Apple pay on web

App & System Services Apple Pay
Mehul_Rana OP
Created Mar ’21
Replies 1
Boosts 0
Views 1.5k
Participants 2
I am doing a apple pay web implementation. I send the post, but I'm uncertain what is expected for the cert? I'm using php curl requests on the server side.

The closest I got to a real response was when I exported the cert from my mac as .p12, converted it to .pem and uploaded it to the server.

$ch = curl_init();
Code Block 
				$validationUrl = "https://apple-pay-gateway-cert.apple.com/paymentservices/startSession";
curl_setopt($ch, CURLOPT_URL, $validationUrl);
curl_setopt($ch, CURLOPT_HTTPHEADER, array('Content-Type: application/json'));
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $data);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 300);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); //for production, set value to true or 1
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false); //for production, set value to 2
curl_setopt($ch, CURLOPT_SSLVERSION, CURL_SSLVERSION_TLSv1_2);
curl_setopt($ch, CURLOPT_SSLCERT, Yii::getAlias('@app') . "\uploads\Certificates.pem");
curl_setopt($ch, CURLOPT_SSLCERTPASSWD, "vrajdham@123");
curl_setopt($ch, CURLOPT_DNS_USE_GLOBAL_CACHE, false);
$content = curl_exec($ch);
if (FALSE === $content) {
throw new Exception(curl_error($ch), curl_errno($ch));
}
curl_close($ch);


Response

{
"statusMessage": "Error processing request.",
"statusCode": "500"
}
Replies  1
Boosts  0
Views  1.5k
Participants  2
Systems Engineer OP
Apple
Mar ’21

but I'm uncertain what is expected for the cert?
The closest I got to a real response was when I exported the cert from my mac as .p12, converted it to .pem and uploaded it to the server.

I cannot speak to what is wrong with your PHP or server side code. I can tell you that the Apple Pay servers are expecting client authentication via 2-way TLS. Which means that you need to download your Merchant Certificate on the same macOS device that your created your CSR with and then export a Merchant Identity. Note that a Merchant Identity is a p12 (PKCS12) because it contains your Merchant Certificate and your private key that was created when you created your CSR. From there you need to transform your p12 into a PEM that contains both your private key and certificate and this should be kept in a secure location on your server. From there PHP can use this PEM to perform 2-way TLS.



Matt Eaton
DTS Engineering, CoreOS
meaton3@apple.com
0
Apple pay on web
First post date Last post date
 
 
Q