Skip to main content

Google Pay / Apple Pay integration

In the case you want to integrate with uP Payments and Google Pay or Apple Pay, you need to decrypt the payment token received from the payment method and send it to the uP Payments API in the secureRemotePayment.cryptogram field of the payment request.

Apple Pay

Requirements

You will need an Apple Developer account associated with the Apple Developer Program, or the Apple Developer Enterprise Program.

Decryption process

The steps needed to decrypt the payment token are documented in the Apple Pay documentation under Payment token format reference.

This steps include:

  1. Verify the signature.
  2. Use the value of the publicKeyHash key to determine which merchant public key Apple used, and then retrieve the corresponding merchant public key certificate and private key.
  3. Restore the symmetric key.
  4. Use the symmetric key to decrypt the value of the data key.
  5. Confirm that you haven’t already credited this payment by verifying that no payment with the same transactionId shows as processed.
  6. Verify the transaction details using information from the merchant about the Apple Pay payment request.
  7. If the signature is valid, the hash values match, and your transaction validation passes, use the decrypted payment data to process the payment with the uP Payments API.

Google Pay

Requirements

You will need a valid Google Pay merchant ID and approved for production use.

Decryption process

The steps needed to decrypt the payment token are documented in the Google Pay documentation under Payment data cryptography for merchants.

This steps include:

  1. Fetch the Google root signing keys.
  2. Verify that the signature of the intermediate signing key is valid by any of the non-expired root signing keys.
  3. Verify that the intermediate signing key of the payload hasn't expired.
  4. Verify that the signature of the payload is valid by the intermediate signing key.
  5. Decrypt the contents of the payload after you verify the signature.
  6. Verify that the message isn't expired. This requires you to check that the current time is less than the messageExpiration field in the decrypted contents.
  7. Use the decrypted contents to process the payment with the uP Payments API.