Skip to content
Components/
/
/
Compliance

Compliance

Learn about Apple Pay's implementation requirements and suggested best practices for Web applications.

Apple Pay guidelines

The Apple Pay component follows Apple's official guidelines for Web implementation.

Button design guidelines

  • Uses only Apple-approved button styles and types.
  • Maintains proper button dimensions and aspect ratios.
  • Supports all official button types (buy, pay, donate, subscribe, etc.).
  • Adheres to accessibility requirements including screen reader support.

Payment request compliance

  • Implements Apple Pay JS API specification correctly.
  • Supports all required payment request fields.
  • Validates data according to Apple's requirements.
  • Handles all supported payment networks.

Security requirements

  • Enforces HTTPS-only operation (required for Apple Pay JS).
  • Implements proper merchant validation and domain verification.
  • Uses secure token handling through Apple Pay JS.
  • Follows Apple's encryption standards.

User experience guidelines

  • Provides clear error messages using web-native patterns.
  • Handles all user interaction scenarios including cancellation.
  • Maintains consistent behaviour across browsers and devices.
  • Ensures responsive design across screen sizes.

Web-specific requirements

Domain and SSL requirements

  • HTTPS required: All Apple Pay implementations must use HTTPS.
  • Domain verification: Domain must be registered with Apple Developer Console.
  • SSL certificate: Valid SSL certificate from recognized authority.
  • Domain association file: Host at https://yourdomain.com/.well-known/apple-developer-merchantid-domain-association.

Browser compatibility

  • Safari: Safari 11.1+ on macOS 10.13.4+, Safari on iOS 11.2+.
  • Device requirements: Touch ID, Face ID, or passcode-enabled device.
  • Wallet setup: User must have configured payment methods in Wallet app.

Compliance checklist

Technical requirements

  • HTTPS required: Site runs on secure HTTPS connection.
  • Domain verification: Domain registered and verified with Apple Developer Console.
  • Valid merchant ID: Apple Pay merchant ID properly configured.
  • Browser compatibility: Tested on Safari and other supported browsers.
  • Apple Pay JS integration: Proper ApplePaySession implementation.
  • Error handling: Comprehensive error handling for all scenarios.

Security and compliance

  • SSL certificate: Valid SSL certificate from recognized authority.
  • Domain association: Apple developer domain association file properly hosted.
  • Token handling: Secure handling of Apple Pay payment tokens.
  • Data protection: No storage of sensitive payment information.
  • PCI compliance: Maintains PCI DSS compliance standards.

User experience requirements

  • Button guidelines: Uses Apple-approved button styles.
  • Clear messaging: Clear error messages and user guidance.
  • Graceful fallbacks: Handles Apple Pay unavailability gracefully.
  • Responsive design: Works consistently across desktop and mobile.
  • Accessibility: Screen reader and keyboard navigation support.

Testing and validation

  • Device testing: Tested on actual Apple devices with Apple Pay.
  • Payment testing: End-to-end payment testing in sandbox environment.
  • Error testing: All error scenarios tested and handled properly.
  • Performance: Fast loading and responsive user interface.

Apple Pay review process

Before going live, ensure your implementation:

Technical validation

  • Payment flows work correctly: Test all payment scenarios including success, failure, and cancellation.
  • Domain verification: Ensure domain association file is properly configured and accessible.
  • Browser compatibility: Test across all supported browsers and devices.

Design compliance

  • Button appearance: Uses Apple's standard button styles or approved custom implementations.
  • Payment sheet integration: Seamless integration with Apple Pay JS payment sheet.
  • Responsive design: Works correctly across desktop, tablet, and mobile devices.

Security validation

  • HTTPS enforcement: All pages with Apple Pay use HTTPS.
  • Domain verification: Domain properly registered with Apple Developer Console.
  • Token processing: Secure server-side processing of Apple Pay tokens.

Best practices

Implementation

  • Use Apple's official button styles for consistent user experience.
  • Implement comprehensive error handling with user-friendly messages.
  • Test thoroughly across browsers, devices, and screen sizes.

Security

  • Never log or store sensitive payment information.
  • Validate all payment tokens on your secure server.
  • Keep SSL certificates up to date.

Monitoring

  • Track payment success and failure rates.
  • Monitor domain verification status.
  • Regularly test payment flows across browsers and devices.
©2025 PXP Financial. PXP Financial Registered Office: The Corn Mill - 1 Roydon Road - Stanstead Abbotts - Hertfordshire - SG12 8XL - United Kingdom Phone +44 2038850598. PXP Financial is Authorised By The Financial Conduct Authority And Our Financial Services Register Number is 504318.