Decrypting Apple Pay tokens
Learn about Apple Pay network-based tokenisation and the available decryption methods.
Apple Pay enhances transaction security through network-based tokenisation. By replacing sensitive payment information with unique tokens, generated by the payment network or scheme, Apple Pay offers a secure and convenient payment experience for customers using their Apple devices.
To ensure a smooth payment experience, explore the available decryption methods. These methods allow you to securely retrieve and process the tokenised payment data.
Apple Pay transactions comply with Strong Customer Authentication (SCA) requirements.
With Apple Pay, users authenticate themselves using biometric authentication methods like Face ID or Touch ID, or by entering a passcode on their Apple devices. This authentication process ensures that each transaction meets the SCA standards, providing an additional layer of security and authentication for the payment process.
Prerequisites
Your certificate and decryption requirements depend on the integration method you use:
- Web Payment Form (WPF): emerchantpay manages the Apple Pay configuration and payment token decryption. You don’t need to generate or upload a
.p12file for this hosted flow. - Server-to-server integration: To send encrypted Apple Pay tokens to emerchantpay for decryption, you need a valid
.p12certificate. For more information, see Generate a .p12 file for Apple Pay.
Decryption methods
There are three decryption methods to consider, each offering varying degrees of convenience and control. Understanding these decryption approaches will help you determine the most suitable option for your specific needs and preferences.
- Decryption through emerchantpay’s Web Payment Form
- emerchantpay decryption
- Merchant decryption
Decryption through emerchantpay’s Web Payment Form
Decrypting through emerchantpay’s Web Payment Form provides the simplest Apple Pay setup. With this method, you don’t need to create an Apple Developer account and Apple Pay certificates, upload a .p12 file. emerchantpay hosts the payment page, manages the Apple Pay configuration, and decrypts the Apple Pay payment token for processing. However, using this decryption method comes with reduced independence and customisation options.
emerchantpay decryption
When using emerchantpay’s decryption service, you retain control over managing your payment page and making direct requests to Apple. You send the transaction results to emerchantpay for decryption and processing, relieving you of the responsibility of decrypting the payment tokens yourself.
Example of passing a request:
<payment_transaction>
<transaction_id>***</transaction_id>
<usage>***</usage>
<description>***</description>
<remote_ip>***</remote_ip>
<amount>10714</amount>
<currency>EUR</currency>
<customer_email>***</customer_email>
<customer_phone>***</customer_phone>
<notification_url>***</notification_url>
<return_success_url>***</return_success_url>
<return_failure_url>***</return_failure_url>
<billing_address>
<first_name>John</first_name>
<last_name>Smith</last_name>
<address1>45 North Str</address1>
<zip_code>W1T 2QS</zip_code>
<city>London</city>
<country>UK</country>
</billing_address>
<transaction_type>apple_pay</transaction_type>
<payment_subtype>sale</payment_subtype>
