We are writing to report a recurring stability issue with the Apple Pay sandbox environment. We are using the official sandbox test cards provided on the Apple Developer website for our testing: https://developer.apple.com/apple-pay/sandbox-testing/ We are experiencing frequent, intermittent failures when attempting to add these sandbox cards to the Wallet for testing purposes. The issue typically occurs a couple of times per day. When the failure occurs, the card provisioning process fails unexpectedly. The issue is not limited to a single card; we have observed this behavior across all available card networks. In some instances, all cards (Visa, Mastercard, Discover, Amex) fail to provision simultaneously. At other times, the issue appears to be isolated to specific networks while others work correctly. Crucially, the issue appears to be temporary. After some time passes (ranging from minutes to an hour), we are able to add the exact same card successfully without making any changes to our test environment or configuration. We have diligently checked our setup to rule out configuration errors on our end. This includes verifying: The device is set to a supported region. We are signed in with a valid sandbox tester Apple ID. All other prerequisites for sandbox testing are met. The fact that the process works correctly at other times strongly suggests that this is a server-side stability issue within the Apple Pay sandbox environment rather than a persistent misconfiguration on our part. To help with your investigation, we have attached an image that demonstrates a failed attempt to add a card. Could you please investigate the stability of the sandbox card provisioning service? Please let us know if this is a known issue or if there is any further information we can provide. Thank you for your time and assistance.

Hello, I'm experiencing an irregular issue with Apple Pay merchant domain verification. As you know, Apple requires domain verification every two months to maintain Apple Pay functionality. The problem is that while the verification sometimes happens automatically without any issues, other times it fails to complete, even though the required file "apple-developer-merchantid-domain-association.txt" is correctly available on our server. When automatic verification fails, the Apple Pay service becomes non-functional on our website, forcing us to perform a manual verification to restore the pending service. Is it normal to encounter such inconsistent automatic verification processes? What could be causing these intermittent verification failures, whereas manual verification always succeed? suggesting this might not be related to IP address restrictions described on the Apple documentation. Thank you in advance,

We are working with Saferpay. And integrating Applepay Server to Server. But we are having token generation issue. It does not give a valid test card information. We have created a tester account as India country. Is that an issue?

Hello Apple Developer Team/Community, I am working on developing an Apple Wallet pass with NFC functionality for our electric vehicle (EV) charging stations. The goal is to enable a "tap-to-start charging" feature, providing a seamless and efficient experience for users. However, my request for an NFC certificate to enable this functionality has been rejected. Here is a summary of my use case and actions taken so far: 1. Use Case: The Wallet pass will allow users to initiate charging sessions by tapping their iPhones or Apple Watches on the EV charger. This feature aims to simplify the process by eliminating the need for additional apps, physical cards, or manual inputs. It enhances accessibility and aligns with Apple’s goals of providing users with secure and convenient solutions. 2. Steps Taken: Submitted the NFC certificate request with a detailed explanation of the functionality. Included diagrams and supporting documents demonstrating the workflow and system readiness. Received a rejection without clear guidance on how to address the issue. 3. Technical Readiness: Our backend is fully prepared to support NFC passes, including secure processing of tap events and payload encryption. The Wallet pass has been configured to include the nfc field with the required encryptionPublicKey. Request for Assistance: Could you provide guidance on improving my application to meet Apple’s criteria for NFC certificates? Are there specific requirements or examples of successful NFC-enabled Wallet pass applications that I can use as a reference? If anyone has faced a similar rejection, what steps did you take to get approval? Additional Information: Use case: EV charging stations NFC functionality: Tap-to-start charging session Current implementation: Pass is functional without NFC but requires NFC for seamless operation. Any advice or resources to help resolve this issue would be greatly appreciated. Thank you for your time and support. Best regards, DeveloperSquillion

