Apple Pay on Web-Integration with Rails-Part 1

Apple Pay

Apple Pay is a simple and secure way to make purchases in stores, in apps and also on the Web. Users can now make payments at all of the above with just a touch on their iPhones.

Apple Pay Demo

In this series of blogs, we will guide you to integrate Apple Pay in your web application and start accepting payments through it.

This series consists of following blog posts:

  1. Register Merchant ID, domain, and generate certificates
  2. Create merchant session, show payment modal and authorize payment
  3. Decrypt Apple Pay JSON response

Lets get started with the first one.

Register Merchant ID, domain, and generate certificates.

Contents:

  1. System configuration
  2. Guidelines for using Apple Pay
  3. Register a Merchant ID
  4. Generate Payment Processing Certificate
  5. Register and verify website domain
  6. Generate Merchant Identity Certificate

1 System configuration

  • Machine: macOS Sierra 10.12.5
  • Browser: Safari 10.1.1
  • Phone: Apple iPhone 6

2 Guidelines for using Apple Pay

Apple provides a set of guidelines for businesses that wish to incorporate Apple Pay into their websites. As a merchant, you must follow all of them to be eligible for using Apple Pay.

3 Register a Merchant ID

You, as a merchant, will need an Apple Developer Account which you can setup on their Developer Console.

Log into your developer account and follow steps below to register a Merchant Identifier for your business:

  1. Select Certificates, Identifiers & Profiles on your dashboard.
    Dashboard
  2. Select Identifiers > Merchant IDs.
  3. Enter the Description and an Identifier, and click “Continue”.
    Registration form for Merchant ID

4 Generate Payment Processing Certificate

  1. Select Certificates, Identifiers & Profiles from dashboard.
  2. Select Identifiers > Merchant IDs.
  3. Select the Merchant ID you created in above step and click on “Edit”.
  4. In the Payment Processing Certificate section, click on “Create Certificate”.
  5. Select if your payments will be processed exclusively in China and click “Continue”.
    Payment Processing Certificate country selection
  6. Now, either Obtain a CSR file from your Payment Provider OR follow below steps to create a CSR file:
    1. In the Applications folder on your Mac, open Utilities and launch Keychain Access.
    2. In Keychain Access drop down menu, select Keychain Access > Certificate Assistant > Request a Certificate from a Certificate Authority.
      CSR generation
    3. In the Certificate information window, enter the following:
      1. Email address
      2. Common Name for your key e.g. JD_TD_APPLE_PAY_PAYMENT_DEV_KEY
      3. Leave CA Email Address blank
      4. In the Request is group, select Saved to disk option.
      5. Select Let me specify key pair information.
        CSR-2
      6. Click “Continue” and save the file at desired location.
      7. Set the Key Pair Information to the following:
        1. Algorithm: ECC
        2. Key Size: 256 bits
          CSR-3
      8. Click “Continue”. Your certificate is generated.
    4. Under Generate your certificate, click Choose File, select your CSR file, and click “Continue”.
      Upload CSR
    5. Download the certificate by clicking “Download”, and click “Done”. Certificate will be downloaded as apple_pay.cer.

4.1 Convert certificate to pem file

  1. Double-click on the “apple_pay.cer” file to install in Keychain Access.
  2. Locate the certificate in Keychain Access. Right-click on it and select Export ….
  3. Select the location to save “.p12” file and click “Continue”.
  4. When prompted to set password, do NOT set any, and click “Continue”.
  5. Grant access and click “Continue”. You will have a “.p12” file now with the certificate and its secret key.
  6. Now, open the terminal and run openssl pkcs12 -in path/to/p12/file -out Certificate.key.pem -nocerts -nodes. When prompted to enter Import password, leave it blank. This will generate a Certificate.key.pem file.

NOTE: Check the name of output file carefully so that it does not over-write any existing certificate.

5 Register and verify website domain

Registering the domain on which your application runs is necessary to generate a merchant session successfully on Apple. It can be done with the following steps:

  1. Select Certificates, Identifiers & Profiles from dashboard.
  2. Select Identifiers > Merchant IDs.
  3. Select the Merchant ID from the list and click “Edit”.
  4. In Apple Pay on Web > Merchant Domains section, click on “Add Domain” button.
  5. Enter your fully qualified domain name. While developing the application, you can use ngrok to get a public domain for localhost. A sample ngrok domain looks like abcd1234.ngrok.io.
    Register domain-1
  6. On clicking “Continue”, you will be given a file to download.
    Register domain-2
  7. On clicking “Download”, a file named apple-developer-merchantid-domain-association will be downloaded on your system.Apple needs you to put this file at a given location (publicly accessible) on your server to verify the registered domain. The location would be something like https://abcd1234.ngrok.io/.well-known/apple-developer-merchantid-domain-association. With Ruby on Rails, you can do the following configuration to make this file accessible to Apple:
    1. Put the downloaded file at path public/apple-developer-merchantid-domain-association.
    2. Add code:
      # config/routes.rb
      match '/.well-known/apple-developer-merchantid-domain-association',
      to: 'apple_pay_merchants#domain_association'
      # app/controllers/apple_pay_merchants_controller.rb
      class ApplePayMerchantsController < ApplicationController
        layout false
      
        def domain_association
          render file: 'public/apple-developer-merchantid-domain-association'
        end
      end
    3. Run rails server.
  8. Click on “Verify” button. Apple will ping the verification URL and if verification succeeds, the site returns to the iOS Merchant ID Settings page and Status will be set to Verified.

6 Generate Merchant Identity Certificate

A Merchant Identity Certificate is needed to create a session with Apple.

  1. Select Certificates, Identifiers & Profiles.
  2. Select Identifiers > Merchant IDs.
  3. Select the Merchant ID from the list and click “Edit”.
  4. In Apple Pay on Web > Merchant Identity Certificate section, click on “Create Certificate” button.
  5. Follow below steps to create a CSR file:
    • In the Applications folder on your Mac, open Utilities and launch Keychain Access.
    • In Keychain Access drop down menu, select Keychain Access > Certificate Assistant > Request a Certificate from a Certificate Authority.
    • In the Certificate information window, enter the following:
      • Email address
      • Common Name for your key e.g. JD_TODO_APPLE_PAY_MERCHANT_DEV_KEY
      • Leave CA Email Address blank
      • In the Request is group, select Saved to disk option.
      • Do NOT select Let me specify key pair information.
    • Click “Continue” and save the file at desired location.
  6. In Upload CSR file, click on “Choose File” and upload the CSR file generated in previous step. Click “Continue.
  7. Download the generated Merchant Identity Certificate. Certificate would be named merchant_id.cer.
  8. Follow guide 4.1 above to convert this “.cer” file to “.pem” file.

Now, your merchant account is ready to be used for payments through Apple Pay. In the next post, we will do a little more coding and show payment modal to the customers.

Leave a Reply

Your email address will not be published. Required fields are marked *