Decrypting Apple Pay tokens

Learn about Apple Pay network-based tokenisation and the available decryption methods.


Apple Pay enhances transaction security through network-based tokenisation. By replacing sensitive payment information with unique tokens, generated by the payment network or scheme, Apple Pay offers a secure and convenient payment experience for customers using their Apple devices.

To ensure a smooth payment experience, explore the available decryption methods. These methods allow you to securely retrieve and process the tokenised payment data.


Prerequisites


Decryption methods

There are three decryption methods to consider, each offering varying degrees of convenience and control. Understanding these decryption approaches will help you determine the most suitable option for your specific needs and preferences.

  • Decryption through emerchantpay’s Web Payment Form
  • emerchantpay decryption
  • Merchant decryption
  • Decryption through emerchantpay’s Web Payment Form

    Decrypting through emerchantpay’s Web Payment Form provides a simplified approach. To use this method, you need an Apple Pay merchant account to obtain the necessary credentials for payment token decryption. emerchantpay is responsible for the setup process. However, using this decryption method comes with reduced independence and customization options.

    emerchantpay decryption

    When using emerchantpay’s decryption service, you retain control over managing your payment page and making direct requests to Apple. You send the transaction results to emerchantpay for decryption and processing, relieving you of the responsibility of decrypting the payment tokens yourself.

    Example of passing a request:

