Is HTTPS necessary for development with Apple Pay

Question

smcfalls-e OP

Created 1w

Replies 2

Boosts 0

Participants 3

I'm working on adding Apple Pay to my web site and I'm getting this error when the element loads.

InvalidAccessError: Trying to start an Apple Pay session from an insecure document.

Do I need HTTPS on my development site? I have it on my production site, but I've never enabled it for dev.

If so, will it work with a self-signed certificate?

If not, what does this error mean? How can I resolve it?

Answered by DTS Engineer in 818466022

Hi @smcfalls-e,

To incorporate Apple Pay on your website, the following are required:

You must serve all pages that include Apple Pay over HTTPS.
Your domain must have a valid SSL certificate.
Your server must support the Transport Layer Security (TLS) protocol version 1.2 or later, and one of the cipher suites listed in the documentation below:

Settings Up Your Server

https://developer.apple.com/documentation/apple_pay_on_the_web/setting_up_your_server

Cheers,

Paris X Pinkney |  WWDR | DTS Engineer

Boost

Answer 1

Engineer OP

Apple

6d

This is error is thrown when the page is not secure (https), so yes you need https and a trusted certificate, of at least SHA1 encryption. You can test with SHA256 as well (I don't believe Apple Pay has migrated everything to this yet but still worth a shot). Essentially, the best course would be to use a similar cert to that in production so there isn't much parody between your environments.

0

Answer 2

DTS Engineer OP