--- title: Token Decryption slug: international-payments/apple-pay/token-decryption excerpt: >- Learn about the options available with Pine Labs Online for decrypting the payment token sent by Apple. hidden: false sidebar_order: 3 metadata: title: Apple Pay Token Decryption – Pine Labs Guide description: >- The document outlines the importance of token decryption for securely processing Apple Pay transactions, offering two main approaches: self-managed decryption, which requires technical expertise and PCI compliance, and Pine Labs-managed decryption, which simplifies integration and reduces technical overhead. Learn how to decrypt Apple Pay payment tokens using Pine Labs integration guidelines. image: [] keywords: Apple Pay Token Decription robots: index --- Token decryption is essential for securely retrieving the payment information that Apple Pay encrypts during customer authentication. Apple Pay does not share raw card details; instead, it transmits an encrypted payment token. Decrypting the token allows access to the essential transaction data required to process the payment, including the payment cryptogram and related payment information. This process ensures the secure transmission of sensitive card information and payment authorization. ## Token Decryption Options There are two main approaches for handling Apple Pay token decryption:

Self-Managed Apple Pay Token Decryption

Take full control of the decryption process with your own infrastructure.

- Complete control over security implementation.

- Custom integration with your systems.

- Requires technical expertise and resources.

Pine Labs Online-Managed Apple Pay Token Decryption

Let Pine Labs Online handle the decryption process for you.

- Simplified integration and setup.

- Managed security and compliance.

- Reduced technical overhead

## Option A: Self-Managed Apple Pay Token Decryption You have the option to decrypt the Apple Pay token on your end and then send the decrypted payload to Pine Labs for authorization. This can be done by implementing the below: 1. Integrate the **Apple Pay Web JavaScript SDK** with Custom Checkout. > ❗️ Important: > > - You must have your own **Apple Developer Account** to decrypt Apple Pay token. > - You need to be **PCI-compliant** to handle decrypted payment data. ### Pre-requisites If you choose to use your own Apple Developer account, complete the steps below. 1. [Register an Apple Merchant ID](#register-an-apple-merchant-id) 2. [Create the Payment Processing Certificate](#create-payment-processing-certificate) 3. [Create the Merchant Identity Certificate](#create-merchant-identity-certificate)

1. Register an Apple Merchant ID

1. Log in to the **Apple Developer Account**. 2. Go to: Certificates, Identifiers & Profiles → Identifiers 3. Click `+` to create a new identifier. 4. Select **Merchant IDs → Continue**. 5. Enter a **unique identifier** and description. 6. Click **Register**. This Merchant ID must also be used in your iOS app.

2. Create the Payment Processing Certificate

1. Open your Merchant ID details. 2. Find **Apple Pay Payment Processing Certificate**. 3. Click **Create Certificate**. 4. You will generate the CSR and upload it to the Apple Developer Account. 5. Download the signed `.cer` **file**.

3. Create the Merchant Identity Certificate

1. In the same Merchant ID settings, locate **Apple Pay Merchant Identity Certificate**. 2. Repeat the same steps as above using the **Merchant Identity CSR**. Refer to Apple Restoring the Symmetric Key documentation to learn more. Refer to Apple Payment Token Format Reference documentation to learn more. *** ## Option B: Pine Labs Online-Managed Apple Pay Token Decryption Pine Labs can decrypt the token on your behalf using Apple Pay developer account. You can enable this by integrating through either of the following: - **Web**: for browser-based or website integrations - **App**: for mobile application integrations (iOS) ### Web Pine Labs can decrypt the token on your behalf using Pine Labs Online Apple Pay developer account. - **Hosted Checkout** – No additional setup needed. Refer to our Hosted Checkout documentation to learn more. - **Custom Checkout** – Refer to our Custom Checkout integration documentation to learn more. ### Pre-requisites If you choose to use Pine Labs Online Apple Pay developer account for Web flow, complete the steps below. 1. [Domain Verification](#domain-verification) 2. [Network Access Requirements](#network-access-requirements)

1. Domain Verification

1. **Download the verification file** from the Pine Labs dashboard. 2. Place it **exactly** in the path specified (case-sensitive). 3. Domain verification is required for: 1. Sites using Pine Labs Online Checkout (overlay/iframe) 2. Sites embedding the Web SDK **Important Notes** - The file must be publicly accessible. - If using a firewall, ensure Apple’s IP addresses are allowed. - Each domain and subdomain must be verified individually, including: - `yourdomain.com` - `shop.yourdomain.com` - `checkout.yourdomain.com` To verify your domain, first upload the verification file to your domain. Then, submit your domain in the Active Paymode section of the dashboard under Settings. Please refer the Figure: Pine Labs Online Managed Apple Pay Developer Account for guidance.

2. Network Access Requirements

- The verification file must not be behind access control or authentication. - File hosting must follow Apple’s exact path and naming conventions. > 📘 Note: > > - If you only use a website or the Pine Labs Web SDK, you do not need your own Apple Pay developer account. *** ### App Pine Labs can decrypt the token on your behalf using your Apple Pay developer account. You can enable this by integrating through either of the following: - **Mobile SDK** - Refer to our Mobile SDK documentation to learn more. - **Apple Pay SDK (Standalone)** - Refer to our Apple Pay SDK (Standalone) documentation to learn more. ### Pre-requisites If you choose to use Pine Labs Online Apple Pay developer account for App flow, complete the steps below. 1. [Register an Apple Merchant ID](#app-register-apple-merchant-id) 2. [Create the Payment Processing Certificate](#app-create-payment-certificate) 3. [Create the Merchant Identity Certificate](#app-create-merchant-identity-certificate)

1. Register an Apple Merchant ID

1. Log in to the **Apple Developer Account**. 2. Go to: Certificates, Identifiers & Profiles → Identifiers 3. Click `+` to create a new identifier. 4. Select **Merchant IDs → Continue**. 5. Enter a **unique identifier** and description. 6. Click **Register**. This Merchant ID must also be used in your iOS app.

2. Create the Payment Processing Certificate

1. Open your Merchant ID details. 2. Find **Apple Pay Payment Processing Certificate**. 3. Click **Create Certificate**. 4. Download the CSR file from the Pine Labs Online dashboard. 5. Upload the CSR file to the Apple Developer account. 6. Download the signed `.cer` **file**.

3. Create the Merchant Identity Certificate

1. In the same Merchant ID settings, locate **Apple Pay Merchant Identity Certificate**. 2. Repeat the same steps as above using the **Merchant Identity CSR**. 3. Upload both signed certificates to the Pine Labs dashboard. 4. Enter your **Apple Merchant Identifier** and submit.