Can't get "Finger print" after "Processing" status

Just out of curiosity, are you able to validate as a merchant and do you have onpaymentauthorized,

onpaymentmethodselected,

onshippingcontactselected, and

onshippingmethodselected setup with their proper complete functionality?

So for onpaymentauthorized call the

completePayment function

for onpaymentmethodselected call the completePaymentMethodSelection function

for onshippingcontactselected call the completeShippingContactSelection function

for onshippingmethodselected call the

completeShippingMethodSelection function.

For the complete functions you will need to pass in the necessary arguments which are described in the API docs.

I was getting that before I made the POST call to the url that you get back from the event that is passed into the onvalidatemerchant function.

Once you make a successful POST call you will get an object back that is needed for the rest of the applePay API calls.

Make sure that you're making the POST from your server (and not through your client JS)

Could you please share your onvalidatemerchant callback with me? And may be POST method's validation from server side?

No, for now I cant pass validation 😟

try this to get you started

/ Merchant Validation
  session.onvalidatemerchant = function (event) {
  console.log(event);
    var promise = performValidation(event.validationURL);
    promise.then(function (merchantSession) {
   session.completeMerchantValidation(merchantSession);


  }); }

and

function performValidation(valURL) {
  return new Promise(function(resolve, reject) {
    var xhr = new XMLHttpRequest();
    xhr.onload = function() {
          var data = JSON.parse(this.responseText);
          resolve(data);
    };
    xhr.onerror = reject;
    xhr.open('GET', 'apple_pay_do.php?u=' + valURL);
    xhr.send();
  });
}

and in apple_pay_do.php

$validation_url = $_GET['u'];

//NB check $validation_url is apple.com
// create a new cURL resource
$ch = curl_init();

$data = '{"merchantIdentifier":"merchant.com.blah.shop", "domainName":"shop.blah.com", "displayName":"Blah Shop"}';


curl_setopt($ch, CURLOPT_URL, $validation_url);
curl_setopt($ch, CURLOPT_SSLCERT, PRODUCTION_CERTIFICATE_PATH);
curl_setopt($ch, CURLOPT_SSLKEY, PRODUCTION_CERTIFICATE_KEY);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $data);


if(curl_exec($ch) === false)
{
    echo 'Curl error: ' . curl_error($ch);
}


// close cURL resource, and free up system resources
curl_close($ch);

This has got me as far as getting the merchant session identifier and nonce back from apple, and a successful "Pay with touch id" section in the applepay sheet in mobile safari.

Аnd could you please tell something about SSL key certificate genering and making "handshake" with Apple server side?

How far have you got so far?

Have you had Apple verify your domain name where you'll be using applepay?

have you got a MerchantID ( e.g. merchant.com.blurg ) recorded by apple

Merchant (Payment processing ) certificate from apple? (you may need this signed with your payment processing partner's csr rather than your own)

Merchant (session) certificate from apple (using your own csr)

i.e how far have you got in the "configuring your environment" here :-

https://developer.apple.com/reference/applepayjs

Onec you have your Merchant ID (session) certificate from apple, import that into keychain.app on your mac, export the combined private-key and cert as a .p12 file then, in terminal:-

openssl pkcs12 -in ApplePayMerchantIdentity_and_privatekey.p12 -out ApplePay.crt.pem -clcerts -nokeys
openssl pkcs12 -in ApplePayMerchantIdentity_and_privatekey.p12 -out ApplePay.key.pem -nocerts -nodes

and in my example apple_pay_do.php file previously

<?php
define('PRODUCTION_CERTIFICATE_KEY', '/your/path/here/ApplePay.key.pem');
define('PRODUCTION_CERTIFICATE_PATH', '/your/path/here/ApplePay.crt.pem');
?>

To check if your site is using one of the supported cipher suites https://developer.apple.com/reference/applepayjs#2166536

use https://www.ssllabs.com/ssltest/

I am not able to export the certificate as file format .p12 because it is grayed out in Keychain Access

I am confused about the complexity of the merchant validation. The WWDC video made this all look so simple.

