Hi, We are trying to make payment from ecomm merchant. The last request during process is { "sessionData": { "epochTimestamp": "1741082241", "expiresAt": "1741092241", "merchantSessionIdentifier": "SSH88312C485D_7E0DD10173", "nonce": "3f6dc197", "merchantIdentifier": "5F9BC6BAF8", "domainName": "libertybank.ge", "displayName": "Apple Pay Purchase", "signature": "3080060000", "operationalAnalyticsIdentifier": "Apple Pay Purchase:5F9BC6BAF8", "retries": 0, "pspId": "5F9BC6BAF8" } } which is successfully validated applePaySession.completeMerchantValidation(data.sessionData) After this, the "oncancel" handler is triggered in applePay. Please help us to understand what is wrong. Please note the domain where the applepay button is located is at txpg.libertypay.ge Which is successfully verified.

I'm trying to create an Apple Pay session for my website. I'm starting with curl for now, just to get proof of concept. curl --cert cert.pem --pass {passphrase} --header "Content-Type: application/json" --request POST --data '{"merchantIdentifier":"{merchantIdentifier}","displayName":"testDisplayName", "initiative": "web", "initiativeContext": "{domain}"}' https://apple-pay-gateway.apple.com/paymentservices/paymentSession This is the response I get back { "statusMessage": "Payment Services Exception merchantId={VERY-LONG-ID} not registered for domain={domain}", "statusCode": "400" } I'm not sure why this is happening. {domain} is in the form of sub.site.tld with no protocol, such as https, which matches what I see in the list of the domains in the merchant identity dashboard. The {merchantIdentifier} also matches what I see in the top right, but the merchantId in the response is something I don't recognize. It's a long string of characters that appears to be hexadecimal. I added the apple-developer-merchantid-domain-association file to my .well-known directory and the dashboard does report that the domain is verified. I am making the request from the web server that the domain resolves to, if that matters. I can't think of any reason this would be happening. I'm not sure where the long merchantId in the response is coming from. Does it matter that it doesn't match what I supplied in the request? As far as I can tell, I am using the correct merchantIdentifier. It matches the dashboard and the CN field of the certificate. I found this other post that seems to have a similar error: https://forums.developer.apple.com/forums/thread/671227 The main difference is a 417 status code instead of the 400 I got. But the problem here was that there was no payment processing certificate and I do have one of those. I haven't checked with my processor to verify that the certificate is published, but I will do that soon. I wouldn't expect that to matter. Maybe it does? What other reason could I be getting this error? Could it be a problem with my merchant identity certificate? It took a lot of effort to make it work. But I suspect it's fine, otherwise I wouldn't be getting a response from Apple at all. I can't think of any other possible problems.

We have a checkout page on which clients can configure the providers we've integrated with for each currency. One such provider is Stripe, with which we have already integrated ApplePay and host a merchant domain association file. Now, we're getting requests to support ApplePay with other providers. The issue is that we can't tell Apple to use a different path to domain association file for domain verification. And, replacing the existing domain association file seems like a hack, since I believe it's needed for domain re-verification. We're thinking of using subdomains for serving the domain association files for different providers. But, we have some questions on how ApplePay domain verification works to understand how we can solve our problem. Firstly, can we use subdomains for individual domain verification? If we already have example.com verified with Stripe, can we serve the domain association file for the other provider with provider.example.com and have the verification work? Secondly, let's say our domain is example.com, and we can use provider.example.com to serve the domain association file and verify the domain. Then on example.com/checkout, will using an iframe with provider.example.com/applepay to host the ApplePay button work? This thread suggests otherwise, but we want to confirm. Lastly, is the only way to make an ApplePay payment for provider.example.com to use that subdomain? So redirecting to provider.example.com/applepay would work? Thanks for your help!

I’m restructuring my business and want to remove Apple Pay. I use Woocommerce Square for payments. Do I do it in the Square dashboard or here? I honestly can’t remember how I set it up. I’m not a developer. I’m a farmer and work on my own website. Thanks!