    <payment_transaction>
    <transaction_id>***</transaction_id>
    <usage>***</usage>
    <description>***</description>
    <remote_ip>***</remote_ip>
    <amount>10714</amount>
    <currency>EUR</currency>
    <customer_email>***</customer_email>
    <customer_phone>***</customer_phone>
    <notification_url>***</notification_url>
    <return_success_url>***</return_success_url>
    <return_failure_url>***</return_failure_url>
    <billing_address>
    <first_name>***</first_name>
    <last_name>***</last_name>
    <address1>***</address1>
    <zip_code>***</zip_code>
    <city>***</city>
    <country>***</country>
    </billing_address>
    <transaction_type>apple_pay</transaction_type>
    <payment_subtype>sale</payment_subtype>
    <payment_token>{“paymentData”:{“signature”:”MIAGCSqGSIb3DQEHAqCAMIACAQExDTALBglghkgBZQMEAgEwgAYJKoZIhvcNAQcBAACggDCCA+MwggOIoAMCAQICCEwwQUlRnVQ2MAoGCCqGSM49BAMCMHoxLjAsBgNVBAMMJUFwcGxlIEFwcGxpY2F0aW9uIEludGVncmF0aW9uIENBIC0gRzMxJjAkBgNVBAsMHUFwcGxlIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MRMwEQYDVQQKDApBcHBsZSBJbmMuMQswCQYDVQQGEwJVUzAeFw0xOTA1MTgwMTMyNTdaFw0yNDA1MTYwMTMyNTdaMF8xJTAjBgNVBAMMHGVjYy1zbXAtYnJva2VyLXNpZ25fVUM0LVBST0QxFDASBgNVBAsMC2lPUyBTeXN0ZW1zMRMwEQYDVQQKDApBcHBsZSBJbmMuMQswCQYDVQQGEwJVUzBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABMIVd+3r1seyIY9o3XCQoSGNx7C9bywoPYRgldlK9KVBG4NCDtgR80B+gzMfHFTD9+syINa61dTv9JKJiT58DxOjggIRMIICDTAMBgNVHRMBAf8EAjAAMB8GA1UdIwQYMBaAFCPyScRPk+TvJ+bE9ihsP6K7\/S5LMEUGCCsGAQUFBwEBBDkwNzA1BggrBgEFBQcwAYYpaHR0cDovL29jc3AuYXBwbGUuY29tL29jc3AwNC1hcHBsZWFpY2EzMDIwggEdBgNVHSAEggEUMIIBEDCCAQwGCSqGSIb3Y2QFATCB\/jCBwwYIKwYBBQUHAgIwgbYMgbNSZWxpYW5jZSBvbiB0aGlzIGNlcnRpZmljYXRlIGJ5IGFueSBwYXJ0eSBhc3N1bWVzIGFjY2VwdGFuY2Ugb2YgdGhlIHRoZW4gYXBwbGljYWJsZSBzdGFuZGFyZCB0ZXJtcyBhbmQgY29uZGl0aW9ucyBvZiB1c2UsIGNlcnRpZmljYXRlIHBvbGljeSBhbmQgY2VydGlmaWNhdGlvbiBwcmFjdGljZSBzdGF0ZW1lbnRzLjA2BggrBgEFBQcCARYqaHR0cDovL3d3dy5hcHBsZS5jb20vY2VydGlmaWNhdGVhdXRob3JpdHkvMDQGA1UdHwQtMCswKaAnoCWGI2h0dHA6Ly9jcmwuYXBwbGUuY29tL2FwcGxlYWljYTMuY3JsMB0GA1UdDgQWBBSUV9tv1XSBhomJdi9+V4UH55tYJDAOBgNVHQ8BAf8EBAMCB4AwDwYJKoZIhvdjZAYdBAIFADAKBggqhkjOPQQDAgNJADBGAiEAvglXH+ceHnNbVeWvrLTHL+tEXzAYUiLHJRACth69b1UCIQDRizUKXdbdbrF0YDWxHrLOh8+j5q9svYOAiQ3ILN2qYzCCAu4wggJ1oAMCAQICCEltL786mNqXMAoGCCqGSM49BAMCMGcxGzAZBgNVBAMMEkFwcGxlIFJvb3QgQ0EgLSBHMzEmMCQGA1UECwwdQXBwbGUgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxEzARBgNVBAoMCkFwcGxlIEluYy4xCzAJBgNVBAYTAlVTMB4XDTE0MDUwNjIzNDYzMFoXDTI5MDUwNjIzNDYzMFowejEuMCwGA1UEAwwlQXBwbGUgQXBwbGljYXRpb24gSW50ZWdyYXRpb24gQ0EgLSBHMzEmMCQGA1UECwwdQXBwbGUgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxEzARBgNVBAoMCkFwcGxlIEluYy4xCzAJBgNVBAYTAlVTMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE8BcRhBnXZIXVGl4lgQd26ICi7957rk3gjfxLk+EzVtVmWzWuItCXdg0iTnu6CP12F86Iy3a7ZnC+yOgphP9URaOB9zCB9DBGBggrBgEFBQcBAQQ6MDgwNgYIKwYBBQUHMAGGKmh0dHA6Ly9vY3NwLmFwcGxlLmNvbS9vY3NwMDQtYXBwbGVyb290Y2FnMzAdBgNVHQ4EFgQUI\/JJxE+T5O8n5sT2KGw\/orv9LkswDwYDVR0TAQH\/BAUwAwEB\/zAfBgNVHSMEGDAWgBS7sN6hWDOImqSKmd6+veuv2sskqzA3BgNVHR8EMDAuMCygKqAohiZodHRwOi8vY3JsLmFwcGxlLmNvbS9hcHBsZXJvb3RjYWczLmNybDAOBgNVHQ8BAf8EBAMCAQYwEAYKKoZIhvdjZAYCDgQCBQAwCgYIKoZIzj0EAwIDZwAwZAIwOs9yg1EWmbGG+zXDVspiv\/QX7dkPdU2ijr7xnIFeQreJ+Jj3m1mfmNVBDY+d6cL+AjAyLdVEIbCjBXdsXfM4O5Bn\/Rd8LCFtlk\/GcmmCEm9U+Hp9G5nLmwmJIWEGmQ8Jkh0AADGCAYgwggGEAgEBMIGGMHoxLjAsBgNVBAMMJUFwcGxlIEFwcGxpY2F0aW9uIEludGVncmF0aW9uIENBIC0gRzMxJjAkBgNVBAsMHUFwcGxlIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MRMwEQYDVQQKDApBcHBsZSBJbmMuMQswCQYDVQQGEwJVUwIITDBBSVGdVDYwCwYJYIZIAWUDBAIBoIGTMBgGCSqGSIb3DQEJAzELBgkqhkiG9w0BBwEwHAYJKoZIhvcNAQkFMQ8XDTIzMDQxMTE2NTUwNFowKAYJKoZIhvcNAQk0MRswGTALBglghkgBZQMEAgGhCgYIKoZIzj0EAwIwLwYJKoZIhvcNAQkEMSIEIIt8HtiZPlAqbJ9FFi6tw3+AjQnGDUgas1i1nRpS+Ci7MAoGCCqGSM49BAMCBEcwRQIgFXDNiN9n2hnrmAi6SC+XH4Al+ksy59hpSCKCV9fJcXUCIQDhcWZ9VyUBOISHje6BKaIOWVMeUQiP18ODTvd13qkBDgAAAAAAAA==”,”header”:{“transactionId”:”91a7ecae8c2f7ad36e1b262a9ff836a421a83e1241f2f36646cdceb91caf75d8″,”ephemeralPublicKey”:”MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAECeCKHApBVFCNX5BtRF9JnWS2YmNBVrONB2XQKdMp7i2\/eQ\/MU5uzjoD1p8SoLHn7uptvSi5snDuCSDHCJIIH0g==”,”publicKeyHash”:”vIP5spRB7yo3vSNP+szKCvOCnn2BQYQBuNhUGvsdmCY=”},”data”:”EyaclYTgqXSIDf8SGPuhihKUwakvu54J7AD7v5fT3Nt6r0Qv+qRS08G3I7olAY4NPA+AHrtDtSMarlwzVZCqi9kWxMSKYamnrAQyuWJcg2njG2NUW29CXdk9Jxufx3+zvI+jbhiZfS6xtrwrdwV+9hb+EqvzQtQq0bYQ+wdQtEUIr\/SsSWX7rXg6CsetGE8Z0fcWFQoqxoICNSyLdI6yiHhX5+VszgrUohJ2id2g7dES0nQVmzbnFNbCQ2r8Br6liJ4zn6sGHYKN\/mXIZX1OuW8I3urRD8xXU3GXS2xCYlFejHZGaKM8czz6oZiT16PscWMDbKoxZTnRfzeLkPP1b0SNr87OSsf1IbSzgzrBo0YBDD16eBMdrO4PxAoc0wTJRZnTE1L+EA78bI0cUn4F7X0hOhjEsDg9i4zPUhQ8Xt6V”,”version”:”EC_v1″},”paymentMethod”:{“network”:”Visa”,”type”:”debit”,”displayName”:”Visa 0279″},”transactionIdentifier”:”91a7ecae8c2f7ad36e1b262a9ff836a421a83e1241f2f36646cdceb91caf75d8″}</payment_token>
    <return_pending_url>***</return_pending_url>
    </payment_transaction>
    

