Apple Pay for the Web Merchant Val… | Apple Developer Forums

Developer Forums

Has anyone found documentation on actually performing the Merchant Validation step? A signed request to the validationURL in the onvalidatemerchant event gives me an error message requesting a valid JSON object. Passing a valid JSON object responds with

{
  "statusMessage": "Payment Services Exception Invalid session request -- missing merchant identifier",
  "statusCode": "400"
}

Unfortunately, all of the obvious key names for merchant identifier are failing me(id, merchant, merchant_id, merchant_identifier). As far as I can tell there, isn't any documentation surrounding this step.

Apple Pay

58k

Posted by

jarretth

Reply

Accepted Reply

Finally figured it out!

"merchantIdentifier" is the correct field name, and there are 2 more required, "domainName" and "displayName". The trick here is that "merchantIdentifier" is actually OID 1.2.840.113635.100.6.32 in the identity certificate(View the certificate in Keychain for an easy way to find this), and "displayName" is your plaintext name.

{
    "merchantIdentifier":"F3[...]4B",
    "domainName":"[verified domain]",
    "displayName":"merchant.[...]"
}

IE:

curl --data '{"merchantIdentifier":"F3[...]4B", "domainName":"[verified domain]", "displayName":"merchant.[...]"}' --cert ./<certFile>:<certPassword>  <validationURL>

And a session token is yours!

Posted by

jarretth

Replies

I tried this and it works. The php script fails for me with the same error as "OSSStatus -61". Seems the .pem file is not supported now and you have to use .p12 file. Since i dont have a password for my certificate so i v used --pass ""

curl --data '{"merchantIdentifier":"merchant.com.xxxxxxx","domainName":"mystore.com","displayName":"MyStore"}' --cert /Library/WebServer/Documents/ApplePayJS/MerchIdentity.p12 --pass "" https://apple-pay-gateway.apple.com/paymentservices/startSession -v

Thanks

Gurvinder

Posted by

gurvinder21

Ok, good that you got it working, but I'd try to avoid any changes just to get it working when serverd from your Mac's local webserver as this won't be the case when you deploy it for reals - that's likely to be on a CENTOS server or similar, which will more than likely be using OpenSSL.

Posted by

NorfolkMustard

Hi,

I am following your ApplePayJS project on Github.I am able to get all the points,Bit confused about this below point.

have you got a Merchant (Payment processing ) certificate from apple? (you may need this signed with your payment processing partner's csr rather than your own - e.g. Stripe.com )

My payment processing partner is cybersource so i got a CSR from cybersource .I can generate the payment processing cert from apple but where it will be used.We are sending the encrypted response to cybersource so they would be decrypting the payment data.Are i need to send the cerificate to cybersource or just create the cert and leave it .

Please help.

Thanks.

Posted by

Mahalingam79

hi.

So. there's two encrypted conversations going on.

between you and apple, asking for a 5 minute merchant session token. proving to apple that you're a pre-approved applepay merchant
between the customer and apple. apple turns the credit card token on the customer's iphone into a token encrypted with the payment processing certificate you created with cybersource's CSR. Cybersource have the private key (they generated it at the same time they generated the CSR (which is a combinaiton of a public key and an identifier)

Looking on cybersource's website, looks like they don't need the certificate apple generated with their CSR. Other payment processors ask for it (e.g. stripe.com)

Posted by

NorfolkMustard

Apple developer site gives error when I attemp to generate this certificate using an ECC(256) csr. It says it should be RSA(2048).

How did you manage to generate your ECC certificate?

Thanks

Posted by

kenaus19

Hi I am getting payment not completed error message..!

Where do I need to attach the payment processing certificate. I created aaplepay.cert using CSR.!

But I don't know where I should attach this and how??

Posted by

ngupta

@jarretth What does OID stand for? I'm trying to find this in Keychain Access but I don't see anything labeled this?

Posted by

tsteuwer-accesso

Nevermind. This is the Organizations Id. Which is basically whatever you put in there (e.g. merchant.whatever.com)

Posted by

tsteuwer-accesso

Posted by

Noon Noon

Posted by

Noon Noon

evermeire1

Your post was what saved my life along with a post from stack overflow. I have been on this for a week till I found this.

For any one who might be using coldFusion, which might be just me I would constantly get 503 Service unavailable. Here is what worked eventually

<cfhttp

url="#VARIABLES.serverEndPoint#"

method="post"

result="result"

charset="utf-8"

clientCert ="/var/www/html/ler/pathto.p12"

clientCertPassword="#password#"

>

<cfhttpparam

name="data"

type="XML"

value='{"merchantIdentifier":"#merchantID#", "domainName":"#DomainName#", "displayName":"Application Name"}'

/>

</cfhttp>

Posted by

it@artsupplynetwork

Hi,

I am trying to validate merchant through node express.js . Below is my code

app.get('/merchant-session/new', function (req, res) {
  var uri = req.query.validationURL || 'https://apple-pay-gateway-cert.apple.com/paymentservices/startSession';
  var options = {
  uri: uri,
  json: {
  merchantIdentifier: "merchant...",
  displayName: "....",
  domainName: "fe-uat2-..."
  },

  agentOptions: {
  cert: cert,
  key: cert
  }
  };

  request.post(options, function (error, response, body) {
  if (body) {
  // Apple returns a payload with `displayName`, but passing this
  // to `completeMerchantValidation` causes it to error.
  delete body.displayName;
  }
  console.log('body =>>>>>', body);
  console.log('respnse =>>>>>', response)
  res.send(body);
  }, (error) => {
  console.error(`error =>>>>`, error);
  });
});

I am getting undefined in response.

I have generate certificate from KeyChain Access and uploaded that to get Apple Pay Merchant Identity Certificate.

Then dowloaded the certificate and saved in KeyChain Access and the exported as pem.

And passed as cert and key.

Certificate is from developer Account and I have logged in icloud with Sandbox account to test pay. Don't know if this is the issue.

Anyone, please help.

Posted by

applepaytesting

Same issue. All I had to do was create the payment processing certificate in the Apple Dev portal even though I'm not using it yet. Issue was really obscure but your comment saved me.

This fixed error "Payment Services Exception merchantId=... not registered for service"

HTTP/1.1 417 Expectation Failed

Posted by

pgrennin

@NorfolkMustard

How can I get the "encrypted, tokenised credit card number" and decrypt it to get the credit card number and process the payment myself ?

I am struggling to get the credit card number from the response object. I managed to get customer name, card brand, type and last 4 digits of card number. But cannot get the full card number. (see my question https://forums.developer.apple.com/thread/128712).

This is what I get from the JS at the end: https://drive.google.com/file/d/1a33fsO77xGNxUEC2qKQFYbKpWK1qzo87/view

But how can I get the credit card number out of that ?

Posted by

shahirhajir

Hi. Please explain what is the <certFile>:<certPassword>

Posted by

kharchuk