BLogic Systems

Setup Apple Pay

Last updated on 

A. Create Apple Developer Account

Go to Apple Developer site to create Apple Developer account, if you do not have any.

B. Create Apple Pay Merchant ID

Sign in to your Apple Developer account, then create Merchant Identifier.

C. Verify Your Domain [for web only]

1- Go to the Merchant ID you created for Apple Pay. Then click add domain as follows:

  1. Add the domain or subdomain you want to implement Apple Pay on, as follows:

3- You will be redirected to the verify page as the following image, contating two buttons: Download and Verify.

apple-pay tutorial
apple-pay tutorial

First click download, you will be provided a text file containing the domain association hash, upload it to your server in the specified location: https://mystore.store/.well-known/apple-developer-merchantid-domain-association.txt. Then, make it readable to others, i.e., when you access the link through the browser you get the same provided hash, as follows:

apple-pay tutorial
apple-pay tutorial

Then click the verify button shown earlier.

4- You will be redirected to the Merchant ID page with your domain having status Verified as follows:

apple-pay tutorial
apple-pay tutorial

Now your domain is ready to process Apple Pay.

Note: if you get Pending status, make sure to have a valid secure TLS connection and copy the exact text file.

D. Create Merchant ID Certificate and Private Key [for web only]

This section will guide you to create a Merchant Identity Certificate and Private Key through a CertificateSigningRequest file.

1- Go to the Keychain Access app on mac, from the Certificate Assistant choose “Request a Certificate From a Certificate Authority…”

apple-pay tutorial
apple-pay tutorial

2- Fill your email address, common name, choose “Saved to desk”, then click continue.

3- You will be asked to choose where you want to save the file, choose a folder then save it. The file will be saved with the name “CertificateSigningRequest.certSigningRequest”

apple-pay tutorial
apple-pay tutorial

4- Go to your Merchant ID on Apple Developer website, in the Apple Pay Merchant Identity Certificate, click Create Certificate button.

apple-pay tutorial
apple-pay tutorial

5- Click Choose File button, then choose the CertSigningRequest file you saved earlier, then click Continue button.

apple-pay tutorial
apple-pay tutorial

6- Now you created the certificate in cer format. Download the certificate. The downloaded file name will be “merchant_id.cer”.

apple-pay tutorial
apple-pay tutorial

7- You will have your certificate information in the Apple Pay Merchant Identity Certificate section as follows:

apple-pay tutorial
apple-pay tutorial

8- From your computer double click on the downloaded certificate, merchant_id.cer, open Keychain Access app, go to “My Certificates” tab from the login menu on the left, then find your certificate by searching with your Merchant ID, in this tutorial it is “merchant.store.mystore”.

There will be an arrow to the left of your certificate name, click it to expand it, then you will see the private key with a key emoji, in this tutorial it is named “mystore shop”, as follows:

apple-pay tutorial
apple-pay tutorial

9- Right click on the key then choose “Export “mystore shop”…”

apple-pay tutorial
apple-pay tutorial

10- Save the file with the right format “p12”

apple-pay tutorial
apple-pay tutorial

11- Choose Import Password for the file, store it somewhere because you will need it later, then click Ok. You will be then asked to enter your mac user password or fingerprint, complete it.

apple-pay tutorial
apple-pay tutorial

12- Now you only need to create the certificate and private key in PEM format to use them for Apple Pay requests. From your terminal, make sure you are in the folder that you saved Certificates.p12 in. Then perform this command

openssl pkcs12 -in Certificates.p12 -out ApplePay.crt.pem -clcerts -nokeys

13- Enter the Import Password you chose when creating your p12 file from Keychain Access app. When this step is completed, you will have new certificate file named ApplePay.crt.pem.

14- Perform the following command to create your private key in PEM format

openssl pkcs12 -in Certificates.p12 -out ApplePay.key.pem -nocerts

It will ask you to enter the Import Password, then enter a new Passphrase. Store your passphrase somewhere safe.

The newly created ApplePay.crt.pem and ApplePay.key.pem will be used later for Merchant Validation step.

E. Create Payment Processing Certificate

Merchant Identity Certificate

Before we can proceed, we need to generate a Merchant Identity Certificate that will allow us to successfully connect to Apple’s servers and request an Apple Pay session.

You can follow this guide to acquire your certificate: How to Setup Apple Pay Requirements.

Storing Certificates

Certificates are credential files, they are used to authenticate you with Apple and must be stored safely. You SHOULD NEVER store them in your wwwroot directory and instead store them in the project directory.

You can instruct Visual Studio to copy the files every build or add this to your csproj file:

<ItemGroup>
    <None Update="merchant_id/**/*">
        <CopyToOutputDirectory>Always</CopyToOutputDirectory>
    </None>
</ItemGroup>

.NET Core requires certificate and key files to be combined into a pfx file, to do this we can run the following command on our files:

openssl pkcs12 -export -in ApplePay.crt.pem -inkey ApplePay.key.pem -out ApplePay.pfx

For this demonstration, we will store our pfx file as /path/to/project/merchant_id/ApplePay.pfx.