- Safari Desktop 10.0+
- Safari Mobile 10.0+
Apple Pay is available in supported regions.
Sample code is available here: EmporiumWeb: Request and handle Apple Pay payments on the web.
Apple Pay Requirements
There are three requirements for using Apple Pay on your website:
You must have an Apple Developer Account.
All pages that incorporate Apple Pay must be served over HTTPS.
Your website must comply with the Apple Pay guidelines. For more information, see Apple Pay on the Web Acceptable Use Guidelines.
To incorporate Apple Pay on your website, your server must have the following setup:
All pages that include Apple Pay must be served over HTTPS.
Your domain must have a valid SSL certificate.
Your server must support the Transport Layer Security (TLS) 1.2 protocol and one of the cipher suites listed in Table 1.
To enable merchant validation, your server must allow access over HTTPS (TCP over port 443) to the Apple Pay IP addresses provided in Listing 1 below.
Configuring Your Environment
Similar to Apple Pay in apps, you must register a merchant identifier and set up cryptographic keys. However, iOS has digitally signed entitlements in the app binary that add an additional layer of security. These entitlements help validate and verify both the user and the merchant.
To provide a similar layer of security on the web, there are a few additional steps required to configure your environment and to validate payment requests.
To accept Apple Pay on the web, you need the following three pieces of information:
Merchant ID. A unique identifier that represents a merchant for Apple Pay.
Payment Processing Certificate. A certificate used to securely transfer payment data. Apple Pay servers use the payment processing certificate’s public key to encrypt the payment data. Use the private key to decrypt the data when processing payments.
The same payment processing certificate can be used for Apple Pay payments both in-app and on the web. For information on creating your Payment Processing Certificate, see Configuring Your Environment in Apple Pay Programming Guide.
Merchant Identity Certificate. A Transport Layer Security (TLS) certificate used to authenticate your merchant sessions with the Apple Pay servers. The merchant identity certificate is only required for Apple Pay on the web.
To register and verify your domain, and create your Merchant Identity Certificate:
In Member Center, select Certificates, Identifiers, and Profiles.
Under Identifiers, select Merchant IDs.
Select the merchant ID from the list, and click Edit.
In the Apple Pay on the Web section, click the Add Domain button.
Enter your fully qualified domain name, and click Continue.
The site creates a file and makes it available to download. Download this file and host it at the provided location.
Your server must support the TLS 1.2 protocol and one of the cipher suites listed in Table 1.
As soon as the file is available on your server, click the Verify button. If the verification succeeds, the site returns to the iOS Merchant ID Settings page and shows a green Verified status label.
In the Apple Pay on the Web section, click the Create Certificate button. Follow the instructions to create and download your Merchant Identity Certificate. Use this certificate when requesting a merchant session during payment validation. For more information, see Merchant Validation in
Maintaining Your Environment
To continue using Apple Pay for the web, your domain verification and the certificates that you set up in the Configuring Your Environment section must remain valid.
You can view the certificate expiration dates on the Certificates, Identifiers, and Profiles page in your account on the Apple developer website. Under Identifiers, select Merchant IDs. Then select your domain's merchant ID and select Edit. Certificate expiration dates appear for each of the certificates listed on the page. You can also update the certificates on this page.
Renew certificates before they expire to avoid interruptions in your Apple Pay service.
Renewing Domain Verification
Your domain verification expires when its SSL certificate expires.
Apple sends an email reminder to the team agent of your Apple developer account before your SSL certificate expires. Follow the instructions in the email to:
Update the domain's SSL certificate
Reverify the domain.
If your domain verification expires, the domain reverts to a "pending" status in your Apple developer account. Calls to Start Session fail and your website cannot use Apple Pay until the domain is reverified.
You can continue to use your existing Merchant Identity Certificate after the domain has been reverified.