# Apple Pay

Add [Apple Pay](https://developer.apple.com/apple-pay/) to iOS apps, watchOS apps and to websites for [these supported countries](https://www.apple.com/ios/feature-availability/#apple-pay).

Important
Mastercard, Visa, Amex and Discover branded Apple Pay payments receive liability shift.

## Get started

1. Read through [Apple's overview](https://developer.apple.com/apple-pay/implementation/).
2. Create an Apple Merchant ID.
3. Ask your Worldpay Implementation Manager to enable Apple Pay.
4. Get your Certificate Signing Request (CSR) from Worldpay.
5. Get your payment processing certificate from Apple using the CSR provided by Worldpay.


### Enable [Apple Pay in-app](https://developer.apple.com/documentation/passkit/apple_pay/)

1. Enable Apple Pay in Xcode.
2. Set **`merchantCapabilities`** to **`PKMerchantCapability3DS`**, as Worldpay only supports 3DS.


### Enable [Apple Pay on the web](https://developer.apple.com/documentation/apple_pay_on_the_web)

1. Register and verify any domains that will host Apple Pay.
2. Create a merchant identity certificate. This is used to establish a secure connection between your servers and Apple's servers.
3. Set **`merchantCapabilities`** to **`PKMerchantCapability3DS`**, as Worldpay only supports 3DS.


## Apple Pay payment request

Use our [Customer Initiated Transactions endpoint](/products/card-payments/openapi/other/authorize) to take Apple Pay payments.

`POST` `https://try.access.worldpay.com/cardPayments/customerInitiatedTransactions`

{
    "transactionReference": "Memory265-13/08/1876",
    "merchant": {
        "entity": "default"
    },
    "instruction": {
        "requestAutoSettlement": {
            "enabled": false
        },
        "narrative": {
            "line1": "Mind Palace"
        },
        "value": {
            "currency": "GBP",
            "amount": 250
        },
        "paymentInstrument": {
            "type": "card/wallet+applepay",
            "walletToken": "{\"version\": \"EC_v1\",\"data\": \"kdHd..GQ==\",\"signature\": \"MIAGCSqGSIb3DQEH...AAA\",\"header\": {\"transactionId\": \"d3b28af..f8\",\"ephemeralPublicKey\": \"MFkwE..Q==\",\"publicKeyHash\": \"dxCK..6o=\" }}"
        }
    },
    "channel": "ecom"
}
The `paymentInstrument.walletToken` is taken from `payment.paymentToken.paymentData` in the Apple Pay [payment request](https://developer.apple.com/documentation/apple_pay_on_the_web/payment_request_api).

For more information on taking an Apple Pay payment, take a look at our [Card Payments API documentation](/products/card-payments/authorize-a-payment).

## Use Apple Pay to set up and take repeat payments

Your customer can use Apple Pay to set up repeat payments (such as subscriptions). In those cases, make sure to include the `recurringPaymentRequest` modifier in your Apple Pay [payment request](https://developer.apple.com/documentation/apple_pay_on_the_web/payment_request_api). This allows you to include additional information within the Apple Pay form relating to the payment agreement you are making with your customer, such as terms and conditions and billing frequency.

Now, include the `customerAgreement` object in your [Customer Initiated Transactions](/products/card-payments/openapi/other/authorize) Apple Pay request:


```
{
...
  "instruction": {
    ...
    "customerAgreement": {
      "type": "subscription",
      "storedCardUsage": "first"
    }
  }
}
```

We convert the Apple Pay encrypted payload into a Worldpay Token, which will be returned to you in the response to the above request. Use that token to request subsequent recurring [Merchant Initiated Transactions](/products/card-payments/openapi/other/recurring).

### Apple Pay Merchant Tokens (MPAN)

When you use the `recurringPaymentRequest` property, Apple issues a [merchant token](https://developer.apple.com/apple-pay/merchant-tokens/) (sometimes referred to as a Merchant PAN or MPAN).

Merchant tokens are specific to the merchant, rather than to a particular iOS device, meaning that they remain valid even if your customer upgrades their iOS device and removes the card from their Apple wallet on their old device.

There are no changes to the format of the Apple Pay payment token that you submit to Worldpay.

If the card brand does not support merchant-scoped tokens, Apple issues a regular device-specific token for the payment request.

## Apple Pay payment response

### Successful payment

You receive:

* an HTTP code `201`
* an `"outcome": "authorized"`
* a `paymentInstrument`
* links to [cancel](/products/card-payments/manage-payments#cancel-an-authorization), [settle](/products/card-payments/manage-payments#settle-an-authorization), [partially settle](/products/card-payments/manage-payments#partially-settle-an-authorization) or [query](/products/card-payments/query-a-payment)


### Refused payment

You receive:

* an `"outcome": "refused"`
* a [refusal code](/products/reference/refusal-response)
* a `description` that gives additional context on the refusal
* a `paymentInstrument`


