Radial Integration | 2016

Payments, Tax & Fraud > Payments Processing > Apple Pay Processing > Decryption API

Decryption API

Overview

When a user with an Apple device authorizes a payment through Apple Pay, iOS connects to the Apple server and receives an encrypted data blob, which the iOS application sends to the Payments Service Decryption API. The Payment Service decrypts the blob and sends decrypted payment information back to the iOS application.

URI Summary

Action URI Template URI Example Non-URI Request Response
POST /v[M.m]/stores/[StoreID]/
payments/decryptblob		 /v1.0/stores/store123/
payments/decryptblob		 XML 200 + XML response

Request Example

DecryptionBlobRequest

<?xml version="1.0" encoding="UTF-8"?>
<DecryptBlobRequest xmlns="http://api.gsicommerce.com/schema/checkout/1.0">
    <AlgorithmVersion>apd</AlgorithmVersion>
    <EncryptionHeader>
        <EphemeralPublicKey>MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEAtpj8+ZI9S3gQ7QHCM/dLYTj
           dSgKdXlDDI/ezdwmHc4HosSYFdYYE/v8t2CcFwJHmceet/GNE1VRO57W3VxeAg==
        </EphemeralPublicKey>
        <TransactionId>84a7e17570c940f6a268d9121a4c090f1d2e22bab4da0f2054c7ba53035dc79a
        </TransactionId>
        <PublicKeyHash>i3F+FlIbyhjfYqMqm3M/dpeWRO9tnD+U9BJng3tkkig=</PublicKeyHash>
    </EncryptionHeader>
    <Version>EC_v1</Version>
    <Data>GcUsL3ZgQVf9Raf7fBY+0AXsoO/5REeQWE6mROAJM4QvxJgOO6mxW1CuM1P7Ox9hQo1Qt1dg/VIS5fs
zNq7YhB0oQNgoEwAh7bTXEUBtmx0lzvN5EWxah0ScMbv/v+7CuakmRG6c6hO4xQlayCNGV6diFK1Ng6zNphSW53b1
Di6vhqJcDnGs2tvu6wHyGfqIH6AeUmCNsiBvkHsaiiHbiWcL6BPpWuoW7y5bZK3mMxgygYgzZec/XnlV5lcJocpPD
cL8ouuVU/oBMZn9ox/Ql3r9E8f3g7+uTdKZ+TEoyKIH52VQUb1/YXU3SZ2Fr2J/oidUPz9+fTvGZkFPQvSX4G+jzY
WlCQmrx6qZ0cfTY/ZcGmITSSbzKcgy35kTTNJdqmL8wqmOzfr202R3sXeGBjS1BqAm5DNzbgWHGrOoc/I=
    </Data>
    <Signature>MIAGCSqGSIb3DQEHAqCAMIACAQExDzANBglghkgBZQMEAgEFADCABgkqhkiG9w0BBwEAAKCAMI
ID4jCCA4igAwIBAgIIJEPyqAad9XcwCgYIKoZIzj0EAwIwejEuMCwGA1UEAwwlQXBwbGUgQXBwbGljYXRpb24gSW5
0ZWdyYXRpb24gQ0EgLSBHMzEmMCQGA1UECwwdQXBwbGUgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxEzARBgNVBAoM
CkFwcGxlIEluYy4xCzAJBgNVBAYTAlVTMB4XDTE0MDkyNTIyMDYxMVoXDTE5MDkyNDIyMDYxMVowXzElMCMGA1UEA
wwcZWNjLXNtcC1icm9rZXItc2lnbl9VQzQtUFJPRDEUMBIGA1UECwwLaU9TIFN5c3RlbXMxEzARBgNVBAoMCkFwcG
xlIEluYy4xCzAJBgNVBAYTAlVTMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEwhV37evWx7Ihj2jdcJChIY3HsL1
vLCg9hGCV2Ur0pUEbg0IO2BHzQH6DMx8cVMP36zIg1rrV1O/0komJPnwPE6OCAhEwggINMEUGCCsGAQUFBwEBBDkw
NzA1BggrBgEFBQcwAYYpaHR0cDovL29jc3AuYXBwbGUuY29tL29jc3AwNC1hcHBsZWFpY2EzMDEwHQYDVR0OBBYEF
JRX22/VdIGGiYl2L35XhQfnm1gkMAwGA1UdEwEB/wQCMAAwHwYDVR0jBBgwFoAUI/JJxE+T5O8n5sT2KGw/orv9Lk
swggEdBgNVHSAEggEUMIIBEDCCAQwGCSqGSIb3Y2QFATCB/jCBwwYIKwYBBQUHAgIwgbYMgbNSZWxpYW5jZSBvbiB
0aGlzIGNlcnRpZmljYXRlIGJ5IGFueSBwYXJ0eSBhc3N1bWVzIGFjY2VwdGFuY2Ugb2YgdGhlIHRoZW4gYXBwbGlj
YWJsZSBzdGFuZGFyZCB0ZXJtcyBhbmQgY29uZGl0aW9ucyBvZiB1c2UsIGNlcnRpZmljYXRlIHBvbGljeSBhbmQgY
2VydGlmaWNhdGlvbiBwcmFjdGljZSBzdGF0ZW1lbnRzLjA2BggrBgEFBQcCARYqaHR0cDovL3d3dy5hcHBsZS5jb2
