Apple Pay
Accept Apple Pay via moat. Customer authenticates on their device; you receive a tokenized payment you can charge like any other.
Apple Pay lets customers authorize a payment with Face ID or Touch ID on a supported Apple device. On the web, the flow is initiated with Apple Pay JS; the browser returns a payment token, which moat accepts in place of a card.
You can integrate Apple Pay directly using Apple's Payment Request JS API and forward the token to moat, or use moat's WalletJS which wraps Apple Pay and Google Pay behind a single call. WalletJS is the recommended path unless you have specific reasons to go direct.
Prerequisites
- Apple Developer account — required to register domains and generate a merchant identifier.
- Merchant identifier — created at developer.apple.com. Format:
merchant.com.yourcompany. - Domain verification — Apple requires each domain that initiates Apple Pay to be verified. You host a verification file at
/.well-known/apple-developer-merchantid-domain-association. - HTTPS — Apple Pay JS only works over HTTPS, including on your development and staging domains.
Configure on moat
In the Control Panel, go to Settings → Wallets → Apple Pay and:
- Enter your Apple merchant identifier.
- Upload the Payment Processing Certificate (.pem) issued by Apple and paired with your merchant ID. moat uses this to decrypt Apple Pay tokens.
- Add each domain that will initiate Apple Pay. Download the verification file for each and host it at the well-known path described above.
Direct integration
If you are integrating Apple Pay JS directly (rather than via WalletJS), the flow is:
- Detect Apple Pay availability with
ApplePaySession.canMakePayments(). - Render an Apple Pay button.
- On click, create an
ApplePaySessionwith your request details. - Handle
onvalidatemerchant— call moat's validation endpoint and return the result to Apple. - Handle
onpaymentauthorized— you receive an encrypted Apple Pay token. Send it to moat to charge.
Merchant validation
{
"validation_url": "https://apple-pay-gateway.apple.com/...", // from Apple session
"domain": "checkout.yoursite.com",
"display_name": "Your Store"
}moat returns a merchant session object — pass it back to Apple via session.completeMerchantValidation(merchantSession).
Charging the Apple Pay token
When Apple calls your onpaymentauthorized handler, you receive an encrypted Apple Pay payment token. Send it to moat as the payment method:
{
"type": "sale",
"amount": 2500,
"payment_method": {
"apple_pay_token": {
"token": {
"paymentData": { ... },
"paymentMethod": { ... },
"transactionIdentifier": "..."
}
}
}
}moat decrypts the token using the merchant certificate, extracts the DPAN, and submits it to the card network as a card-present transaction. You get the standard transaction response back.
Supported regions and cards
Apple Pay is available in most markets where moat processes. Card support depends on the issuer — Apple publishes the full list at apple.com/apple-pay. Test cards for Apple Pay differ from raw card test data: use Apple's sandbox testers (created in App Store Connect) on a test device.
Common issues
| Symptom | Likely cause |
|---|---|
| Button does not appear | Domain not verified, or user is not on a supported device / browser. |
| Merchant validation fails | Certificate not uploaded to moat, or not paired with the configured merchant ID. |
| "Payment not completed" on device | Usually a decline downstream — check the moat transaction log for the decline reason. |