Click here to search the entire website

Decrypting the Apple Pay payload

Note:  We don't recommend this model unless you explicitly require access to the contents of the encrypted Apple Pay payload.

To decrypt the payload, you generate your own public/private key pair and your own Certificate Signing Request (CSR) to upload to the Apple Pay Developer Portal. The remaining steps are the same as in Integrate Apple Pay.

You can find more information at:

https://developer.apple.com/library/content/documentation/PassKit/Reference/PaymentTokenJSON/PaymentTokenJSON.html

Create your private key and CSR

  1. Create your private key:

    openssl ecparam -out private_key_file.key -name prime256v1 –genkey

     

  2. Create the CSR:

    openssl req -new -sha256 -key private_key_file.key -nodes -out certificate_signing_request.csr -subj '/O=Your Name or Company/C=US'

    The output is a private key file at private_key_file.key and the CSR in certificate_signing_request.csr, which should look like this:

    -----BEGIN EC PARAMETERS-----

    BgUrgQQACg==

    -----END EC PARAMETERS-----

    -----BEGIN EC PRIVATE KEY-----

    MJQCAQEEID0Y+YLOz6ed+dMlh062WSwgxl7a0WVI9en3tjntAdwooAcGBSuAABBK

    oUGDQgAEwHGnT+kCI+oqFK8ALEZzBcqHC+VNwmCLQHx51zCT51TpZEIufTFpac3a

    E5sNqznV2Dp39N0wVCBQ7QPGI6SXvg==

    -----END EC PRIVATE KEY-----

    -----BEGIN CERTIFICATE REQUEST-----

    MIK3MIGgAgEAMEExGTEXBgNVBAMTEHd3dy5zcHJlVXRseS5jb20xFzAVBgNVBAoT

    DlNwcmVlZGx5LCBJbmMuMQswCQYDVQQGEwJVUzBWMBAGByqGSM49AgEGBSuBBAAK

    A0IABMBxp0/pAiPqKhSvACxEcwXKhwvkDcJgi0B8edcwk+dU6WRBLn0yaWnN2hOb

    Das51dg6d/TdMFQgFe6DxiOlk76gADAJBgcqhkjOPQQBA0cAMRQCIBGy+OBbsjey

    lQhqezpSRt+IKfMMLdA78Pnck3fWIVxcAiBOYX1hmOREEysFQq0eX309iY0uZ3dm

    MRDa/83lW8GcBQ==

    -----END CERTIFICATE REQUEST-----

  3. Upload the CSR to the Apple developers portal.

Map the fields

Once you've successfully decrypted the payload, you'll have access to the raw message content. Use this table to map the Apple Pay fields to the Worldpay XML. Add the data from the payload into the Worldpay XML without any manipulation, unless stated below:

Apple Pay field Worldpay XML field Notes
applicationPrimaryAccountNumber <tokenNumber>  
applicationExpirationDate

<date>

    month & year

Month is 2 digit MM format, year is 4 digit YYYY format
currencyCode

<amount>

    currencyCode

Worldpay require currencyCode in 3 letter format (i.e. EUR), mapped from Apple’s 3 digit ISO 4217
transactionAmount

<amount>

    value

 
cardholderName <cardHolderName> Optional
onlinePaymentCryptogram <cryptogram> 3D Secure cryptogram
eciIndicator <eciIndicator> Zero padded to 2 digit format (if a value of 7 is received, then add a value of 07 to the XML)

Integrate to Worldpay

To pass the decrypted payment to Worldpay for authorisation, submit your XML with the below child elements of <EMVCO_TOKEN-SSL>.

Example XML request

<?xml version="1.0" encoding="UTF-8"?>

<!DOCTYPE paymentService PUBLIC "-//WorldPay/DTD WorldPay PaymentService v1//EN"

"http://dtd.worldpay.com/paymentService_v1.dtd">

<paymentService version="1.4" merchantCode="MYMERCHANT">

  <submit>

  <order orderCode="applepayorder123" shopperLanguageCode="en">

    <description>ApplePay test order</description>

    <amount value="100" currencyCode="EUR" exponent="2"/>

    <orderContent>

      <![CDATA[]]>

    </orderContent>

    <paymentDetails>

      <EMVCO_TOKEN-SSL type="APPLEPAY">

        <tokenNumber>444433332222....</tokenNumber>

        <expiryDate><date month="10" year="2022"/></expiryDate>

        <cardHolderName>John Doe</cardHolderName>

        <cryptogram>AAAA...</cryptogram>

      <eciIndicator>07</eciIndicator>

      </EMVCO_TOKEN-SSL>

    </paymentDetails>

    <shopper>

      <shopperEmailAddress>sp@worldpay.com</shopperEmailAddress>

    </shopper>

  </order>

  </submit>

</paymentService>

Response

The response message is the same as our standard XML responses.

Problems? Try Troubleshoot