We are unable to add/remove Merchant IDs in App IDs identifier profile, after pressing "Edit" button on "Apple Pay Payment Processing" section, then choosing desired Merchant ID to check/uncheck from the available Merchant IDs, then pressing Continue/Save/Confirm buttons - nothing happens, the "Save" button text briefly changes to "Processing" and then back To "Save" and we still have previously enabled Merchant IDs and the Save button is still in enabled state, any help?

Hi team at Apple, here is a scenario we came across: The order of priority of payment methods in Apple Wallet follows: Credit Debit Apple Cash Our app displays a payment sheet that excludes credit cards. Instead of a debit card, the default payment option shown to the user on the payment sheet is Apple Cash. Is this a known issue or have we configured something wrong in our end?

Hi everyone, I am new to Apply Pay, but I have already implemented IAP for subscriptions in my app. My app also has other functionalities, it also acts as a person-to-person marketplace, as users can post events or online courses which can be bought by other users to participate. My question is that I have read Apple's review guidelines but it is still unclear for me if I can use Apple Pay (with for example Stripe) or do I still need to use IAP for this online content. Also non profit organizations also can register which can recieve donations, can I also use Apple Pay for that or do I still need IAP there, because it would be nice if Apple would take 30% of donations.

Hello! We use Apple's "master account" scheme to register new clients trough API due to the fact that the number of merchant IDs in a developer account cannot exceed 100 records. It's been almost a year since we successfully used the master account ( ex. "merchant.com.xxx") and register clients via Postman. At the moment, the certificates for the master merchant ID start to expire on July 11 which will affect all customers which is under Master ID. We know that when updating certificates at the identifier level(our master id), new universal identity certificate files that we use to send to the merchants (merchant_id.pem, privkey.key) will be generated for authentication on the merchant side, as well as a new keystore. Since many of our clients are integrated with current files and keystores and have live traffic, we would like to know—is it possible to update certificates on the master account without changing the keystores and certificate identities? The impossibility of this will entail a large gap when switching to new certificates. Thanks in advance for your answer.

We plan to set Manual PAN Entry Allowed = N and accept only issuer push provisioning (PKAddPaymentPass). Is there any Apple Pay programme rule that obliges us to keep MANUAL_ENTRY enabled? Will disabling it affect “Participating Issuer” listing?

Hello, On my website, I have a button to make a payment via Apple Pay. When I click on it, the Touch ID window opens correctly. However, when I place my finger on the Touch ID, I get a payment error. This issue only occurs in production mode. In sandbox mode, everything works perfectly. Here is a log file : log.txt Thank you in advance for your help.

Hello everyone, We're implementing Apple Pay on the web and are already live, processing transactions. However, we've noticed that occasionally the onlinePaymentCryptogram returned in the paymentData contains spaces, causing it to be rejected by acquirers. Has anyone else encountered this issue? Any insights would be greatly appreciated.

We are developing a native iOS financial application called Tradu: Stocks, Forex, and CFDs (Apple ID: 6473443264), which embeds a WKWebView to render all user-facing logic. All user interactions—including authentication with MFA—occur inside this WKWebView. To access native functionality, we use postMessage() to communicate between the web and native layers. This approach has worked successfully for biometric authentication, for example. We are currently integrating Apple Pay In-App Provisioning and have a few questions regarding compliance with the documentation provided by our Issuer Host (Modulr). In the document titled Getting Started with Apple Pay: In-App Provisioning, Verification, Security, and Wallet Extensions (Version 4.0, February 2023), all examples are based on a fully native application. We’ve managed to integrate most of the In-App Provisioning flow via postMessage() up to the point of passing encryptedData to the Payment View. Apple Pay button inside WKWebView In Section 7: Frontend Overview, the user initiates the provisioning by tapping a native PKPaymentButton (SwiftUI example). In our case, this button is rendered inside the WKWebView, styled according to the Apple Style Guide. While the document references this approach as a “raw mark text supplement,” is this method acceptable and compliant with Apple’s UX and technical guidelines? MFA requirement before provisioning In Section 4: Security Guidelines, it is stated that the user must have passed MFA at least once before starting the provisioning flow. In our implementation, users must complete MFA on every login (including on recognized devices) before the provisioning UI becomes available. Even though this is not tied specifically to “unrecognized devices,” is our MFA requirement sufficient to satisfy Section 4.2? Summary: Is using a web-rendered Apple Pay button inside WKWebView (instead of a native PKPaymentButton) considered compliant? Is our MFA enforcement model (required on every login) aligned with the security requirements outlined in Section 4.2 of the Apple Pay In-App Provisioning documentation?