Is this PHP project really necessary to make all this work?

I am using Authorize.net with the Global Payments processor and they support Apple Pay and tokenized payment processing.

I am using their certificate for Applepay and have gone thru all the steps to create the necessary certificates.

I was hoping that Authorize.net would handle most of this complex code and I could just use the Javascript code on my web site.

Just using your Javascript example (and not the php stuff), I am able to get the ApplePay sheet to pop up in the Safari screen with all of the correct credit card info and address pulled from my iPhone. That was a pleasant surprise.

And I get the iPhone icon that says Confirm on Rich's iPhone the first time I try it. However, it never lets me enter a fingerprint on my iPhone.

And all attempts after that say Payment Not Completed.

The error console shows "ReferenceError: Can't find variable: performValidation.

Hi,

It doesn't have to be PHP, but you do need some method of your web server (not the customer's browser via javascript) asking apple servers for permission to start an applepay session.

the flow is:

1. (html, javascript) :- customer visits your site, clicks "pay with applepay" button and is presented with an applepay payment sheet
2. (php or a.n.other server side script) :- your server (not the customer's browser) checks with the applepay servers that your applepay account is still authorised to do applepay stuff and if it is, authorises you (for max 5 minutes only) and enables the fingerprint button on the paysheet presented to the customer in #1 above.
3. (html, javascript) :-if customer approves via touchID, applepay generates a one-time-token for the customer's credit card, and encrypts that token using the certificate you gave apple in your developer account
4. you receive that payment token (html, javascript) and then either decrypt it yourself to charge or in your case you hand it off to authorize.net to charge it for you.
5. (html, javascript) :- you then handle the reply from authorise.net and tell the customer their transaction was successful, or failed (only authorize.net can tell you this, not apple or applepay)

I've compiled a guide and worked example on github here https://github.com/norfolkmustard/ApplePayJS it does use php for the server-side authentication. the "success" reply from the payment provider is faked, so you can see what success looks like and deal with the next step (#5 above)

OK, I will try the PHP approach.

I am stuck here though because I am not able to export as ***.p12

It defaults to .cer and will not let me select .p12

right-click that certificate (probably named "Merchant ID: merchant...." from within keychain access.app (you may need to expand the private key entry to see the certificate under it) and select "Export 'Merchant ID merchant....' ". This will default to exporting a xxxx.p12 file to your desktop.

the CSR (certificate signing request) you uploaded to apple, was that generated by you? and if it was, was it created within the same keychainAccess.app on the same Mac? a ***.p12 file is a combination of a private key and a certificate.

There are two certificates you get from apple, after supplying apple with two CSRs

1. To sign requests to begin an applepay session (this is wholely controlled by you, using a CSR generated on your own Mac. You have the private key and the public key (the public key is actually the CSR you give apple). In exchange for that CSR, apple give you a certificate. it's this certificate you add to keychain on the same Mac you created the CSR on. keychain will append the certificate to the private key in keychain. if it doesn't get attached, then you've got a mismatch somewhere. It should look like this, in your "certificates" category of keychain access.app, with the private key and certificate connected in a hierarchy http://farm9.static.flickr.com/8008/28337882544_b575b9f556_b.jpg
   
2. The other CSR is going to be provided by authorize.net (you get it from authorize.net and uplaod it to apple in your developer account). It's used by apple to encrypt the credit card token. you don't have the private key for this, authorize.net do.

Ah, I needed to double click on the Merchant ID certificate to expand it. Then I can see the private key.

It does let me export the private key.

Thanks much for your detailed explanations.

Rich

I have exported the p12 file and created the certificates for my server using your terminal commands.

You say...

"If at all possible, keep these two .pem files outside your root/public web folder. e.g. if your root web folder is /var/www/html/ then store these in /var/www/applepay_includes and include(); them in your php script."

I currently have a data folder at the root and a php folder inside of that folder. ( /root/data/php ).

It is empty because it has never been used.

Should I put the applepay_includes folder in that php folder or is better to have them at the root level?