We are developing a native iOS financial application called Tradu: Stocks, Forex, and CFDs (Apple ID: 6473443264), which embeds a WKWebView to render all user-facing logic. All user interactions—including authentication with MFA—occur inside this WKWebView. To access native functionality, we use postMessage() to communicate between the web and native layers. This approach has worked successfully for biometric authentication, for example. We are currently integrating Apple Pay In-App Provisioning and have a few questions regarding compliance with the documentation provided by our Issuer Host (Modulr). In the document titled Getting Started with Apple Pay: In-App Provisioning, Verification, Security, and Wallet Extensions (Version 4.0, February 2023), all examples are based on a fully native application. We’ve managed to integrate most of the In-App Provisioning flow via postMessage() up to the point of passing encryptedData to the Payment View. Apple Pay button inside WKWebView In Section 7: Frontend Overview, the user initiates the provisioning by tapping a native PKPaymentButton (SwiftUI example). In our case, this button is rendered inside the WKWebView, styled according to the Apple Style Guide. While the document references this approach as a “raw mark text supplement,” is this method acceptable and compliant with Apple’s UX and technical guidelines? MFA requirement before provisioning In Section 4: Security Guidelines, it is stated that the user must have passed MFA at least once before starting the provisioning flow. In our implementation, users must complete MFA on every login (including on recognized devices) before the provisioning UI becomes available. Even though this is not tied specifically to “unrecognized devices,” is our MFA requirement sufficient to satisfy Section 4.2? Summary: Is using a web-rendered Apple Pay button inside WKWebView (instead of a native PKPaymentButton) considered compliant? Is our MFA enforcement model (required on every login) aligned with the security requirements outlined in Section 4.2 of the Apple Pay In-App Provisioning documentation?

I am trying to get a pass reader certified through the mFi / WPC certification process. The problem I have is that the Certifier app will not allow testing results to be submitted due to some missing information. I need support to discuss the missing information, but I have received no replies from the email provided for WPC Certification Representative. Does anyone here know how to get support for the WPC Certification process?

We are experiencing intermittent 403 Forbidden errors during Apple Pay on web merchant validation in our production and sandbox environment. Has anyone else started seeing 403 Forbidden errors recently (since mid-2025)? Why would merchant validation be sometimes successful and sometimes fail with 403? Could this be related to new Apple Pay gateway changes or stricter validation rules? Any additional debug steps or permanent solutions we should try? Thank you.

Como consigo um código TestFlight. Alguém pode me ajudar, por gentileza

We created apps for many credit unions in Canada. Some of those apps has the feature to directly add users' debit cards to Apple Wallet (which is called by Apple as "in-app provisioning"). The feature has been working fine for at least 6 years for many credit unions. Recently, after updating one of those existing apps, we found out that the in-app provisioning is no longer working. Found it very strange, as we didn't touch the code base related to this feature for a very long time. One thing we found out is that the option to add in-app provisioning entitlement is missing during generating "provisioning profile" for the app. Is this a misconfiguration by App? Or do we need to request for additional entitlement migration as mentioned in the page: https://developer.apple.com/help/account/reference/provisioning-with-managed-capabilities ? Apple, please help, it's rather urgent.

Hi everyone, I am new to Apply Pay, but I have already implemented IAP for subscriptions in my app. My app also has other functionalities, it also acts as a person-to-person marketplace, as users can post events or online courses which can be bought by other users to participate. My question is that I have read Apple's review guidelines but it is still unclear for me if I can use Apple Pay (with for example Stripe) or do I still need to use IAP for this online content. Also non profit organizations also can register which can recieve donations, can I also use Apple Pay for that or do I still need IAP there, because it would be nice if Apple would take 30% of donations.

Hello, We are currently developing an application that uses the Host-based Card Emulation (HCE) entitlement to enable corporate access functionality. With this entitlement, we have successfully established HCE communication and can interact with our access control systems to unlock doors. Our question is related to improving the user experience: We would like this access functionality to work without requiring the app to be in the foreground, as this adds friction for users during entry. Specifically, we would like to know: Is it possible for our app to coexist with Apple Wallet as the default contactless app, so that: Our app handles NFC interactions for corporate access (e.g., opening doors). Apple Wallet remains the default for payments. If that coexistence is not possible, and our app is set as the default contactless app, Will the system still need to launch our app into the foreground to complete a transaction (e.g., to emulate the NFC card)? Or is there a way to trigger HCE responses in the background (e.g., using a background process or service extension)? Any guidance on how to configure the app for optimal background access behavior, while maintaining compatibility with Wallet, would be greatly appreciated. Thank you in advance.

