I've come across seemingly conflicting information regarding the necessity of domain verification and looking for clarification. I am currently developing a solution that integrates Apple Pay capabilities on a web page and when I attempt to make my merchant verification call I receive an error stating that the supplied merchant Id is not registered with the supplied domain. The certs are all still far from expiration so the only other answer I'm finding through the Google machine is that it's because I have not performed my domain verification. The development host is only accessible internally and I've gone back and forth with security stating it must be exposed at least long enough to perform the verification. I was provided with this article which conveys that domain verification is not required in the sandbox environment. On the contrary, here under Developer Account and Website, it is stated that domain verification IS required. The sandbox appears to be for apps when I'm developing a website. So which one is it?
I may have found my answer is rooted in not being logged into a sandbox account from the MacBook but rather using an iCloud account? I have dismissed this a number of times seeing as it references the app store when I'm developing website. Perhaps a sandbox account is used for both? This could explain why the URL returned during the verification callback does not convey a development/test endpoint. I'm currently sharing a laptop for testing so I'll have to try this out once I retake possession. Until that time comes, the conflict and the question still stand as any feedback may be useful to other individuals facing a similar situation.
Someone really needs to write up a paper on Apple Pay integration for the Windows person developing within an environment that's tighter than a submarine.