Using Server-to-Server

Updated on 21 Feb 2025
3 Minutes to read

Print
Share
Dark
Light

Article summary

Did you find this summary helpful?

Thank you for your feedback

Processing Apple Pay and Google Pay via DirectConnect:

To process payments via Apple Pay / Google Pay directly through a server-to-server model, you may use the Request Payment or Payout API and leverage the Payment Credentials attribute so that the payment is processed via Apple Pay / Google Pay.

The below implementation requires you to handle the decryption for Apple Pay / Google Pay tokens on your own. Following this, they are then provided to Apcopay, together with a Cryptogram (contained in the Apple Pay / Google Pay token), and we will then process the payment using the token and cryptogram provided.

Note

This requires direct certification with Apple Pay and / or Google Pay. If you are not certified, we suggest using our Hosted Payment Page model instead.

Attribute	Description	Example
PaymentSource	Use this attribute to instruct the source of the payment as a particular Google Pay or Apple Pay Token	Google Pay or Apple Pay
CardType	Specify the card scheme.	VISA
ProviderToken	Specify the Apple Pay / Google Pay token to use for the payment.	5285391966672837
ExpMonth	Specify the card expiry month.	12
ExpYear	Specify the card expiry year.	2025
Cryptogram	This field should contain the Cryptogram to use for the token provided.	MCcC5CnCmAA6DAffA6DjZoZCDIA%3d
ECI	Electronic Commerce Indicator value.	07
DeviceID	Only required for Apple Pay. Does not apply to Google Pay implementations.	050221140363

Processing Apple Pay

Prerequisites

Decryption of Apple Pay tokens requires an Apple Developer account that is linked to either the Apple Developer program or the Apple Developer Enterprise program.
You must also be PCI DSS compliant

To decrypt tokens for Apple Pay, follow the steps detailed on the Apple developer portal.

This includes:

Using the value in the publicKeyhash to retrieve the public key certificate and private key.
Restoring the symmetric key.
Using that same key to then decrypt the value of the data key.
Cross checking the transaction details of the Apple Pay request against those of the transaction being processed.
Using the now decrypted data to process the payment using the below payload structures.

For Apple Pay, you will need to pay particular attention to the PaymentCredentials attribute and its properties ECI , Cryptogram and DeviceID.

Below is an example of a payload for Apple Pay Processing via DirectConnect:

{ 
"TransactionType": "PURC", 
"Amount": "1.00", 
"Currency": "EUR", 
"Language": "en", 
"UniqueReference": "072ddb9b-a2b0-458c-9864-4d29d8ef4ef8", 
"PaymentCredentials": { 
   "PaymentSource": "ApplePay", 
   "CardType": "VISA", 
   "ProviderToken": "5285391966672837", 
   "ExpMonth": "12", 
   "ExpYear": "2025",
   "Cryptogram": "yourcryptogram",
   "ECI": "07",
   "DeviceID": "050221140363"
}, 
"Client": { 
"ClientAccount": "APCOPAY", 
"FirstName": "Apco", 
"LastName": "Test", 
"Email": "support@apcolabs.tech", 
"City": "City", 
"ZIPCode": "Zip Code", 
"Country": "MLT", 
"MobileNo": "0035612345678", 
"IPAddress": "1.0.0.1", 
"Street": "House No Street", 
"DateOfBirth": "1977-12-31" 
}, 
"Routing": { 
"ForceBank": "PTEST" 
}, 
"BrowserDetails": { 
"UserAgent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36", 
"JavaEnabled": true, 
"ScreenColorDepth": "1", 
"ScreenWidth": "1080", 
"ScreenHeight": "840",
"TimeZone": "2", 
"AcceptHeader": "application/json", 
"BrowserLanguage": "en" }, 
"OrderReference": "ORDERREFHERE", 
"RedirectionURL": "https://www.yourURLhere.com/Redirect/", 
"CallBackURL": "https:/https://www.yourURLhere.com/Listener", 
"IsTest": true 
}

Processing Google Pay

Prerequisites

Decryption of Google Pay tokens requires a Google Pay merchant ID.
You must also be PCI DSS compliant

To decrypt tokens for Google Pay, follow the steps detailed on the Google developer portal.

This includes:

Retrieving the Google root signing keys.
Verifying that the intermediate signing keys and their signatures are valid and no root signing keys are expired.
Verifying that the payload signature is valid by checking it against the intermediate signing key.
Decrypting the payload contents following step (3).
Using the messageExpiration field, confirming that the payload is not expired.
Using the now decrypted data to process the payment using the below payload structure.

For Google Pay, you will need to pay particular attention to the PaymentCredentials attribute and its properties ECI and Cryptogram. Unlike Apple Pay, no DeviceID is required here.

Below is an example of a payload for Google Pay Processing via DirectConnect:

{ 
"TransactionType": "PURC", 
"Amount": "1.00", 
"Currency": "EUR", 
"Language": "en", 
"UniqueReference": "072ddb9b-a2b0-458c-9864-4d29d8ef4ef8", 
"PaymentCredentials": { 
   "PaymentSource": "GooglePay", 
   "CardType": "VISA", 
   "ProviderToken": "5285391966672837", 
   "ExpMonth": "12", 
   "ExpYear": "2025",
   "Cryptogram": "yourcryptogram",
   "ECI": "07"
}, 
"Client": { 
"ClientAccount": "APCOPAY", 
"FirstName": "Apco", 
"LastName": "Test", 
"Email": "support@apcolabs.tech", 
"City": "City", 
"ZIPCode": "Zip Code", 
"Country": "MLT", 
"MobileNo": "0035612345678", 
"IPAddress": "1.0.0.1", 
"Street": "House No Street", 
"DateOfBirth": "1977-12-31" 
}, 
"Routing": { 
"ForceBank": "PTEST" 
}, 
"BrowserDetails": { 
"UserAgent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36", 
"JavaEnabled": true, 
"ScreenColorDepth": "1", 
"ScreenWidth": "1080", 
"ScreenHeight": "840",
"TimeZone": "2", 
"AcceptHeader": "application/json", 
"BrowserLanguage": "en" }, 
"OrderReference": "ORDERREFHERE", 
"RedirectionURL": "https://www.yourURLhere.com/Redirect/", 
"CallBackURL": "https:/https://www.yourURLhere.com/Listener", 
"IsTest": true 
}

Was this article helpful?

What's Next

Callback Notifications

Table of contents