Skip to content
Components/
/
/
Compliance for iOS

Compliance for iOS

Learn about Apple Pay's implementation requirements and suggested best practices for iOS applications.

Apple Pay guidelines

The Apple Pay component follows Apple's official guidelines for iOS implementation.

Button design guidelines

  • Uses only Apple-approved PKPaymentButton styles and types.
  • Maintains proper button dimensions and aspect ratios.
  • Follows Apple's Human Interface Guidelines for iOS.
  • Supports all official button types (.buy, .pay, .donate, .subscribe, etc.)
  • Adheres to accessibility requirements including VoiceOver support.

Payment request compliance

  • Implements PassKit framework specification correctly.
  • Supports all required PKPaymentRequest fields.
  • Validates data according to Apple's requirements.
  • Handles all supported payment networks through PKPaymentNetwork.
  • Properly configures merchant capabilities with PKMerchantCapability.

Security requirements

  • Enforces app transport security (ATS) requirements.
  • Implements proper merchant validation and certificate management.
  • Uses secure token handling through PassKit.
  • Follows Apple's encryption standards and Secure Element integration.
  • Maintains proper keychain and biometric authentication security.

User experience guidelines

  • Provides clear error messages using iOS-native alert patterns.
  • Handles all user interaction scenarios including cancellation.
  • Maintains consistent behavior across iOS devices and versions.
  • Follows iOS design patterns for payment flows.
  • Ensures proper accessibility support.

iOS-specific requirements

App Store submission requirements

Required entitlements

<!-- Entitlements.plist -->
<key>com.apple.developer.in-app-payments</key>
<array>
    <string>merchant.your.merchant.identifier</string>
</array>

Privacy usage descriptions

<!-- Info.plist -->
<key>NSFaceIDUsageDescription</key>
<string>Use Face ID to authenticate Apple Pay transactions</string>
<key>NSContactsUsageDescription</key>
<string>Access contacts for shipping and billing information</string>

App Transport Security (ATS)

<!-- Info.plist -->
<key>NSAppTransportSecurity</key>
<dict>
    <key>NSAllowsArbitraryLoads</key>
    <false/>
</dict>

Device and version compatibility

  • Minimum iOS version: iOS 10.0 for basic Apple Pay support.
  • Enhanced features: iOS 11.0+ for improved contact fields, iOS 15.0+ for coupon codes.
  • Supported devices: iPhone 6 or later, iPad Pro, iPad Air 2, iPad mini 3 or later.
  • Authentication: Touch ID, Face ID, or passcode required.
  • Wallet setup: User must have configured payment methods in the Wallet app.

Merchant configuration

  • Valid merchant identifier: Must follow format merchant.{reverse-domain}.{app-identifier}.
  • Merchant certificate: Properly configured with payment processor.
  • Supported networks: Configure only networks supported by your merchant account.

Compliance checklist

Technical requirements

  • iOS Version Support: App supports minimum iOS 10.0.
  • Device Compatibility: Tested on iPhone and iPad with Touch ID/Face ID.
  • PassKit Integration: Proper PKPaymentAuthorizationController implementation.
  • Entitlements: Valid merchant identifier in app entitlements.
  • Certificate: Valid merchant certificate configured with payment processor.
  • Network Security: App Transport Security (ATS) enabled.
  • Error Handling: Comprehensive error handling for all scenarios.

App Store compliance

  • App Review Guidelines: Follows Apple's App Review Guidelines section 3.1.5(i).
  • Privacy Descriptions: Proper usage descriptions in Info.plist.
  • Functionality: Apple Pay works correctly and is not promotional only.
  • Alternative Methods: Provides alternative payment methods when Apple Pay is unavailable.
  • Testing: Thoroughly tested with real transactions in sandbox.
  • Performance: Fast, responsive, and doesn't cause app crashes.
  • Accessibility: VoiceOver and accessibility features work properly.

User experience requirements

  • Button Guidelines: Uses official PKPaymentButton or Apple-approved custom designs.
  • Clear Messaging: Clear error messages and user guidance.
  • Graceful Fallbacks: Handles Apple Pay unavailability gracefully.
  • Consistent Behavior: Works consistently across all supported devices.
  • Privacy Compliance: Respects user privacy and data protection.
  • Cancellation Handling: Proper handling of user cancellation.
  • Loading States: Appropriate loading indicators during processing.

Security requirements

  • Token Handling: Never stores or logs sensitive payment data.
  • Secure Communication: All API calls use HTTPS/TLS.
  • Authentication: Proper biometric authentication flow.
  • Validation: Server-side validation of payment tokens.
  • PCI Compliance: Maintains PCI DSS compliance standards.
  • Data Encryption: Encrypts data in transit and at rest.
  • Access Controls: Proper access controls and permissions.

Apple Pay review process

Before submitting to the App Store, ensure your implementation:

Technical validation

  • Payment flows work correctly: Test all payment scenarios including success, failure, and cancellation.
  • Error handling is comprehensive: Handle all possible error conditions gracefully.
  • Device compatibility: Test across different iOS devices and versions.
  • Performance: Ensure fast loading and responsive user interface.

Design compliance

  • Button appearance: Uses Apple's standard PKPaymentButton styles or approved custom implementations.
  • Payment sheet integration: Seamless integration with PKPaymentAuthorizationController.
  • User interface: Follows iOS Human Interface Guidelines.
  • Accessibility: Full VoiceOver and accessibility support.

Security validation

  • Merchant validation: Proper merchant certificate configuration.
  • Data handling: No storage of sensitive payment information.
  • Network security: All communications secured with HTTPS/TLS.
  • Token processing: Secure handling of Apple Pay payment tokens.

App Store submission

  • Review guidelines: Complies with Apple App Review Guidelines.
  • Privacy policy: Clear privacy policy for payment data handling.
  • Documentation: Provide clear documentation of Apple Pay implementation.
  • Testing instructions: Include test account information for App Store review.

Best practices

Implementation

  • Use Apple's official PKPaymentButton for consistent user experience.
  • Implement comprehensive error handling with user-friendly messages.
  • Test thoroughly on multiple devices and iOS versions.
  • Follow iOS design patterns for payment flows.

Security

  • Never log or store sensitive payment information.
  • Validate all payment tokens on your secure server.
  • Use proper certificate management practices.
  • Implement appropriate fraud detection measures.

User experience

  • Provide clear loading states during payment processing.
  • Handle network errors gracefully with retry options.
  • Show appropriate success and failure messages.
  • Ensure accessibility compliance for all users.

Monitoring

  • Track payment success and failure rates.
  • Monitor for compliance issues in production.
  • Keep merchant certificates up to date.
  • Regularly test payment flows to ensure continued functionality.
©2025 PXP Financial. PXP Financial Registered Office: The Corn Mill - 1 Roydon Road - Stanstead Abbotts - Hertfordshire - SG12 8XL - United Kingdom Phone +44 2038850598. PXP Financial is Authorised By The Financial Conduct Authority And Our Financial Services Register Number is 504318.