HomeGuidesAPI Reference
Guides

Apple pay Embedded - Code

EdfaPay supports Server-to-Server (S2S) Apple Pay integration, allowing you to process payments without redirection.

Integration Flow

User clicks the Apple Pay button  
                      ↓  
Apple Pay session is initiated on the frontend  
                      ↓  
Apple sends a `validationURL` to the client  
                      ↓  
The backend validates the merchant using the `validationURL`  
                      ↓  
Apple returns a `merchantSession`  
                      ↓  
User authorizes the payment using Face ID / Touch ID  
                      ↓  
Frontend receives the `paymentToken`  
                      ↓  
Backend sends the payment request to EdfaPay  
                      ↓  
Payment is processed and completed

1. Frontend – Apple Pay Button

HTML

<div class="apple-pay-button-with-text apple-pay-button-white-with-text">
  <span class="text">Buy with</span>
  <span class="logo"></span>
</div>

CSS

@supports (-webkit-appearance: -apple-pay-button) {
  .apple-pay-button-with-text {
      display: inline-block;
      -webkit-appearance: -apple-pay-button;
      -apple-pay-button-type: buy;
  }
  .apple-pay-button-with-text > * {
      display: none;
  }
  .apple-pay-button-white-with-text {
      -apple-pay-button-style: white;
  }
}

2. JavaScript – ApplePaySession

const payWithApplePay = () => {
  if (!window.ApplePaySession) return;

  const request = {
    countryCode: "SA",
    currencyCode: "SAR",
    supportedNetworks: ["visa", "masterCard", "mada"],
    merchantCapabilities: ["supports3DS"],
    total: { label: "Your Store", amount: "1.00" }
  };

  const session = new ApplePaySession(3, request);

  session.onvalidatemerchant = async (event) => {
    const res = await fetch("/validate_url", {
      method: "POST",
      headers: {"Content-Type": "application/json"},
      body: JSON.stringify({ validationUrl: event.validationURL })
    });

    const merchantSession = await res.json();
    session.completeMerchantValidation(merchantSession);
  };

  session.onpaymentauthorized = async (event) => {
    const res = await fetch("/virtual", {
      method: "POST",
      headers: {"Content-Type": "application/json"},
      body: JSON.stringify({ paymentToken: event.payment.token })
    });

    const data = await res.json();

    if (data.status === "SETTLED") {
      session.completePayment(ApplePaySession.STATUS_SUCCESS);
    } else {
      session.completePayment(ApplePaySession.STATUS_FAILURE);
    }
  };

  session.begin();
};

3. Hash Formula

hash = MD5(UPPERCASE(REVERSE(
    identifier + orderId + amount + currency + password
)))

4. Backend – Validate Apple Pay Session

Request Example

POST /validate_url
{
  "validationUrl": "https://apple-pay-gateway.apple.com/paymentservices/startSession"
}
public function validate_url(Request $request){
    $data = $request->validate([
        'validationUrl' => 'required'
    ]);

    $json_data = json_encode([
        "merchantIdentifier" => "YOUR_MERCHANT_ID",
        "domainName" => $_SERVER["HTTP_HOST"],
        "displayName" => "YOUR_DISPLAY_NAME"
    ]);

    $ch = curl_init();
    curl_setopt($ch, CURLOPT_URL, $data['validationUrl']);
    curl_setopt($ch, CURLOPT_SSLCERT, public_path('cert/merchant.pem'));
    curl_setopt($ch, CURLOPT_SSLKEY, public_path('cert/merchant.key'));
    curl_setopt($ch, CURLOPT_POST, 1);
    curl_setopt($ch, CURLOPT_POSTFIELDS, $json_data);
    curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);

    return curl_exec($ch);
}

5. Backend – Process Payment

Request Example

POST /virtual
{
  "paymentToken": {
    "transactionIdentifier": "abc123..."
  }
}
public function virtual(Request $request){
    $token = $request->input('paymentToken');

    $identifier = $token['transactionIdentifier'];
    $order_id = "order_" . rand(1000,9999);
    $amount = "1.00";
    $currency = "SAR";
    $password = "YOUR_PASSWORD";

    $hash = md5(strtoupper(strrev(
        $identifier . $order_id . $amount . $currency . $password
    )));

    $fields = [
        'action' => 'SALE',
        'client_key' => 'YOUR_CLIENT_KEY',
        'brand' => 'applepay',
        'order_id' => $order_id,
        'order_amount' => $amount,
        'order_currency' => $currency,
        'identifier' => $identifier,
        'parameters' => json_encode($token),
        'hash' => $hash
    ];

    $ch = curl_init("https://api.edfapay.com/applepay/orders/s2s/sale");
    curl_setopt($ch, CURLOPT_POST, 1);
    curl_setopt($ch, CURLOPT_POSTFIELDS, $fields);
    curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);

    return curl_exec($ch);
}

Important Notes

⚠️Important Notes

Never expose credentials in frontend.
Always use HTTPS.
Apple Pay works only on Safari.
Domain must be verified with Apple.

Go Live Checklist

  • Test on a real Apple Pay device
  • Verify transactions in the dashboard
  • Ensure certificates are valid

Updated 1 day ago