When checking if the device supports Apple Pay and has an active card, a call is made to 'applePayCapabilities'. The documentation indicates this method asynchronously contacts the Apple Pay servers as part of the verification process.
My understanding is that this is a client side call, from the device/OS to the Apple Server.
The application (Apple pay on the web) is behind a firewall. What domain should I whitelist for this verification to be a success?
an update.. We have whitelisted the domain apple-pay-gateway.apple.com. But we are still unable to see the Apple Pay button when calling the above method.
Through netwrok traffic monitoring we have noticed a call to crt-pod1-smp-device.apple.com, which seems to happen outside of Safari.
Any help or suggestions would be greatly appreciated.
Thanks
A list of all domains and IP addresses you must allow-list for Apple Pay to succeed is available here: https://developer.apple.com/documentation/apple_pay_on_the_web/setting_up_your_server