We are trying to implement Apple Pay for paid internet access. i.e. the client does not have internet access before payment.
We currently cant figure which URL exception(s) need to be added to the walled garden to allow Apple Pay. (Specifically to acquire the PaymentRequestToken)
There are no visible calls in the debugger, but if client has full access, the call works fine.
I am thankful for any pointers.
We currently cant figure which URL exception(s) need to be added to the walled garden to allow Apple Pay. (Specifically to acquire the PaymentRequestToken)
Did you try the URL endpoints for:
Endpoint (Global):
https://apple-pay-gateway.apple.com/paymentservices/paymentSession
Endpoint (China region): POST
https://cn-apple-pay-gateway.apple.com/paymentservices/paymentSession
As listed on the Requesting an Apple Pay Payment Session documentation?
Matt Eaton
DTS Engineering, CoreOS
meaton3@apple.com
hi and thanks, yes we tried that, but it seems to be only for the MerchantID validation? I'll test again, maybe the error is in our walled garden/nginx config. (its a complex *****...)
yes we tried that, but it seems to be only for the MerchantID validation?
Yes, this URL is used as part of step 2 in the Merchant Validation process. Are you seeing failures take place earlier in the process?
You may also want to checkout the Setting Up Your Server documentation for a list of Apple Pay IP addresses and domain names for merchant validation.
Matt Eaton
DTS Engineering, CoreOS
meaton3@apple.com
Hi,
Thanks for the answer and sorry for the delay. We managed to get the initial PaymentRequestToken, but failed / timed out in the second step, some tcpdumping showed that:
For Test / Sandbox: whitelisting apple-pay-gateway-cert.apple.com does not work as it resolves to
Non-authoritative answer:
Name: apple-pay-gateway-cert.apple.com
Address: 17.171.85.7
But apple pay client talks to 17.171.85.6
(I am guessing the client uses some apple internal DNS or load balancer?)
For Production we are still having some similar trouble but a lot more complicated
apple-pay-gateway-nc-pod3.apple.com
apple-pay-gateway-nc-pod3.gcsis-apple.com.akadns.net. 30 IN A 17.171.78.135
but client talks to 17.171.78.134
So, we're still trying to keep the CNA working, but not allowing too many apple IPs, but also keep the payment going through. as it turns out the Apple Pay client, also talks to Visa, Mastercard, etc servers.
Any additional pointers on more specific ip ranges are most welcome.
(as the list at https://developer.apple.com/documentation/apple_pay_on_the_web/setting_up_your_server seems at least outdated )