Hi Guys, I am having an issue verifying a card when it is pending verification in the Apple Watch Wallet App and the iPhone Wallet. When the user verifies the card in the wallets, they are redirected to verification in my APP. However, the problem is that I don't know which application is calling, whether it is the Apple Watch or the iPhone, because the URL sends me the same serialNumber from the PKPASS. It is impossible to know if the user wants to verify and activate the card on the watch or the iPhone. Because I only receive the following information in the URL: myapp://app-url? passTypeldentifier=paymentpass.com.apple&action =verify&serialNumber=***** The serialNumber is the same from the iPhone Wallet and the Watch Wallet. func application(_ app: UIApplication, open url: URL, options: [UIApplication.OpenURLOptionsKey : Any] = [:]) -> Bool { let source = options[.sourceApplication] I try to retrieve the source, but it comes back null. It would be the only way to know the originating App. Can someone help me solve this problem?

https://developer.apple.com/documentation/apple_pay_on_the_web/applepaypaymentrequest/3955945-multitokencontexts According to this document, I know that I can initialize a multiTokenContexts when initializing ApplePayPaymentRequest. But I am now facing a tricky problem. If the user's order does not require multiTokenContexts, then I will not initialize this field when I first make ApplePayPaymentRequest. When the user is in the payment process, I may update multiTokenContexts. But this time, the update is not allowed, ApplePay will be cancelled and the payment will be closed. For example, if the user's address in Apple Pay is different, I need to update multiTokenContexts to support the payment of goods to multiple merchants, which will generate an update of multiTokenContexts. MultiTokenContexts can be updated in the onshippingcontactselected method. https://developer.apple.com/documentation/apple_pay_on_the_web/applepaysession/1778009-onshippingcontactselected My question is that from the beginning, there was no multiTokenContexts to update multiTokenContexts in onshippingcontactselected, which would cause the user to close the payment and need to manually click to pay again. This user experience is not very friendly. Is there a better way for me to go from no multiTokenContexts to multiTokenContexts without interrupting the user's payment process?

I'm currently integrating Apple Pay with my payment provider, and I'm encountering a signature validation error during the payment flow. Here's the setup: I’ve verified that my Merchant Certificate is valid, and I'm able to initialize the Apple Pay session without any issues. Also this curl works fine The Payment Processing Certificate was created by my PSP. PSP claims that the payment token signature is invalid during the transaction phase, which prevents payment completion. The parsed signature starts like this 0:d=0 hl=2 l=inf cons: SEQUENCE 2:d=1 hl=2 l= 9 prim: OBJECT :pkcs7-signedData 13:d=1 hl=2 l=inf cons: cont [ 0 ] 15:d=2 hl=2 l=inf cons: SEQUENCE 17:d=3 hl=2 l= 1 prim: INTEGER :01 20:d=3 hl=2 l= 13 cons: SET 22:d=4 hl=2 l= 11 cons: SEQUENCE 24:d=5 hl=2 l= 9 prim: OBJECT :sha256 35:d=3 hl=2 l=inf cons: SEQUENCE 37:d=4 hl=2 l= 9 prim: OBJECT :pkcs7-data 48:d=4 hl=2 l= 0 prim: EOC 50:d=3 hl=2 l=inf cons: cont [ 0 ] 52:d=4 hl=4 l= 995 cons: SEQUENCE 56:d=5 hl=4 l= 904 cons: SEQUENCE 60:d=6 hl=2 l= 3 cons: cont [ 0 ] 62:d=7 hl=2 l= 1 prim: INTEGER :02 65:d=6 hl=2 l= 8 prim: INTEGER :16634C8B0E305717 75:d=6 hl=2 l= 10 cons: SEQUENCE 77:d=7 hl=2 l= 8 prim: OBJECT :ecdsa-with-SHA256 87:d=6 hl=2 l= 122 cons: SEQUENCE 89:d=7 hl=2 l= 46 cons: SET 91:d=8 hl=2 l= 44 cons: SEQUENCE 93:d=9 hl=2 l= 3 prim: OBJECT :commonName 98:d=9 hl=2 l= 37 prim: UTF8STRING :Apple Application Integration CA - G3 I'm looking for guidance on what could be causing this signature failure. Does anyone know what else I can check regarding the merchant or payment processing certificates, private keys, or key usage that might cause Apple Pay signature validation to fail, even if the session initializes successfully? Domains are also verified. Any help or suggestions would be greatly appreciated.

Hi, I am the developer of this app and I was shared this receipt which strangely does not list my name as the merchant but instead says "The flow network" as you can see below: What is going on?