Successful
{
    "outcome": "authorized",
    "riskFactors": [{
            "risk": "notChecked",
            "detail": "postcode",
            "type": "avs"
        },
        {
            "risk": "notChecked",
            "detail": "address",
            "type": "avs"
        }
    ],
    "scheme": {
        "reference": "schemeReference"
    },
    "paymentInstrument": {
        "type": "card/network+masked",
        "cardBin": "444433",
        "lastFour": "1111",
        "tokenNumber": "444433******1111",
        "countryCode": "GB",
        "expiryDate": {
            "month": 2,
            "year": 2028
        },
        "cardBrand": "visa",
        "fundingType": "debit",
        "category": "consumer",
        "issuerName": "VALID_ISSUER",
        "paymentAccountReference": "somePAR"
    },
    "_links": {
        "cardPayments:cancel": {
            "href": "https://try.access.worldpay.com/payments/authorizations/cancellations/eyJrIjoiazUyOTVhMSIsImxpbmtWZXJzaW9uIjoiMy4wLjAifQ==.7uyuNo1ShOgM5rTwStg86LXzb0a2wdLW1lwX:DIQ2Ecrp4gw65VLnHmjsAVqzpa2NcwixaBb2p8R2x5NPXdRpybJ2ndKlbkNOc9gj+ruN20iaTdYqv2FNgB3ZAw3g+yyUMUlQDFD8DU++ZswXpUQe8YTBHmTP8zHQUXrSORn9IaI6kzJnMu2HWwEJOqKnWLvRCMy:fr4ptatJJrmRVON8WTjisJL:sd3TJ9uDcO:gD+q+Q01y++Mzop0k8y3bDcnNBpsG:8xf4uKGGYO3EcAWA=="
        },
        "cardPayments:settle": {
            "href": "https://try.access.worldpay.com/payments/settlements/full/eyJrIjoiazUyOTVhMSIsImxpbmtWZXJzaW9uIjoiMy4wLjAifQ==.7uyuNo1ShOgM5rTwStg86LXzb0a2wdLW1lwX:DIQ2Ecrp4gw65VLnHmjsAVqzpa2NcwixaBb2p8R2x5NPXdRpybJ2ndKlbkNOc9gj+ruN20iaTdYqv2FNgB3ZAw3g+yyUMUlQDFD8DU++ZswXpUQe8YTBHmTP8zHQUXrSORn9IaI6kzJnMu2HWwEJOqKnWLvRCMy:fr4ptatJJrmRVON8WTjisJL:sd3TJ9uDcO:gD+q+Q01y++Mzop0k8y3bDcnNBpsG:8xf4uKGGYO3EcAWA=="
        },
        "cardPayments:partialSettle": {
            "href": "https://try.access.worldpay.com/payments/settlements/partials/eyJrIjoiazUyOTVhMSIsImxpbmtWZXJzaW9uIjoiMy4wLjAifQ==.7uyuNo1ShOgM5rTwStg86LXzb0a2wdLW1lwX:DIQ2Ecrp4gw65VLnHmjsAVqzpa2NcwixaBb2p8R2x5NPXdRpybJ2ndKlbkNOc9gj+ruN20iaTdYqv2FNgB3ZAw3g+yyUMUlQDFD8DU++ZswXpUQe8YTBHmTP8zHQUXrSORn9IaI6kzJnMu2HWwEJOqKnWLvRCMy:fr4ptatJJrmRVON8WTjisJL:sd3TJ9uDcO:gD+q+Q01y++Mzop0k8y3bDcnNBpsG:8xf4uKGGYO3EcAWA=="
        },
        "cardPayments:events": {
            "href": "https://try.access.worldpay.com/payments/events/eyJrIjoiazUyOTVhMSIsImxpbmtWZXJzaW9uIjoiMy4wLjAifQ==.7uyuNo1ShOgM5rTwStg86LXzb0a2wdLW1lwX:DIQ2Ecrp4gw65VLnHmjsAVqzpa2NcwixaBb2p8R2x5NPXdRpybJ2ndKlbkNOc9gj+ruN20iaTdYqv2FNgB3ZAw3g+yyUMUlQDFD8DU++ZswXpUQe8YTBHmTP8zHQUXrSORn9IaI6kzJnMu2HWwEJOqKnWLvRCMy:fr4ptatJJrmRVON8WTjisJL:sd3TJ9uDcO:gD+q+Q01y++Mzop0k8y3bDcnNBpsG:8xf4uKGGYO3EcAWA=="
        },
        "tokens:token": {
            "href": "https://access.worldpay.com/tokens/linkData"
        },
        "curies": [{
            "name": "cardPayments",
            "href": "https://try.access.worldpay.com/rels/payments/{rel}",
            "templated": true
        }]
    }
}
Refused
{
    "outcome": "refused",
    "description": "Do not honor",
    "refusalCode": "83",
    "refusalDescription": "Fraud/Security related reasons",
    "riskFactors": [{
            "risk": "notChecked",
            "detail": "postcode",
            "type": "avs"
        },
        {
            "risk": "notChecked",
            "detail": "address",
            "type": "avs"
        }
    ],
    "paymentInstrument": {
        "type": "card/network+masked",
        "cardBin": "444433",
        "lastFour": "1111",
        "tokenNumber": "444433******1111",
        "countryCode": "GB",
        "expiryDate": {
            "month": 2,
            "year": 2028
        },
        "cardBrand": "visa",
        "fundingType": "debit",
        "category": "consumer",
        "issuerName": "VALID_ISSUER",
        "paymentAccountReference": "somePAR"
    }
}

The `paymentInstrument` includes `cardBrand`, `fundingType` and `paymentAccountReference`. They can have the following values:

**`brand`**:

* `visa`
* `visaElectron`
* `mastercard`
* `maestro`
* `amex`


**`fundingType`**:

* `debit`
* `credit`


**`paymentAccountReference`** (PAR): The Payment Account Reference is a unique identifier associated with a specific cardholder PAN. This 29 character identification number can be used in place of sensitive customer identification fields. It can be transmitted across the payments ecosystem to facilitate customer identification.

You can use the `payments:settle` action link to [settle the payment](/products/card-payments/manage-payments#settle-an-authorization) straight away. Alternatively, you can cache the response and use the link to settle the payment later.