In App Apple Pay

Enable mobile consumer payments in an iOS environment.


Apple Pay is a mobile payment and digital wallet service by Apple Inc. that allows iOS users to make payments using their compatible mobile device. Apple Pay will work with Visa’s PayWave, MasterCard’s PayPass, and American Express’s ExpressPay services.

Mobile payment apps can hand control of the payment transaction to ApplePay form. iOS encrypts the payment data and returns it to the mobile app. The vendor sends the encrypted payment data to InstaMed.


Security: RSA / public key encryption and tokenization

Compliance: greatest amount of scope reduction under current PCI rules (SAQ A eligible)

Apple Pay (In App) Flow

  1. When the user presses the ApplePay button the App performs the following:
    • Creates a payment request including
      • amount,
      • ApplePay merchant ID,
      • description
    • Initializes ApplePay UI Controller with the payment request
    • Implements Callback method
    • sets UIController delegate=self
    • hands control to ApplePay UI Controller
  2. Apple Pay UI is displayed. The user selects the card and confirms with the fingerprint scanner. ApplePay invokes the callback method with the encrypted data block.
  3. App sends encrypted data block to InstaMed to convert it to a single use token.
  4. App sends single use token with payment request to InstaMed.
  5. InstaMed decrypts the token and processes the payment and returns a response.
  6. App receives response and displays receipt.

Apple Pay (In App) Sample Code

#import 

- (void) doApplePay
{    
	PKPaymentRequest *paymentRequest = [InstaMed paymentRequestWithMerchantIdentifier: 		@"merchant.com.instamedgo"];    
	// Configure your request here.    
	NSString *label = @"SMITH CARDIOLOGY 10005000";    
	NSDecimalNumber *amount = [NSDecimalNumber decimalNumberWithString:@"1.00"];    	paymentRequest.paymentSummaryItems = @[ [PKPaymentSummaryItem summaryItemWithLabel:label                                                                        		amount:amount]];        
	if ([InstaMed canSubmitPaymentRequest:paymentRequest]) {        
		PKPaymentAuthorizationViewController * paymentController;        
		paymentController = [[PKPaymentAuthorizationViewController alloc]                             				initWithPaymentRequest:paymentRequest];        
		paymentController.delegate = self;                
		[self presentViewController:paymentController animated:YES completion:nil];    
	} 
	else 
	{   
	     // Show the user your own credit card form or do SSO flow
	}
}
(void)paymentAuthorizationViewController:(PKPaymentAuthorizationViewController *)controller                       didAuthorizePayment:(PKPayment *)payment                                completion:(void (^)(PKPaymentAuthorizationStatus))completion 
{
	[self handlePaymentAuthorizationWithPayment:payment completion:completion];
}

(void)handlePaymentAuthorizationWithPayment:(PKPayment *)payment                                   
completion:(void (^)(PKPaymentAuthorizationStatus))completion 
{        
// handle single use token; 
}

(void)paymentAuthorizationViewControllerDidFinish:(PKPaymentAuthorizationViewController *)controller 
{    
	[self dismissViewControllerAnimated:YES completion:nil];
}

