Integrate Apple pay with website
The client approached us for some specific requirements related to a payment processing application. They wanted us to integrate Apple Pay on their website.
How we addressed the issue
At first, for our better understanding we asked them to incorporate some features on their website:
- All pages that included Apple Pay must be served over HTTPS.
- The domain must have a valid SSL certificate.
- The server must support the Transport Layer Security (TLS) 1.2 protocol and one cipher suite
- To enable merchant validation and receive a session object, the server must allow access over HTTPS (TCP over port 443) to the Apple Pay IP addresses and domains provided.
Configuration of Merchant ID and Certificates
Merchant ID: Merchant ID is an identifier of the client registration with Apple. This identifier uniquely identifies a business as a merchant that can accept payments. This ID never expires, and one can use it on multiple websites and iOS apps.
Payment processing certificate: A certificate associated with the merchant ID used to secure transaction data. Apple Pay servers use the certificate’s public key to encrypt payment data. The business or the payment service provider, use the private key to decrypt data to process payments.
Merchant identity certificate: A Transport Layer Security (TLS) certificate associated with the merchant ID, used to authenticate the sessions with the Apple Pay servers. The merchant identity certificate is only required for Apple Pay on the web; it isn’t needed for apps.
About the Technology
Apple Pay is Apple Inc.'s mobile wallet payment program, that allows people to pay in person, via iOS applications and through the web via Safari. The iPhone, Apple Watch, iPad, and Mac are enabled with this app. It digitizes and can replace credit or debit card chip and PIN in a point-of-sale terminal that is contactlessly capable. It does not need contactless payment terminals from Apple Pay; it fits for any dealer that accepts contactless payments. This adds two-factor authentication by touch identification, face identification, pin, or passcode. Devices interact wirelessly with point of sale systems, using NFC, an embedded secure feature to safely store payment data and execute cryptographic functions, and with biometric authentication Apple's Touch ID and Face ID, respectively.
- Apple Pay