Hi, we are trying to verify our domain and we uploaded the file to our domain {DOMAIN}/.well-known/apple-developer-merchantid-domain-association.txt and we can access it. But when we want verify the domain in your platform we can't do it and you see the message "Domain verification failed". How can we verified or if we need change something in our side to verify it? thanks!

Hello, We’re seeing an issue where the Apple Pay button is visible in Safari but not clickable for certain users, while it works normally for others. This happens on our site (https://store-qa2.enphase.com/ ) as well as on other sites for the same affected users. Currently, we display the Apple Pay button based on the following condition: Boolean(window.ApplePaySession) && ApplePaySession.canMakePayments(); For affected users, the button shows up as expected, but it’s not interactive. All users (both affected and unaffected) are on the latest versions of Safari and macOS/iOS. Could someone clarify what additional conditions Safari/Apple Pay requires for the button to be fully functional? And under what circumstances could it be visible but not clickable?

Why did my sandbox test fail due to not being able to obtain the product list?

Hello. I have a few questions about the implementation of Apple Pay payments on websites. Could you help me From the documentation: Apple Pay issues an Apple Pay Merchant Token if the user’s payment network supports merchant-specific payment tokens. Otherwise, Apple Pay issues a device token for the payment request. How can we determine whether a token is a merchant token or a device token? Is it possible to determine this by any of the token fields? https://developer.apple.com/documentation/passkit/payment-token-format-reference Is it possible to understand this in other ways? Can I make recurring payments with the device token if it was issued instead of the merchant token? Is it necessary to include the tokenNotificationURL when generating a merchant token, or can we generate one without specifying it? What does the applicationExpirationDate field in the merchant token represent? Is this the date when the device token or merchant token expires and payments cannot be made with it?

Hello everyone, We're implementing Apple Pay on the web and are already live, processing transactions. However, we've noticed that occasionally the onlinePaymentCryptogram returned in the paymentData contains spaces, causing it to be rejected by acquirers. Has anyone else encountered this issue? Any insights would be greatly appreciated.

Hi, we are implementing the push provisioning via the Apple Wallet Extension starting from the example at https://developer.apple.com/documentation/passkit/implementing-wallet-extensions. To correctly manage the push provisioning on Apple Watch, specifically for a card tokenised in the iPhone but not in the Watch, we need to know if there is a connected Apple Watch to the iPhone. We are using the following code from the Apple Wallet Extension example to detect whether there is a connected watch: WCSession* session = [WCSession defaultSession]; session.delegate = delegate; [session activateSession]; In the main target of the app, at the end of the activation the system correctly calls the delegate method: session:activationDidCompleteWithState:error: but we noticed it is not being called in the UI extension context (the one having NSExtensionPointIdentifier: com.apple.PassKit.issuer-provisioning.authorization). We don't understand why the delegate is not being called in the UI extension, can you please help? Thanks! Steps to Reproduce: Start with a card not added in the Apple Wallet app Open the Apple Wallet app Click on add card Select the app to launch the Wallet Extension flow The Apple Wallet Extension with UI is on screen and invokes the activateSession method, the delegate method is not invoked and session.isPaired returns "no". Xcode Version 16.2 macOS Version 15.6.1 (24G90) Feedback ID FB20082564

