Hi, You're here because you've had issues with your implementation of Wallet Extensions for Apple Pay In-App Provisioning or In-App Verification. To prevent sending sensitive credentials in plain text, create a new report in Feedback Assistant to share the details requested below with the appropriate log profiles installed. Gathering Required Information for Troubleshooting Apple Pay In-App Provisioning or In-App Verification Issues While troubleshooting Apple Pay In-App Provisioning or In-App Verification, it is essential that the issuer is able to collect logs on their device and check those logs for error message. This is also essential when reporting issues to Apple. To gather the required data for your own debugging as well as reporting issues, please perform the following steps on the test device: Install the Apple Pay and Wallet profiles on your iOS or watchOS device. If the issue occurs on Mac, continue to Step 2. Reproduce the issue and make a note of the timestamp when the issue occurred, while optionally capturing screenshots or video. Gather a sysdiagnose on the same iOS or watchOS device, or on macOS. Create a Feedback Assistant report with the following information: The bundle IDs App bundle ID Non-UI app extension bundle ID (if applicable) UI app extension bundle ID (if applicable) The serial number of the device. For iOS and watchOS: Open Settings > General > About > Serial Number (tap and hold to copy). For macOS: Open the Apple () menu > About This Mac > Serial Number. The SEID (Secure Element Identifier) of the device, represented as a HEX encoded string. For iOS and watchOS: Open Settings > General > About > SEID (tap and hold to copy). For macOS: Open the Apple () menu > About This Mac > System Report > NVMExpress > Serial Number. The sysdiagnose gathered after reproducing the issue. The timestamp (including timezone) of when the issue was reproduced. The type of provisioning failure (e.g., error at Terms & Conditions, error when adding a card, etc.) The issuer/network/country of the provisioned card (e.g., Mastercard – US) Last 4 digits of the FPAN Last 4 digits of the DPAN (if available) Was this test initiated from the Issuer App? (e.g., yes or no) The type of environment (e.g., sandbox or production) Screenshots or videos of errors and unexpected behaviors (optional). Important: From the logs gathered above, you should be able to determine the cause of the failure from PassbookUIService, PassKit or PassKitCore, and by filtering for your SEID or bundle ID of your app or app extensions in the Console app. Submitting your feedback Before you submit to Feedback Assistant, please confirm the requested information above is included in your feedback. Failure to provide the requested information will only delay my investigation into the reported issue within your Apple Pay client. After your submission to Feedback Assistant is complete, please respond in your existing Developer Forums post with the Feedback ID. Once received, I can begin my investigation and determine if this issue is caused by an error within your client, a configuration issue within your developer account, or an underlying system bug. Cheers, Paris X Pinkney |  WWDR | DTS Engineer

Hi, To ensure the issue is not caused by an error within your app or web service request, please review the Apple Pay Merchant Integration Guide. Additionally, please review the following technotes on Apple Pay: TN3173: Troubleshooting issues with your Apple Pay merchant identifier configuration TN3174: Diagnosing issues with the Apple Pay payment sheet on your website TN3175: Diagnosing issues with displaying the Apple Pay button on your website TN3176: Troubleshooting Apple Pay payment processing issues If the resources above don’t help identify the cause of the error, please provide more information about your app or web services to get started. To prevent sending sensitive credentials in plain text, create a report in Feedback Assistant to share the details requested below. Additionally, if the error is something we need to investigate further, the appropriate engineering teams also have access to the same information and can communicate with you directly within Feedback Assistant for more information, as needed. Please follow the instructions below to submit your report. For issues occurring with your native app or web service, perform the following steps: Install the Apple Pay profile on your iOS or watchOS device. If the issue occurs on Mac, continue to Step 2. Reproduce the issue and make a note of the timestamp when the issue occurred, while optionally capturing screenshots or video. Gather a sysdiagnose on the same iOS or watchOS device, or on macOS. Create a Feedback Assistant report with the following information: The serial number of the device. For iOS and watchOS: Open Settings > General > About > Serial Number (tap and hold to copy). For macOS: Open the Apple () menu > About This Mac > Serial Number. The SEID (Secure Element Identifier) of the device, represented as a HEX encoded string. For iOS and watchOS: open Settings > General > About > SEID (tap and hold to copy). For macOS: Open the Apple () menu > About This Mac > System Report > NVMExpress > Serial Number. The sysdiagnose gathered after reproducing the issue. The timestamp of when the issue was reproduced. Screenshots or videos of errors and unexpected behaviors (optional). Important: From the logs gathered above, you should be able to determine the cause of the failure from PassbookUIService, PassKit or PassKitCore, and by filtering for your SEID or merchant domain in the Safari Web Inspector. See Inspecting Safari on macOS to learn more. Submitting your feedback Before you submit to Feedback Assistant, please confirm the requested information above is included in your feedback. Failure to provide the requested information will only delay my investigation into the reported issue within your Apple Pay website. After your submission to Feedback Assistant is complete, please respond in your existing Developer Forums post with the Feedback ID. Once received, I can begin my investigation and determine if this issue is caused by an error within your web implementation, a configuration issue within your developer account, or an underlying system bug. Cheers, Paris X Pinkney |  WWDR | DTS Engineer

