Apple Pay Configuration in Apple Developer Account

TABLE OF CONTENTS

Overview

This article provides a complete, developer-focused guide to configuring Apple Pay in Znode using Spreedly. It covers Apple Developer setup, certificate generation, and integration steps required to enable secure Apple Pay transactions on the Storefront.

Apple Pay integration requires configuration across three components:

  • Apple Developer Portal (Merchant setup and certificates)
  • Spreedly (payment orchestration and decryption)
  • Znode Admin Console (certificate configuration)

Prerequisites

Apple Requirements

  • Active Apple Developer account with Apple Pay entitlement enabled
  • Access to Certificates, Identifiers & Profiles

Spreedly Requirements

  • Active Spreedly account
  • Environment Key and Access Secret
  • Configured payment gateway (such as Authorize.Net or CyberSource)

Storefront Requirements

  • HTTPS-enabled publicly accessible domain
  • Apple Pay-compatible Storefront (Safari on iOS/macOS)

System Requirements

  • OpenSSL installed and available via command line
  • PowerShell access

Use Case 1: Creating a Merchant ID in Apple Developer Portal

The Merchant ID uniquely identifies your business for Apple Pay transactions.

Steps

  1. Sign in to the Apple Developer Portal.
  2. Navigate to Certificates, Identifiers & Profiles.
  3. Select Identifiers.
  4. Click Add (+) to create a new identifier.
  5. Select Merchant IDs and continue.
  6. Enter a description for the Merchant ID.
  7. Enter the identifier in the format:
    merchant.<your-domain>
  8. Click Register.

Expected Outcome

  • Merchant ID is created successfully and visible in the Apple Developer Portal
  • Certificate configuration sections become available

Notes

  • Merchant IDs must be globally unique
  • Merchant IDs cannot be modified after creation

Use Case 2: Configuring Payment Processing Certificate

This certificate is used by Spreedly to decrypt Apple Pay payment tokens.

Steps

Step 1: Prepare Environment

  1. Create a working directory (for example: D:\ApplePay).
  2. Download the PowerShell script:
    • generate_apple_pay_payment_processing_certificate.ps1
  3. Ensure OpenSSL is installed and accessible.
  4. Open PowerShell and navigate to the directory.

Step 2: Execute Script

.\generate_apple_pay_payment_processing_certificate.ps1

If execution is blocked:

powershell.exe -ExecutionPolicy Bypass -File .\generate_apple_pay_payment_processing_certificate.ps1

Step 3: Provide Inputs

  • Spreedly Environment Key
  • Spreedly Access Secret
  • Email address
  • Optional Common Name and Output File Name

Step 4: Upload CSR to Apple

  1. Open Merchant ID in Apple Developer Portal
  2. Under Payment Processing Certificate, click Create Certificate
  3. Upload the generated CSR file
  4. Download the issued .cer certificate

Step 5: Resume Script

  1. Return to PowerShell
  2. Enter the certificate file name when prompted

Step 6: Automatic Processing

  • Converts .cer to .pem
  • Uploads certificate to Spreedly
  • Saves the PEM file locally

Expected Outcome

  • Certificate status shows Active in Apple Developer Portal
  • Script execution completes successfully

Generated Files

  • apple-pay-payment-processing.csr
  • apple-pay-payment-processing.pem

Use Case 3: Configuring Merchant Identity Certificate

This certificate is used during Apple Pay merchant validation.

Steps

Step 1: Generate CSR and Private Key

.\generate_apple_pay_merchant_identity_certificate.ps1

If execution is blocked:

powershell.exe -ExecutionPolicy Bypass -File .\generate_apple_pay_merchant_identity_certificate.ps1

Step 2: Generate Certificate in Apple

  1. Navigate to Merchant ID in Apple Developer Portal
  2. Click Create Certificate under Merchant Identity Certificate
  3. Upload CSR file
  4. Download the .cer file

Step 3: Convert Certificate

  • Enter certificate file name when prompted
  • Script outputs:
    • apple-pay-merchant-certificate.pem

Step 4: Configure in Znode Admin Console

  • Upload:
    • Merchant Identity Certificate: apple-pay-merchant-certificate.pem
    • Merchant Identity Private Key: apple-pay-private-key.pem

Expected Outcome

  • Znode completes successful merchant validation during Apple Pay transactions

Payment Flow Summary

Supported Platforms

  • Safari browser
  • iPhone (iOS)
  • Mac (macOS)

Transaction Flow

Merchant Validation

  1. User clicks Apple Pay button
  2. Frontend sends validation request to backend
  3. Backend validates using Merchant ID, domain, and certificate
  4. Apple returns merchant session
  5. Apple Pay interface is displayed

Payment Authorization

  1. User authorizes payment
  2. Apple generates encrypted payment token
  3. Token sent to backend
  4. Backend forwards token to Spreedly
  5. Spreedly decrypts token
  6. Payment submitted to gateway
  7. Gateway returns success or failure
  8. Result displayed to user

Common Errors and Troubleshooting

Script Execution Blocked

Issue: PowerShell prevents execution.

Resolution:

powershell.exe -ExecutionPolicy Bypass -File <script-name>

Certificate Not Active

Resolution:

  • Verify correct CSR upload
  • Re-run script if required

Apple Pay Not Displayed

  • Ensure Safari browser is used
  • Verify supported device
  • Check Merchant ID and domain configuration

Best Practices

  • Store certificate files securely
  • Maintain consistent naming conventions
  • Monitor certificate expiration dates
  • Use separate environments for development and production

Summary

With this configuration:

  • Apple manages merchant identity and trust
  • Spreedly handles token decryption
  • Znode manages validation and transaction orchestration

This ensures secure, compliant Apple Pay transactions within the Storefront.

Did you find it helpful? Yes No

Send feedback
Sorry we couldn't be helpful. Help us improve this article with your feedback.