Skip to main content

Apple Pay Setup

Before you can accept Apple Pay in your e-commerce or platform, you have to complete Apple's Merchant setup. While the detailed steps can be found in Apple Pay official documentation, we will cover them in a hands-on approach to streamline the integration process.

Apple Developer Program Enrollment

An active subscription to Apple Developer Program is a requirement to accept Apple Pay in your application.

Usually, the steps are straightforward and self-explanatory. You just have visit this link and follow the instructions in the page.

However, some users may face this error and get stuck in a loop:

There can be many reasons for such. If Apple portal doesn't give further details, your best option is to contact support and report the issue.

Support staff may ask for additional verification, such as sending personal documents through Apple's portal to verify identify and unblock the process. This sort of request can happen via e-mail, even after completing the purchase, in order to complete enrollment.

Create a Merchant ID

After the enrollment is complete, developers can create Merchant IDs in Apple's portal. Requirements are minimal:

The identifier can't be changed later.

Existing Merchant IDs can be found here.

Create a Payment Processing Certificate

Find your Merchant ID in the Merchant List and navigate to its detail page.

In the Apple Pay Payment Processing Certificate section, click Create Certificate to be directed to the Certificate Signing Request (CSR) upload page.

To create a new CSR we will use OpenSSL:

# First create a new private key
openssl ecparam -out apple_pay_private.key -name prime256v1 -genkey

# Then, source the private key to create a new CSR:
openssl req -new -sha256 -key apple_pay_private.key -nodes -out apple_pay.csr -subj "/CN=EnchantedWidgets, Inc./O=EnchantedWidgets, Inc./OU=Product Development/CN=John Doe/UID=johndoe/EMAIL=johndoe@example.com/STREET=123 Fantasy Lane/L=Fairyville/ST=Fairyland/C=FL/POSTALCODE=12345/DC=fantasy/DC=local"

Upload the apple_pay.csr file in Apple portal to create a new Certificate.

Download the apple_pay.cer file and convert it to PEM format, for later usage:

openssl x509 -inform der -in apple_pay.cer -out apple_pay.pem
These files are sensitive and should be stored somewhere safe.

Create a Merchant Identity Certificate

Find your Merchant ID in the Merchant List and navigate to its detail page.

In the Apple Pay Merchant Identity Certificate section, click Create Certificate to be directed to the Certificate Signing Request (CSR) upload page.

To create a new CSR we will use OpenSSL:

First we must create a new private key:

openssl genrsa -out merchant_id_private.key 2048

Then, source the private key to create a new CSR:

openssl req -new -key merchant_id_private.key -out merchant_id.csr -subj "/CN=EnchantedWidgets, Inc./O=EnchantedWidgets, Inc./OU=Product Development/CN=John Doe/UID=johndoe/EMAIL=johndoe@example.com/STREET=123 Fantasy Lane/L=Fairyville/ST=Fairyland/C=FL/POSTALCODE=12345/DC=fantasy/DC=local"

Upload the merchant_id.csr file in Apple portal to create a new Certificate.

Download the merchant_id.cer file and convert it to PEM format, for later usage:

openssl x509 -inform der -in merchant_id.cer -out merchant_id.pem
These files are sensitive and should be stored somewhere safe.

Verify a Domain

Find your Merchant ID in the Merchant List and navigate to its detail page.

In the Merchant Domains section, click Add Domain.

Enter your domain and click save.

In the next page, download the verification file and upload it to the address shown in the screen. Click Verify when the file is available.

If you are still in POC or development phase, publishing an Apple Pay implementation website under an owned domain with a valid SSL certificate may be tricky.

In such cases, tunneling may represent a good option to preview local projects through a working HTTPS connection. Cloudflare tunnel may be worth checking out.