Hello Everyone, I am trying to integrate apple pay on my website and have followed the following steps. Created a merchant identifier in my apple developer account. Generated a payment processing certificate using Certificate signing Request generated through keychain. Downloaded the certificate and converted that to pem file using the following command openssl x509 -inform DER -in apple_pay.cer -out apple_pay.pem Imported the cer file into keychain and exported .p12 file and generated private key using the following command. openssl pkcs12 -in Certificates.p12 -out private_key.pem -nocerts Utilizing apple_pay.pem and private_key.pem files for merchant verification call and getting the following response. cURL Error: OpenSSL SSL_read: error:14094418:SSL routines:ssl3_read_bytes:tlsv1 alert unknown ca, errno 0 Trying 17.141.128.7:443...\n* TCP_NODELAY set\n* Connected to apple-pay-gateway.apple.com (17.141.128.7) port 443 (#0)\n* ALPN, offering h2\n* ALPN, offering http/1.1\n* successfully set certificate verify locations:\n* CAfile: /etc/ssl/certs/ca-certificates.crt\n CApath: /etc/ssl/certs\n* SSL connection using TLSv1.3 / TLS_AES_128_GCM_SHA256\n* ALPN, server accepted to use http/1.1\n* Server certificate:\n* subject: businessCategory=Private Organization; jurisdictionC=US; jurisdictionST=California; serialNumber=C0806592; C=US; ST=California; L=Cupertino; O=Apple Inc.; CN=apple-pay-gateway.apple.com\n* start date: Dec 19 00:22:44 2024 GMT\n* expire date: Mar 12 19:42:00 2025 GMT\n* issuer: C=US; O=Apple Inc.; CN=Apple Public EV Server RSA CA 1 - G1\n* SSL certificate verify ok.\n> POST /paymentservices/startSession HTTP/1.1\r\nHost: apple-pay-gateway.apple.com\r\nAccept: /\r\nContent-Type: application/json\r\nContent-Length: 143\r\n\r\n* upload completely sent off: 143 out of 143 bytes\n* OpenSSL SSL_read: error:14094418:SSL routines:ssl3_read_bytes:tlsv1 alert unknown ca, errno 0\n* Closing connection I also tried to include AppleWWDRCAG2 and AppleRootCA-G2 certificated but same response every time.

multiTokenContexts is defined as follows (https://developer.apple.com/documentation/passkit/pkpaymentrequest/multitokencontexts) You can assign a value when initializing PKPaymentRequest (https://developer.apple.com/documentation/passkit/pkpaymentrequest). However, in actual usage scenarios, when the Apple Pay address changes and PKPaymentRequestShippingContactUpdate (https://developer.apple.com/documentation/passkit/pkpaymentrequestshippingcontactupdate) is triggered, how to update multiTokenContexts? The documentation and code do not provide updates for this parameter. In contrast, Apple Pay on the Web provides newMultiTokenContexts as an update when ApplePayShippingContactUpdate (https://developer.apple.com/documentation/apple_pay_on_the_web/applepayshippingcontactupdate) is triggered. Has anyone encountered this problem? Would you happen to have any solutions? Thank you.