    Example of a Success response:

    <payment_response>
    <transaction_type>apple_pay</transaction_type>
    <status>approved</status>
    <crypto>true</crypto>
    <cvv_result_code> </cvv_result_code>
    <authorization_code>274760</authorization_code>
    <scheme_response_code>00</scheme_response_code>
    <unique_id>cc7857dbb22892e03abe833e7733c3ca</unique_id>
    <transaction_id>dab15c49-95d3-46d6-87d9-8027c468a2ca</transaction_id>
    …
    <amount>10714</amount>
    <currency>EUR</currency>
    <threeds>
    <eci>05</eci>
    </threeds>
    <sent_to_acquirer>true</sent_to_acquirer>
    </payment_response>
    

    Merchant decryption

    You can also choose to handle the decryption process yourself. You decrypt the payment tokens and send the transaction elements to emerchantpay. Instead of specifying apple_pay as the transaction_type and providing a payment_token, you must flag the transactions as scheme-tokenized.

    This approach depends on your specific integration and it allows you to have direct control over the decryption process. You may choose to decrypt the payment tokens yourself for greater control, customization, and adherence to specific security or compliance requirements.

    To use this method, you must:

    • Have an account that is specifically enabled to support tokenised transactions.
    • Map the decrypted data as per the Tokenized e-commerce API.

    Example of passing a request:

    <payment_transaction xmlns:xsi=”http://www.w3.org/2001/XMLSchema-instance” xmlns:xsd=”http://www.w3.org/2001/XMLSchema”>
    <transaction_type>sale3d</transaction_type>
    <transaction_id>***</transaction_id>
    <remote_ip>***</remote_ip>
    <amount>49000</amount>
    <currency>EUR</currency>
    <card_holder>***</card_holder>
    <card_number>513659…8108</card_number>
    <expiration_month>xxx</expiration_month>
    <expiration_year>xxx</expiration_year>
    <cvv>xxx</cvv>
    <customer_email>***</customer_email>
    <customer_phone>***</customer_phone>
    <billing_address>
    <first_name>***</first_name>
    <last_name>***</last_name>
    <address1>***</address1>
    <zip_code>***</zip_code>
    <city>***</city>
    <country>**</country>
    </billing_address>
    <mpi_params>
    <eci>02</eci>
    <cavv>kBNCQdOyR7+gC0TewtJQZZeBXA+c</cavv>
    <protocol_version>2</protocol_version>
    </mpi_params>
    <scheme_tokenized xsi:nil=”true”/>
    <crypto>false</crypto>
    </payment_transaction>
    

    Example of a Success response:

    <payment_response>
    <transaction_type>sale3d</transaction_type>
    <status>approved</status>
    <cvv_result_code>M</cvv_result_code>
    <authorization_code>428352</authorization_code>
    <retrieval_reference_number>310709004106</retrieval_reference_number>
    <scheme_response_code>00</scheme_response_code>
    <unique_id>3994cd30195e79bf984e24557f2d865e</unique_id>
    <transaction_id>z629tVws</transaction_id>
    <response_code>00</response_code>
    <mode>live</mode>
    <timestamp>2023-04-17T09:15:49Z</timestamp>
    <descriptor>***</descriptor>
    <amount>49000</amount>
    <currency>EUR</currency>
    <threeds>
    <eci>02</eci>
    </threeds>
    <sent_to_acquirer>true</sent_to_acquirer>
    <scheme_transaction_identifier>MCSGVSHD8</scheme_transaction_identifier>
    <scheme_settlement_date>0417</scheme_settlement_date>
    </payment_response>