<payment_token>{“paymentData”:{“signature”:”MIAGCSqGSIb3DQEHAqCAMIACAQExDTALBglghkgBZQMEAgEwgAYJKoZIhvcNAQcBAACggDCCA+MwggOIoAMCAQICCEwwQUlRnVQ2MAoGCCqGSM49BAMCMHoxLjAsBgNVBAMMJUFwcGxlIEFwcGxpY2F0aW9uIEludGVncmF0aW9uIENBIC0gRzMxJjAkBgNVBAsMHUFwcGxlIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MRMwEQYDVQQKDApBcHBsZSBJbmMuMQswCQYDVQQGEwJVUzAeFw0xOTA1MTgwMTMyNTdaFw0yNDA1MTYwMTMyNTdaMF8xJTAjBgNVBAMMHGVjYy1zbXAtYnJva2VyLXNpZ25fVUM0LVBST0QxFDASBgNVBAsMC2lPUyBTeXN0ZW1zMRMwEQYDVQQKDApBcHBsZSBJbmMuMQswCQYDVQQGEwJVUzBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABMIVd+3r1seyIY9o3XCQoSGNx7C9bywoPYRgldlK9KVBG4NCDtgR80B+gzMfHFTD9+syINa61dTv9JKJiT58DxOjggIRMIICDTAMBgNVHRMBAf8EAjAAMB8GA1UdIwQYMBaAFCPyScRPk+TvJ+bE9ihsP6K7\/S5LMEUGCCsGAQUFBwEBBDkwNzA1BggrBgEFBQcwAYYpaHR0cDovL29jc3AuYXBwbGUuY29tL29jc3AwNC1hcHBsZWFpY2EzMDIwggEdBgNVHSAEggEUMIIBEDCCAQwGCSqGSIb3Y2QFATCB\/jCBwwYIKwYBBQUHAgIwgbYMgbNSZWxpYW5jZSBvbiB0aGlzIGNlcnRpZmljYXRlIGJ5IGFueSBwYXJ0eSBhc3N1bWVzIGFjY2VwdGFuY2Ugb2YgdGhlIHRoZW4gYXBwbGljYWJsZSBzdGFuZGFyZCB0ZXJtcyBhbmQgY29uZGl0aW9ucyBvZiB1c2UsIGNlcnRpZmljYXRlIHBvbGljeSBhbmQgY2VydGlmaWNhdGlvbiBwcmFjdGljZSBzdGF0ZW1lbnRzLjA2BggrBgEFBQcCARYqaHR0cDovL3d3dy5hcHBsZS5jb20vY2VydGlmaWNhdGVhdXRob3JpdHkvMDQGA1UdHwQtMCswKaAnoCWGI2h0dHA6Ly9jcmwuYXBwbGUuY29tL2FwcGxlYWljYTMuY3JsMB0GA1UdDgQWBBSUV9tv1XSBhomJdi9+V4UH55tYJDAOBgNVHQ8BAf8EBAMCB4AwDwYJKoZIhvdjZAYdBAIFADAKBggqhkjOPQQDAgNJADBGAiEAvglXH+ceHnNbVeWvrLTHL+tEXzAYUiLHJRACth69b1UCIQDRizUKXdbdbrF0YDWxHrLOh8+j5q9svYOAiQ3ILN2qYzCCAu4wggJ1oAMCAQICCEltL786mNqXMAoGCCqGSM49BAMCMGcxGzAZBgNVBAMMEkFwcGxlIFJvb3QgQ0EgLSBHMzEmMCQGA1UECwwdQXBwbGUgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxEzARBgNVBAoMCkFwcGxlIEluYy4xCzAJBgNVBAYTAlVTMB4XDTE0MDUwNjIzNDYzMFoXDTI5MDUwNjIzNDYzMFowejEuMCwGA1UEAwwlQXBwbGUgQXBwbGljYXRpb24gSW50ZWdyYXRpb24gQ0EgLSBHMzEmMCQGA1UECwwdQXBwbGUgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxEzARBgNVBAoMCkFwcGxlIEluYy4xCzAJBgNVBAYTAlVTMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE8BcRhBnXZIXVGl4lgQd26ICi7957rk3gjfxLk+EzVtVmWzWuItCXdg0iTnu6CP12F86Iy3a7ZnC+yOgphP9URaOB9zCB9DBGBggrBgEFBQcBAQQ6MDgwNgYIKwYBBQUHMAGGKmh0dHA6Ly9vY3NwLmFwcGxlLmNvbS9vY3NwMDQtYXBwbGVyb290Y2FnMzAdBgNVHQ4EFgQUI\/JJxE+T5O8n5sT2KGw\/orv9LkswDwYDVR0TAQH\/BAUwAwEB\/zAfBgNVHSMEGDAWgBS7sN6hWDOImqSKmd6+veuv2sskqzA3BgNVHR8EMDAuMCygKqAohiZodHRwOi8vY3JsLmFwcGxlLmNvbS9hcHBsZXJvb3RjYWczLmNybDAOBgNVHQ8BAf8EBAMCAQYwEAYKKoZIhvdjZAYCDgQCBQAwCgYIKoZIzj0EAwIDZwAwZAIwOs9yg1EWmbGG+zXDVspiv\/QX7dkPdU2ijr7xnIFeQreJ+Jj3m1mfmNVBDY+d6cL+AjAyLdVEIbCjBXdsXfM4O5Bn\/Rd8LCFtlk\/GcmmCEm9U+Hp9G5nLmwmJIWEGmQ8Jkh0AADGCAYgwggGEAgEBMIGGMHoxLjAsBgNVBAMMJUFwcGxlIEFwcGxpY2F0aW9uIEludGVncmF0aW9uIENBIC0gRzMxJjAkBgNVBAsMHUFwcGxlIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MRMwEQYDVQQKDApBcHBsZSBJbmMuMQswCQYDVQQGEwJVUwIITDBBSVGdVDYwCwYJYIZIAWUDBAIBoIGTMBgGCSqGSIb3DQEJAzELBgkqhkiG9w0BBwEwHAYJKoZIhvcNAQkFMQ8XDTIzMDQxMTE2NTUwNFowKAYJKoZIhvcNAQk0MRswGTALBglghkgBZQMEAgGhCgYIKoZIzj0EAwIwLwYJKoZIhvcNAQkEMSIEIIt8HtiZPlAqbJ9FFi6tw3+AjQnGDUgas1i1nRpS+Ci7MAoGCCqGSM49BAMCBEcwRQIgFXDNiN9n2hnrmAi6SC+XH4Al+ksy59hpSCKCV9fJcXUCIQDhcWZ9VyUBOISHje6BKaIOWVMeUQiP18ODTvd13qkBDgAAAAAAAA==”,”header”:{“transactionId”:”91a7ecae8c2f7ad36e1b262a9ff836a421a83e1241f2f36646cdceb91caf75d8″,”ephemeralPublicKey”:”MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAECeCKHApBVFCNX5BtRF9JnWS2YmNBVrONB2XQKdMp7i2\/eQ\/MU5uzjoD1p8SoLHn7uptvSi5snDuCSDHCJIIH0g==”,”publicKeyHash”:”vIP5spRB7yo3vSNP+szKCvOCnn2BQYQBuNhUGvsdmCY=”},”data”:”EyaclYTgqXSIDf8SGPuhihKUwakvu54J7AD7v5fT3Nt6r0Qv+qRS08G3I7olAY4NPA+AHrtDtSMarlwzVZCqi9kWxMSKYamnrAQyuWJcg2njG2NUW29CXdk9Jxufx3+zvI+jbhiZfS6xtrwrdwV+9hb+EqvzQtQq0bYQ+wdQtEUIr\/SsSWX7rXg6CsetGE8Z0fcWFQoqxoICNSyLdI6yiHhX5+VszgrUohJ2id2g7dES0nQVmzbnFNbCQ2r8Br6liJ4zn6sGHYKN\/mXIZX1OuW8I3urRD8xXU3GXS2xCYlFejHZGaKM8czz6oZiT16PscWMDbKoxZTnRfzeLkPP1b0SNr87OSsf1IbSzgzrBo0YBDD16eBMdrO4PxAoc0wTJRZnTE1L+EA78bI0cUn4F7X0hOhjEsDg9i4zPUhQ8Xt6V”,”version”:”EC_v1″},”paymentMethod”:{“network”:”Visa”,”type”:”debit”,”displayName”:”Visa 0279″},”transactionIdentifier”:”91a7ecae8c2f7ad36e1b262a9ff836a421a83e1241f2f36646cdceb91caf75d8″}</payment_token>
