2.2. Apple Pay Account Setup

2.2.1. Payment Processing Certificate

To configure the terminal on the payment gateway side, the following data needs to be sent to the Mobilum support service:
  1. Merchant ID.
  2. The private key of the Payment Processing Certificate.
  3. Private key password.
To get the necessary data, the following steps are required:
Step 1. Register Merchant ID.
Step 2. Create Certificate Signing Request.
Step 3. Issue Payment Processing Certificate.
Step 4. Get the certificate private key and private key password.
Please note that the Payment Processing Certificate lasts 25 months. To renew the certificate, see the section “Reissue of Payment Processing Certificate”.

Step 1. Register Merchant ID

  1. Open developer account. Go to Certificate, Identifiers & Profiles.
  2. Go to Identifiers.
  3. Click on “+”.
  4. Select Merchant IDs.
  5. Specify the description and the Merchant ID. It is recommended to use the website domain in reverse order with the merchant prefix. Example: merchant.com.Mobilum.applepay.test.
  6. Click Register.

Merchant ID is now registered.

Step 2. Create Certificate Signing Request

Certificate Signing Request is a request to issue a certificate, in our case in order to get Payment Processing Certificate.
  1. Open Keychain Access on Mac.
  2. Certification assistant -> Request a certificate from a Certificate Authority.
  3. Specify the email, to which the developer’s account was registered, the name (also key name). Select Saved to disk and Specify information about a pair of keys manually.
  4. Select the key size 256 bits and the ECC Algorithm. Click Continue button. Save the .certSigningRequest file.

Step 3. Issue Payment Processing Certificate

  1. Return to the developer’s office. Go to Certificates, Identifiers & Profiles / Identifiers. Select needed Merchant ID.
  2. Click Create Certificate in Apple Pay Payment Processing Certificate section.
  3. Select “No” and click Continue.
  4. Choose .certSigningRequest file from step 2 and click Continue.
  5. Download Payment Processing Certificate.

Step 4. Get the certificate private key and private key password

  1. Double click Payment Processing Certificate on Mac to install.
  2. Open Keychain Access and go to Certificates section.
  3. Find the certificate. Select the created key by clicking on the arrow next to it.
  4. Select Export with the right mouse button.
  5. Select the folder to save the key file in .p12 format, click Save.
  6. Create password and click OK. Private key <name>.p12 and private key password are ready to work.

Reissue of Payment Processing Certificate

The Merchant must independently monitor the validity period of the Apple Pay certificate (25 months). Before the certificate expires, a new certificate must be issued.
This requires the following:
  1. Create a new Certificate Signing Request, as described in step 2.
  2. Issue a new Payment Processing Certificate as in step 3. After creating a new certificate for the current Merchant ID, there will be two certificates: old (active) and new (requiring activation). At this step there is no need to activate the new certificate.
  3. Get the certificate private key, private key password and send them to Mobilum support service as in step 4.
  4. Activate a new certificate only in consultation with Mobilum support service. After activation, only the new certificate will be used, the old one will become inactive.

2.2.2. Merchant Identity Certificate

The following data needs to be sent to the Mobilum support service:
  1. Merchant ID.
  2. The private key of the Merchant Identity Certificate.
  3. Private key password.
Please note that the validity period of the Merchant Identity Certificate and domain verification is 25 months. To renew the certificate and re-verify domains, see the section Re-verification of domains and reissue of the Merchant Identity Certificate.

Domain registration and verification

Warning

Please note that before receiving the Merchant Identity Certificate, it is compulsory to create and validate domains where Apple Pay will be used.

  1. Go to the developer’s office and go to Certificates, Identifiers & Profiles. Create a Merchant ID before domain registration.
  2. Go to Identifiers.
  3. App IDs -> Merchant IDs.
  4. Select the needed Merchant ID.
  5. Click Add Domain in Merchant Domains.
  6. Specify the domain where Apple Pay will be used and click Save.
  7. To confirm ownership of a domain, download the file and place ot at the specified address, the file at the specified address must be accessible from outside the Merchant’s network.
  8. Click Verify to verify the domain.

Step 1. Create Certificate Signing Request

Certificate Signing Request is a request to issue a certificate, in our case in order to get Payment Processing Certificate.
  1. Open Keychain Access on Mac.
  2. Certification assistant -> Request a certificate from a Certificate Authority.
  3. Specify the email, to which the developer’s account was registered, the name (also key name). Select Saved to disk and Specify information about a pair of keys manually.
  4. Select the key size 2058 bits and the RSA Algorithm. Click Continue button. Save the .certSigningRequest file.

