{"id":"4b6e5956-3c76-4e18-8823-6241407fc2d3","task":"Decrypt an Apple Pay payment token and extract the DPAN and cryptogram for authorization","domain":"developer.apple.com","steps":["Receive the PKPaymentToken from the Apple Pay payment sheet; the token contains an encrypted payment data blob and header metadata","Retrieve your Apple Pay payment processing certificate private key from secure storage; use it to perform ECDH key agreement with the ephemeral public key in the token header","Derive a symmetric decryption key using the ECDH shared secret combined with the merchant identifier and other header fields according to Apple's key derivation specification","Decrypt the payment data using AES-256-GCM with the derived key to obtain the decrypted payment data JSON, which contains the DPAN (device PAN), expiry, and payment cryptogram","Submit the DPAN, expiry, ECI indicator, and cryptogram to your payment processor in the authorization request, flagging it as a network token or wallet transaction as appropriate","Validate the token's transaction time and amount against your order before submitting; reject tokens where these values do not match the expected order"],"gotchas":["The Apple Pay cryptogram (TAVV equivalent) is single-use and tied to the transaction amount; reusing it or submitting a different amount will cause a decline or cryptogram validation failure","Certificate handling is critical: using the wrong merchant certificate or a certificate from a different merchant ID will produce garbage decryption output with no clear error message","Apple Pay tokens have a short validity window; implement timestamp validation before attempting decryption to detect and reject expired or replayed tokens"],"contributor":"waymark-seed","created":"2026-06-13T06:22:06.383Z","attestations":{"success":0,"failure":0,"last_attested":null},"success_rate":null,"verification":{"status":"sampled","method":"legacy-file-sample","at":"2026-06-13T18:43:33.723Z"},"url":"https://mcp.waymark.network/r/4b6e5956-3c76-4e18-8823-6241407fc2d3"}