multiTokenContexts is defined as follows (https://developer.apple.com/documentation/passkit/pkpaymentrequest/multitokencontexts) You can assign a value when initializing PKPaymentRequest (https://developer.apple.com/documentation/passkit/pkpaymentrequest). However, in actual usage scenarios, when the Apple Pay address changes and PKPaymentRequestShippingContactUpdate (https://developer.apple.com/documentation/passkit/pkpaymentrequestshippingcontactupdate) is triggered, how to update multiTokenContexts? The documentation and code do not provide updates for this parameter. In contrast, Apple Pay on the Web provides newMultiTokenContexts as an update when ApplePayShippingContactUpdate (https://developer.apple.com/documentation/apple_pay_on_the_web/applepayshippingcontactupdate) is triggered. Has anyone encountered this problem? Would you happen to have any solutions? Thank you.

I'm trying to create an Apple Pay session for my website. I'm starting with curl for now, just to get proof of concept. curl --cert cert.pem --pass {passphrase} --header "Content-Type: application/json" --request POST --data '{"merchantIdentifier":"{merchantIdentifier}","displayName":"testDisplayName", "initiative": "web", "initiativeContext": "{domain}"}' https://apple-pay-gateway.apple.com/paymentservices/paymentSession This is the response I get back { "statusMessage": "Payment Services Exception merchantId={VERY-LONG-ID} not registered for domain={domain}", "statusCode": "400" } I'm not sure why this is happening. {domain} is in the form of sub.site.tld with no protocol, such as https, which matches what I see in the list of the domains in the merchant identity dashboard. The {merchantIdentifier} also matches what I see in the top right, but the merchantId in the response is something I don't recognize. It's a long string of characters that appears to be hexadecimal. I added the apple-developer-merchantid-domain-association file to my .well-known directory and the dashboard does report that the domain is verified. I am making the request from the web server that the domain resolves to, if that matters. I can't think of any reason this would be happening. I'm not sure where the long merchantId in the response is coming from. Does it matter that it doesn't match what I supplied in the request? As far as I can tell, I am using the correct merchantIdentifier. It matches the dashboard and the CN field of the certificate. I found this other post that seems to have a similar error: https://forums.developer.apple.com/forums/thread/671227 The main difference is a 417 status code instead of the 400 I got. But the problem here was that there was no payment processing certificate and I do have one of those. I haven't checked with my processor to verify that the certificate is published, but I will do that soon. I wouldn't expect that to matter. Maybe it does? What other reason could I be getting this error? Could it be a problem with my merchant identity certificate? It took a lot of effort to make it work. But I suspect it's fine, otherwise I wouldn't be getting a response from Apple at all. I can't think of any other possible problems.

When attempting to authorize an Apple Payment on an iOS 18 device using the scannable code in a non-Safari browser (i.e. Chrome), the payment sheet displays briefly, then dismisses. This same exact implementation of Apple Pay on the Web works flawlessly in Safari, so this feels like a bug given that the merchant session works fine in Safari. The following errors were found in my iOS device logs: (PassbookUIService) Codable: Failed to decode Merchant Session Created: Error Domain=NSCocoaErrorDomain Code=4864 UserInfo={NSDebugDescription=<private>, NSCodingPath=<private>} (PassbookUIService) Session 29592: Fatal Error: Failed to decode merchant session created`

I am implementing apple pay and the merchant validation is failing with error (error request failed with status code 417). I am using react js in the frontend and node js in backend, this is my code const httpsAgent = new https.Agent({ rejectUnauthorized: false, cert: fs.readFileSync( path.join(__dirname, "../../../certificates/merchant_id_prod.pem") ), key: fs.readFileSync( path.join(__dirname, "../../../certificates/merchant_id_prod.key") ), }); const data = { merchantIdentifier: "merchantId", displayName: "Check", initiative: "web", initiativeContext: "domain.com", }; const response = await axios.post(validationURL, data, { httpsAgent });

