Decrypting Apple Pay tokens
Learn about Apple Pay network-based tokenisation and the available decryption methods.
Apple Pay enhances transaction security through network-based tokenisation. By replacing sensitive payment information with unique tokens, generated by the payment network or scheme, Apple Pay offers a secure and convenient payment experience for customers using their Apple devices.
To ensure a smooth payment experience, explore the available decryption methods. These methods allow you to securely retrieve and process the tokenised payment data.
Apple Pay transactions comply with Strong Customer Authentication (SCA) requirements.
With Apple Pay, users authenticate themselves using biometric authentication methods like Face ID or Touch ID, or by entering a passcode on their Apple devices. This authentication process ensures that each transaction meets the SCA standards, providing an additional layer of security and authentication for the payment process.
Prerequisites
To proceed with this solution, you must have an emerchantpay merchant account. Apply for a merchant account by filling out and submitting this contact form.
You will be assigned an emerchantpay Account Manager, who will provide you with credentials and assist you with any of emerchantpay’s payment solutions.
Decryption methods
There are three decryption methods to consider, each offering varying degrees of convenience and control. Understanding these decryption approaches will help you determine the most suitable option for your specific needs and preferences.
Decryption through emerchantpay’s Web Payment Form
Decrypting through emerchantpay’s Web Payment Form provides a simplified approach. To use this method, you need an Apple Pay merchant account to obtain the necessary credentials for payment token decryption. emerchantpay is responsible for the setup process. However, using this decryption method comes with reduced independence and customization options.
emerchantpay decryption
When using emerchantpay’s decryption service, you retain control over managing your payment page and making direct requests to Apple. You send the transaction results to emerchantpay for decryption and processing, relieving you of the responsibility of decrypting the payment tokens yourself.
Example of passing a request:
<payment_transaction>
<transaction_id>***</transaction_id>
<usage>***</usage>
<description>***</description>
<remote_ip>***</remote_ip>
<amount>10714</amount>
<currency>EUR</currency>
<customer_email>***</customer_email>
<customer_phone>***</customer_phone>
<notification_url>***</notification_url>
<return_success_url>***</return_success_url>
<return_failure_url>***</return_failure_url>
<billing_address>
<first_name>***</first_name>
<last_name>***</last_name>
<address1>***</address1>
<zip_code>***</zip_code>
<city>***</city>
<country>***</country>
</billing_address>
<transaction_type>apple_pay</transaction_type>
<payment_subtype>sale</payment_subtype>
