Apple Pay prerequisites

Prerequisites for accepting Apple Pay transactions.

Before you can integrate Apple Pay in your website, you need to follow the steps as described here.

Step 1: Generate a Payment Processing Certificate

To generate a Payment Processing Certificate, you need to:

  1. Generate an ECC private key
  2. Create a Certificate Signing Request (CSR)

Generate an ECC private key

In Elliptic-curve cryptography (ECC), an ECC private key is a variable used to decrypt code that was encrypted with a public key.

You need to generate an ECC private key in a .key file.

In your command line tool, run the following OpenSSL command:

openssl ecparam -genkey -name prime256v1 -out ecckey.key

This command creates an ECC private key and saves it to a file named ecckey.key.

Generate a Certificate Signing Request

Now, use your new ECC private key from the previous step to generate a Certificate Signing Request (CSR).

In your command line tool, run the following OpenSSL command:

openssl req -new -sha256 -key ecckey.key -out ecccertreq.csr -subj /CN=www.mydomain.com

Step 2: Upload the Payment Processing Certificate CSR to Apple

Upload the this Payment Processing Certificate CSR to your Apple Developer account.

For more information on configuring your Apple Developer account, see the Apple Developer Account Help.

Step 3: Download the Apple-signed Payment Processing Certificate

Download and back up the Apple-signed Payment Processing Certificate (apple_pay.cer).

Step 4: Convert the certificate to a text file

In your command line tool, convert the Apple-signed Payment Processing Certificate to a text file in the .pem format:

openssl x509 -inform der -in apple-pay.cer -out apple-pay.pem

Step 5: Convert your ECC private key to a non-encrypted PKCS #8 private key

In cryptography, PKCS #8 is a standard syntax for storing private key information.

To use your ECC private key for decrypting, you need to convert it to a non-encrypted PKCS #8 private key, like this:

openssl pkcs8 -topk8 -nocrypt -in ecckey.key -out privatekey.key

Step 6: Upload your PKCS #8 private key and your Payment Processing Certificate to Unzer

Now you need to upload both your Apple-signed Payment Processing Certificate and your PKCS #8 private key to Unzer.

Upload your PKCS #8 private key to Unzer

To upload your PKCS #8 private key to Unzer, make a POST call to https://api.unzer.com/v1/keypair/applepay/privatekeys, with the following parameters in the request body:

Parameter Required Default Description Example
format Yes string The file type extension. PEM
type Yes string The type of the key. private-key
certificate Yes string Your non-encrypted PKCS #8 private key. See the following example request.

POST https://api.unzer.com/v1/keypair/applepay/privatekeys

Body:
{
   "format": "PEM",
   "type": "private-key",
   "certificate": "MHcCAQEEIKTAL4TwcY9Upc/9XdIlxRBvU0fuaFA2BhGkqDNxiBkgoAoGCCqGSM49AwEHoUQDQgAEZVFjAqVtO/2vgaIGJFA7n7WUqewS6lbHcQwK7sCAMmDgKHcikCY5FOl7euO3sEBKtKprrnh/u7nlace+0lPYeg=="
}
Body:
{
    "id": "s-key-1",
    "paymentType": "applepay"
}
Property Type Description
id string The ID of your private key resource.
paymentType string Your payment type.

Upload the Apple-signed Payment Processing Certificate to Unzer

To upload your certificate to Unzer, make a POST call to https://api.unzer.com/keypair/applepay/certificates with the following parameters in the request body:

Parameter Required Default Description Example
format Yes string The file type extension. PEM
type Yes string The type of the key. certificate
private-key Yes string The private key resource you received after uploading your private key. s-key-1
certificate Yes string Your non-encrypted PKCS #8 private key. See the example request below.

POST https://api.unzer.com/v1/keypair/applepay/certificates

Body:

```json
{
    "format": "PEM",
    "type": "certificate",
    "private-key": "s-key-1",
    "certificate": "MIIEcDCCBBagAwIBAgIIHrTLsxpoEO8wCgYIKoZIzj0EAwxxxxx"
}

Body:
{
    "id": "s-crt-1",
    "paymentType": "applepay"
}
Property Type Description
id string The ID of your certificate resource.
paymentType string Your payment type.

Optional: Update the certificate

If you have more certificates and want to switch to a new certificate before the old one runs out, you need to update the certificate.

Make a POST call with the ID of your certificate resource in the request path:


POST https://api.unzer.com/v1/keypair/applepay/certificates/{certificate_ID}/activate`

Body:
{
    "id": "s-crt-2",
    "active": true
}

Property Type Description
id string The ID of your certificate resource.
active boolean Indicates if the certificate is active or not.