0vY2VydGlmaWNhdGVhdXRob3JpdHkvMDQGA1UdHwQtMCswKaAnoCWGI2h0dHA6Ly9jcmwuYXBwbGUuY29tL2FwcGx
lYWljYTMuY3JsMA4GA1UdDwEB/wQEAwIHgDAPBgkqhkiG92NkBh0EAgUAMAoGCCqGSM49BAMCA0gAMEUCIHKKnw+S
oyq5mXQr1V62c0BXKpaHodYu9TWXEPUWPpbpAiEAkTecfW6+W5l0r0ADfzTCPq2YtbS39w01XIayqBNy8bEwggLuM
IICdaADAgECAghJbS+/OpjalzAKBggqhkjOPQQDAjBnMRswGQYDVQQDDBJBcHBsZSBSb290IENBIC0gRzMxJjAkBg
NVBAsMHUFwcGxlIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MRMwEQYDVQQKDApBcHBsZSBJbmMuMQswCQYDVQQGEwJ
VUzAeFw0xNDA1MDYyMzQ2MzBaFw0yOTA1MDYyMzQ2MzBaMHoxLjAsBgNVBAMMJUFwcGxlIEFwcGxpY2F0aW9uIElu
dGVncmF0aW9uIENBIC0gRzMxJjAkBgNVBAsMHUFwcGxlIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MRMwEQYDVQQKD
ApBcHBsZSBJbmMuMQswCQYDVQQGEwJVUzBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABPAXEYQZ12SF1RpeJYEHdu
iAou/ee65N4I38S5PhM1bVZls1riLQl3YNIk57ugj9dhfOiMt2u2ZwvsjoKYT/VEWjgfcwgfQwRgYIKwYBBQUHAQE
EOjA4MDYGCCsGAQUFBzABhipodHRwOi8vb2NzcC5hcHBsZS5jb20vb2NzcDA0LWFwcGxlcm9vdGNhZzMwHQYDVR0O
BBYEFCPyScRPk+TvJ+bE9ihsP6K7/S5LMA8GA1UdEwEB/wQFMAMBAf8wHwYDVR0jBBgwFoAUu7DeoVgziJqkipnev
r3rr9rLJKswNwYDVR0fBDAwLjAsoCqgKIYmaHR0cDovL2NybC5hcHBsZS5jb20vYXBwbGVyb290Y2FnMy5jcmwwDg
YDVR0PAQH/BAQDAgEGMBAGCiqGSIb3Y2QGAg4EAgUAMAoGCCqGSM49BAMCA2cAMGQCMDrPcoNRFpmxhvs1w1bKYr/
0F+3ZD3VNoo6+8ZyBXkK3ifiY95tZn5jVQQ2PnenC/gIwMi3VRCGwowV3bF3zODuQZ/0XfCwhbZZPxnJpghJvVPh6
fRuZy5sJiSFhBpkPCZIdAAAxggFeMIIBWgIBATCBhjB6MS4wLAYDVQQDDCVBcHBsZSBBcHBsaWNhdGlvbiBJbnRlZ
3JhdGlvbiBDQSAtIEczMSYwJAYDVQQLDB1BcHBsZSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTETMBEGA1UECgwKQX
BwbGUgSW5jLjELMAkGA1UEBhMCVVMCCCRD8qgGnfV3MA0GCWCGSAFlAwQCAQUAoGkwGAYJKoZIhvcNAQkDMQsGCSq
GSIb3DQEHATAcBgkqhkiG9w0BCQUxDxcNMTUxMjEwMTc0NDEwWjAvBgkqhkiG9w0BCQQxIgQgUiRZSvu2i+zIK3pR
HZsuhRIVtn71HWaUfewTPrqSm8MwCgYIKoZIzj0EAwIERjBEAiBIumc6vmek/PlaZBYgiIsNNV99jmbRFnwnmhLMQ
3REXQIgNpC4d79eJmnCLnkQS1g/WgL3g+7RXszwNXQvK+Quzx0AAAAAAAA=
    </Signature>
</DecryptBlobRequest>
Element Required Description Type Restriction
AlgorithmVersion Yes The algorithm version of the public key requested. String No restrictions
Ephemeral Public Key Yes Hash of the X.509 encoded public key bytes of the merchant's certificate. SHA-256 Hash, Base64 encoded as a String
Version Yes Signature of the Payment and header data. The signature includes the signing certificate, its intermediate CA certificate, and information about the signing algorithm. String No restrictions
TransactionId Yes Transaction Identifier, generated on the device. String No restrictions
Public Key Hash Yes Compares the Signature to the Private/Public Key for validation. String No restrictions
Data Yes Encrypted Payment Data. a payment data dictionary, Base64 encoded as a string. No restrictions
Signature Yes Signature of the payment and header data. The signature includes the signing certificate, its intermediate CA certificate, and information about the signing algorithm. Detached PKCS 37 signature, Base64 encoded as string. No restrictions

