Merchant Decryption of Apple Pay PKPaymentToken

Using this process, the responsibility for the decryption of the PKPaymentToken from Apple Pay falls to you. After completing the first three steps of the process as detailed in the Overview of Apple Pay Operation section and depicted by the green and blue arrows in FIGURE 1-10 Data/Transaction Flow with Merchant Decryption of Apple Pay PKPaymentToken, the process continues as follows:

  1. Your mobile application forwards the PKPaymentToken from Apple Pay, along with other normal information from the transaction (such as Bill To and Ship To Address), to your order processing server.

  2. Using your private key, you decrypt the PKPaymentToken, construct the Authorization/Sale transaction, and submit it to Worldpay. In this case, you would populate the cnpAPI <number> element with the device primary account number, the <expDate> element with the expiration date, and the <authenticationValue> field with the cryptogram extracted from the PKPaymentToken. Also, set the <orderSource> element to applepay (Server-side API submit).

  3. Worldpay detects that this is an Apple Pay transaction and submits the transaction with the appropriate information to the card networks for approval.

  4. Worldpay sends the Approval/Decline message back to your system. This message is the standard format for an Authorization or Sale response.

  5. You return the Approval/Decline message to your mobile application.

FIGURE 1-10 Data/Transaction Flow with Merchant Decryption of Apple Pay PKPaymentToken