Hey there. I recently completed an Apple Pay (on the web) integration and it has been working fine, for the most part. I had one customer contact us saying that it didn't work on his devices though. I checked it out, and while it does normally work (and we've had over a thousand transactions use it) there does seem to be some scenarios where it fails and I'm not sure why. I was able to replicate his issue (or at least an issue) by using BrowserStack. When I click the button which should initiate the payment, everything works in the JS code until it gets to the applePaySession.begin() function call. Once it hits that, it just stops. No errors are generated and no notice is given that anything is wrong until you try to do it a second time. Then an error about a payment session already being active on the page is thrown. I'm not really sure how to troubleshoot this since I know it works on my old iPad Air 2, my current M4 Macbook, multiple other devices, and also works when scanning the QR code for use on an iPhone. There is some very specific thing with some very specific versions of Safari that seem to be tripping it up. If it helps, the version of Safari on the BrowserStack device is 18.1, but the version on my Macbook is 18.1.1. The version the customer who is having the issue is on is 18.2 according to him. The customer also says they have used ApplePay on other websites with no issues. I checked one of them and they appear to be using a PayPal integration, where as I am using the ApplePay SDK straight from Apple. There are quite a few variables at play here, and I'm just trying to narrow down what I should be looking at. If one person is reporting the issue, there are probably others with it as well.

We have get the response from Apple pay after the the customer doing the face ID & touch ID authorization. But the shiping contact is not complete, for examble: ` { "addressLines": [ "1************ kwy" ], "administrativeArea": "FL", "country": "", "countryCode": "", "emailAddress": "S*********le.com", "familyName": "******i", "givenName": "******m", "locality": "*******s", "phoneNumber": "+*******79", "phoneticFamilyName": "", "phoneticGivenName": "", "postalCode": "*****3", "subAdministrativeArea": "", "subLocality": "" },` as the documents said, it should be the completed shipping contact, but the country & countrycode is null https://developer.apple.com/documentation/apple_pay_on_the_web/applepaypayment/1916097-shippingcontact

I am adding Apple Pay to my eCommerce site and I am having a lot of difficulty with the PaymentsRequest API in Microsoft Edge browser. I have a partial implementation that displays the Apple Pay button and creates a PaymentRequest when the button is clicked. That's all. On Safari, this is enough to display the Apple Pay dialog. The process doesn't proceed further because I haven't implemented a handler for the merchantvalidation event. With Chrome on a Mac, the behavior is the same, I can scan the code and see the Apple Pay dialog. On Microsoft Edge, I never see the code to scan. In my web console, I'm seeing errors like InvalidStateError: Failed to execute 'canMakePayment' on 'PaymentRequest': Cannot query payment request and NotSupportedError: The payment method "https://apple.com/apple-pay" is not supported. No "Link: rel=payment-method-manifest" HTTP header found at "https://www.apple.com/apple-pay/" Is Apple Pay not supported on Windows? I see the demo site here, which gets farther than I have gotten. It does display the scan code, but payment still never completes. I see the same payment-method-manifest error in the console. If Apple Pay is not supported on any PCs other than Macs, is there any reason to use the PaymentRequest API instead of Apple Pay JS? I started digging into the W3C standards and it turns out that merchantvalidation event is deprecated. Chrome on Mac does catch it, so it seems like it's supported there. But I have concerns about the long term future. Is it going to remain supported? If so, I would imagine that the interface could change. It seems like the only benefit of the W3C PaymentRequest API is that Mac users with non-Safari browsers may still be able to use Apple Pay. In theory, that's something I'd still like to support, even if it's only a small number of users, but I only have time for one integration right now, and I need to pick the best one. How much faith should I have in the W3C PaymentRequest API? Is it reasonable to pursue it with the goal of including all Mac users regardless of browser? Or is it likely a dead API and I should stick to Apple Pay JS instead to provide a better experience to Safari users? It also looks like the PaymentRequest API isn't fully finalized yet, so maybe that's the source of my issues. Maybe I should just use Apple Pay JS for now with an eye to supporting PaymentRequest when the spec is finalized. I greatly appreciate your input.

