Apple Pay & Google Pay
Quick Reference
WhatApple Pay & Google Pay
Why1-tap checkout with biometric auth — higher conversion, lower fraud, tokenized card data
Reading Time15 min
DifficultyIntermediate
PrerequisitesAuthentication → Credit card
Why Apple Pay & Google Pay
| Advantage | Detail |
|---|---|
| 1-tap checkout | Biometric auth replaces manual entry |
| Higher conversion | Up to 2x vs manual card forms (typical benchmark) |
| Lower fraud | Tokenized DPAN + cryptogram |
| Liability shift | Wallet authentication aligns with issuer protections |
| No card storage | You never persist the real PAN |
Token integration flow
Decrypt the wallet token on your backend, then send card fields plus applepay or googlepay with eci, cavv, and type (credit_card / debit_card). card_number, expiry, and card_cvv come from the decrypted payload.
ECI and CAVV required
eci and cavv are mandatory. Missing or incorrect values cause declines.
Never log wallet data
Never log raw wallet tokens, cavv, or full PAN to analytics or support tickets.
Create a wallet charge
- cURL
- Python
- JavaScript
curl -X POST https://core-manager.a55.tech/api/v1/bank/wallet/charge/ \
-H "Authorization: Bearer $ACCESS_TOKEN" \
-H "Content-Type: application/json" \
-d '{
"wallet_uuid": "00000000-0000-0000-0000-000000000000",
"merchant_id": "11111111-1111-1111-1111-111111111111",
"payer_name": "Jane Doe",
"payer_email": "jane.doe@example.com",
"payer_tax_id": "12345678901",
"payer_cell_phone": "+5511999999999",
"currency": "BRL",
"installment_value": 100.0,
"installment_count": 1,
"due_date": "2026-12-31",
"description": "Order #12345",
"items": [{"name":"Headphones","quantity":1,"total_amount":100,"unit_amount":100,"sku":"SKU-001","code":"PROD-123"}],
"payer_address": {"street":"Sample St","address_number":"123","complement":"","neighborhood":"Centro","city":"São Paulo","state":"SP","postal_code":"01000-000","country":"BR"},
"type_charge": "applepay",
"card_number": "5200828282828210",
"card_expiry_month": "12",
"card_expiry_year": "2028",
"card_cvv": "123",
"applepay": {"eci":"05","cavv":"AAABBBCCC123456789==","type":"credit_card"},
"device_info": {"ip_address":"177.10.10.10","user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36"},
"webhook_url": "https://yoursite.com/webhook",
"redirect_url": "https://yoursite.com/return"
}'
import requests
charge = requests.post(
"https://core-manager.a55.tech/api/v1/bank/wallet/charge/",
headers={"Authorization": f"Bearer {access_token}", "Content-Type": "application/json"},
json={
"wallet_uuid": "00000000-0000-0000-0000-000000000000",
"merchant_id": "11111111-1111-1111-1111-111111111111",
"payer_name": "John Smith",
"payer_email": "john.smith@example.com",
"payer_tax_id": "12345678901",
"payer_cell_phone": "+5511999999999",
"currency": "BRL",
"installment_value": 50.0,
"installment_count": 2,
"due_date": "2026-12-31",
"description": "Subscription - Month 1",
"items": [{"name": "Plan", "quantity": 1, "total_amount": 50, "unit_amount": 50, "sku": "PLN-1", "code": "P1"}],
"payer_address": {"street": "Sample St", "address_number": "123", "complement": "", "neighborhood": "Centro", "city": "São Paulo", "state": "SP", "postal_code": "01000-000", "country": "BR"},
"type_charge": "googlepay",
"card_number": "4111111111111111",
"card_expiry_month": "07",
"card_expiry_year": "2029",
"card_cvv": "999",
"googlepay": {"eci": "05", "cavv": "ZYX987654321ABCDEF==", "type": "credit_card"},
"device_info": {"ip_address": "200.200.200.200", "user_agent": "Mozilla/5.0 (Linux; Android 14) AppleWebKit/537.36"},
"webhook_url": "https://yoursite.com/webhook",
},
)
print(charge.json())
const response = await fetch(
"https://core-manager.a55.tech/api/v1/bank/wallet/charge/",
{
method: "POST",
headers: {
Authorization: `Bearer ${accessToken}`,
"Content-Type": "application/json",
},
body: JSON.stringify({
wallet_uuid: "00000000-0000-0000-0000-000000000000",
merchant_id: "11111111-1111-1111-1111-111111111111",
payer_name: "Jane Doe",
payer_email: "jane.doe@example.com",
payer_tax_id: "12345678901",
payer_cell_phone: "+5511999999999",
currency: "BRL",
installment_value: 100.0,
installment_count: 1,
due_date: "2026-12-31",
description: "Order #12345",
items: [{ name: "Headphones", quantity: 1, total_amount: 100, unit_amount: 100, sku: "SKU-001", code: "PROD-123" }],
payer_address: { street: "Sample St", address_number: "123", complement: "", neighborhood: "Centro", city: "São Paulo", state: "SP", postal_code: "01000-000", country: "BR" },
type_charge: "applepay",
card_number: "5200828282828210",
card_expiry_month: "12",
card_expiry_year: "2028",
card_cvv: "123",
applepay: { eci: "05", cavv: "AAABBBCCC123456789==", type: "credit_card" },
device_info: { ip_address: "177.10.10.10", user_agent: "Mozilla/5.0" },
webhook_url: "https://yoursite.com/webhook",
}),
}
);
console.log(await response.json());
Apple Pay domain verification
Host /.well-known/apple-developer-merchantid-domain-association.txt on every domain that shows the Apple Pay button (Apple Pay Web).
Wallet implementation tips
Apple Pay: decrypt tokens immediately; eci often 05–07. Google Pay: PAN or DPAN; eci often 05. Use webhook_url as the source of truth for final status.
Response example
{
"charge_uuid": "22222222-2222-2222-2222-222222222222",
"local_currency": 100.0,
"currency": "BRL",
"type": "applepay",
"status": "confirmed",
"installment_count": 1,
"installments": [{ "installment_number": 1, "status": "confirmed", "local_currency": 100.0, "currency": "BRL" }]
}
Status lifecycle
| Status | Description |
|---|---|
confirmed | Authorization succeeded |
paid | Confirmed for settlement |
error | Declined or failed |