Skip to main content

Apple Pay [BETA]

Enable Apple Pay to allow your customers to make purchases using a credit or debit card connected with their Apple Wallet. This guide walks you through the payment flow and steps to implement the service.

How to Enableโ€‹

Supported Countries: Singapore

Minimum API version: 2017-11-02

To enable Apple Pay, send an email requesting this feature to support@omise.co.

Payment Flowโ€‹

Apple Pay supports payments on websites. Customers who choose to make payments using Apple Pay initiate the transaction by tapping or clicking the Apple Pay button embedded in your platform. Customers who have already linked a card to their Apple Wallet will be able to choose their preferred card right away. Those who still need to will be given the option to link a new card.

Once the customer selects their preferred card and confirms the payment, the card will be charged the same way as the normal credit card payments flow. Your account's current card processing settings may apply to Apple Pay transactions.

Important

Apple Pay transactions will only be processed with non-3D Secure.

Using a Desktop Browserโ€‹

To start the Apple Pay payment, โถ the customer selects Apple Pay as their preferred payment method during checkout on your website. โท The customer then chooses their preferred credit or debit card linked to their Apple Wallet. Then, reviews and confirms the payment. โธ Upon confirmation, Omise will send a webhook event (if enabled) indicating that the charge is complete.

Guidelines

Before deploying Apple Pay on your website, make sure your implementation follows the Acceptable Use Guidelines for Apple Pay on the Web.

Apple Pay Desktop Flow

Implementationโ€‹

Follow the Apple Pay Marketing Guidelines to add Apple Pay payment buttons to your website. After the customer taps the button and selects their card, you will receive an Apple Pay token containing the card information. You then send this type of token to our Token API to obtain a card token that is usable on our Charge API.

Omise treats Apple Pay tokens the same way as sensitive card data. Therefore, unless you have a PCI-DSS license, these tokens must first be converted to card tokens before you can use them on your servers. Read more in Collecting Cards.

In summary, make the following API requests to create a charge with Apple Pay:

  1. Obtain an Apple Pay token from Apple when the user initiates payment through the Apple Pay button.
  2. Create a card token from Apple Pay token using Omise.js.
  3. Create a charge using the obtained card token from Step 2.
  4. After receiving the charge completion webhook event, retrieve the charge to verify its status (optional, but recommended).

The following sequence diagram shows how to obtain the card token:

Configuring an Apple Pay Environmentโ€‹

To support Apple Pay on your website or application, you must complete a few setup steps before you can use the Apple Pay web and/or app APIs. Omise provides the following option.

OptionSupports
1. Use Omise Apple developer accountWeb only

Use Omise Apple Developer Accountโ€‹

You can enable Apple Pay on your website using the provided Omise merchant identifier without requiring you to create an Apple developer account. This method supports only Web integration.

Follow these steps to obtain an Apple Pay merchant ID and merchant identity certificate and verify your domains for the Apple Pay web integration.

Obtaining Apple Pay merchant ID and Apple merchant identity certificate

You can obtain an Apple merchant ID and an Apple merchant identity certificate from the Omise dashboard.

Omise Certificate Dashboard

Certificate Expiration

The merchant identity certificate is a Transport Layer Security (TLS) certificate associated with your merchant ID, used to authenticate your sessions with the Apple Pay servers. To ensure uninterrupted service, please download a new certificate using your website details before the expiration of the current one.

Verify your web domains with Omise

Register your merchant domains where you'll display the Apple Pay button with Omise via email at support@omise.co to receive the domain association file and host this file at https://[DOMAIN_NAME]/.well-known/apple-developer-merchantid-domain-association on your website. Then Omise will proceed with verifying your domains.

Domain Validation

For Apple Pay domain validation, refer to Apple Pay - Setting up your server. Your domains must be directly accessible to Apple servers without proxies or redirects. Register and verify all top-level domains (e.g., omise.co) and subdomains (e.g., shop.omise.co) separately.

If you renew your SSL certificate before expiration, Apple automatically maintains domain verification. However, you must re-verify your domain with Omise if your certificate expires.

Obtaining an Apple Pay Tokenโ€‹

With your configuration complete, you can now add an Apple Pay button to your website and be able to receive an Apple Pay token.