For Apple Pay testing, I have tried the following: Sign into the Sandbox Account via Developer Settings: Settings > Developer > Sandbox Account Keep your main Apple ID for everything else Add Test Cards to Wallet: Try adding the test card numbers (MasterCard and Visa Debit, as we support only those) Apple provides in their documentation. Unfortunately, none of them are added to the wallet. All the time it gives 'Could Not Add Card'. I tried on devices with iOS 18+. Can anyone advise on this? Thanks

Is there a way to allow ApplePay to make deferred payments to a suite of stores, or will each store need the user to initially approve a payment manually?

'Company A' is scheduled to merge with its parent company, 'Company B'. Both A and B have Apple accounts. A's account has one domain registered for Apple Pay integration, while Account B has no domain registered. We attempted to register A’s domain under B’s account. However, the notification 'Requested domain name has been verified previously.' appeared, and we could not complete the registration. Please confirm whether it is correct that a domain already registered under Account A cannot be registered again under Account B. If we cannot register same domain in two accounts, we believe that the domain registered under A's account must be deleted first and then registered under B's account. In that case, will payments become unavailable immediately upon deletion of the domain, or will payments still be possible for a certain period of time after deletion? In our testing, we found that payments were not blocked immediately, but we would like to confirm further. We are concerned about the possibility of transaction failures during the short period between deleting the domain from A's Account and registering it under B's Account.

What am I missing in my checking for whether or not to offer Apple Pay on my website? <script async crossorigin src="https://applepay.cdn-apple.com/jsapi/v1.1.0/apple-pay-sdk.js" ></script> ... <style> apple-pay-button { display: none; } </style> ... <apple-pay-button buttonstyle="black" type="plain" locale="en-US" onclick="startApplePay('${APPLE_PAY_MERCHANT_ID}','${paymentForm.amount}');"></apple-pay-button> So, the button is not displayed by default. I only change the style to displayed if: window.onload = function() { if (isApplePaySupported()) { document.querySelector("apple-pay-button").style.display = "inline-block"; }; } function isApplePaySupported() { return (window.PaymentRequest && window.ApplePaySession && ApplePaySession.canMakePayments() && ApplePaySession.supportsVersion(applePayVersion)); } Yet, once in a while a click comes through that tries to create a PaymentRequest with const applePayMethod = { "supportedMethods": "https://apple.com/apple-pay", "data": { "version": applePayVersion, "merchantIdentifier": merchantIdentifier, "merchantCapabilities": [ "supports3DS" ], "supportedNetworks": [ "amex", "discover", "masterCard", "visa" ], "countryCode": "US" } }; and results in: NotSupportedError, The payment method is not supported What else might be "not supported" in the request for this particular user/device/wallet? In particular, that could be known immediately when the PaymentRequest is created, but before any payment instrument from the wallet is selected? And, is there anything I could detect before showing the button? Or, is it even possible for the button to be clicked by some kind of automation, even if it's not displayed?

I'm implementing Apple Pay in my Flutter web app and I'm following the guidelines for domain verification using the apple-developer-merchantid-domain-association file. When I access the file at https://mydomain.com/.well-known/apple-developer-merchantid-domain-association through my web app, the browser silently downloads the file instead of displaying its content on the webpage. My question is: Is this the expected behavior for the apple-developer-merchantid-domain-association file? Should the browser download the file silently, or is there another step required, such as displaying the content on the webpage for verification purposes? I've consulted some resources and they indicate that the file download is the correct behavior. However, I'd appreciate confirmation from the community to ensure I'm implementing the verification process correctly. Summary is how do we know if apple has verified it?

When apple pay on the web does a onshippingcontactselected it appears to truncate the zip code. If I enter: 11111 or 11111-1111 I always get 11111. Is there any way to get the plus 4?

During Apple Pay in-app provisioning (EV_ECC_v2), our iOS app successfully obtains the issuer provisioning certificates and generates cryptographic material. The flow fails when Apple posts the card blob to Apple’s broker (card creation step), returning HTTP 500 from .../broker/v4/devices/{SEID}/cards. Steps: Call issuerProvisioningCertificates?encryptionVersion=EV_ECC_v2 → 200 OK; returns ECC leaf + Apple Root CA chain; nonce=2a831be4. 2. Build {encryptedCardData, activationData, ephemeralPublicKey} 3. POST /broker/v4/devices/{SEID}/cards Expected: 200 OK on /broker/v4/devices/{SEID}/cards, or 5xx with a descriptive error if payload/cryptography is invalid. Observed: 500 Internal Server Error from Apple broker on /cards (labeled “eligibility” in PassKit logs), causing a terminal failure in Wallet UI.