<payment_token>{“paymentData”:{“signature”:”MIAGCSqGSIb3DQEHAqCAMIACAQExDTALBglghkgBZQMEAgEwgAYJKoZIhvcNAQcBAACggDCCA+MwggOIoAMCAQICCEwwQUlRnVQ2MAoGCCqGSM49BAMCMHoxLjAsBgNVBAMMJUFwcGxlIEFwcGxpY2F0aW9uIEludGVncmF0aW9uIENBIC0gRzMxJjAkBgNVBAsMHUFwcGxlIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MRMwEQYDVQQKDApBcHBsZSBJbmMuMQswCQYDVQQGEwJVUzAeFw0xOTA1MTgwMTMyNTdaFw0yNDA1MTYwMTMyNTdaMF8xJTAjBgNVBAMMHGVjYy1zbXAtYnJva2VyLXNpZ25fVUM0LVBST0QxFDASBgNVBAsMC2lPUyBTeXN0ZW1zMRMwEQYDVQQKDApBcHBsZSBJbmMuMQswCQYDVQQGEwJVUzBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABMIVd+3r1seyIY9o3XCQoSGNx7C9bywoPYRgldlK9KVBG4NCDtgR80B+gzMfHFTD9+syINa61dTv9JKJiT58DxOjggIRMIICDTAMBgNVHRMBAf8EAjAAMB8GA1UdIwQYMBaAFCPyScRPk+TvJ+bE9ihsP6K7\/S5LMEUGCCsGAQUFBwEBBDkwNzA1BggrBgEFBQcwAYYpaHR0cDovL29jc3AuYXBwbGUuY29tL29jc3AwNC1hcHBsZWFpY2EzMDIwggEdBgNVHSAEggEUMIIBEDCCAQwGCSqGSIb3Y2QFATCB\/jCBwwYIKwYBBQUHAgIwgbYMgbNSZWxpYW5jZSBvbiB0aGlzIGNlcnRpZmljYXRlIGJ5IGFueSBwYXJ0eSBhc3N1bWVzIGFjY2VwdGFuY2Ugb2YgdGhlIHRoZW4gYXBwbGljYWJsZSBzdGFuZGFyZCB0ZXJtcyBhbmQgY29uZGl0aW9ucyBvZiB1c2UsIGNlcnRpZmljYXRlIHBvbGljeSBhbmQgY2VydGlmaWNhdGlvbiBwcmFjdGljZSBzdGF0ZW1lbnRzLjA2BggrBgEFBQcCARYqaHR0cDovL3d3dy5hcHBsZS5jb20vY2VydGlmaWNhdGVhdXRob3JpdHkvMDQGA1UdHwQtMCswKaAnoCWGI2h0dHA6Ly9jcmwuYXBwbGUuY29tL2FwcGxlYWljYTMuY3JsMB0GA1UdDgQWBBSUV9tv1XSBhomJdi9+V4UH55tYJDAOBgNVHQ8BAf8EBAMCB4AwDwYJKoZIhvdjZAYdBAIFADAKBggqhkjOPQQDAgNJADBGAiEAvglXH+ceHnNbVeWvrLTHL+tEXzAYUiLHJRACth69b1UCIQDRizUKXdbdbrF0YDWxHrLOh8+j5q9svYOAiQ3ILN2qYzCCAu4wggJ1oAMCAQICCEltL786mNqXMAoGCCqGSM49BAMCMGcxGzAZBgNVBAMMEkFwcGxlIFJvb3QgQ0EgLSBHMzEmMCQGA1UECwwdQXBwbGUgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxEzARBgNVBAoMCkFwcGxlIEluYy4xCzAJBgNVBAYTAlVTMB4XDTE0MDUwNjIzNDYzMFoXDTI5MDUwNjIzNDYzMFowejEuMCwGA1UEAwwlQXBwbGUgQXBwbGljYXRpb24gSW50ZWdyYXRpb24gQ0EgLSBHMzEmMCQGA1UECwwdQXBwbGUgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxEzARBgNVBAoMCkFwcGxlIEluYy4xCzAJBgNVBAYTAlVTMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE8BcRhBnXZIXVGl4lgQd26ICi7957rk3gjfxLk+EzVtVmWzWuItCXdg0iTnu6CP12F86Iy3a7ZnC+yOgphP9URaOB9zCB9DBGBggrBgEFBQcBAQQ6MDgwNgYIKwYBBQUHMAGGKmh0dHA6Ly9vY3NwLmFwcGxlLmNvbS9vY3NwMDQtYXBwbGVyb290Y2FnMzAdBgNVHQ4EFgQUI\/JJxE+T5O8n5sT2KGw\/orv9LkswDwYDVR0TAQH\/BAUwAwEB\/zAfBgNVHSMEGDAWgBS7sN6hWDOImqSKmd6+veuv2sskqzA3BgNVHR8EMDAuMCygKqAohiZodHRwOi8vY3JsLmFwcGxlLmNvbS9hcHBsZXJvb3RjYWczLmNybDAOBgNVHQ8BAf8EBAMCAQYwEAYKKoZIhvdjZAYCDgQCBQAwCgYIKoZIzj0EAwIDZwAwZAIwOs9yg1EWmbGG+zXDVspiv\/QX7dkPdU2ijr7xnIFeQreJ+Jj3m1mfmNVBDY+d6cL+AjAyLdVEIbCjBXdsXfM4O5Bn\/Rd8LCFtlk\/GcmmCEm9U+Hp9G5nLmwmJIWEGmQ8Jkh0AADGCAYgwggGEAgEBMIGGMHoxLjAsBgNVBAMMJUFwcGxlIEFwcGxpY2F0aW9uIEludGVncmF0aW9uIENBIC0gRzMxJjAkBgNVBAsMHUFwcGxlIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MRMwEQYDVQQKDApBcHBsZSBJbmMuMQswCQYDVQQGEwJVUwIITDBBSVGdVDYwCwYJYIZIAWUDBAIBoIGTMBgGCSqGSIb3DQEJAzELBgkqhkiG9w0BBwEwHAYJKoZIhvcNAQkFMQ8XDTIzMDQxMTE2NTUwNFowKAYJKoZIhvcNAQk0MRswGTALBglghkgBZQMEAgGhCgYIKoZIzj0EAwIwLwYJKoZIhvcNAQkEMSIEIIt8HtiZPlAqbJ9FFi6tw3+AjQnGDUgas1i1nRpS+Ci7MAoGCCqGSM49BAMCBEcwRQIgFXDNiN9n2hnrmAi6SC+XH4Al+ksy59hpSCKCV9fJcXUCIQDhcWZ9VyUBOISHje6BKaIOWVMeUQiP18ODTvd13qkBDgAAAAAAAA==”,”header”:{“transactionId”:”91a7ecae8c2f7ad36e1b262a9ff836a421a83e1241f2f36646cdceb91caf75d8″,”ephemeralPublicKey”:”MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAECeCKHApBVFCNX5BtRF9JnWS2YmNBVrONB2XQKdMp7i2\/eQ\/MU5uzjoD1p8SoLHn7uptvSi5snDuCSDHCJIIH0g==”,”publicKeyHash”:”vIP5spRB7yo3vSNP+szKCvOCnn2BQYQBuNhUGvsdmCY=”},”data”:”EyaclYTgqXSIDf8SGPuhihKUwakvu54J7AD7v5fT3Nt6r0Qv+qRS08G3I7olAY4NPA+AHrtDtSMarlwzVZCqi9kWxMSKYamnrAQyuWJcg2njG2NUW29CXdk9Jxufx3+zvI+jbhiZfS6xtrwrdwV+9hb+EqvzQtQq0bYQ+wdQtEUIr\/SsSWX7rXg6CsetGE8Z0fcWFQoqxoICNSyLdI6yiHhX5+VszgrUohJ2id2g7dES0nQVmzbnFNbCQ2r8Br6liJ4zn6sGHYKN\/mXIZX1OuW8I3urRD8xXU3GXS2xCYlFejHZGaKM8czz6oZiT16PscWMDbKoxZTnRfzeLkPP1b0SNr87OSsf1IbSzgzrBo0YBDD16eBMdrO4PxAoc0wTJRZnTE1L+EA78bI0cUn4F7X0hOhjEsDg9i4zPUhQ8Xt6V”,”version”:”EC_v1″},”paymentMethod”:{“network”:”Visa”,”type”:”debit”,”displayName”:”Visa 0279″},”transactionIdentifier”:”91a7ecae8c2f7ad36e1b262a9ff836a421a83e1241f2f36646cdceb91caf75d8″}</payment_token>