Step 2. Issue Merchant Identity Certificate

  1. Return to the developer’s office. Go to Certificates, Identifiers & Profiles / Identifiers.
  2. Go to Identifiers.
  3. App IDs -> Merchant IDs.
  4. Select the needed Merchant ID.
  5. Create Certificate in Apple Pay Merchant Identity Certificate section.
  6. Select created in step 1 .certSigningRequest file and click Continue.
  7. Download Merchant Identity Certificate.

Step 3. Get the certificate private key and private key password

  1. Double click Merchant Identity Certificate on Mac to install.
  2. Open Keychain Access and go to Certificates section.
  3. Find the certificate. Select Export with the right mouse button.
  4. Select the folder to save the key file in .p12 format, click Save.
  5. Create password and click OK. Private key <name>.p12 and private key password are ready to work.

Domain re-verification and Merchant Identity Certificate reissue

The merchant must independently monitor the validity of the certificate and domains’ verification (25 months). A new Merchant Identity Certificate must be issued before the certificate expires. Certificates can be used concurrently, so the procedure for issuing a new one is as described in the “Creating a Merchant Identity Certificate” section. Before the expiration of the domain verification period, the Verify button is activated next to it. The verification procedure corresponds to that described in the section “Domain registration and verification”.

2.2.3. Apple Pay Integration

If accepting payments occurs on the Mobilum payment page, no additional integration with Apple is required from the Merchant.
To use Apple Pay on the Mobilum payment page, do the following:
  1. Enable Apple Pay on the payment page template by adding macro.
  2. Inform Mobilum support about the need to connect Apple Pay and send updated templates.
The Apple Pay button will automatically appear on the Mobilum checkout page if:
  1. The customer uses the Safari browser on a device that supports Apple Pay.
  2. The customer has Apple Pay cards available for payment.

Apple Pay Payment Form Integration

Apple Pay button is supported only in sale-form integration on payment form in customer browser.
For more information about Payment Form Integration and Apple Pay Macros see Payment Form Integration page.

Apple Pay Transaction Flow

Customer -> Merchant: Checkout activate Merchant alt sale Merchant -> "Mobilum": sale-form/ENDPOINTID activate "Mobilum" else preauth Merchant -> "Mobilum": preauth-form/ENDPOINTID end "Mobilum" --> Merchant: status=processing note right: redirect-url deactivate "Mobilum" Merchant --> Customer: Provide **redirect-url** to customer browser deactivate Merchant activate Customer loop Merchant -> "Mobilum": status/ENDPOINTID activate Merchant activate "Mobilum" "Mobilum" --> Merchant: status=processing deactivate Merchant deactivate "Mobilum" end Customer -> "Apple Pay": Check if Apple Pay is supported on Customer's device activate "Apple Pay" "Apple Pay" --> Customer: Apple Pay response deactivate "Apple Pay" Customer -> Customer: Display Apple Pay button Customer -> "Apple Pay": Submit form with Apple payment data deactivate Customer activate "Apple Pay" "Apple Pay" --> "Mobilum": Processing with Apple Pay payment data deactivate "Apple Pay" activate "Mobilum" "Mobilum" --> Customer: Redirect to **redirect_url** activate Customer Customer -> Merchant: Return to the Shop deactivate Customer activate Merchant alt status Merchant -> "Mobilum": status/ENDPOINTID "Mobilum" --> Merchant: Final status else callback "Mobilum" --> Merchant: Callback with final status deactivate "Mobilum" deactivate Merchant end

The customer is on the Merchant’s website only until the moment of entering the data of his payment card or before paying with Apple Pay.
For payment, the customer is redirected to the payment page on the Mobilum side.
After payment, the customer will be informed of the result and returned back to the Merchant’s website, and the Merchant will be sent notifications with the result of the payment.
Merchant initiates a transaction by sending HTTPS POST request to the sale-form API URL and specifies the parameters according to sale-form Request Parameters.
Mobilum Server returns response described in sale-form response. Merchant than checks status repeatedly until he gets final status (approved/declined/filtered/error) or until he gets an HTML that should be sent directly to customer browser.
Merchant sends that html to customer’s browser causing customer to be redirected to Apple Pay processor.
Customer hits processor page.
Processor bills an Apple Pay invoice.
Customer pays invoice.
Processor notifies Mobilum that invoice is payed.
Mobilum makes a callback to Merchant using server_callback_url passed with the request.
Customer is returned to merchant site using redirect.