Please follow the Apple Pay developer documentation to render an Apple Pay button, integrate with Apple APIs, and receive an Apple Pay token:

In the payment request, ensure that the following fields follow these guidelines:

  • Field supportedNetworks should reflect the supported card brands from the Capability API.
  • Field merchantIdentifier is the Apple Pay merchant identifier.

After that, you will receive a token from Apple Pay. The Apple Pay token should be used within 5 minutes.

{
  "data": "...",
  "signature": "...",
  "header": {
    "publicKeyHash": "...",
    "ephemeralPublicKey": "...",
    "transactionId": "..."
  },
  "version": "EC_v1"
}

Creating a Card Tokenโ€‹

Once you receive an Apple Pay token, create a card token using the following tokenization parameters.

NameTypeDescription
methodstring(required) Set to applepay string.
datastring(required) Apple Pay token.
merchant_idstring(required) Apple Merchant identifier.
brandstring(required) The selected card brand. (Web)
billing_namestring(optional, but recommended) Card owner name.
billing_citystring(optional, but recommended) Billing address city.
billing_countrystring(optional, but recommended) Billing address country as a two-letter ISO 3166 code.
billing_postal_codestring(optional, but recommended) Billing address postal code.
billing_statestring(optional, but recommended) Billing address state.
billing_street1string(optional, but recommended) Billing address street #1.
billing_street2string(optional) Billing address street #2.
billing_phone_numberstring(optional) Billing address phone number.
Billing Information

By default, the cardholder's name and billing address won't be attached to a card token, and the name will be displayed as Apple Pay. To override this behavior, supply billing contact fields (Web) when requesting payment to Apple.

The card token can be used to create a charge within 10 minutes.

For Omise.js, set the token input type to tokenization as the first argument of the createToken function and submit the tokenization parameters as the second.

Omise.setPublicKey("your_omise_public_key");

