Web
Apple Pay purchase operation
To integrate the Apple Pay button on the payment page of an online store, you need to implement the ApplePaySession.canMakePaymentsWithActiveCard method, this method determines whether this device supports payment using Apple Pay.
If it supports payment, you need to draw the “Buy using Apple Pay” button.
Next, you need to create an object ApplePaySession, with the purchase parameters:
countryCode: 'UA',
currencyCode: 'UAH',
supportedNetworks: ['visa', 'masterCard'],
merchantCapabilities: ['supports3DS'],
total: { label: 'Your Merchant Name', amount: '10.00' },
For a description of the fields, see the Apple Pay on Web documentation.
On the event onvalidatemerchant you need to hang a handler in which it will be called API “api/apple/validate” . The description of the method will be below.
On the event onpaymentauthorized you need to hang a handler that will call API “api/apple/payment”.
After confirming the payment in onpaymentauthorized, you must call the method
ApplePaySession.completePayment.
ApplePaySession documentation can be found on the Apple site.
Merchant Validation Apple Pay (api/apple/validate)
Production url: https://****.procard-ltd.com/api/apple/validate
POST parameters:
| Parameter | Type | Description | Value |
|---|---|---|---|
| operation | String | Type of transaction | Purchase |
| apple_validation_url | String | This parameter comes in the event onvalidatemerchant, event.validationURL | |
| Example: | |||
| session.onvalidatemerchant = (event) => { console.log(event.validationURL); } | |||
| merchant_id | String | merchant identifier | |
| amount | Float | The amount of the transaction. Example 500.00 | |
| signature | String | In order to confirm the validity of the data, a verification signature must be generated and transmitted in the HMAC_SHA512 request using the SecretKey merchant. | |
The string to be HMAC_SHA512 is generated by concatenating the parameters merchant_id, order_id, amount, currency_iso, description separated by “;” (semicolon) in UTF-8 encoding. | |||
| The order of parameters during concatenation is important! | |||
| order_id | String | Unique transaction number on the merchant side. If the operation is duplicated, the merchant receives an error. | |
| currency_iso | String | Currency of payment | UAH |
| description | String | Purpose of payment. It is displayed on the payment page when entering payment details. Displayed in the account statement and registries | |
| add_params | Array | An array with additional parameters. Additional parameters are then returned to the merchant in a callback call | |
| callback_url | String | URL to which information about the result of the payment will be sent |
The following parameters come in response:
| Parameter | Type | Description |
|---|---|---|
| apple_validate_data | String | Data to pass to session.completeMerchantValidation method |
| order_key | Integer | Order ID in the payment system |
| code | String | Answer code (0 - success) |
| message | String | Decoding of the response code |
Payment confirmation Apple Pay (api/apple/payment)
Production url: https://****.procard-ltd.com/api/apple/payment
The system itself determines which authentication path goes with or without 3DS depending on the data received from Apple.
POST parameters:
| Parameter | Type | Description |
|---|---|---|
| order_key | String | Order ID in the payment system |
| apple_pay_payment_data | String | Base64 encoded data received in new event onpaymentauthorized in parameter event.payment. |
| Example: | ||
| session.onpaymentauthorized = (event) => { console.log(event.payment);} } | ||
| apple_pay_payment_data_decrypted | String | The parameter is passed instead of apple_pay_payment_data if payment with a decrypted token is used. Base64 encoded data received in new event onpaymentauthorized in parameter event.payment |
The answer comes:
| Parameter | Type | Description | Value |
|---|---|---|---|
| transactionStatus | String | Transaction Status | Approved - Successfully Declined - Renouncement |
| reason | String | Text reason for rejection | |
| reasonCode | String | Failure Error Code | |
| rrn | String | Reference Retrieval Number |
After calling this method, a callback comes to the backend trader.
Request for payment with decrypted token example:
{
"order_key": "9910ae2538be76b828f63a08f14ddf4a267d5148713cb2bb2742848fd622cfd266d86cab7f44b",
"apple_pay_payment_data_decrypted": "ewoiYXBwbGljYXRpb25QcmltYXJ5QWNjb3VudE51bWJlciI6ICI0MDEyMDAwMDAwMDAzMTE5IiwKImFwcGxpY2F0aW9uRXhwaXJhdGlvbkRhdGUiOiAiMjgxMTMwIiwKImN1cnJlbmN5Q29kZSI6ICI5ODAiLAoidHJhbnNhY3Rpb25BbW91bnQiOiAxMDAwMCwKImRldmljZU1hbnVmYWN0dXJlcklkZW50aWZpZXIiOiAiMDQwMDEwMDMwMjczIiwKInBheW1lbnREYXRhVHlwZSI6ICIzRFNlY3VyZSIsCiJwYXltZW50RGF0YSI6ewoib25saW5lUGF5bWVudENyeXB0b2dyYW0iOiIxMjMiLAoiZWNpSW5kaWNhdG9yIjoiNSIKfQp9Cg=="
}
Decrypted token structure:
| Parameter | Type | Description |
|---|---|---|
| applicationPrimaryAccountNumber | String | The tokenized card number |
| applicationExpirationDate | String | Expiration date of the card (YYMMDD format) |
| currencyCode | String | Currency of payment |
| transactionAmount | Float | The amount of the transaction. Example 500.00 |
| deviceManufacturerIdentifier | String | Unique identifier for the device manufacturer |
| paymentDataType | String | Type of payment data |
paymentData | ||
| onlinePaymentCryptogram | String | A cryptogram for secure online transactions |
| eciIndicator | String | Electronic Commerce Indicator, shows the security level of the transaction |
Decrypted token example:
{
"applicationPrimaryAccountNumber": "4012000000003119",
"applicationExpirationDate": "281130",
"currencyCode": "980",
"transactionAmount": 10000,
"deviceManufacturerIdentifier": "040010030273",
"paymentDataType": "3DSecure",
"paymentData": {
"onlinePaymentCryptogram": "123",
"eciIndicator": "5"
}
}