Processing a payment involves several steps:
Sending the payment information to your server, along with other information needed to process the order
Verifying the hashes and signature of the payment data
Decrypting the encrypted payment data
Submitting payment data to the payment processing network
Submitting the order to your order-tracking system
You have two options for processing the payment: You can take advantage of a payment platform to process the payment, or you can implement the payment processing yourself. A payment processing platform typically handles most of the steps listed above.
Reading, verifying, and processing payment information requires an understanding of several areas of cryptography such as calculating an SHA–1 hash, reading and validating a PKCS #7 signature, and performing elliptic curve Diffie-Hellman key exchange. If you don’t have a background in cryptography, consider using a payment platform that performs these operations for you. For information about payment platforms that support Apple Pay, see developer.apple.com/apple-pay/.
The information used to process a payment has a nested data structure, as shown in
PKPaymentToken class. The value of its
paymentData property is a JSON dictionary, which has a header with information used for validation, and encrypted payment data. The encrypted data includes information such as the amount and cardholder name and other information used for the specific payment processing protocol.
For details on the format of the payment data structure, see Payment Token Format Reference.