Apple Pay for the Web Merchant Validation

Question

Created Jun ’16

Replies 45

Boosts 0

Views 60k

Participants 21

Has anyone found documentation on actually performing the Merchant Validation step? A signed request to the validationURL in the onvalidatemerchant event gives me an error message requesting a valid JSON object. Passing a valid JSON object responds with

{
  "statusMessage": "Payment Services Exception Invalid session request -- missing merchant identifier",
  "statusCode": "400"
}

Unfortunately, all of the obvious key names for merchant identifier are failing me(id, merchant, merchant_id, merchant_identifier). As far as I can tell there, isn't any documentation surrounding this step.

Answered by jarretth in 150042022

Finally figured it out!

"merchantIdentifier" is the correct field name, and there are 2 more required, "domainName" and "displayName". The trick here is that "merchantIdentifier" is actually OID 1.2.840.113635.100.6.32 in the identity certificate(View the certificate in Keychain for an easy way to find this), and "displayName" is your plaintext name.

{
    "merchantIdentifier":"F3[...]4B",
    "domainName":"[verified domain]",
    "displayName":"merchant.[...]"
}

IE:

curl --data '{"merchantIdentifier":"F3[...]4B", "domainName":"[verified domain]", "displayName":"merchant.[...]"}' --cert ./<certFile>:<certPassword>  <validationURL>

And a session token is yours!

Boost

Answer 1

gurvinder21 OP

Sep ’16

I tried this and it works. The php script fails for me with the same error as "OSSStatus -61". Seems the .pem file is not supported now and you have to use .p12 file. Since i dont have a password for my certificate so i v used --pass ""

curl --data '{"merchantIdentifier":"merchant.com.xxxxxxx","domainName":"mystore.com","displayName":"MyStore"}' --cert /Library/WebServer/Documents/ApplePayJS/MerchIdentity.p12 --pass "" https://apple-pay-gateway.apple.com/paymentservices/startSession -v

Thanks

Gurvinder

0

Answer 2

NorfolkMustard OP

Sep ’16

Ok, good that you got it working, but I'd try to avoid any changes just to get it working when serverd from your Mac's local webserver as this won't be the case when you deploy it for reals - that's likely to be on a CENTOS server or similar, which will more than likely be using OpenSSL.

0

Answer 3

Mahalingam79 OP

Oct ’16

Hi,

I am following your ApplePayJS project on Github.I am able to get all the points,Bit confused about this below point.

have you got a Merchant (Payment processing ) certificate from apple? (you may need this signed with your payment processing partner's csr rather than your own - e.g. Stripe.com )

My payment processing partner is cybersource so i got a CSR from cybersource .I can generate the payment processing cert from apple but where it will be used.We are sending the encrypted response to cybersource so they would be decrypting the payment data.Are i need to send the cerificate to cybersource or just create the cert and leave it .

Please help.

Thanks.

0

Answer 4

NorfolkMustard OP

Oct ’16

hi.

So. there's two encrypted conversations going on.

between you and apple, asking for a 5 minute merchant session token. proving to apple that you're a pre-approved applepay merchant
between the customer and apple. apple turns the credit card token on the customer's iphone into a token encrypted with the payment processing certificate you created with cybersource's CSR. Cybersource have the private key (they generated it at the same time they generated the CSR (which is a combinaiton of a public key and an identifier)

Looking on cybersource's website, looks like they don't need the certificate apple generated with their CSR. Other payment processors ask for it (e.g. stripe.com)

0

Answer 5

kenaus19 OP

Sep ’17

Hi evermeire1,

Apple developer site gives error when I attemp to generate this certificate using an ECC(256) csr. It says it should be RSA(2048).

How did you manage to generate your ECC certificate?

Thanks

0

Answer 6

ngupta OP

Nov ’17

Hi I am getting payment not completed error message..!

Where do I need to attach the payment processing certificate. I created aaplepay.cert using CSR.!

But I don't know where I should attach this and how??

0

Answer 7

tsteuwer-accesso OP

Nov ’17

@jarretth What does OID stand for? I'm trying to find this in Keychain Access but I don't see anything labeled this?

0

Answer 8

tsteuwer-accesso OP

Nov ’17

Nevermind. This is the Organizations Id. Which is basically whatever you put in there (e.g. merchant.whatever.com)

0

Answer 9

Noon Noon OP

Nov ’17

0

Answer 10

Noon Noon OP

Nov ’17

0

Answer 11

it@artsupplynetwork OP

May ’19

evermeire1

Your post was what saved my life along with a post from stack overflow. I have been on this for a week till I found this.

For any one who might be using coldFusion, which might be just me I would constantly get 503 Service unavailable. Here is what worked eventually

<cfhttp

url="#VARIABLES.serverEndPoint#"

method="post"

result="result"

charset="utf-8"

clientCert ="/var/www/html/ler/pathto.p12"

clientCertPassword="#password#"

>

<cfhttpparam

name="data"

type="XML"

value='{"merchantIdentifier":"#merchantID#", "domainName":"#DomainName#", "displayName":"Application Name"}'

/>

</cfhttp>

0

Answer 12

applepaytesting OP

Jul ’19

Hi,

I am trying to validate merchant through node express.js . Below is my code

app.get('/merchant-session/new', function (req, res) {
  var uri = req.query.validationURL || 'https://apple-pay-gateway-cert.apple.com/paymentservices/startSession';
  var options = {
  uri: uri,
  json: {
  merchantIdentifier: "merchant...",
  displayName: "....",
  domainName: "fe-uat2-..."
  },

  agentOptions: {
  cert: cert,
  key: cert
  }
  };

  request.post(options, function (error, response, body) {
  if (body) {
  // Apple returns a payload with `displayName`, but passing this
  // to `completeMerchantValidation` causes it to error.
  delete body.displayName;
  }
  console.log('body =>>>>>', body);
  console.log('respnse =>>>>>', response)
  res.send(body);
  }, (error) => {
  console.error(`error =>>>>`, error);
  });
});

I am getting undefined in response.

I have generate certificate from KeyChain Access and uploaded that to get Apple Pay Merchant Identity Certificate.

Then dowloaded the certificate and saved in KeyChain Access and the exported as pem.

And passed as cert and key.

Certificate is from developer Account and I have logged in icloud with Sandbox account to test pay. Don't know if this is the issue.

Anyone, please help.

0

Answer 13

pgrennin OP

Aug ’19

Same issue. All I had to do was create the payment processing certificate in the Apple Dev portal even though I'm not using it yet. Issue was really obscure but your comment saved me.

This fixed error "Payment Services Exception merchantId=... not registered for service"

HTTP/1.1 417 Expectation Failed

0

Answer 14

shahirhajir OP

Feb ’20

@NorfolkMustard

How can I get the "encrypted, tokenised credit card number" and decrypt it to get the credit card number and process the payment myself ?

I am struggling to get the credit card number from the response object. I managed to get customer name, card brand, type and last 4 digits of card number. But cannot get the full card number. (see my question https://forums.developer.apple.com/thread/128712).

This is what I get from the JS at the end: https://drive.google.com/file/d/1a33fsO77xGNxUEC2qKQFYbKpWK1qzo87/view

But how can I get the credit card number out of that ?

0

Answer 15

kharchuk OP

Mar ’20

Hi. Please explain what is the <certFile>:<certPassword>

0