{ "$schema": "https://json-schema.org/draft/2020-12/schema", "$id": "https://developer.apple.com/schemas/apple-pay/payment-token.json", "title": "Apple Pay Payment Token", "description": "Represents the Apple Pay payment token generated by the Secure Element on the user's device after biometric or passcode authorization. Contains encrypted payment credentials (DPAN, cryptogram) that must be decrypted by the merchant or payment service provider to process the transaction.", "type": "object", "required": [ "paymentData", "paymentMethod", "transactionIdentifier" ], "properties": { "paymentData": { "type": "object", "description": "The encrypted payment data containing the payment credential", "required": ["data", "signature", "header", "version"], "properties": { "data": { "type": "string", "description": "Base64-encoded encrypted payment data. When decrypted, contains the DPAN, expiration date, and payment cryptogram" }, "signature": { "type": "string", "description": "Base64-encoded detached PKCS #7 signature covering the payment and header data, signed by Apple. Used to verify the token originated from a genuine Apple device" }, "header": { "type": "object", "description": "Header containing key information for decrypting the payment data", "properties": { "applicationData": { "type": "string", "description": "SHA-256 hash (hex-encoded) of the applicationData from the original payment request. Present only if applicationData was provided" }, "ephemeralPublicKey": { "type": "string", "description": "Base64-encoded X.509 encoded ephemeral EC public key. Present only for EC_v1 tokens. Used with merchant private key for ECDH key agreement" }, "wrappedKey": { "type": "string", "description": "Base64-encoded symmetric key encrypted with the merchant's RSA public key. Present only for RSA_v2 tokens" }, "publicKeyHash": { "type": "string", "description": "Base64-encoded SHA-256 hash of the merchant's payment processing certificate public key. Identifies which certificate to use for decryption" }, "transactionId": { "type": "string", "description": "Hex-encoded transaction identifier generated by the device" } }, "required": ["publicKeyHash", "transactionId"] }, "version": { "type": "string", "enum": ["EC_v1", "RSA_v2"], "description": "The version of the payment token encryption scheme. EC_v1 uses Elliptic Curve Diffie-Hellman key exchange; RSA_v2 uses RSA key wrapping" } } }, "paymentMethod": { "type": "object", "description": "Information about the payment card and method used", "properties": { "displayName": { "type": "string", "description": "A localized user-facing description of the payment card, e.g., 'Visa 1234'" }, "network": { "type": "string", "description": "The payment network, such as Visa, Mastercard, or Amex", "enum": [ "Visa", "Mastercard", "Amex", "Discover", "JCB", "ChinaUnionPay", "Interac", "PrivateLabel", "Eftpos", "CartesBancaires", "iD", "QuicPay", "Suica", "Mada", "Bancomat", "Bancontact", "Girocard" ] }, "type": { "type": "string", "enum": ["debit", "credit", "prepaid", "store"], "description": "The type of card used for the payment" } } }, "transactionIdentifier": { "type": "string", "description": "A unique identifier for this payment transaction, assigned by Apple Pay" } }, "$defs": { "DecryptedPaymentData": { "type": "object", "title": "Decrypted Payment Data", "description": "The structure of the decrypted payment data contained in the 'data' field after decryption using the merchant's payment processing certificate", "properties": { "applicationPrimaryAccountNumber": { "type": "string", "description": "Device Primary Account Number (DPAN) - a tokenized card number specific to the device, not the user's actual card number", "pattern": "^[0-9]{13,19}$" }, "applicationExpirationDate": { "type": "string", "description": "Expiration date of the DPAN in YYMMDD format", "pattern": "^[0-9]{6}$" }, "currencyCode": { "type": "string", "description": "ISO 4217 numeric currency code for the transaction", "pattern": "^[0-9]{3}$" }, "transactionAmount": { "type": "number", "description": "The authorized transaction amount" }, "cardholderName": { "type": "string", "description": "The cardholder name, if the user authorized sharing it" }, "deviceManufacturerIdentifier": { "type": "string", "description": "Hex-encoded identifier for the device manufacturer (Apple)" }, "paymentDataType": { "type": "string", "enum": ["3DSecure", "EMV"], "description": "3DSecure for online/in-app payments; EMV for contactless payments at point-of-sale terminals" }, "paymentData": { "type": "object", "description": "The payment cryptogram or EMV data used for transaction authorization", "properties": { "onlinePaymentCryptogram": { "type": "string", "description": "Base64-encoded payment cryptogram for 3DSecure transactions" }, "eciIndicator": { "type": "string", "description": "Electronic Commerce Indicator. 05 for Visa, 07 for Mastercard fully authenticated transactions" }, "emvData": { "type": "string", "description": "Base64-encoded EMV payment structure for contactless transactions" }, "encryptedPINData": { "type": "string", "description": "Base64-encoded encrypted PIN data, if required by the transaction" } } } }, "required": [ "applicationPrimaryAccountNumber", "applicationExpirationDate", "deviceManufacturerIdentifier", "paymentDataType", "paymentData" ] } } }