tokenParameters = {
  method: 'applepay',
  data: '{"data":"Ls06CdzKeOXc1AtBgszMr8JF+DbIOj4LyQcQbVnC+RjihUa+SPwRcIVLzUwaFpHlM4atA3Ls2BXA2mg97WIECfnssAYRGWRcjyKtUqEfNR+tT7ztRCYVGIL4hdNMqTNBk+xYPb6ztGIKzN5xPetcausII8oNnyRjC2vmLIlMojOFQUWdqJURrkyPkwpC7adx6EAXy4prId/ZhXBE10d0JZ0wInM1/Tg08rMsLQOob9qP+QrFmJ3Pc0QFDLT/kxuOz7xRYmv07tAd5QkTEQ4VvjxzPc80YcEYBti236m5NZ8x3iN+AD7ZmZ8vke/aGltywKaMrkVpVlmYdKd+eca6FjKMOvn80uXtRrnmO3Wu44b5OIQf/LODUFl4s0nWiho2xC8ZU9i3hSKUdQS9cJxjJJhAJhX3axM641Epf7F7jQ==","signature":"MIAGCSqGSIb3DQEHAqCAMIACAQExDTALBglghkgBZQMEAgEwgAYJKoZIhvcNAQcBAACggDCCA+MwggOIoAMCAQICCBZjTIsOMFcXMAoGCCqGSM49BAMCMHoxLjAsBgNVBAMMJUFwcGxlIEFwcGxpY2F0aW9uIEludGVncmF0aW9uIENBIC0gRzMxJjAkBgNVBAsMHUFwcGxlIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MRMwEQYDVQQKDApBcHBsZSBJbmMuMQswCQYDVQQGEwJVUzAeFw0yNDA0MjkxNzQ3MjdaFw0yOTA0MjgxNzQ3MjZaMF8xJTAjBgNVBAMMHGVjYy1zbXAtYnJva2VyLXNpZ25fVUM0LVBST0QxFDASBgNVBAsMC2lPUyBTeXN0ZW1zMRMwEQYDVQQKDApBcHBsZSBJbmMuMQswCQYDVQQGEwJVUzBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABMIVd+3r1seyIY9o3XCQoSGNx7C9bywoPYRgldlK9KVBG4NCDtgR80B+gzMfHFTD9+syINa61dTv9JKJiT58DxOjggIRMIICDTAMBgNVHRMBAf8EAjAAMB8GA1UdIwQYMBaAFCPyScRPk+TvJ+bE9ihsP6K7/S5LMEUGCCsGAQUFBwEBBDkwNzA1BggrBgEFBQcwAYYpaHR0cDovL29jc3AuYXBwbGUuY29tL29jc3AwNC1hcHBsZWFpY2EzMDIwggEdBgNVHSAEggEUMIIBEDCCAQwGCSqGSIb3Y2QFATCB/jCBwwYIKwYBBQUHAgIwgbYMgbNSZWxpYW5jZSBvbiB0aGlzIGNlcnRpZmljYXRlIGJ5IGFueSBwYXJ0eSBhc3N1bWVzIGFjY2VwdGFuY2Ugb2YgdGhlIHRoZW4gYXBwbGljYWJsZSBzdGFuZGFyZCB0ZXJtcyBhbmQgY29uZGl0aW9ucyBvZiB1c2UsIGNlcnRpZmljYXRlIHBvbGljeSBhbmQgY2VydGlmaWNhdGlvbiBwcmFjdGljZSBzdGF0ZW1lbnRzLjA2BggrBgEFBQcCARYqaHR0cDovL3d3dy5hcHBsZS5jb20vY2VydGlmaWNhdGVhdXRob3JpdHkvMDQGA1UdHwQtMCswKaAnoCWGI2h0dHA6Ly9jcmwuYXBwbGUuY29tL2FwcGxlYWljYTMuY3JsMB0GA1UdDgQWBBSUV9tv1XSBhomJdi9+V4UH55tYJDAOBgNVHQ8BAf8EBAMCB4AwDwYJKoZIhvdjZAYdBAIFADAKBggqhkjOPQQDAgNJADBGAiEAxvAjyyYUuzA4iKFimD4ak/EFb1D6eM25ukyiQcwU4l4CIQC+PNDf0WJH9klEdTgOnUTCKKEIkKOh3HJLi0y4iJgYvDCCAu4wggJ1oAMCAQICCEltL786mNqXMAoGCCqGSM49BAMCMGcxGzAZBgNVBAMMEkFwcGxlIFJvb3QgQ0EgLSBHMzEmMCQGA1UECwwdQXBwbGUgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxEzARBgNVBAoMCkFwcGxlIEluYy4xCzAJBgNVBAYTAlVTMB4XDTE0MDUwNjIzNDYzMFoXDTI5MDUwNjIzNDYzMFowejEuMCwGA1UEAwwlQXBwbGUgQXBwbGljYXRpb24gSW50ZWdyYXRpb24gQ0EgLSBHMzEmMCQGA1UECwwdQXBwbGUgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxEzARBgNVBAoMCkFwcGxlIEluYy4xCzAJBgNVBAYTAlVTMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE8BcRhBnXZIXVGl4lgQd26ICi7957rk3gjfxLk+EzVtVmWzWuItCXdg0iTnu6CP12F86Iy3a7ZnC+yOgphP9URaOB9zCB9DBGBggrBgEFBQcBAQQ6MDgwNgYIKwYBBQUHMAGGKmh0dHA6Ly9vY3NwLmFwcGxlLmNvbS9vY3NwMDQtYXBwbGVyb290Y2FnMzAdBgNVHQ4EFgQUI/JJxE+T5O8n5sT2KGw/orv9LkswDwYDVR0TAQH/BAUwAwEB/zAfBgNVHSMEGDAWgBS7sN6hWDOImqSKmd6+veuv2sskqzA3BgNVHR8EMDAuMCygKqAohiZodHRwOi8vY3JsLmFwcGxlLmNvbS9hcHBsZXJvb3RjYWczLmNybDAOBgNVHQ8BAf8EBAMCAQYwEAYKKoZIhvdjZAYCDgQCBQAwCgYIKoZIzj0EAwIDZwAwZAIwOs9yg1EWmbGG+zXDVspiv/QX7dkPdU2ijr7xnIFeQreJ+Jj3m1mfmNVBDY+d6cL+AjAyLdVEIbCjBXdsXfM4O5Bn/Rd8LCFtlk/GcmmCEm9U+Hp9G5nLmwmJIWEGmQ8Jkh0AADGCAYgwggGEAgEBMIGGMHoxLjAsBgNVBAMMJUFwcGxlIEFwcGxpY2F0aW9uIEludGVncmF0aW9uIENBIC0gRzMxJjAkBgNVBAsMHUFwcGxlIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MRMwEQYDVQQKDApBcHBsZSBJbmMuMQswCQYDVQQGEwJVUwIIFmNMiw4wVxcwCwYJYIZIAWUDBAIBoIGTMBgGCSqGSIb3DQEJAzELBgkqhkiG9w0BBwEwHAYJKoZIhvcNAQkFMQ8XDTI0MTEyMTA1MTQwMlowKAYJKoZIhvcNAQk0MRswGTALBglghkgBZQMEAgGhCgYIKoZIzj0EAwIwLwYJKoZIhvcNAQkEMSIEIE++AKKaPq46bqP4zQRwkM149F5Ij5gawK6ECTcx6RhEMAoGCCqGSM49BAMCBEcwRQIhAIq/NJ9miOmAgIh+Bo4i487Gvos0Yl+53/mov9hATRndAiB3EL98bNBy/5JuM/oIv99p5sgobYxzZQWkt4N+bQhYcwAAAAAAAA==","header":{"publicKeyHash":"vRQNoc2OWcP7vDrLcGZ8QMnUH784bNV+1mmh65Z/kx4=","ephemeralPublicKey":"MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE7uNpkxQ6EFIKMQc/8o68mtrXACyiDGUPVYZUD7ZmtVTCoao41U0w12DdXnDb5HidaYbJzJtoFIr+3q6d4k/h3g==","transactionId":"ac06f094edb34a6fc568ed5847acca0076103f5fe49f5624f941dd420b574268"},"version":"EC_v1"}',
  merchant_id: 'merchant.omise.sg.prod',
  brand: 'Visa'
};

