Merchant Validation: Laravel

On this page

Before Using This Sample

This code sample is provided to help you implement the merchant validation process using Laravel. You should read through Requesting an Apple Pay Payment Session for more information on the process.

We do not provide any warranty or support for code samples on this page.


We need an HTTP client to perform validation. We will use Guzzle for this, thus we need to install it as follows

composer install guzzlehttp/guzzle

Adding the Validation Route

You need to setup a route that accepts POST request sfor validating the merchant and initiating the Apple Pay session:

Route::post('/apple-pay/validate-merchant', 'ApplePayController@validate');

Merchant Identity Certificate

Before we can proceed, we need to generate a Merchant Identity Certificate that will allow us to successfully connect to Apple’s servers and request an Apple Pay session.

You can follow this guide to acquire your certificate: How to Setup Apple Pay Requirements.

Storing Certificates

Certificates are credential files, they are used to authenticate you with Apple and must be stored safely. You SHOULD NEVER store them in your public directory and instead store them in a directory like resources.

For this demonstration, we will store our key and certificate as /path/to/project/resources/apple-pay/ApplePay.key.pem and /path/to/project/resources/apple-pay/ApplePay.crt.pem respectively.

We can get the full path to these directories using Laravel’s resource_path helper function.

The Validation Controller

namespace App\Http\Controllers;

use GuzzleHttp\Client;
use GuzzleHttp\Exception\BadResponseException;
use GuzzleHttp\Exception\TransferException;
use Illuminate\Http\Request;
use Illuminate\Support\Facades\Log;

class ApplePayController extends Controller
    public function validateMerchant(Request $request)
        $this->validate($request, [
            'validation_url' => 'required|url'

        $url = $request->input('validation_url');

        $body = [
            'merchantIdentifier' => '',
            'displayName' => "",
            'initiative' => 'web',
            'initiativeContext' => ''

        $options = [
            'json' => $body,
            'ssl_key' => resource_path('apple-pay/ApplePay.key.pem'),
            'cert' => resource_path('apple-pay/ApplePay.crt.pem'),

        try {
            $client = new Client();
            $response = $client->post($url, $options);
        } catch (BadResponseException $e) {
            return response([
                'type' => 'bad_response',
                'response' => $this->getJson($e->getResponse())
        } catch (TransferException $e) {
            return response([
                'type' => 'connection_error',
                'message' => $e->getMessage()

        return $this->getJson($response);

    private function getJson($response)
        return json_decode($response->getBody()->getContents(), true);

In case you have encrypted your private key with a password, you can use the following option to add the password:

'ssl_key' => [

More Resources

You can read more about merchant validation at Requesting an Apple Pay Payment Session.

Last Modified : Sep 2021