I'm working on adding Apple Pay to my web site and I'm getting this error when the element loads. InvalidAccessError: Trying to start an Apple Pay session from an insecure document. Do I need HTTPS on my development site? I have it on my production site, but I've never enabled it for dev. If so, will it work with a self-signed certificate? If not, what does this error mean? How can I resolve it?

Maybe this is a strange question but I think it's better to ask this before trying it and see what happens; if we use the dpan or mpan of a recurring payment to make a charge on a date other than the one shown to the final customer, could the payment be made without any problem by the bank or financial institutions involved? Naturally I understand that this would mainly cause great anger to the customer and of course if this were the case this could be explained in the billing agreement, but the doubt is mainly based on whether it is possible to use a dpan/mpan for a payment other than that of the original subscription.

Hi to everyone looking for more information about recurring payments I wonder if there is any way to test (maybe by using some default event id) the merchant token event token detail endpoint, it would be very helpful for merchants if there was some configuration or event id that always returned some particular event, that way we could do a better testing process instead of doing all this with a production environment. If there is any way to use some tool or sandbox to test this part of the process please tell us about it.

**Hi Apple Developer Community, I’m currently integrating Apple Pay across multiple merchants for my e-commerce solution, and I’ve run into a significant challenge. Apple enforces a limit of 100 Merchant IDs per Developer Account, which is creating a bottleneck for my project. My Questions: 1- Is there a way to increase the limit of Merchant IDs on a Developer Account? 2- Has anyone faced a similar challenge and found a workaround to handle integrations with more than 100 merchants? 3- Are there any plans from Apple to lift or adjust this restriction for businesses working with high volumes of merchants? I’d appreciate any guidance, advice, or information from those who’ve encountered and resolved this issue. Thank you for your help!

Hi. I have reviewed the process of integrating Apple Pay on the web, but I still don’t understand how to implement it. For example: I currently have software A and a payment website that my software provides to restaurants. So, how can I integrate Apple Pay on the restaurants' payment websites? I read that to integrate, we need to register for a Merchant ID with Apple Pay. So, is it the restaurants or the software provider who should register? Each restaurant will have a different website domain -> does that mean when registering the Merchant ID, the website domain is the payment website of each restaurant? When Apple Pay provides the verification file, the sales software (i.e., the payment website) must help the restaurants upload that file to the payment website of each restaurant, right? To verify if it is valid or not depends on Apple Pay, right? If it is valid, the Apple Pay payment button will be displayed, correct?

Hi, I am trying to upload the Certificate Signing Request but its failing and showing this error: CSR algorithm/size incorrect. Expected: RSA(2048)

When attempting to make a payment via Apple Pay in the card payment form, an error occurs, but there is no information about the error. Here, you can watch a video with detailed information about what happened: https://drive.google.com/drive/folders/1bco64RH3UPcJTqjW6muIRDr1gW7lnJ6d?usp=sharing

