nameOnCard (Optional)The cardholder's name.
    currencyCode order.currency The ISO 4217 currency code for the transaction.
    transactionAmount order.amount The order amount.
    paymentDataType sourceOfFunds.provided.card.
    devicePayment.cryptogramFormat
    The cryptogram format. Set this to 3DSECURE.
    onlinePaymentCryptogram sourceOfFunds.provided.card.devicePayment.
    3DSecure.onlinePaymentCryptogram
    Cryptogram in 3DSecure format.
    eciIndicator sourceOfFunds.provided.card.devicePayment.
    3DSecure.eciIndicator
    Provide the electronic commerce indicator (ECI), if available.

    sourceOfFunds.provided.card.devicePayment [REST][NVP]

  4. In addition to the above fields, include these in the Authorize/Pay or Update Session request and submit it to the gateway.

    • transaction.source=INTERNET
    • order.walletProvider=APPLE_PAY
    • device.mobilePhoneModel: (optional) The identifier of the mobile device used to initiate the payment.
    • posTerminal.location: You can specify PAYER_TERMINAL_OFF_PREMISES or PAYER_TERMINAL_ON_PREMISES. If you do not provide a value, PAYER_TERMINAL_OFF_PREMISES is used.
Example Request

Here's a sample Authorization Request in REST where the values from the decrypted payment token are provided to the gateway.

{
    "apiOperation": "AUTHORIZE",
    "order": {
        "amount": "30.10",
        "currency": "USD",
        "walletProvider":"APPLE_PAY"
    },
    "sourceOfFunds": {
        "provided": {
            "card": {
                "expiry": {
                    "month": "05",
                    "year": "21"
                },
                "number": "5123450000000008",
                "devicePayment":{
                    "cryptogramFormat":"3DSECURE",
                    "3DSecure":{
                        "onlinePaymentCryptogram":"IA/8pdiWftSsxpFT6wABoDABhgA=",
                        "eciIndicator":"20"
                    }
                }
            }
            
        },
        "type": "CARD"
    },
    "device": {
        "ani":"12341234"
    },
    "transaction": {
               "frequency": "SINGLE",
               "source": "INTERNET"
    } 
}
Example Response
{
  "authorizationResponse": {
    "posData": "10091Z500010",
    "transactionIdentifier": "000000285377253"
  },
  "customer": {
    "phone": "12341234"
  },
  "device": {
    "ani": "12341234"
  },
  "gatewayEntryPoint": "WEB_SERVICES_API",
  "lineOfBusiness": "All",
  "merchant": "TEST_MERCHANT",
  "order": {
    "amount": 30.1,
    "creationTime": "2016-11-09T23:20:58.675Z",
    "currency": "USD",
    "id": "C999903",
    "status": "AUTHORIZED",
    "totalAuthorizedAmount": 30.1,
    "totalCapturedAmount": 0,
    "totalRefundedAmount": 0,
    "walletProvider": "APPLE_PAY"
  },
  "posTerminal": {
    "location": "PAYER_TERMINAL_OFF_PREMISES"
  },
  "response": {
    "acquirerCode": "000",
    "cardholderVerification": {
      "avs": {
        "acquirerCode": "U",
        "gatewayCode": "NOT_AVAILABLE"
      },
      "detailedVerification": [
        {
          "gatewayCode": "NOT_MATCHED",
          "type": "BILLING_PHONE"
        },
        {
          "gatewayCode": "NOT_PROVIDED",
          "type": "BILLING_POSTCODE_ZIP"
        },
        {
          "gatewayCode": "NOT_PROVIDED",
          "type": "BILLING_STREET_ADDRESS"
        },
        {
          "gatewayCode": "NOT_PROVIDED",
          "type": "CARDHOLDER_NAME"
        },
        {
          "gatewayCode": "NOT_PROVIDED",
          "type": "CUSTOMER_EMAIL"
        }
      ]
    },
    "gatewayCode": "APPROVED"
  },
  "result": "SUCCESS",
  "sourceOfFunds": {
    "provided": {
      "card": {
        "brand": "MASTERCARD",
        "deviceSpecificExpiry": {
            "month": "05",
            "year": "21"
        },
        "deviceSpecificNumber": "512345xxxxxx0008",
        "expiry": {
          "month": "05",
          "year": "28"
        },
        "fundingMethod": "UNKNOWN",
        "devicePayment": {
          "cryptogramFormat": "3DSECURE"
        },
        "number": "xxxxxxxxxxxx0023",
        "scheme": "MASTERCARD"
      }
    },
    "type": "CARD"
  },
  "timeOfRecord": "2016-11-09T23:20:58.675Z",
  "transaction": {
    "acquirer": {
      "batch": 3,
      "id": "TESTACQUIRER",
      "merchantId": "6465720084"
    },
    "amount": 30.1,
    "authorizationCode": "377253",
    "currency": "USD",
    "frequency": "SINGLE",
    "id": "1",
    "receipt": "001611092532",
    "source": "INTERNET",
    "terminal": "12333",
    "type": "AUTHORIZATION"
  },
  "version": "44"
}

Testing Apple Pay Integration

You can test your integration with the gateway in production using your test merchant profile and a supported FPAN (see table below) as provided by Apple for sandbox testing.

Scheme
FPAN
Expiry Date CSC
Cryptogram
Mastercard 5204 2477 5000 1497 11/2022 111 <any>
American Express 3499 563102 56071 12/2022 111 <any>

You must configure your app to use Apple Pay sandbox environment with your gateway test merchant profile. When the payer selects a card (with a FPAN from the table above) in Apple Pay, the app generates a payment token in test mode.

If you are decrypting the payment token, use the DPAN from the decrypted token to perform test transactions.

If gateway decrypts the payment token, you must procure a signed certificate from Apple and upload it to the gateway via Merchant Administration in production using your gateway test merchant profile. The gateway uses the certificate to decrypt the payment token.

If the transactions are either APPROVED or DECLINED then the gateway was able to process your test transactions successfully.

Apple Pay via Mobile SDK

The Mobile SDK assists you to develop a mobile application (app) that will accept digital payments via the Mastercard Payment Gateway. The gateway offers support for Apple Pay via the Mobile SDK. Click here for the Mobile SDK integration guidelines for the iOS platform.

Copyright © 2020 Mastercard