Apple Pay Setup Issue for Native macOS App

Hi there,

We're experiencing difficulties setting up Apple Pay for our native macOS app written in Swift. The main issue seems to be with the "Apple Pay Merchant Identity" configuration.

When setting up the Merchant ID on the Apple Developer portal (https://developer.apple.com/account/resources/certificates/list), the only available platform listed is iOS. There's no option for us to add macOS to the supported platforms.

Our app uses PKPaymentAuthorizationController to present the Apple Pay sheet, but it fails immediately with a "Payment Not Completed" error. The macOS Console.app shows:

com.apple.PassKit.PaymentAuthorizationUIExtension - Payment failed with fatal error <private>
PKPeerPaymentService XPC Error: Error Domain=NSCocoaErrorDomain Code=4099 "The connection to service named com.apple.passd.peer-payment was invalidated: failed at lookup with error 159 - Sandbox restriction." UserInfo={NSDebugDescription=The connection to service named com.apple.passd.peer-payment was invalidated: failed at lookup with error 159 - Sandbox restriction.}

We've verified that our code works correctly on iOS, but we can't get it functioning on macOS. It seems like adding Apple Pay to a macOS app might not be fully supported, although the developer docs outline support for macOS.

Additionally, we suspect this could be an issue with sandboxing.

Are there additional steps or configurations required for Apple Pay on macOS that differ from iOS? Any guidance on properly setting up Apple Pay for a native macOS app would be greatly appreciated.

Answered by DTS Engineer in 797879022

Hi @lachlanhawthorne,

Thanks for the quick response and for the additional context. The intention of my prior reply was to provide the expectations for both web and native Mac apps, and now realize I failed to mention the latter.

For macOS apps (using the merchant session-based authentication), the initiative should use "in_app", and the initiativeContext should use the app's Developer Team ID.

I've made a note to get this expectation included in the documentation and integration guide (r. 132814540).

Cheers,

Paris

On macOS you should use merchant session based authentication, rather than merchant id authentication, in a similar fashion to Apple Pay on the web.

You supply your merchant session by implementing the didRequestMerchantSession delegate method.

For more information about session based authentication you can also check out https://developer.apple.com/documentation/apple_pay_on_the_web/apple_pay_js_api/requesting_an_apple_pay_payment_session

Thank you for your help!

We've made progress with the merchant session-based authentication approach. We successfully set up our server to handle merchant validation and pass it back to the app using didRequestMerchantSessionUpdate.

However, we're now encountering a new issue. The com.apple.PassKit.PaymentAuthorizationUIExtension is throwing an error stating:

Process 32757 not entitled for merchant session

We've tried both including and excluding the merchant ID in the app's Apple Pay entitlements, but the error persists either way. We've triple-checked that the merchantIdentifier is consistent across the Apple Developer Console, our server, and our macOS app. Just to clarify, we're developing a native macOS app, not a Catalyst app.

Here is the code we're using to handle the merchant session:

guard let dict = try JSONSerialization.jsonObject(with: data, options: .allowFragments) as? [String: Any] else {
    self.logger.error("Failed to parse JSON or cast to [String: Any]")
    let update = PKPaymentRequestMerchantSessionUpdate(status: .failure, merchantSession: nil)
    handler(update)
    return
}

let session = PKPaymentMerchantSession(dictionary: dict)
let update = PKPaymentRequestMerchantSessionUpdate(status: .success, merchantSession: session)
handler(update)

Any ideas on what might be causing this merchant session entitlement issue? Do we need to adjust the initiativeContext or something else?

Hi @lachlanhawthorne,

You wrote:

Any ideas on what might be causing this merchant session entitlement issue? Do we need to adjust the initiativeContext or something else?

Yes, this is a merchant session entitlement issue. You need to ensure the value for initiativeContext is identical to the domain registered for your merchant configuration. Please see TN3174: Diagnosing issues with the Apple Pay payment sheet on your website for more information. Otherwise, confirm you've followed the steps described in the Apple Pay Merchant Integration Guide.

Cheers,

Paris

Hi Paris,

I can confirm that we have followed the Merchant Integration Guide correctly and our integration works as expected on the web without any errors. The "not entitled for merchant session" issue only occurs within our Mac app, despite the initiativeContext being correct and identical to the domain registered for our merchant configuration.

Interestingly, when creating a PKPaymentRequest(), setting the merchantIdentifier doesn't seem to have any effect - it can be set correctly, incorrectly, or omitted entirely, and the PKPaymentAuthorizationController continues as expected. This leads me to suspect that it's not being properly sent to validate the entitlements for the session.

I've tested this on macOS 14.5 (23F79) and followed both the Apple Pay Merchant Integration Guide and TN3103, but haven't been able to get it working on macOS or Catalyst apps. Given that the merchant-validation works correctly on web using the same server configuration, I believe there might be an issue on the server side or with com.apple.PassKit.PaymentAuthorizationUIExtension in validating the merchant-validation for macOS specifically.

Is there anything else I can look into to resolve this? Should I consider raising a bug report with Apple? Any additional support or guidance would be greatly appreciated.

Thank you for your help so far!

Accepted Answer

Hi @lachlanhawthorne,

Thanks for the quick response and for the additional context. The intention of my prior reply was to provide the expectations for both web and native Mac apps, and now realize I failed to mention the latter.

For macOS apps (using the merchant session-based authentication), the initiative should use "in_app", and the initiativeContext should use the app's Developer Team ID.

I've made a note to get this expectation included in the documentation and integration guide (r. 132814540).

Cheers,

Paris

Hi Paris,

Thank you so much for your support. I was able to resolve the issue and get Apple Pay working with our macOS app.

All the best!

Lachlan

Apple Pay Setup Issue for Native macOS App
 
 
Q