Reply Example

DecryptionBlobReply

<?xml version="1.0" encoding="UTF-8"?>
<DecryptBlobReply xmlns="http://api.gsicommerce.com/schema/checkout/1.0">
  <DeviceAccountNumber isToken="false">4054132100566965</DeviceAccountNumber>
  <TenderType>VC</TenderType>
  <ExpirationDate>2021-07</ExpirationDate>
  <TransactionAmount currencyCode="USD">14.99</TransactionAmount>
  <DeviceManufacturerIdentifier>040010030273</DeviceManufacturerIdentifier>
  <OnlinePaymentCryptogram>AeeR44AAA+H0IlZw+qrxMAACAAA=</OnlinePaymentCryptogram>
  <EciIndicator>5</EciIndicator>
</DecryptBlobReply>
Element Required Description Type Restriction
Device Account Number Yes DAN is issued by the card network as an approval and is sent back to Apple Server. String Max 20 characters
TenderType Yes The TenderType of the payment method sent in the request. For a list of common tender types, see Tender Types. String 2-4 characters
ExpirationDate Yes Card Expiration Data in the format YYMMDD. String No restrictions
TransactionAmount Yes Transaction amount. Number No restrictions
DeviceManufacturerIdentifier Yes Hex-encoded device manufacturer identifier. String No restrictions
OnlinePaymentCryptogram Yes Online payment cryptogram, as defined by 3-D Secure. String No restrictions
EciIndicator Yes Optional.ECI indicator, as defined by 3-D Secure. String No restrictions

 

Copyright © 2017 Radial. All rights reserved.