Processing a payment involves several steps:

1. Sending the payment information to your server, along with other information needed to process the order

2. Verifying the hashes and signature of the payment data

3. Decrypting the encrypted payment data

4. Submitting payment data to the payment processing network

5. Submitting the order to your order-tracking system

You have two options for processing the payment: You can take advantage of a payment platform to process the payment, or you can implement the payment processing yourself. A payment processing platform typically handles most of the steps listed above.

Reading, verifying, and processing payment information requires an understanding of several areas of cryptography such as calculating an SHA–1 hash, reading and validating a PKCS #7 signature, and performing elliptic curve Diffie-Hellman key exchange. If you don’t have a background in cryptography, consider using a payment platform that performs these operations for you. For information about payment platforms that support Apple Pay, see developer.apple.com/apple-pay/.

The information used to process a payment has a nested data structure, as shown in Figure 5-1. A payment token is an instance of the PKPaymentToken class. The value of its paymentData property is a JSON dictionary, which has a header with information used for validation, and encrypted payment data. The encrypted data includes information such as the amount and cardholder name and other information used for the specific payment processing protocol.

Figure 5-1Payment data structure

For details on the format of the payment data structure, see Payment Token Format Reference.