For Apple Pay Testing purposes, we're trying out cards from https://developer.apple.com/apple-pay/sandbox-testing/ Visa, AMEX, Discover cards can be added to the wallet. But all 5 of the listed options for Mastercard cannot be added to the wallet with the error "Card Device Limit". How can we resolve this?

Hello Apple Devs, We’re currently trying to integrate Apple Pay on the web using Apple Pay JS. We've followed the official documentation closely, but we're running into a blocker during the merchantSession validation phase. We successfully retrieved a merchantSession, which looks like this: json { "displayName": "Our Name", "domainName": "https://pay.ourdomain.co", "epochTimestamp": , "expiresAt": ****************, "merchantIdentifier": "", "merchantSessionIdentifier": ", "nonce": "", "operationalAnalyticsIdentifier": our name "t:", "pspId": "", "retries": 0, "signature": "*****************..." } Issue: Shortly after initiating the session, we receive a cancel event with the following info: ApplePayCancelEvent { type: "cancel", sessionError: { code: "unknown", info: {} } } We're unsure what causes the cancellation. There are no clear error messages or hints in the logs to identify what went wrong. What We’ve Checked: The merchantSession is returned successfully from our backend. The domainName matches our frontend domain (https://pay.durdomain.co). The session hasn’t expired when tested. We're using Apple Pay JS APIs as described in the documentation. Help Needed: What can trigger an ApplePayCancelEvent with an "unknown" error code? Any insight or guidance would be deeply appreciated. Thanks in advance!

Hi, We are trying to make the PKAddPaymentPassViewController to show the correct list of devices to where the pass can be added. We have analysed the documentation and we are using the PrimaryAccountIdentifier field which is the field that supposedly controls this behavior but the list of devices presented in the view controller always include one iPhone and one Apple Watch, regardless of where the card has been already added. We are initializing the PKAddPaymentPassRequestConfiguration object with: PKEncryptionScheme PrimaryAccountIdentifier CardholderName PrimaryAccountSuffix LocalizedDescription PaymentNetwork PrimaryAccountIdentifier CardholderName PrimaryAccountSuffix LocalizedDescription We have also verified the configuration in our payment pass processor and everything should be ok. We would like to have some help on achieving the desired flow for Apple Pay, which is to present the PKAddPaymentPassViewController with the correct list of available devices and not the full list. Thank you.

We have recently begun testing in our production environment and have been unable to push provision any cards, receiving a 500 error: default 11:15:59.136742-0300 PassbookUIService Response: https://pr-pod9-smp-device.apple.com:443/broker/v4/devices/SEID_NUMBER/cards 500 Time profile: 0.486102 seconds { x-conversation-id = "52463d9f488e428f829633a1518ea72d" Vary = "accept-language" Content-Type = "application/json" x-pod = "pr-pod9" x-keystone-correlationid = "058F11DE-839F-47AC-A623-741BF32CEA80" Date = "Thu, 16 Jan 2025 14:15:58 GMT" x-apay-service-response-details = "via_upstream" Content-Length = "81" x-envoy-upstream-service-time = "172" x-pod-region = "paymentpass.com.apple" } { statusCode = 500; statusMessage = "Broker Service Response exception"; } In 05/2024 we received an e-mail from applepayentitlementsapple.com confirming the granting of in-app provisioning entitlements for our production apps. We've already sent a feedback on Feedback Assistant. Here is the code to track: FB16344669. Also, we sent another e-mail to applepayentitlementsapple.com, Case-ID: 11317916, but we haven't received a reply yet. Can you help us? We are concerned, since our pre-certification starts on January 27th. Thanks in advance.