We are seeking assistance with an issue encountered during the integration of Apple Pay into our web application using the third-party payment gateway Heartland. Our application uses JavaScript on the client side and PHP on the server side. Despite following all the guidelines provided by Heartland, we are unable to validate the merchant at the backend. The validation consistently returns false. We request your guidance or a step-by-step solution to help resolve this issue. Steps Followed: Registered a merchant identifier in our Apple Developer account. Enabled the Apple Pay Processing Certificate for the merchant. Logged into the Heartland account, accessed the Apple Pay setup page from the "Keys and Credentials" section, and created a Certificate Signing Request (CSR). Uploaded the CSR from Heartland to the Apple Pay Processing Certificate in the Apple Developer account. Downloaded the signed certificate from the Apple Developer account and uploaded it to Heartland. For the web application: Registered the merchant identifier and validated our domain in the Apple Developer account. Created a Merchant Identity Certificate linked to the same merchant identifier. Followed the same steps 2–5 from the in-app implementation. Code Implementation: Client-Side (React): import React from 'react'; const Button = () => { const initializeApplePay = () => { if (window.ApplePaySession && window.ApplePaySession.canMakePayments()) { const paymentRequest = { countryCode: 'US', currencyCode: 'USD', supportedNetworks: ['visa', 'masterCard', 'amex'], merchantCapabilities: ['supports3DS'], total: { label: 'Your Store', amount: '1.00' }, }; const session = new window.ApplePaySession(3, paymentRequest); // Merchant Validation session.onvalidatemerchant = (event) => { fetch('https://staging-api.parkengage.com/apple-pay-session', { method: 'POST', headers: { 'Content-Type': 'application/json' }, body: JSON.stringify({ initiative: 'web', initiativeContext: 'parkengage.com', validationURL: event.validationURL, }), }) .then((response) => response.json()) .then((data) => { if (data.error) { console.error('Merchant validation failed:', data.error); } else { session.completeMerchantValidation(data); } }) .catch((error) => console.error('Validation error:', error)); }; session.onpaymentauthorized = (event) => { const paymentToken = event.payment.token; fetch('/process-payment', { method: 'POST', headers: { 'Content-Type': 'application/json' }, body: JSON.stringify({ token: paymentToken }), }) .then((response) => response.json()) .then((data) => { if (data.success) { session.completePayment(window.ApplePaySession.STATUS_SUCCESS); } else { session.completePayment(window.ApplePaySession.STATUS_FAILURE); } }) .catch((error) => console.error('Payment error:', error)); }; session.begin(); } else { console.log('Apple Pay is not supported on this device.'); } }; return ( Buy with Apple Pay ); }; export default Button; Server-Side (PHP cURL): curl 'https://staging-api.parkengage.com/apple-pay-session' -X 'POST' -H 'Content-Type: application/json' --data-binary '{ "initiative": "web", "initiativeContext": "https://parkengage.com", "validationURL": "https://apple-pay-gateway-cert.apple.com/paymentservices/startSession" }' Issue: The merchant validation fails and returns false. Please guide us on troubleshooting this issue or provide insights on missing configurations.

Hi, I want to develop the fastest payment method for my user and preferably without the user also having a mobile app. The dream is that it happens as easily as possible when the user/guest scans a pass from the wallet. Hopefully the user just has to approve on the screen. Can I attach card details/payment methods to a pass in the wallet? Right now it is a unique QR code for each user, but can I change the pass type to 'tansit', 'loyalty' or 'membership'? My system right now: The customer/guest registers on a website and creates a pass and downloads it to the wallet. The store has a PWA app to scan the customer's/guest's items. My goal: The guest just scans the pass in the wallet and makes the transaction. Dont need an app or go back to the website/login where the person created the pass for the wallet.

Hi everyone. I'm having a problem to register a new domain using the Salesforce Commerce Cloud. Internally, commerce has a plugin that allows me to register my domain with Apple. It works for dev environments. But now, I'm trying to register my production domain, which uses Akamai, and it is returning error 403 when Apple tries to 'verify' my domain. My guess is that Akami is blocking something request from Apple. So, I'd like to know if all requests from Apple to verify my domain use something that allows me to identify these requests, and then, I can create a rule in Akamai to allow this request. I noticed that one of the information sent in Apple request is: User-Agent: oslopartner Client 1.0 Is this agent variable or fixed? If it is fixed, I'll try to use it as parameter to identify the Apple requests on Akamai side. Any other idea will be appreciated. Thanks in advance

Hello everyone, I'm working on integrating Apple Pay on the web for my Laravel-based website, aiming to offer a smooth payment experience directly on the site. I've carefully gone through the official Apple documentation and several third-party resources, and I've implemented the initial setup for Apple Pay Web. However, I've hit a roadblock regarding the payment token verification process. It appears that Apple Pay Web requires a third-party payment processor, such as Stripe or PayPal, to handle the verification of the payment token and complete the transaction. Unfortunately, I don't currently have an account with any of these services and would prefer to avoid relying on an external provider. I’m wondering if there's any alternative approach to achieve this integration without using a third-party service. Specifically, is there any way for Apple Pay to process payments directly through the website, similar to the "Tap to Pay" feature on iPhone? My goal is to enable a streamlined payment solution without needing a Stripe, PayPal, or similar account. Any insights, resources, or examples from anyone who's faced a similar scenario would be greatly appreciated. Thanks for your help!