Sample Request and Response where CardPresentStatus=InAppApplePay

SaveApplePayToken Request

transactionAction=SaveApplePayToken&merchantID=NOVA E4 2&storeID=1&terminalID=1&applePayMerchantID=merchant.com.instamedgo.merchant1&applePayTokenData=%7B%22version%22:%22EC_v1%22,%22data%22:%22QIoRUlFOvwFjkb5T9gyJtidx1lp10tpO93PXLCBqbb3/5vwpTVO/%2BJ3blgMy05tqxTfltsBozYSRyP87/AbV6XD50G5Wu/L152zJmYrMUbeDJB4gwr0R3DXZyY/XQ5LffQnY7pX5G/Oqh/pZKGJG9CuGzlQX/CcO5JAiQc4X%2BCm/Z62OYvhTRAcPvSaDen4BXwvp9cVgp9kYyl6890OFv3DbtoJmZHksc750Ma6aQyrVLEw4m7W9DQc4j4V4Mb0XJieyUFvIy381CCMlNv8l0KH/%2BOBHt6QeObx1Jo51TqOaOeCeUid3JZVsr9ysTTPJ9S7pjbYlcci2t7eD3Wk/evq/gYxEwyNM8eINCwoLpCuSohtR7cET3niALZV2AjgP508AOtiLFfIWRlfv2/32OI/sauw1Vl/dSWZzAoAVyAMR%22,%22signature%22:%22MIAGCSqGSIb3DQEHAqCAMIACAQExDzANBglghkgBZQMEAgEFADCABgkqhkiG9w0BBwEAAKCAMIID4jCCA4igAwIBAgIIJEPyqAad9XcwCgYIKoZIzj0EAwIwejEuMCwGA1UEAwwlQXBwbGUgQXBwbGljYXRpb24gSW50ZWdyYXRpb24gQ0EgLSBHMzEmMCQGA1UECwwdQXBwbGUgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxEzARBgNVBAoMCkFwcGxlIEluYy4xCzAJBgNVBAYTAlVTMB4XDTE0MDkyNTIyMDYxMVoXDTE5MDkyNDIyMDYxMVowXzElMCMGA1UEAwwcZWNjLXNtcC1icm9rZXItc2lnbl9VQzQtUFJPRDEUMBIGA1UECwwLaU9TIFN5c3RlbXMxEzARBgNVBAoMCkFwcGxlIEluYy4xCzAJBgNVBAYTAlVTMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEwhV37evWx7Ihj2jdcJChIY3HsL1vLCg9hGCV2Ur0pUEbg0IO2BHzQH6DMx8cVMP36zIg1rrV1O/0komJPnwPE6OCAhEwggINMEUGCCsGAQUFBwEBBDkwNzA1BggrBgEFBQcwAYYpaHR0cDovL29jc3AuYXBwbGUuY29tL29jc3AwNC1hcHBsZWFpY2EzMDEwHQYDVR0OBBYEFJRX22/VdIGGiYl2L35XhQfnm1gkMAwGA1UdEwEB/wQCMAAwHwYDVR0jBBgwFoAUI/JJxE%2BT5O8n5sT2KGw/orv9LkswggEdBgNVHSAEggEUMIIBEDCCAQwGCSqGSIb3Y2QFATCB/jCBwwYIKwYBBQUHAgIwgbYMgbNSZWxpYW5jZSBvbiB0aGlzIGNlcnRpZmljYXRlIGJ5IGFueSBwYXJ0eSBhc3N1bWVzIGFjY2VwdGFuY2Ugb2YgdGhlIHRoZW4gYXBwbGljYWJsZSBzdGFuZGFyZCB0ZXJtcyBhbmQgY29uZGl0aW9ucyBvZiB1c2UsIGNlcnRpZmljYXRlIHBvbGljeSBhbmQgY2VydGlmaWNhdGlvbiBwcmFjdGljZSBzdGF0ZW1lbnRzLjA2BggrBgEFBQcCARYqaHR0cDovL3d3dy5hcHBsZS5jb20vY2VydGlmaWNhdGVhdXRob3JpdHkvMDQGA1UdHwQtMCswKaAnoCWGI2h0dHA6Ly9jcmwuYXBwbGUuY29tL2FwcGxlYWljYTMuY3JsMA4GA1UdDwEB/wQEAwIHgDAPBgkqhkiG92NkBh0EAgUAMAoGCCqGSM49BAMCA0gAMEUCIHKKnw%2BSoyq5mXQr1V62c0BXKpaHodYu9TWXEPUWPpbpAiEAkTecfW6%2BW5l0r0ADfzTCPq2YtbS39w01XIayqBNy8bEwggLuMIICdaADAgECAghJbS%2B/OpjalzAKBggqhkjOPQQDAjBnMRswGQYDVQQDDBJBcHBsZSBSb290IENBIC0gRzMxJjAkBgNVBAsMHUFwcGxlIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MRMwEQYDVQQKDApBcHBsZSBJbmMuMQswCQYDVQQGEwJVUzAeFw0xNDA1MDYyMzQ2MzBaFw0yOTA1MDYyMzQ2MzBaMHoxLjAsBgNVBAMMJUFwcGxlIEFwcGxpY2F0aW9uIEludGVncmF0aW9uIENBIC0gRzMxJjAkBgNVBAsMHUFwcGxlIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MRMwEQYDVQQKDApBcHBsZSBJbmMuMQswCQYDVQQGEwJVUzBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABPAXEYQZ12SF1RpeJYEHduiAou/ee65N4I38S5PhM1bVZls1riLQl3YNIk57ugj9dhfOiMt2u2ZwvsjoKYT/VEWjgfcwgfQwRgYIKwYBBQUHAQEEOjA4MDYGCCsGAQUFBzABhipodHRwOi8vb2NzcC5hcHBsZS5jb20vb2NzcDA0LWFwcGxlcm9vdGNhZzMwHQYDVR0OBBYEFCPyScRPk%2BTvJ%2BbE9ihsP6K7/S5LMA8GA1UdEwEB/wQFMAMBAf8wHwYDVR0jBBgwFoAUu7DeoVgziJqkipnevr3rr9rLJKswNwYDVR0fBDAwLjAsoCqgKIYmaHR0cDovL2NybC5hcHBsZS5jb20vYXBwbGVyb290Y2FnMy5jcmwwDgYDVR0PAQH/BAQDAgEGMBAGCiqGSIb3Y2QGAg4EAgUAMAoGCCqGSM49BAMCA2cAMGQCMDrPcoNRFpmxhvs1w1bKYr/0F%2B3ZD3VNoo6%2B8ZyBXkK3ifiY95tZn5jVQQ2PnenC/gIwMi3VRCGwowV3bF3zODuQZ/0XfCwhbZZPxnJpghJvVPh6fRuZy5sJiSFhBpkPCZIdAAAxggFeMIIBWgIBATCBhjB6MS4wLAYDVQQDDCVBcHBsZSBBcHBsaWNhdGlvbiBJbnRlZ3JhdGlvbiBDQSAtIEczMSYwJAYDVQQLDB1BcHBsZSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTETMBEGA1UECgwKQXBwbGUgSW5jLjELMAkGA1UEBhMCVVMCCCRD8qgGnfV3MA0GCWCGSAFlAwQCAQUAoGkwGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAcBgkqhkiG9w0BCQUxDxcNMTUwNTI5MTYzNjUxWjAvBgkqhkiG9w0BCQQxIgQg%2Bh%2BdKnaO7MdFOgVhVS9BGEctVFjiK%2Bsi8Zs1ie9NTIUwCgYIKoZIzj0EAwIERjBEAiAaGY6zEvk%2B7CA6UHZoNIfQZAQ6pHgMuwu8MdKwyXFH4wIgG9t0h4fTi0ExkOH8OpiRfiATFjDh5wvgEhcCZuFDZUsAAAAAAAA%3D%22,%22header%22:%7B%22ephemeralPublicKey%22:%22MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE%2B1I74Oo2BgCOYw5irBl6Oj3sYZYidwE3Q8Nepore5CVp0lS37/k7vZqPtjrXWDTCUYLRMusdJnykc8ExV8JHpQ%3D%3D%22,%22transactionId%22:%22cafafd4a9567d7637df42490307ebbbf558987b1b7dc528bd447357b96de48bd%22,%22publicKeyHash%22:%22aLRGJ9LtpjvcXaN9FIlxWG67GJzdK5MorlEvS4mRGTo%3D%22%7D%7D

SaveApplePayToken Response

applePayTokenID=NTc0MTY0ZWUtYjExMC00N2I0LWJlMzQtYTNkZTRiZjNhMjM2

InAppApplePay Request

transactionAction=AuthCapt&transactionType=CreditCard&merchantID=NOVA E4 2&storeID=1&terminalID=1&applePayMerchantID=merchant.com.instamedgo.merchant1&applePayTokenID=ZDkzYWYxNTEtMWQ1My00MDUzLWFjY2UtZmVmYjhiYzI3MDUz&amount=100.00&cardPresentStatus=InAppApplePay

InAppApplePay Response

"IsEMVVerifiedByPIN=false&cardBrand=VISA&cardExpirationMonth=1&cardExpirationYear=2019&cardBINNumber=400278&paymentCardType=CREDIT&lastFourDigits=8667&authorizationNumber=CVI142&responseCode=000&responseMessage=APPROVAL&transactionStatus=C&authorizationText=I AGREE TO PAY THE ABOVE AMOUNT ACCORDING TO MY CARD HOLDER AGREEMENT.&transactionID=EEBE93934EBC43F59E8806A161FFCCC6&transactionDate=2015-05-29T16:31:49.2894368Z