Apple Pay Payment Token Structure
Represents the Apple Pay payment token generated by the Secure Element on the user's device after biometric or passcode authorization. Contains encrypted payment credentials (DPAN, cryptogram) that must be decrypted by the merchant or payment service provider to process the transaction.
Type: object
Properties: 3
Required: 3
AppleContactless PaymentsDigital WalletE-CommerceMobile PaymentsPayments
Apple Pay Payment Token is a JSON Structure definition published by Apple Pay, describing 3 properties, of which 3 are required. It conforms to the https://json-structure.org/meta/core/v0/# meta-schema.
{
"$schema": "https://json-structure.org/meta/core/v0/#",
"name": "Apple Pay Payment Token",
"$id": "https://developer.apple.com/schemas/apple-pay/payment-token.json",
"description": "Represents the Apple Pay payment token generated by the Secure Element on the user's device after biometric or passcode authorization. Contains encrypted payment credentials (DPAN, cryptogram) that must be decrypted by the merchant or payment service provider to process the transaction.",
"type": "object",
"properties": {
"paymentData": {
"type": "object",
"description": "The encrypted payment data containing the payment credential",
"required": [
"data",
"signature",
"header",
"version"
],
"properties": {
"data": {
"type": "string",
"description": "Base64-encoded encrypted payment data. When decrypted, contains the DPAN, expiration date, and payment cryptogram"
},
"signature": {
"type": "string",
"description": "Base64-encoded detached PKCS #7 signature covering the payment and header data, signed by Apple. Used to verify the token originated from a genuine Apple device"
},
"header": {
"type": "object",
"description": "Header containing key information for decrypting the payment data",
"properties": {
"applicationData": {
"type": "string",
"description": "SHA-256 hash (hex-encoded) of the applicationData from the original payment request. Present only if applicationData was provided"
},
"ephemeralPublicKey": {
"type": "string",
"description": "Base64-encoded X.509 encoded ephemeral EC public key. Present only for EC_v1 tokens. Used with merchant private key for ECDH key agreement"
},
"wrappedKey": {
"type": "string",
"description": "Base64-encoded symmetric key encrypted with the merchant's RSA public key. Present only for RSA_v2 tokens"
},
"publicKeyHash": {
"type": "string",
"description": "Base64-encoded SHA-256 hash of the merchant's payment processing certificate public key. Identifies which certificate to use for decryption"
},
"transactionId": {
"type": "string",
"description": "Hex-encoded transaction identifier generated by the device"
}
},
"required": [
"publicKeyHash",
"transactionId"
]
},
"version": {
"type": "string",
"enum": [
"EC_v1",
"RSA_v2"
],
"description": "The version of the payment token encryption scheme. EC_v1 uses Elliptic Curve Diffie-Hellman key exchange; RSA_v2 uses RSA key wrapping"
}
}
},
"paymentMethod": {
"type": "object",
"description": "Information about the payment card and method used",
"properties": {
"displayName": {
"type": "string",
"description": "A localized user-facing description of the payment card, e.g., 'Visa 1234'"
},
"network": {
"type": "string",
"description": "The payment network, such as Visa, Mastercard, or Amex",
"enum": [
"Visa",
"Mastercard",
"Amex",
"Discover",
"JCB",
"ChinaUnionPay",
"Interac",
"PrivateLabel",
"Eftpos",
"CartesBancaires",
"iD",
"QuicPay",
"Suica",
"Mada",
"Bancomat",
"Bancontact",
"Girocard"
]
},
"type": {
"type": "string",
"enum": [
"debit",
"credit",
"prepaid",
"store"
],
"description": "The type of card used for the payment"
}
}
},
"transactionIdentifier": {
"type": "string",
"description": "A unique identifier for this payment transaction, assigned by Apple Pay"
}
},
"required": [
"paymentData",
"paymentMethod",
"transactionIdentifier"
]
}