Skip to content
Payments / Payment methods / Apple Pay / Set Up Apple Pay

Set up Apple Pay

Last updated: 14th July 2022

Follow the steps on this page to set up and configure Apple Pay.

Before you start

Before you get started with Apple Pay, you need the following:

  • An Apple Developer account. Sign up for one here.
  • A domain with a valid SSL certificate (meaning your domain should start with https).
  • Access to a Secure Shell (SSH) terminal.
  • Access to your server's files, so you can upload files to your server.

Configure Apple Pay

Step 1: Create your merchant IDs in your Apple Pay Developer account

We recommend that you create separate merchant IDs for your test environment and for your live/production environment.

  1. In your Apple Developer account, go to the Add Merchant IDs section, select Merchant IDs and select Continue.
  2. Add a useful description, like merchant id for test environment.
  3. Type your desired merchant ID name in the Identifier section. We recommend that you use a descriptive name to indicate both the domain and the environment you will use it in, like merchant.com.mywebsite.sandbox.

Step 2: Generate a certificate signing request

Next, you need to generate a certificate signing request using the following endpoint. You'll receive a .csr file in the response that you'll need to upload to your Apple Developer account in the next step.

To get a detailed view of all required and optional fields, see our API reference.

Endpoints

    post

    https://api.checkout.com/applepay/signing-requests

    Request example

    1
    2
    curl --location --request POST 'https://api.sandbox.checkout.com/applepay/signing-requests' \
    --header 'Authorization: Bearer pk_xxxxxxxxxxxxxxxxxxxxxxxxxx' \

    Response example

    1
    2
    3
    {
       "content": "--- --BEGIN CERTIFICATE REQUEST--- --MIIBSTCB8AIBADCBjzELMAkGA1UEBhMCR0IxDzANBgNVBAgMBkxvbmRvbjEPMA0GA1UEBwwGTG9uZG9uMRUwEwYDVQQKDAxDaGVja291dC5jb20xCzAJBgNVBA8MAklUMRUwEwYDVQQDDAxjaGVja291dC5jb20xIzAhBgkqhkiG9w0BCQEWFHN1cHBvcnRAY2hlY2tvdXQuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEwjiZ410yhHCkwa04OfrPb0e5bqt4FncefJwAbFpcqARTWefYZNvLyYkV68PmAKoO7cthfAFVfoVNqXBEGzjg1TAKBggqhkjOPQQDAgNIADBFAiAcgJLboQK3GBQX/K5ghNzbcw4mnVcVk/rUmkIxu0M28gIhALO01kH13CZzMkAhRhnkeCUPaP+IqUqQaDdZL8d5xgFc--- --END CERTIFICATE REQUEST--- --"
    }

    Step 3: Create a payment processing certificate

    1. Log in to your Apple Developer account, go to the Merchant IDs list section, and select the merchant ID you created in step 1.
    2. In the Apple Pay Payment Processing Certificate section (make sure you’re not in the Apple Pay Merchant Identity Certificate section), select Create Certificate.
    3. Respond No to the question about processing in China and select Continue.
    4. Upload the .csr file from the previous step and select Continue.
    5. Select Download to get your payment processing certificate – a .cer file.

    Step 4: Upload the signed payment processing certificate

    Once you've generated the payment processing certificate, you need to upload it using the following endpoint. We use this certificate to decrypt Apple Pay tokens and turn them into Checkout.com card tokens you can use to request a payment.

    To get a detailed view of all required and optional fields, see our API reference.

    The .cer file you downloaded in step 3 needs to be base64 encoded so you can pass the content into the /applepay/certificates endpoint.

    To convert the .cer file to a base64 string, use the following command:

    1
    openssl x509 -inform der -in apple_pay.cer -out base64_converted.cer

    Endpoints

      post

      https://api.checkout.com/applepay/certificates

      Request example

      1
      2
      3
      4
      5
      6
      curl --location --request POST 'https://api.sandbox.checkout.com/applepay/certificates' \
      --header 'Authorization: Bearer pk_xxxxxxxxxxxxxxxxxxxxxxxxxx' \
      --header 'Content-Type: application/json' \
      --data-raw '{
          "content": "MIIEfTCCBCOgAwIBAgIID/asezaWNycwCgYIKoZIzj0EAwIwgYAxNDAyBgNVBAMMK0FwcGxlIFdvcmxkd2lkZSBEZXZlbG9wZXIgUmVsYXRpb25zIENBIC0gRzIxJjAkBgNVBAsMHUFwcGxlIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MRMwEQYDVQQKDApBcHBsZSBJbmMuMQswCQYDVQQGEwJVUzAeFw0yMTA2MTExMzQ0MjVaFw0yMzA3MTExMzQ0MjRaMIGuMS0wKwYKCZImiZPyLGQBAQwdbWVyY2hhbnQuY29tLmNoZWNrb3V0LnNhbmRib3gxQzBBBgNVBAMMOkFwcGxlIFBheSBQYXltZW50IFByb2Nlc3Npbmc6bWVyY2hhbnQuY29tLmNoZWNrb3V0LnNhbmRib3gxEzARBgNVBAsMCkUzMlhCUUs0UTUxFjAUBgNVBAoMDUNoZWNrb3V0IEx0ZC4xCzAJBgNVBAYTAkdCMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEsvyUM9D1cssldH+VPptEn4VAw/Q6ovJuHVlyBSRaPGLHFce04lCiT/xnXOWRkUxyCzQWKhfG2zo19u4s+evx7aOCAlUwggJRMAwGA1UdEwEB/wQCMAAwHwYDVR0jBBgwFoAUhLaEzDqGYnIWWZToGqO9SN863wswRwYIKwYBBQUHAQEEOzA5MDcGCCsGAQUFBzABhitodHRwOi8vb2NzcC5hcHBsZS5jb20vb2NzcDA0LWFwcGxld3dkcmNhMjAxMIIBHQYDVR0gBIIBFDCCARAwggEMBgkqhkiG92NkBQEwgf4wgcMGCCsGAQUFBwICMIG2DIGzUmVsaWFuY2Ugb24gdGhpcyBjZXJ0aWZpY2F0ZSBieSBhbnkgcGFydHkgYXNzdW1lcyBhY2NlcHRhbmNlIG9mIHRoZSB0aGVuIGFwcGxpY2FibGUgc3RhbmRhcmQgdGVybXMgYW5kIGNvbmRpdGlvbnMgb2YgdXNlLCBjZXJ0aWZpY2F0ZSBwb2xpY3kgYW5kIGNlcnRpZmljYXRpb24gcHJhY3RpY2Ugc3RhdGVtZW50cy4wNgYIKwYBBQUHAgEWKmh0dHA6Ly93d3cuYXBwbGUuY29tL2NlcnRpZmljYXRlYXV0aG9yaXR5LzA2BgNVHR8ELzAtMCugKaAnhiVodHRwOi8vY3JsLmFwcGxlLmNvbS9hcHBsZXd3ZHJjYTIuY3JsMB0GA1UdDgQWBBRNhvr33NDuM4QxBZd16a+ACbHoEzAOBgNVHQ8BAf8EBAMCAygwTwYJKoZIhvdjZAYgBEIMQDdGRjg0REI5MDE5NkVGN0I5RTc4NDZEMjg4NzZCNkJGRDU2RjM4MDlCNzUyNjAzRDM4QzcxNUJFMTY2M0JENEMwCgYIKoZIzj0EAwIDSAAwRQIgTjywMwOrLX3TwDUrPn7yDGL/dhc+VNudv0uGBOWRyXACIQClFQFvgx+hfTwVdHt8klrswpgtZtbYjs74p9GYuc8Puw=="
      }'

      Response example

      1
      2
      3
      4
      5
      6
      {
        "id": "aplc_hefptsiydvkexnzzb35zrlqgfq",
        "public_key_hash": "tqYV+tmG9aMh+l/K6cicUnPqkb1gUiLjSTM9gEz6Nl0=",
        "valid_from": "2021-01-01T17:32:28.000Z",
        "valid_until": "2025-01-01T17:32:28.000Z"
      }

      Step 5: Validate your domain

      You must have a valid SSL certificate on your domain (meaning it begins with https).

      1. Log in to your Apple Developer account, go to the Merchant IDs list section and select the merchant ID you created in step 1.
      2. Under the Merchant Domains section, select Add Domain.
      3. Enter your domain and select Save.
      4. Select Download and you'll get a .txt file.
      5. Upload this file to your server so it's accessible at the following location (replacing yourdomain.com with the URL of your domain): https://yourdomain.com/.well-known/apple-developer-merchantid-domain-association.txt. To do this, create a folder called .well-known in the root directory of your website and put the .txt file in that folder.
      6. Once you've uploaded the file, select Verify.

      Step 6: Create your Apple Pay certificates

      1. Open a terminal and create a .csr and .key file using this command:
      1
      openssl req -out uploadMe.csr -new -newkey rsa:2048 -nodes -keyout certificate_sandbox.key
      1. In the prompt, enter your details, and when asked for a password, leave it blank and select Enter. You will get a .csr and .key file. Keep the .key file at hand.
      2. Log in to your Apple Developer account, go to the Merchant IDs list section and select the merchant ID you created in step 1.
      3. Under the Apple Pay Merchant Identity Certificate section (make sure you're not in the Apple Pay Payment Processing Certificate section), select Create Certificate.
      4. Upload the .csr file you just created from your terminal. It should be called uploadMe.csr if you copy-pasted the command.
      5. Select Continue and then select Download to get your .cer file. It will probably be named merchant_id.cer.
      6. Convert this .cer file into a .pem file so you can use it in your code. Enter the following command in your terminal:
      1
      openssl x509 -inform der -in merchant_id.cer -out certificate_sandbox.pem

      Step 7: Configuration outcome

      If you followed the above steps correctly, you should now have the following:

      • A merchant ID (for example, merchant.com.mywebsite.sandbox).
      • Checkout.com linked to your merchant ID.
      • A domain verified by Apple.
      • A .key and a .pem certificate file.

      We recommend that you repeat the above steps so you have a merchant ID, domain (it can be the same domain) and certificates for your test environment and your production environment. You should use descriptive names for each environment to avoid mismatches.

      Integrate with Apple Pay

      If you use an e-commerce platform where we support Apple Pay, like Magento or WooCommerce, the files and certificates you got in the configuration process above are enough to complete your integration. Just follow the instructions provided by your particular platform.

      Follow Apple Pay's integration documentation to integrate Apple Pay:

      Once you've completed the integration steps, you will be able to display the Apple Pay button and validate an Apple Pay Session (required for the web version).

      If you're struggling, watch this payment flow walkthrough:

      Here's a diagram of the full payment flow:

      apple pay flow

      Next steps

      Now you've configured and integrated with Apple Pay, you're ready to accept Apple Pay payments through our payment gateway.

      On this page

      Before you start
      Configure Apple Pay
      Next steps