<return_pending_url>***</return_pending_url>
</payment_transaction>
Example of a Success response:
<payment_response>
<transaction_type>apple_pay</transaction_type>
<status>approved</status>
<crypto>true</crypto>
<cvv_result_code> </cvv_result_code>
<authorization_code>274760</authorization_code>
<scheme_response_code>00</scheme_response_code>
<unique_id>cc7857dbb22892e03abe833e7733c3ca</unique_id>
<transaction_id>dab15c49-95d3-46d6-87d9-8027c468a2ca</transaction_id>
…
<amount>10714</amount>
<currency>EUR</currency>
<threeds>
<eci>05</eci>
</threeds>
<sent_to_acquirer>true</sent_to_acquirer>
</payment_response>
Merchant decryption
You can also choose to handle the decryption process yourself. You decrypt the payment tokens and send the transaction elements to emerchantpay. Instead of specifying apple_pay as the transaction_type and providing a payment_token, you must flag the transactions as scheme-tokenised.
This approach depends on your specific integration and it allows you to have direct control over the decryption process. You may choose to decrypt the payment tokens yourself for greater control, customisation, and adherence to specific security or compliance requirements.
To use this method, you must:
- Have an account that is specifically enabled to support tokenised transactions.
- Map the decrypted data as per the emerchantpay Payment Gateway API tokenised e-commerce documentation.
Example of passing a request:
<payment_transaction xmlns:xsi=”http://www.w3.org/2001/XMLSchema-instance” xmlns:xsd=”http://www.w3.org/2001/XMLSchema”>
<transaction_type>sale3d</transaction_type>
<transaction_id>***</transaction_id>
<remote_ip>***</remote_ip>
<amount>49000</amount>
<currency>EUR</currency>
<card_holder>John Smith</card_holder>
<card_number>513659…8108</card_number>
<expiration_month>xxx</expiration_month>
<expiration_year>xxx</expiration_year>
<cvv>xxx</cvv>
<customer_email>jsmith@example.com</customer_email>
<customer_phone>***</customer_phone>
<billing_address>
<first_name>John</first_name>
<last_name>Smith</last_name>
<address1>45 North Str</address1>
<zip_code>W1T 2QS</zip_code>
<city>London</city>
<country>UK</country>
</billing_address>
<mpi_params>
<eci>02</eci>
<cavv>kBNCQdOyR7+gC0TewtJQZZeBXA+c</cavv>
<protocol_version>2</protocol_version>
</mpi_params>
<scheme_tokenized xsi:nil=”true”/>
<crypto>false</crypto>
</payment_transaction>
Example of a Success response:
<payment_response>
<transaction_type>sale3d</transaction_type>
<status>approved</status>
<cvv_result_code>M</cvv_result_code>
<authorization_code>428352</authorization_code>
<retrieval_reference_number>310709004106</retrieval_reference_number>
<scheme_response_code>00</scheme_response_code>
<unique_id>3994cd30195e79bf984e24557f2d865e</unique_id>
<transaction_id>z629tVws</transaction_id>
<response_code>00</response_code>
<mode>live</mode>
<timestamp>2023-04-17T09:15:49Z</timestamp>
<descriptor>***</descriptor>
<amount>49000</amount>
<currency>EUR</currency>
<threeds>
<eci>02</eci>
</threeds>
<sent_to_acquirer>true</sent_to_acquirer>
<scheme_transaction_identifier>MCSGVSHD8</scheme_transaction_identifier>
<scheme_settlement_date>0417</scheme_settlement_date>
</payment_response>
To learn more about the Apple Pay token structure, see the Payment Token Reference.