express-payment-request

A middleware for Express which can be used to serve the Payment Request API.

Hey, you. Yes you. Don't use this for anything. It's currently highly experimental and most likely doesn't do what you'd like it to.

Check back soon though. ;)

🚀 Getting Started

Using yarn:

yarn add express-payment-request

🔐 Configuring Your Apple Pay Certificate

To authenticate Apply Pay payment requests using express-payment-request, transactions between the express middleware and Apple Pay must be properly signed using the Apple Pay Merchant Identity Certificate.

1. Creating the 2048 RSA Certificate (MacOS)

• Open up KeyChain Access.
• In the navigation bar, click on Certificate Assistant under the KeyChain Access dropdown.
• Next, click Request a Certificate from a Certificate Authority.
  • Note that if you can't see this method, try making sure you don't have an existing set of credentials highlighted in KeyChain, because it will try to treat those as the authority, which is not what we want.
• Enter your E-Mail Address, CA Email Address (this can be the same as the Email Address), and set the Common Name to something memorable, like "Apple Pay 2048 RSA".
• Make sure Save to disk is selected, then hit Continue.
• Save the resulting Certificate Signing Request to your desktop.

2. Upload the Certificate Signing Request to your Mechant Account.

• Under Apple Pay Merchant Identity Certificate on Certificates, Identifiers and Profiles, tap on Create Certificate.
• Upload your Certificate Signing Request.
• Once finished, download the merchant_id.csr generated by Apple.

3. Export the Public Key and Private Key from KeyChain.

• Decide on a password that you'll want to use for the certificate you'll be using to sign your mutual TLS with Apple Pay.
  • Don't lose this! It's important and we'll need it in later steps, so be sure to keep track of it.
• Back in KeyChain, find the Private Key which belong to the RSA Certificate you generated in Step 1.
• Next, right click to export the Private Key. When prompted for an Access Password use the password you decided on at the beginning of this section.
• Finally, you'll be prompted to enter your Apple Login credentials to export the keys. Enter these and save the Private Key to the desktop; in this guide, we'll name the key private.p12.

At this stage, your RSA certificate for secure TLS transactions between your server and Apple Pay has been recognized, and you have merchant_id.cer and your private.p12 on the desktop.

Before going onto the next section, be sure you have OpenSSL installed. You can verify it exists by executing openssl -v in your Terminal.

4. Convert your merchant_id.cer into a .p12 certificate.

On your Desktop, execute the following commands:

# generate .pem
openssl x509 -in merchant_id.cer -inform DER -out merchant_id.pem -outform PEM
# generate .key (requires access password)
openssl pkcs12 -in private.p12 -nodes -out private.key -nocerts
# generate p12
openssl pkcs12 -export -out merchant_id.p12 -inkey private.key -in merchant_id.pem

The resulting file merchant_id.p12 can now be used to sign transactions with Apple Pay.

To verify the correctness of your certificate, you can use cURL:

curl --data '{"merchantIdentifier":"your.merchant.identifier","domainName":"yourdomainname.com","displayName":"MyStore"}' --cert-type P12 --cert ~/Desktop/merchant_id.p12 --pass "your-password-here" https://apple-pay-gateway.apple.com/paymentservices/startSession  -v

Upon success, curl should print a valid payment nonce negotiated with Apple Pay. 🚀

✌️ License

MIT