Omise.createToken('tokenization', tokenParameters, function(statusCode, response) {
  console.log(response)
});

The id attribute is the token identifier (begins with tokn).

Creating a Chargeโ€‹

Refer to Credit Card Payments to charge a card with the received card token. There are a couple of differences between card tokens that are generated from a specific tokenization method (applepay) compared to normal ones:

  1. These card tokens have a field tokenization_method to tell what tokenization method was applied on the card.
  2. These card tokens cannot be used in the Customers API.

Additional Optionsโ€‹

When using a pre-built payment form, you can set additional configuration options to have more control over the Apple Pay API. The relevant parameters are as follows.

Data AttributeParameterDescription
data-applepay-validation-urlapplepayValidationUrlThe URL to validate your server and obtain a merchant session object for Apple Pay (required when accepting live traffic).
data-applepay-merchant-idapplepayMerchantIdMerchant ID for Apple Pay (required when accepting live traffic).
data-applepay-request-billing-addressapplepayRequestBillingAddressSet to true to attach the cardholder's name and billing address to a card token. Supplying this improves your authorization rate for US, UK, and Canadian cardholders.

The full list of the supported parameters can be found here.

Merchant Validation

During checkout, the pre-built payment form automatically sends a POST request to the validation endpoint specified in the data-applepay-validation-url attribute. This request includes the validationURL provided by Apple during the onvalidatemerchant event.

Your server must handle this request by using the Apple Merchant Identity Certificate to request a merchant session object from Apple, then respond with that object. The pre-built form requires this session object to complete the Apple Pay session via the completeMerchantValidation() method.

To implement this correctly, follow Apple's guide on Requesting an Apple Pay payment session. For additional context, see Providing Merchant Validation.

Testingโ€‹

To complete the whole user journey, you need an Apple account that supports an Apple Wallet and a chargeable card. We recommend using an Apple sandbox tester account and attaching one of the available test cards provided by Apple for the test mode.

You can create a token and a charge with an Omise test key to simulate a successful charge, and the card number will always be 4111 1111 1111 1111 in our system. Please note that the Apple Pay environment configuring process is also required with an Omise test key.