Ok, here is the scenario... the payment sheet appears, Touch Id is accepted, the payment fails (intentionally), Touch Id is accepted again to resubmit, 30 seconds later it states Payment Not Completed and the payment sheet closes. The trace of both are identical other than the former stating it failed due to the client indicating a decline and the latter failed after it timed out waiting for the client callback. I have replicated this at https://applepaydemo.apple.com/ using both the Apple Pay API and Payment Request API. const response = await request.show(); const status = "fail"; await response.complete(status); The above was taken directly from the demo site and yes, I know the success state of the actual card processing would be passed here. So the flow of the first attempt to submit fails, as expected, but what seems to happen is that the pointer back to request.show() doesn't get reset; the promise has already been fulfilled and the routine has exited. When the payment sheet attempts the callback the second time it's no longer bound and eventually times out. Clicking pay again repeats the whole flow. Seems like a defect to me. I doubt I'm the first to come across this issue though a half a day of searching has not revealed otherwise. I'm experiencing this on Ventura with Safari 16.1 against the sandbox.

I've come across seemingly conflicting information regarding the necessity of domain verification and looking for clarification. I am currently developing a solution that integrates Apple Pay capabilities on a web page and when I attempt to make my merchant verification call I receive an error stating that the supplied merchant Id is not registered with the supplied domain. The certs are all still far from expiration so the only other answer I'm finding through the Google machine is that it's because I have not performed my domain verification. The development host is only accessible internally and I've gone back and forth with security stating it must be exposed at least long enough to perform the verification. I was provided with this article which conveys that domain verification is not required in the sandbox environment. On the contrary, here under Developer Account and Website, it is stated that domain verification IS required. The sandbox appears to be for apps when I'm developing a website. So which one is it? I may have found my answer is rooted in not being logged into a sandbox account from the MacBook but rather using an iCloud account? I have dismissed this a number of times seeing as it references the app store when I'm developing website. Perhaps a sandbox account is used for both? This could explain why the URL returned during the verification callback does not convey a development/test endpoint. I'm currently sharing a laptop for testing so I'll have to try this out once I retake possession. Until that time comes, the conflict and the question still stand as any feedback may be useful to other individuals facing a similar situation. Someone really needs to write up a paper on Apple Pay integration for the Windows person developing within an environment that's tighter than a submarine.