Fundraising/Data and flow/Payment methods/Apple Pay

w:Apple Pay is a mobile payment service by Apple Inc. that allows users to make payments in person, in iOS apps, and on the web.

We have integrations both directly through Adyen and through Gravy using the Adyen backend. There is also native iOS payments that are using the direct Adyen integration.

We share some Apple Pay setup with the iOS team. Not everyone has access to the full config so if something is needed ask the iOS team and they can help out.

We need to do this every 2 years. We have to generate a CSR and upload it to Apple.

• if you need to create a new private key, use this command
  • openssl genpkey -aes256 -algorithm RSA -out private_key.pem -pkeyopt rsa_keygen_bits:2048
  • enter the password from the adyen main.yaml settings file under payment-provider/apple/constructor-parameters/certificate-password
• create a new CSR
  • openssl req -new -key private_key.pem -out csr.pem -subj '/UID=merchant.com.adyen.wikimedia.test/CN=Apple Pay Merchant Identity:merchant.com.adyen.wikimedia.test/OU=AKK7J2GV64/O=Wikimedia Foundation'
  • enter the same password
• At the Apple merchant ID list , select the appropriate ID. Under the 'Apple Pay Merchant Identity Certificate' section, click 'Create Certificate' and upload the CSR. When it has been successfully created, you can download it in cer format with the 'Download' button.
• convert the certificate to pem format
  • openssl x509 -inform DER -outform PEM -in merchant_id.cer -out merchant_id.pem
• and concatenate it with the key
  • cat merchant_id.pem private_key.pem > adyen-091625-apple-pay-cert.pem
• deploy that file to the path specified in adyen's main.yaml under payment-provider/apple/constructor-parameters/certificate-path

Now create the payment processing cert. This is a cert which Adyen uses, so they generate the CSR.

• In the Adyen client area, under Developer->API credentials, choose the right API user and expand the Apple Pay Certificates section under 'Wallet payment methods'.
• Click the add button
• enter the merchant id e.g. merchant.com.adyen.wikimedia.test and click 'Download csr' to get a file named e.g. WikimediaFoundation_ws_merchant.com.adyen.wikimedia.test.csr
• Leave that tab open and in another tab go to developer.apple.com, navigate to the Merchant Identifiers list
• Select the 'Wikimedia Apple Pay Merchant ID' record to edit
• At the top, under 'Apple Pay Payment Processing Certificate', click 'Create Certificate'
• Upload the csr file that you downloaded from Adyen
• In the next step, click 'Download' and get a file from Apple called apple_pay.cer
• Back at the Adyen client area, upload the apple_pay.cer file to complete the credential setup.

We have to do this yearly? Adyen and Gravy use different files, but the process on the apple side is the same.

• Navigate to the Merchant Identifiers list
• Select the 'Wikimedia Apple Pay Merchant ID' record to edit
• On the Edit or Configure Merchant ID page, Scroll down to the Merchant Domains block
• On the right, click Verify
• Download the new verification file payments.wikimedia.org
• In payments-wiki, update the contents of .well-known/apple-developer-merchantid-domain-association.txt with the contents of the new verification file you just downloaded
• Example here: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/1123424
• Deploy that change
• Reverify by clicking 'OK'

It will take a few seconds to process, and then if successful, you will be redirected back to the Edit or Configure Merchant ID page where Verification Expires date should be updated.

Adyen was our first Apple Pay integration. We are using Adyen's certificate for setup. More info at Fundraising/Data and flow/PSP integrations/Adyen Checkout#Apple Pay

More information here for adyen Fundraising/Data and flow/PSP integrations/Adyen Checkout#In App (Native) Donations

…