# Compliance

Learn about Apple Pay's implementation requirements and suggested best practices for iOS applications.

## Apple Pay guidelines

The Apple Pay component follows Apple's official guidelines for iOS implementation.

### Button design guidelines

- Uses only Apple-approved `PKPaymentButton` styles and types.
- Maintains proper button dimensions and aspect ratios.
- Follows Apple's Human Interface Guidelines for iOS.
- Supports all official button types (`.buy`, `.pay`, `.donate`, `.subscribe`, etc.)
- Adheres to accessibility requirements including VoiceOver support.


### Payment request compliance

- Implements PassKit framework specification correctly.
- Supports all required `PKPaymentRequest` fields.
- Validates data according to Apple's requirements.
- Handles all supported payment networks through `PKPaymentNetwork`.
- Properly configures merchant capabilities with `PKMerchantCapability`.


### Security requirements

- Enforces app transport security (ATS) requirements.
- Implements proper merchant validation and certificate management.
- Uses secure token handling through PassKit.
- Follows Apple's encryption standards and Secure Element integration.
- Maintains proper keychain and biometric authentication security.


### User experience guidelines

- Provides clear error messages using iOS-native alert patterns.
- Handles all user interaction scenarios including cancellation.
- Maintains consistent behaviour across iOS devices and versions.
- Follows iOS design patterns for payment flows.
- Ensures proper accessibility support.


## iOS-specific requirements

### App Store submission requirements

#### Required entitlements


```xml
<!-- Entitlements.plist -->
<key>com.apple.developer.in-app-payments</key>
<array>
    <string>merchant.your.merchant.identifier</string>
</array>
```

#### Privacy usage descriptions


```xml
<!-- Info.plist -->
<key>NSFaceIDUsageDescription</key>
<string>Use Face ID to authenticate Apple Pay transactions</string>
<key>NSContactsUsageDescription</key>
<string>Access contacts for shipping and billing information</string>
```

#### App Transport Security (ATS)


```xml
<!-- Info.plist -->
<key>NSAppTransportSecurity</key>
<dict>
    <key>NSAllowsArbitraryLoads</key>
    <false/>
</dict>
```

### Device and version compatibility

- **Minimum iOS version**: iOS 10.0 for basic Apple Pay support.
- **Enhanced features**: iOS 11.0+ for improved contact fields, iOS 15.0+ for coupon codes.
- **Supported devices**: iPhone 6 or later, iPad Pro, iPad Air 2, iPad mini 3 or later.
- **Authentication**: Touch ID, Face ID, or passcode required.
- **Wallet setup**: User must have configured payment methods in the Wallet app.


### Merchant configuration

- **Valid merchant identifier**: Must follow format `merchant.{reverse-domain}.{app-identifier}`.
- **Merchant certificate**: Properly configured with payment processor.
- **Supported networks**: Configure only networks supported by your merchant account.


## Compliance checklist

### Technical requirements

- **iOS version support**: App supports minimum iOS 10.0.
- **Device compatibility**: Tested on iPhone and iPad with Touch ID/Face ID.
- **PassKit integration**: Proper `PKPaymentAuthorizationController` implementation.
- **Entitlements**: Valid merchant identifier in app entitlements.
- **Certificate**: Valid merchant certificate configured with payment processor.
- **Network security**: App Transport Security (ATS) enabled.
- **Error handling**: Comprehensive error handling for all scenarios.


### App Store compliance

- **App Review Guidelines**: Follows Apple's App Review Guidelines section 3.1.5(i).
- **Privacy descriptions**: Proper usage descriptions in `Info.plist`.
- **Functionality**: Apple Pay works correctly and is not promotional only.
- **Alternative methods**: Provides alternative payment methods when Apple Pay is unavailable.
- **Testing**: Thoroughly tested with real transactions in sandbox.
- **Performance**: Fast, responsive, and doesn't cause app crashes.
- **Accessibility**: VoiceOver and accessibility features work properly.


### User experience requirements

- **Button guidelines**: Uses official `PKPaymentButton` or Apple-approved custom designs.
- **Clear messaging**: Clear error messages and user guidance.
- **Graceful fallbacks**: Handles Apple Pay unavailability gracefully.
- **Consistent behaviour**: Works consistently across all supported devices.
- **Privacy compliance**: Respects user privacy and data protection.
- **Cancellation handling**: Proper handling of user cancellation.
- **Loading states**: Appropriate loading indicators during processing.


### Security requirements

- **Token handling**: Never stores or logs sensitive payment data.
- **Secure communication**: All API calls use HTTPS/TLS.
- **Authentication**: Proper biometric authentication flow.
- **Validation**: Server-side validation of payment tokens.
- **PCI compliance**: Maintains PCI DSS compliance standards.
- **Data encryption**: Encrypts data in transit and at rest.
- **Access controls**: Proper access controls and permissions.


## Apple Pay review process

Before submitting to the App Store, ensure your implementation:

### Technical validation

- **Payment flows work correctly**: Test all payment scenarios including success, failure, and cancellation.
- **Error handling is comprehensive**: Handle all possible error conditions gracefully.
- **Device compatibility**: Test across different iOS devices and versions.
- **Performance**: Ensure fast loading and responsive user interface.


### Design compliance

- **Button appearance**: Uses Apple's standard `PKPaymentButton` styles or approved custom implementations.
- **Payment sheet integration**: Seamless integration with `PKPaymentAuthorizationController`.
- **User interface**: Follows iOS Human Interface Guidelines.
- **Accessibility**: Full VoiceOver and accessibility support.


### Security validation

- **Merchant validation**: Proper merchant certificate configuration.
- **Data handling**: No storage of sensitive payment information.
- **Network security**: All communications secured with HTTPS/TLS.
- **Token processing**: Secure handling of Apple Pay payment tokens.


### App Store submission

- **Review guidelines**: Complies with Apple App Review Guidelines.
- **Privacy policy**: Clear privacy policy for payment data handling.
- **Documentation**: Provide clear documentation of Apple Pay implementation.
- **Testing instructions**: Include test account information for App Store review.


## Best practices

### Implementation

- Use Apple's official `PKPaymentButton` for consistent user experience.
- Implement comprehensive error handling with user-friendly messages.
- Test thoroughly on multiple devices and iOS versions.
- Follow iOS design patterns for payment flows.


### Security

- Never log or store sensitive payment information.
- Validate all payment tokens on your secure server.
- Use proper certificate management practices.
- Implement appropriate fraud detection measures.


### User experience

- Provide clear loading states during payment processing.
- Handle network errors gracefully with retry options.
- Show appropriate success and failure messages.
- Ensure accessibility compliance for all users.


### Monitoring

- Track payment success and failure rates.
- Monitor for compliance issues in production.
- Keep merchant certificates up to date.
- Regularly test payment flows to ensure continued functionality.