Apple Pay for the Web Merchant Val… | Apple Developer Forums

Developer Forums

Has anyone found documentation on actually performing the Merchant Validation step? A signed request to the validationURL in the onvalidatemerchant event gives me an error message requesting a valid JSON object. Passing a valid JSON object responds with

{
  "statusMessage": "Payment Services Exception Invalid session request -- missing merchant identifier",
  "statusCode": "400"
}

Unfortunately, all of the obvious key names for merchant identifier are failing me(id, merchant, merchant_id, merchant_identifier). As far as I can tell there, isn't any documentation surrounding this step.

Apple Pay

58k

Posted by

jarretth

Reply

Accepted Reply

Finally figured it out!

"merchantIdentifier" is the correct field name, and there are 2 more required, "domainName" and "displayName". The trick here is that "merchantIdentifier" is actually OID 1.2.840.113635.100.6.32 in the identity certificate(View the certificate in Keychain for an easy way to find this), and "displayName" is your plaintext name.

{
    "merchantIdentifier":"F3[...]4B",
    "domainName":"[verified domain]",
    "displayName":"merchant.[...]"
}

IE:

curl --data '{"merchantIdentifier":"F3[...]4B", "domainName":"[verified domain]", "displayName":"merchant.[...]"}' --cert ./<certFile>:<certPassword>  <validationURL>

And a session token is yours!

Posted by

jarretth

Replies

Tried

merchantIdentifier

?

Posted by

NorfolkMustard

Hi I also work on this , I didn't find any doc or info for performValidation method. Can you please give us some sample code of this method.Thx.

Posted by

alanlv

Finally figured it out!

"merchantIdentifier" is the correct field name, and there are 2 more required, "domainName" and "displayName". The trick here is that "merchantIdentifier" is actually OID 1.2.840.113635.100.6.32 in the identity certificate(View the certificate in Keychain for an easy way to find this), and "displayName" is your plaintext name.

{
    "merchantIdentifier":"F3[...]4B",
    "domainName":"[verified domain]",
    "displayName":"merchant.[...]"
}

IE:

curl --data '{"merchantIdentifier":"F3[...]4B", "domainName":"[verified domain]", "displayName":"merchant.[...]"}' --cert ./<certFile>:<certPassword>  <validationURL>

And a session token is yours!

Posted by

jarretth

Hi, could you please share somethin about how your "performValidation" functions looks like?

Posted by

AHurynovich

try this to get you started

function performValidation(valURL) {
  return new Promise(function(resolve, reject) {
    var xhr = new XMLHttpRequest();
    xhr.onload = function() {
          var data = JSON.parse(this.responseText);
          resolve(data);
    };
    xhr.onerror = reject;
    xhr.open('GET', 'apple_pay_do.php?u=' + valURL);
    xhr.send();
  });
}

and in apple_pay_do.php

$validation_url = $_GET['u'];


// create a new cURL resource
$ch = curl_init();


$data = '{"merchantIdentifier":"97....B0", "domainName":"your domain name", "displayName":"your display name"}';


curl_setopt($ch, CURLOPT_URL, $validation_url);
curl_setopt($ch, CURLOPT_SSLCERT, PRODUCTION_CERTIFICATE_PATH);
curl_setopt($ch, CURLOPT_SSLKEY, PRODUCTION_CERTIFICATE_KEY);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $data);


if(curl_exec($ch) === false)
{
    echo 'Curl error: ' . curl_error($ch);
}


// close cURL resource, and free up system resources
curl_close($ch);

This has got me as far as getting the merchant session identifier and nonce back from apple, and a successful "Pay with touch id" section in the applepay sheet in mobile safari.

Posted by

NorfolkMustard

Hi,

Calling the validationURL (to start session) gives me 404 - page not found. How did you manage to get this nice error message 😀

Posted by

raxbg

the merchant validation service seems to be offline at the moment, since around Friday (was working fine for me before then). Currently getting Http/1.1 Service Unavailable

Posted by

NorfolkMustard

Can I ask roughly what certificate you provided in that curl command, e.g. which stage in setup did it come from. I've exported various certs and tested a similar command from my webserver but to no avail:

$ cat fish.post
{"merchantIdentifier":"B7...D8","domainName:"www.***","displayName":"merchant.com.xxxxxxxxx"}
$ curl -k -X POST -d @fish.post --cert ~/applepaycerts/my.pem https://apple-pay-gateway-cert.apple.com/paymentservices/startSession

My current error is:

curl: (35) error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca

Thanks,

Paul

Posted by

Diziet

Scratch that it was the key/cert combination I thought it was but I noticed in keychain that my copy was marked as "invalid" and I had to regenerate.

Posted by

Diziet

It looks like it is still offline... I am currently getting HTTP/1.1 500 Internal Server Error

Posted by

raxbg

It's working ok for me today (and yesterday)

Posted by

NorfolkMustard

SIlly question but,

the value of your merchantIdentifier, you said you can view this in keychain, is it the value of the data field under the extention 1.2.840.113635.100.6.32?

Extention (1.2.840.113635.100.6.32)

Critical: NO

Data: 06...8F

Posted by

cmghawk

The merchantIdentifier format shown in the online guide is working OK now, no need to hunt for the ID in the certificate any more

{ "merchantIdentifier":"merchant.com.example.mystore", "domainName":"mystore.example.com", "displayName":"MyStore" }

Posted by

NorfolkMustard

thanks! That works great.

I was also incorrectly adding in my https:// to my domain name.

Posted by

cmghawk

Hi ,

I am trying to do merchant validation and getting beow error.

Please help .

If any one have standlone file to connect apple server using https post.

Pease share ...

javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure

Posted by

Applepay123