<return_pending_url>***</return_pending_url>
</payment_transaction>
Example of a Success response:
<payment_response>
<transaction_type>apple_pay</transaction_type>
<status>approved</status>
<crypto>true</crypto>
<cvv_result_code> </cvv_result_code>
<authorization_code>274760</authorization_code>
<scheme_response_code>00</scheme_response_code>
<unique_id>cc7857dbb22892e03abe833e7733c3ca</unique_id>
<transaction_id>dab15c49-95d3-46d6-87d9-8027c468a2ca</transaction_id>
…
<amount>10714</amount>
<currency>EUR</currency>
<threeds>
<eci>05</eci>
</threeds>
<sent_to_acquirer>true</sent_to_acquirer>
</payment_response>
Merchant decryption
You can also choose to handle the decryption process yourself. You decrypt the payment tokens and send the transaction elements to emerchantpay. Instead of specifying apple_pay as the transaction_type and providing a payment_token, you must flag the transactions as scheme-tokenized.
This approach depends on your specific integration and it allows you to have direct control over the decryption process. You may choose to decrypt the payment tokens yourself for greater control, customization, and adherence to specific security or compliance requirements.
To use this method, you must:
- Have an account that is specifically enabled to support tokenised transactions.
- Map the decrypted data as per the Tokenized e-commerce API.
Example of passing a request:
<payment_transaction xmlns:xsi=”http://www.w3.org/2001/XMLSchema-instance” xmlns:xsd=”http://www.w3.org/2001/XMLSchema”>
<transaction_type>sale3d</transaction_type>
<transaction_id>***</transaction_id>
<remote_ip>***</remote_ip>
<amount>49000</amount>
<currency>EUR</currency>
<card_holder>***</card_holder>
<card_number>513659…8108</card_number>
<expiration_month>xxx</expiration_month>
<expiration_year>xxx</expiration_year>
<cvv>xxx</cvv>
<customer_email>***</customer_email>
<customer_phone>***</customer_phone>
<billing_address>
<first_name>***</first_name>
<last_name>***</last_name>
<address1>***</address1>
<zip_code>***</zip_code>
<city>***</city>
<country>**</country>
</billing_address>
<mpi_params>
<eci>02</eci>
<cavv>kBNCQdOyR7+gC0TewtJQZZeBXA+c</cavv>
<protocol_version>2</protocol_version>
</mpi_params>
<scheme_tokenized xsi:nil=”true”/>
<crypto>false</crypto>
</payment_transaction>
Example of a Success response:
<payment_response>
<transaction_type>sale3d</transaction_type>
<status>approved</status>
<cvv_result_code>M</cvv_result_code>
<authorization_code>428352</authorization_code>
<retrieval_reference_number>310709004106</retrieval_reference_number>
<scheme_response_code>00</scheme_response_code>
<unique_id>3994cd30195e79bf984e24557f2d865e</unique_id>
<transaction_id>z629tVws</transaction_id>
<response_code>00</response_code>
<mode>live</mode>
<timestamp>2023-04-17T09:15:49Z</timestamp>
<descriptor>***</descriptor>
<amount>49000</amount>
<currency>EUR</currency>
<threeds>
<eci>02</eci>
</threeds>
<sent_to_acquirer>true</sent_to_acquirer>
<scheme_transaction_identifier>MCSGVSHD8</scheme_transaction_identifier>
<scheme_settlement_date>0417</scheme_settlement_date>
</payment_response>
To learn more about the Apple Pay token structure, see the Payment Token Reference.