Apple Pay
Decrypted Server-Side Implementation
importantDecrypting Apple Pay payment data on your server is not recommended, as it increases your risk and compliance burden (typically requires PCI SAQ D compliance).
See Configuration for our recommended integration method.
Creating transactions
If you decrypt the encrypted Apple Pay payment data on your server, you can create a transaction with the decrypted parameters.
importantIf there is an electronic commerce indicator (ECI) within the decrypted payment data, it must be included below.
- PHP
$result = $gateway->transaction()->sale([
'amount' => '10.00',
'applePayCard' => [
'number' => applicationPrimaryAccountNumber,
'cardholderName' => cardholderName,
'cryptogram' => onlinePaymentCryptogram,
'expirationMonth' => substr(applicationExpirationDate, 2, 2),
'expirationYear' => substr(applicationExpirationDate, 0, 2),
'eciIndicator' => eciIndicator
],
'options' => [
'submitForSettlement' => True
]
]);The amount you specify in your client-side payment request should reflect the actual amount you authorize and submit for settlement; transactions will still process in cases where the amount changes during order fulfillment.
Vaulting via Customer create and update
importantVaulting decrypted Apple Pay cards without tokenizing is currently only available in the Python SDK. This feature is only available via
Customer.createandCustomer.update.
You may vault a decrypted Apple Pay Card while creating a new Customer object.
For an existing customer, you can vault a new Apple Pay card by supplying that customer's ID. You may also update the PaymentMethod's token this way.
'cardholder_name'The name associated with the Apple Pay card. Must be less than or equal to 175 characters.
'expiration_year'The two or four digit year associated with an Apple Pay card, formatted YYYY or YY.
'number'Typically requires PCI SAQ D compliance.
The 12-19 digit device primary account number (DPAN).
'eci_indicator'Electronic Commerce Indicator (ECI), a card brand-specific two-digit string describing the mode of the transaction. This field is optional, as some card networks do not return an ECI.
'token'An alphanumeric value that references a specific payment method stored in your Vault. Must be less than or equal to 36 characters. If using a custom integration, you can specify what you want the token to be. If not specified, the gateway will generate one that can be accessed on the result. If using our Drop-in UI with a customer ID to vault payment methods, you can't specify your own token. Length and format of gateway-generated tokens and IDs may change at any time.
'billing_address'A billing address associated with a specific credit card. The maximum number of addresses per customer is 50.
'street_address'The street address. Street address must be less than or equal to 255 characters. Must contain at least 1 digit.
'extended_address'The extended address information—such as apartment or suite number. 255 character maximum.
'region'The state or province. The region must be a 2-letter abbreviation and must be less than or equal to 255 characters.
'postal_code'The postal code. Postal code must be a string of 4-9 alphanumeric characters, optionally separated by a dash or a space. Spaces and hyphens are ignored.
'country_code_alpha2'The ISO 3166-1 alpha-2 country code specified in an address. The gateway only accepts specific alpha-2 values .
'country_code_alpha3'The ISO 3166-1 alpha-3 country code specified in an address. The gateway only accepts specific alpha-3 values .
'country_code_numeric'The ISO 3166-1 numeric country code specified in an address. The gateway only accepts specific numeric values .
'phone_number'Phone number. Phone must be 10-14 characters and can only contain numbers, dashes, parentheses and periods.
Next Page: Testing and Go Live →