I am currently working on decrypting Apple Pay tokens with Laravel PHP, and I have encountered a few uncertainties regarding the decryption process and the usage of AES-GCM. Could you please clarify the following points: Algorithm Confirmation: Am I using the correct algorithm for decrypting the data key? Specifically, I am utilizing AES-256-GCM with the algorithm ID "id-aes256-GCM" (2.16.840.1.101.3.4.1.46), as specified in the documentation. Is this the recommended algorithm for decrypting the Apple Pay token's data key? Authentication Tag: In the decryption process, it seems that an authentication tag is required, but I am not sure where to obtain it from. Could you confirm how the authentication tag is generated or provided during the encryption process? If the tag is part of the token or is transmitted separately, could you clarify where I can retrieve it in order to proceed with the decryption successfully? IV and Other Parameters: I am using an initialization vector (IV) of 16 null bytes (00000000000000000000000000000000) as specified in the documentation. Could you confirm that this is correct and aligns with the expected parameters for the AES-GCM decryption? Are there any other specific parameters or considerations I should be aware of when implementing the decryption of Apple Pay tokens? GCM vs Other Encryption Modes: Can you confirm that AES-GCM is the preferred and required encryption mode, or is there any flexibility to use other modes (e.g., AES-CBC) without compromising security? Your guidance would be greatly appreciated to ensure I am following the correct decryption procedure for Apple Pay tokens. Thank you in advance for your support.

Hello, We are experiencing an issue with Apple Pay integration in our application. We are using WKWebView to handle various payment methods, but we are unable to complete payments via Apple Pay. Upon debugging the WKWebView, we received the following error message: "400 No required SSL certificate was sent" when attempting to process the payment. Currently, we are using a Let's Encrypt SSL certificate. Could you please confirm whether this certificate is suitable for Apple Pay, or if we should be using a different SSL certificate?

Hi, for iOS in-app push provisioning flow, and for a card that is in already in requiresActivation state, is it possible from our app UI to launch to the card's verification screen either as a in-app flow (like how in-app push provisioning flow is doing) or Apple Wallet? So far the current process is that it will prompt user to provision the card again (only to show This Card is Already in Wallet error), or to open the card in tap-to-pay mode, or adding a new card flow in Apple Wallet. Am I missing any PassKit SDK on this?

Cybersource production support has clarified issue as below "On the BAD Case, it seems that the Apple Payload did not contain the "onlinePaymentCryptogram" object within the JSON. The Cryptogram is critical and mandatory. Since the merchant cannot really control this, and since CYBS is just decrypting the payload and uses it, we cannot comment as to why it was missing. The merchant would need to reach out to Apple and/or decrypt the payment themselves locally to check if and why this data was not present, for troubleshooting purposes."

Hello! We are using "Apple Pay Web Merchant Registration API" https://developer.apple.com/documentation/applepaywebmerchantregistrationapi Recently we successfully updated the Payment/identity certificates at our main merchant ID And we have a few questions: Do we need make the Domain verification for all of our sub-merchants again after the Certificates update? How we can check the expiration of domain verification of merchants that we integrate trough API endpoint (https://apple-pay-gateway.apple.com/paymentservices/registerMerchant), and do verified domains via API have an expiration date??? How we can understand does the our universal domain verification file (apple-developer-merchantid-domain-association) have expiration too? Thanks in advance!

Team, We are currently checking out on Apple Pay using ALL and MRU as currencies. We have authorized the payment via Touch ID; however, we are not receiving the onPaymentAuthorized event. Could you please confirm if Apple Pay supports ALL and MRU currencies? We have confirmed that it works with other currencies. Thank you!

So I'm wondering if Apple makes commission on those payments since they're made in the app. For example a user may pay another user to clean their car. This will be handled with Stripe Connect and their balance, payment history, etc will be displayed in the app. Does Apple charge commission on that? The section the app review guidelines that I'm refrencing is below, but I'm still a little confused. 3.1.3(e) Goods and Services Outside of the App: If your app enables people to purchase physical goods or services that will be consumed outside of the app, you must use purchase methods other than in-app purchase to collect those payments, such as Apple Pay or traditional credit card entry.

I am writing regarding an issue I have encountered while attempting to complete a payment using test users created within the Sandbox environment of Apple Pay. The problem persists specifically when trying to make payments through the demo page at https://applepaydemo.apple.com/. Problem Description: When initiating a payment process with either of the following test user accounts. The flow proceeds as follows: The Apple Pay window appears correctly. Processing begins but does not conclude successfully. After processing concludes, there is no prompt for 'Pay with Touch ID'. Additional Information: Device & OS Version: MacOS 15.3.2 Browser & Version: Safari 18.3.1 Real Device or Simulator: Real device used First Occurrence: Before January 1st, 2025 Custom Configurations or Backend Used: No custom configurations or backend modifications are being utilized during interaction with the demo page. Could you please provide assistance in resolving this issue?