I'm successfully using Apple subscriptions in my app, but I'm encountering SKErrorCodeDomain error 18 when trying to apply a subscription offer. I want apply offer code first time only for subscription. Below are details of what i set in appstore and what i have tested. Subscription Offer Details Offer Type: For the first month Customer Eligibility: New, Existing, and Expired Subscribers Code Status: Active Offer Code Creation Steps: App Store Connect → App → Subscription → Select Subscription Product → Offer Codes → Add → Add Custom Codes Signature Generation for Promotional Offers I'm following Apple's documentation to generate a signature: https://developer.apple.com/documentation/storekit/generating-a-signature-for-promotional-offers I’ve constructed the payload as instructed: appBundleId + '\u2063' + keyIdentifier + '\u2063' + productIdentifier + '\u2063' + offerIdentifier + '\u2063' + appAccountToken + '\u2063' + nonce + '\u2063' + timestamp Keys and Identifiers keyIdentifier, issuerId, and .p8 file are obtained from: App Store Connect → Users and Access → Integrations → In-App Purchase Test user created under: App Store Connect → Users and Access → Sandbox → Test Accounts Logged in with this account on the iPhone What I’ve Tried Verified all values used in the payload are correct Tried both seconds and milliseconds for the timestamp (as per documentation, it should be in milliseconds) Tried setting appAccountToken to: a valid UUID an empty string not setting it at all Used Apple’s sample code to generate a signature: https://developer.apple.com/documentation/storekit/generating-a-promotional-offer-signature-on-the-server Verified the generated signature locally, and it validated successfully: https://developer.apple.com/documentation/storekit/generating-a-signature-for-promotional-offers#Validate-locally-and-encode-the-signature Apple’s sample code to generate a signature Downloaded from const express = require('express'); const router = express.Router(); const crypto = require('crypto'); const ECKey = require('ec-key'); const secp256k1 = require('secp256k1'); const uuidv4 = require('uuid/v4'); const KeyEncoder = require('key-encoder'); const keyEncoder = new KeyEncoder('secp256k1'); const fs = require('fs'); function getKeyID() { return "KEYIDXXXXX"; } router.post('/offer', function(req, res) { const appBundleID = req.body.appBundleID; const productIdentifier = req.body.productIdentifier; const subscriptionOfferID = req.body.offerID; const applicationUsername = req.body.applicationUsername; const nonce = uuidv4(); const currentDate = new Date(); const timestamp = currentDate.getTime(); const keyID = getKeyID(); const payload = appBundleID + '\u2063' + keyID + '\u2063' + productIdentifier + '\u2063' + subscriptionOfferID + '\u2063' + applicationUsername + '\u2063'+ nonce + '\u2063' + timestamp; // Get the PEM-formatted private key string associated with the Key ID. // const keyString = getKeyStringForID(keyID); // Read the .p8 file const keyString = fs.readFileSync('./SubscriptionKey_47J5826J8W.p8', 'utf8'); // Create an Elliptic Curve Digital Signature Algorithm (ECDSA) object using the private key. const key = new ECKey(keyString, 'pem'); // Set up the cryptographic format used to sign the key with the SHA-256 hashing algorithm. const cryptoSign = key.createSign('SHA256'); // Add the payload string to sign. cryptoSign.update(payload); /* The Node.js crypto library creates a DER-formatted binary value signature, and then base-64 encodes it to create the string that you will use in StoreKit. */ const signature = cryptoSign.sign('base64'); /* Check that the signature passes verification by using the ec-key library. The verification process is similar to creating the signature, except it uses 'createVerify' instead of 'createSign', and after updating it with the payload, it uses `verify` to pass in the signature and encoding, instead of `sign` to get the signature. This step is not required, but it's useful to check when implementing your signature code. This helps debug issues with signing before sending transactions to Apple. If verification succeeds, the next recommended testing step is attempting a purchase in the Sandbox environment. */ const verificationResult = key.createVerify('SHA256').update(payload).verify(signature, 'base64'); console.log("Verification result: " + verificationResult) // Send the response. res.setHeader('Content-Type', 'application/json'); res.json({ 'keyID': keyID, 'nonce': nonce, 'timestamp': timestamp, 'signature': signature }); }); module.exports = router; Postman request and response Request URL: http://192.168.1.141:3004/offer Request JSON: { "appBundleID":"com.app.bundleid", "productIdentifier":"subscription.product.id", "offerID":"OFFERCODE1", "applicationUsername":"01234b43791ea309a1c3003412bcdaaa09d39a615c379cc246f5f479760629a1" } Response JSON: { "keyID": "KEYIDXXXXX", "nonce": "f98f2cda-c7a6-492f-9f92-e24a6122c0c9", "timestamp": 1753510571664, "signature": "MEYCIQCnA8UGWhTiCF+F6S55Zl6hpjnm7SC3aAgvmTBmQDnsAgIhAP6xIeRuREyxxx69Ve/qjnONq7pF1cK8TDn82fyePcqz" } Xcode Code func buy(_ product: SKProduct) { let discountOffer = SKPaymentDiscount( identifier: "OFFERCODE1", keyIdentifier: "KEYIDXXXXX", nonce: UUID(uuidString: "f98f2cda-c7a6-492f-9f92-e24a6122c0c9")!, signature: "MEYCIQCnA8UGWhTiCF+F6S55Zl6hpjnm7SC3aAgvmTBmQDnsAgIhAP6xIeRuREyxxx69Ve/qjnONq7pF1cK8TDn82fyePcqz", timestamp: 1753510571664) let payment = SKMutablePayment(product: product) payment.applicationUsername = "01234b43791ea309a1c3003412bcdaaa09d39a615c379cc246f5f479760629a1" payment.paymentDiscount = discountOffer SKPaymentQueue.default().add(payment) } Issue Even following instructions to the documentation and attempting various combinations, the offer keeps failing with SKErrorCodeDomain error 18. Has anyone else experienced this? Any suggestions as to what may be amiss or how it can be corrected?

