Ask Moov Beta
Generative AI is experimental and can make mistakes.
Guides Dashboard Use cases API Changelog
  1. API reference
  2. Sources
  3. Apple Pay

Create Apple Pay token

Connect an Apple Pay token to the specified account.

Read our Apple Pay tutorial to learn more. The token data is defined by Apple Pay and should be passed through from Apple Pay’s response unmodified.

To access this endpoint using an access token you’ll need to specify the /accounts/{accountID}/cards.write scope.

POST
/accounts/{accountID}/apple-pay/tokens
cURL 
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31

curl -X POST "https://api.moov.io/accounts/{accountID}/apple-pay/tokens" \
  -H "Authorization: Bearer {token}" \
  --data-raw '{
    "token": {
      "paymentData": {
        "version": "EC_v1",
        "data": "3+f4oOTwPa6f1UZ6tG...CE=",
        "signature": "MIAGCSqGSIb3DQ.AAAA==",
        "header": {
          "ephemeralPublicKey":"MFkwEK...Md==",
          "publicKeyHash": "l0CnXdMv...D1I=",
          "transactionId": "32b...4f3"
        }
      },
      "paymentMethod": {
        "displayName": "Visa 1234",
        "network": "Visa",
        "type":"debit"
      },
      "transactionIdentifier": "32b...4f3"
    },
    "billingContact": {
      "addressLines": [
        "123 Sesame Street"
      ],
      "locality": "Phoenix",
      "postalCode": "30345",
      "administrativeArea": "AZ",
      "countryCode": "US"
    }
  }'\
200 400 401 403 404 409 422 429 500 504
The request completed successfully.
{
  "applePay": {
    "brand": "Visa",
    "cardDisplayName": "Visa 1256",
    "cardType": "credit",
    "dynamicLastFour": "string",
    "expiration": {
      "month": "01",
      "year": "21"
    },
    "fingerprint": "9948962d92a1ce40c9f918cd9ece3a22bde62fb325a2f1fe2e833969de672ba3",
    "issuerCountry": "US"
  },
  "paymentMethodID": "b7a60692-ab86-4eb0-b961-3bb4a714aa42",
  "paymentMethodType": "moov-wallet"
}

Response headers

x-request-id

string <uuid> required
A unique identifier used to trace requests.
The server could not understand the request due to invalid syntax.
{
  "error": "string"
}

Response headers

x-request-id

string <uuid> required
A unique identifier used to trace requests.
The request contained missing or expired authentication.

Response headers

x-request-id

string <uuid> required
A unique identifier used to trace requests.
The user is not authorized to make the request.

Response headers

x-request-id

string <uuid> required
A unique identifier used to trace requests.
The requested resource was not found.

Response headers

x-request-id

string <uuid> required
A unique identifier used to trace requests.
The request conflicted with the current state of the target resource.
{
  "error": "string"
}

Response headers

x-request-id

string <uuid> required
A unique identifier used to trace requests.
The request was well-formed, but the contents failed validation. Check the request for missing or invalid fields.
{
  "error": "string",
  "paymentData": "string",
  "paymentMethod": "string",
  "transactionIdentifier": "string"
}

Response headers

x-request-id

string <uuid> required
A unique identifier used to trace requests.
Request was refused due to rate limiting.

Response headers

x-request-id

string <uuid> required
A unique identifier used to trace requests.
The request failed due to an unexpected error.

Response headers

x-request-id

string <uuid> required
A unique identifier used to trace requests.
The request failed because a downstream service failed to respond.

Response headers

x-request-id

string <uuid> required
A unique identifier used to trace requests.

Headers

x-moov-version

string
API version

Specify an API version.

API versioning follows the format vYYYY.QQ.BB, where

  • YYYY is the year
  • QQ is the two-digit month for the first month of the quarter (e.g., 01, 04, 07, 10)
  • BB is the build number, starting at .01, for subsequent builds in the same quarter.
    • For example, v2024.01.00 is the initial release of the first quarter of 2024.

The latest version represents the most recent development state. It may include breaking changes and should be treated as a beta release.

Default: v2024.01.00

Path parameters

accountID

string <uuid> required
ID of the Moov account representing the cardholder.

Body

application/json

The JSON structure returned from Apple Pay when authorizing a payment session.

Refer to Apple&rsquo;s documentation for more information.

token

object required

Contains the user’s payment information as returned from Apple Pay.

Refer to Apple&rsquo;s documentation for more information.

Show child attributes

paymentData

object required

Contains the encrypted payment data.

Refer to Apple&rsquo;s documentation for more information.

Show child attributes

data

string required
The encrypted, base64-encoded payment data.

header

object required

Information needed to decrypt Apple Pay payment data.

Refer to Apple&rsquo;s documentation for more information.

Show child attributes

publicKeyHash

string required
A base64-encoded, SHA-256 hash of the merchant’s public key.

transactionId

string required
A device-generated identifier for the transaction.

ephemeralPublicKey

string
Base64-encoded ephemeral public key, used for ECC-encrypted payment data.

signature

string required
A base64 encoded signature of the payment and header data.

version

string required
Specifies the encryption used for the payment token (“EC_v1” or “RSA_v1”).

paymentMethod

object required

Provides information about the underlying card.

Refer to Apple&rsquo;s documentation for more information.

Show child attributes

displayName

string required
A display-friendly discription of the card.

network

string required
The card’s payment network.

type

string required
The type of card.

transactionIdentifier

string required
A unique identifier provided by Apple Pay for this payment.

billingContact

object

Billing contact information as returned from Apple Pay.

Refer to Apple&rsquo;s documentation for more information.

Show child attributes

addressLines

array
Address lines 1 and 2 for the contact.

administrativeArea

string
The contact’s two-letter state code.

countryCode

string
The contact’s two-letter ISO 3166

locality

string
The contact’s city.

postalCode

string
The contact’s postal code.

Response

application/json

applePay

object required
Describes an Apple Pay token on a Moov account.
Show child attributes

brand

string<enum> required
The card brand.
Possible values: American Express, Discover, Mastercard, Visa, Unknown

cardDisplayName

string required

User-friendly name of the tokenized card returned by Apple.

It usually contains the brand and the last four digits of the underlying card. There is no standard format.

cardType

string<enum> required
The type of the card.
Possible values: debit, credit, prepaid, unknown

dynamicLastFour

string required
The last four digits of the Apple Pay token, which may differ from the tokenized card’s last four digits.

expiration

object required
The expiration date of the card or token.
Show child attributes

month

string 2 characters required

year

string 2 characters required

fingerprint

string <=100 characters required
Uniquely identifies a linked payment card or token. For Apple Pay, the fingerprint is based on the tokenized card number and may vary based on the user’s device. This field can be used to identify specific payment methods across multiple accounts on your platform.

issuerCountry

string
Country where the underlying card was issued.

paymentMethodID

string<uuid> required
The new payment method’s ID.

paymentMethodType

string<enum> required
The payment method type that represents a payment rail and directionality
Possible values: moov-wallet, ach-debit-fund, ach-debit-collect, ach-credit-standard, ach-credit-same-day, rtp-credit, card-payment, push-to-card, pull-from-card, apple-pay, card-present-payment