Apple Pay In-App Provisioning – HTTP 500 (HTML) on broker endpoint in production (TestFlight)

Question

Created Mar ’26

Replies 6

Boosts 1

Participants 5

We are implementing Apple Pay In-App Provisioning (EV_ECC_v2) for our EU app. The same codebase and encryption logic works successfully for our main app (different bundle ID and Adam ID), but the EU app consistently fails with HTTP 500.

Environment:

Entitlement: Granted (Case-ID: 18772317)
Encryption scheme: EV_ECC_v2

Issue:

During In-App Provisioning, the iOS app successfully obtains certificates, generates cryptographic material (encryptedCardData, activationData, ephemeralPublicKey), and POSTs to Apple's broker endpoint. The request fails at:

Endpoint: POST /broker/v4/devices/{SEID}/cards
Response: HTTP 500 with an HTML error page (not a JSON business error)


<html>

<head><title>500 Internal Server Error</title></head>

<body>

<center><h1>500 Internal Server Error</h1></center>

<hr><center>Apple</center>

</body>

</html>

Key observations:

Our main app (different bundle ID/Adam ID) uses identical encryption code, private keys, and key alias — and works correctly in production.
Manual card provisioning through Apple Wallet on the same device succeeds.
The entitlement com.apple.developer.payment-pass-provisioning is confirmed present in the provisioning profile (verified via codesign).
The 500 response is HTML rather than JSON, suggesting the request is rejected at the gateway level before reaching Apple Pay business logic.

What we've verified:

Entitlement correctly configured in provisioning profile
ephemeralPublicKey is in uncompressed format (65 bytes, starts with 0x04)
encryptionVersion is EV_ECC_v2
No double Base64 encoding

Question:

Could you please check whether Adam ID 6745866031 has been correctly added to the server-side allow list for In-App Provisioning in the production environment? Given the HTML 500 (not JSON) and that the identical code works for our other app, we suspect this may be an allow list or account configuration issue rather than a cryptography error.

I will follow up with a Feedback Assistant ID including sysdiagnose logs shortly, per the steps outlined in https://developer.apple.com/forums/thread/762893

Answer 1

Jessewnca OP

Mar ’26

Feedback ID: FB22339098

Answer 2

offended OP

May ’26

@Jessewnca I have same issues

Answer 3

c1jp OP

1w

was this issue resolved? I'm having similar issues.

Answer 4

c1jp OP

1w

I have shared feedback FB22923276 regarding very similar issue.

Answer 5

vinctw OP

1w

Hi we are also facing this error on FB22928182.

This is the error code we got

Error Domain=PKProvisioningErrorDomain Code=5 UserInfo={PKErrorHTTPResponseStatusCodeKey=500}

Answer 6

mairambek.abdrasulov@gmail.com OP

1w

Hi,

We had a very similar issue: Apple Pay In-App Provisioning was failing before the Terms & Conditions screen, and the device logs showed an eligibility step failure with HTTP 500.

In our case, the issue was related to the WSD key identifier used in the MBPAC / MBPAD payload. The identifier was configured without the required .1 suffix. After changing it from a value like 123456 to 123456.1, provisioning started working correctly.

This may not be the root cause in your case, but it is worth checking the WSD key identifier, key index, and MBPAC / MBPAD payload structure with your backend/payment network configuration.