Google Pay / Apple Pay integration
In the case you want to integrate with uP Payments
and Google Pay
or Apple Pay
, you need to decrypt the payment token received from the payment method and
send it to the uP Payments
API in the secureRemotePayment.cryptogram
field
of the payment
request.
Apple Pay
Requirements
You will need an Apple Developer account
associated with the Apple Developer Program
, or the Apple Developer Enterprise Program
.
Decryption process
The steps needed to decrypt the payment token are documented in the Apple Pay
documentation under Payment token format reference
.
This steps include:
- Verify the signature.
- Use the value of the publicKeyHash key to determine which merchant public key Apple used, and then retrieve the corresponding merchant public key certificate and private key.
- Restore the symmetric key.
- Use the symmetric key to decrypt the value of the data key.
- Confirm that you haven’t already credited this payment by verifying that no
payment with the same
transactionId
shows asprocessed
. - Verify the transaction details using information from the merchant about the Apple Pay payment request.
- If the signature is valid, the hash values match, and your transaction
validation passes, use the decrypted payment data to process the payment
with the
uP Payments
API.
Google Pay
Requirements
You will need a valid Google Pay merchant ID
and
approved for production use.
Decryption process
The steps needed to decrypt the payment token are documented in the Google Pay
documentation under Payment data cryptography for merchants
.
This steps include:
- Fetch the Google root signing keys.
- Verify that the signature of the intermediate signing key is valid by any of the non-expired root signing keys.
- Verify that the intermediate signing key of the payload hasn't expired.
- Verify that the signature of the payload is valid by the intermediate signing key.
- Decrypt the contents of the payload after you verify the signature.
- Verify that the message isn't expired. This requires you to check that the current time is less than the messageExpiration field in the decrypted contents.
- Use the decrypted contents to process the payment with the
uP Payments
API.