I have the HCE entitlements, but it's not clear from the documentation I have, how to configure my app as the default app for the double tap of the power button. Nor can i see where this is in iOS 18.2 settings. The closest I can find is 'Settings > Default Apps > Contactless App', which still shows only Wallet after I install my app with all the new entitlements and provisioning profile. I have these entitlement successfully provisioning my app: <key>com.apple.developer.nfc.hce</key> <true/> <key>com.apple.developer.nfc.hce.iso7816.select-identifier-prefixes</key> <array> <string>A0000000031010</string> <string>A00000002501</string> <string>A0000000049999</string> <string>A0000000041010</string> </array> <key>com.apple.developer.nfc.hce.default-contactless-app</key> <true/> The documentation here: https://developer.apple.com/support/hce-transactions-in-apps/ also references a link to changes in Info.plist, but the url takes me to storekit-external-entitlement documentation about dating apps in the netherlands ???!!!??? Any help would be appreciated to at least get started by allowing me to change the double tap action to my app. Thanks

Hi! I am working on automating the Apple Pay integration process in our CI/CD pipeline and would like to confirm whether a fully automated setup is currently possible for our preproduction environment. Right now, our process is as follows: A certificate is generated for the root domain and for each individual merchant subdomain. Both certificates are manually uploaded to our preproduction servers to test and verified via HTTP. We’d like to automate this flow in GitLab CI, mainly the generation of the necessary certificates programmatically or via API. However, from my research, it seems that Apple does not currently provide an API or any support to automate this task, but I’d like to confirm this directly with you. Is there any official support or workaround for this kind of automation? If not, do you have any plans to provide it in the future? Thanks in advance for your help.

Issue Description In our Apple Pay integration process, the validation URL returned from the onvalidatemerchant callback is: https://apple-pay-gateway.apple.com/paymentservices/startSession However, according to Apple’s official documentation (reference link), the correct validation URL is: https://apple-pay-gateway.apple.com/paymentservices/paymentSession We are seeking clarification and assistance regarding the following issues: Issue 1 Will continuing to use the startSession URL cause problems or errors? Are there functional differences between the two URLs (startSession and paymentSession)? Does Apple still officially support startSession, or are we required to switch to paymentSession? Issue 2 We occasionally experience the following 400 error, even though the URL we use for validation is the one returned from the onvalidatemerchant callback: 400: { "statusMessage": "Payment Services Exception merchantId=*** not registered for domain=***.com", "statusCode": "400" } We have verified the following: Our Merchant ID and certificates are valid. All Apple Pay configuration details, including merchant domain verification and placement of the .well-known/apple-developer-merchantid-domain-association file, have been correctly set up and verified. However, we still encounter the error intermittently. Questions: If we need to transition to using paymentSession, how should we do this? Could this error be related to the use of startSession? If not, how should we troubleshoot further? Support Needed Confirmation and clarification on the proper usage and differences between the two URLs: startSession and paymentSession. Guidance on how we can investigate and resolve the 400 error to ensure that the Apple Pay validation process works consistently. We appreciate your assistance and support!

Hello, I am following up on my previous feedback (Feedback ID: FB17175593) regarding the in-app provisioning failure for Apple Pay. In that report, I detailed errors encountered during the card addition process (notably issues related to a missing teamID and cryptographic material errors). Could you please provide an update on the investigation progress? I appreciate your assistance and look forward to your response.

I am encountering an issue with the in-app provisioning flow using PKAddPaymentPassViewController. Specifically, when presenting the controller to allow users to add a pass to Apple Wallet, the device selection screen is showing all the devices, even after setting the primaryAccountIdentifier on the PKAddPaymentPassRequestConfiguration. Here's the context: I'm using PKAddPaymentPassViewController for in-app provisioning. I provide a valid primaryAccountIdentifier in the configuration. But after adding the pass, if i print back the primaryAccountIdentifier it displays some other value different than the identifier i had set(Example masked identifier: FAPLMC1GB000000066aa4xxxxxxxxxxxa744f16axxxxxxxx). The provisioning flow works, but the device list shown to the user includes all the devices (e.g., Apple Watches and iPhone even though it is already added to Apple Watch or iPhone).