I am adding Apple Pay to my eCommerce site and I am having a lot of difficulty with the PaymentsRequest API in Microsoft Edge browser. I have a partial implementation that displays the Apple Pay button and creates a PaymentRequest when the button is clicked. That's all. On Safari, this is enough to display the Apple Pay dialog. The process doesn't proceed further because I haven't implemented a handler for the merchantvalidation event. With Chrome on a Mac, the behavior is the same, I can scan the code and see the Apple Pay dialog. On Microsoft Edge, I never see the code to scan. In my web console, I'm seeing errors like InvalidStateError: Failed to execute 'canMakePayment' on 'PaymentRequest': Cannot query payment request and NotSupportedError: The payment method "https://apple.com/apple-pay" is not supported. No "Link: rel=payment-method-manifest" HTTP header found at "https://www.apple.com/apple-pay/" Is Apple Pay not supported on Windows? I see the demo site here, which gets farther than I have gotten. It does display the scan code, but payment still never completes. I see the same payment-method-manifest error in the console. If Apple Pay is not supported on any PCs other than Macs, is there any reason to use the PaymentRequest API instead of Apple Pay JS? I started digging into the W3C standards and it turns out that merchantvalidation event is deprecated. Chrome on Mac does catch it, so it seems like it's supported there. But I have concerns about the long term future. Is it going to remain supported? If so, I would imagine that the interface could change. It seems like the only benefit of the W3C PaymentRequest API is that Mac users with non-Safari browsers may still be able to use Apple Pay. In theory, that's something I'd still like to support, even if it's only a small number of users, but I only have time for one integration right now, and I need to pick the best one. How much faith should I have in the W3C PaymentRequest API? Is it reasonable to pursue it with the goal of including all Mac users regardless of browser? Or is it likely a dead API and I should stick to Apple Pay JS instead to provide a better experience to Safari users? It also looks like the PaymentRequest API isn't fully finalized yet, so maybe that's the source of my issues. Maybe I should just use Apple Pay JS for now with an eye to supporting PaymentRequest when the spec is finalized. I greatly appreciate your input.

Hello, I am currently testing an Adyen integration with Sylius and need to verify Apple Pay with Cartes Bancaires in the sandbox environment. Could you please advise how Cartes Bancaires can be tested in Apple Pay Sandbox (e.g. cards details)? Thank you in advance for your guidance. Best regards, Grzegorz