#benk6763

At what point are you getting an error? Can you share a request id?

sure: req_I9MicPwZ3Afr09

I'm trying to get the Stripe token out from the ApplePay token. I'm not using the Checkout or Elements features and can only use the undocuumented version your team already mentioned

I'm sending the ApplePay token details to https://api.stripe.com/v1/tokens

How are you passing the token? Is it as decoded json?

in this JSON format:
{"data":"value","signature":"value","header":{"publicKeyHash":"value","ephemeralPublicKey":"value","transactionId":"value"},"version":"value"}

Are you escaping base64 values in that json object properly? If the base64 values in the JSON provided are not properly escaped it will cause the request to fail (e.g., + being turned into a space).

yes correct

the Base64 is encoded, eg: + instead of whitespaces

if I actually had not encoded this error is returned: "Your payment information is formatted improperly. Please make sure you're correctly using the latest version of our iOS library"

the logged error is quite specific. Just to clarify I have not uploaded any certificate yet, which I think is the problem

but I don't know where to upload it to in the Dashboard

👋 hopping in here to take a look as well - give me a minute

thanks

Quick question -can you give me some more details on how youre generating the apple pay token?

Is this on mobile? apple pay on the web?

this is web. Instead of going through the Stripe setup, we are doing the front-end ApplePay integration ourselves on our paypage. The token is generated by Apple, which is thyen submitted to our back-end from where we will want to get the Stripe token from it

so we are not using the Stripe ApplePay wrapper, which generates the Stripe token directly and submitting to the /charges front-end API

at the moment I'm testing the the direct ApplePay token through https://api.stripe.com/v1/tokens using Postman

Hmm... something seems to be off about your request - are you modifying any of those values at all? Some of those values get redacted on our end, but at least for pk_token_transaction_id yours seems to be in all caps which isn't expected

that's because ApplePay payment token contains the transactionId in 2 different sections: one lower case and another upper case

these are: token.paymentData.header.transactionId (lower case) and token.transactionIdentifier (upper case)

req_EdGmzPZ5pw2NKD
this is the updated request with the transactionId sent lower case

but I get the same error

other than this no formatting manipulation is done to the token details

Let me see if I can pull someone else in as well who debugs these types of questions more often - it's highly likely to be something encoding related, but it's hard to know what since so much of it is redacted on our end

"The certificate used to sign your request is invalid. "

does this not mean to be a certificate issue? Since I have not uploaded a certificate which was generated by Apple, I cannot see how Stripe could decrypt the token (for which it will need the cert)

so to me it sounds like the request variables were received and passing validation but the next step would be to decrypt the token to get the underlying details to be used by Stripe to generate the Stripe token

any joy?

We're still thinking - hang tight!

I can share the ApplePay token JSON if that helps

it's a test account anyways

Nah that's okay we think we know what it is

You were on the right track - the step you're missing is that you need to generate an iOS certificate (through the dashboard https://dashboard.stripe.com/settings/payments/apple_pay) and then use that certificate in place of the one you already have

Once you've done that, you can regenerate a new pk_token and see if the request works for that

but that surely means I will need to use the Stripe provided Checkout or Elements features for ApplePay right?

No, you're just getting the certificate from us so that we can properly decrypt the pk token you send us

so why do I have to do this to generate the cert and not just use the Apple Developer dashboard, which creates the cert using exactly the same steps? I'm still a bit confused how this will help if I get the token generated by Apple directly and not going through your Stripe client library

couldn't I just upload the cert I got from Apple and upload it to Stripe?

the other things is, we are a platform SaS providing payment connections to multiple Salesforce clients using different PSP. Will this mean every merchant account will have their own certificate generated for Stripe ApplePay?

as far as I know with ApplePay it is possible to have a single cert for platforms processing payments on behalf of other clients

Like you mentioned before - since we don't have the key or your certificate we have no way of decrypting the token you gave to us. The dashboard flow that I linked you to generates a CSR (certificate signing request) which you can use in the Apple Developer dashboard to generate a certificate. (So you're still doing similar steps to how you created your certificate before, just using the CSR we provide - we walk you through this in the dashboard). When you use the CSR we provide you to generate a certificate, Apple will upload a certificate to us so at that point we have the key AND the cert and will be able to decrypt your token

couldn't I just upload the cert I got from Apple and upload it to Stripe?
Unfortunately, this just isn't the way it works right now - really the only way to get this to work is the way I mentioned (where you use the CSR we provide to generate a certificate)

Hello! I was helping out with the answers above behind the scenes. To address your other question, about multiple certificates being needed, it sounds like that might be the case for your situation. The alternative would be to decrypt the PK tokens on your end and provide the raw card data to the Stripe API instead. That's not recommended, but it's possible.

If you do have multiple payment processors you'll likely need ot decrypt on your end and deal with the raw card data.

yes, that's pretty much the case

we also use Stripe Connect, so I was wondering if a single cert would be sufficient to generate to cover all the connected ApplePay payments

It can be, it depends on how your Connect integration works, but ultimately that question is probably irrelevant due to the multiple payment processors requiring you to decrypt on your end.

yep

Here's how you would pass the decrypted Apple Pay data to our API to get a Stripe Token back:

curl -u sk_test_123: https://api.stripe.com/v1/tokens \
  -d card[number]=4242424242424242 \
  -d card[exp_year]=2021 \
  -d card[exp_month]=12 \
  -d card[cryptogram]=base64cryptogram \
  -d card[eci]=05 \
  -d card[tokenization_method]=apple_pay \
  -d card[last4]=1234

cool thanks for all the info

sorry for the brain-teaser this late into the evening :p

No problem! It's actually 10:30 AM where I am. 🙂

ha, so I'm not so sorry then 😄