Hi Guys, I am having an issue verifying a card when it is pending verification in the Apple Watch Wallet App and the iPhone Wallet. When the user verifies the card in the wallets, they are redirected to verification in my APP. However, the problem is that I don't know which application is calling, whether it is the Apple Watch or the iPhone, because the URL sends me the same serialNumber from the PKPASS. It is impossible to know if the user wants to verify and activate the card on the watch or the iPhone. Because I only receive the following information in the URL: myapp://app-url? passTypeldentifier=paymentpass.com.apple&action =verify&serialNumber=***** The serialNumber is the same from the iPhone Wallet and the Watch Wallet. func application(_ app: UIApplication, open url: URL, options: [UIApplication.OpenURLOptionsKey : Any] = [:]) -> Bool { let source = options[.sourceApplication] I try to retrieve the source, but it comes back null. It would be the only way to know the originating App. Can someone help me solve this problem?

we are currently using the requestAutomaticPassPresentationSuppression API in my app. to prevent the Wallet interface from appearing when an NFC/RF reader is detected during active app usage. Recently, a new transit card supporting Express Mode (T-money Transit Card) was released in Korea, and we are seeing an increasing number of users enabling Express Mode. However, this has introduced an issue where users are unable to use the BLE-based functionality we provide via our widget. Specifically, when the user taps our widget, it triggers a BLE signal broadcast for approximately 10 seconds. In this scenario, when the user brings their iPhone close to our reader, Express Mode is activated before the BLE interaction can be established. This prevents the BLE signal from being successfully received and processed. We would like to ask: Is it possible to suppress Express Mode behavior (similar to requestAutomaticPassPresentationSuppression) even when the app is launched via a widget interaction? Alternatively, is there any way to delay or defer Express Mode activation temporarily when launching from a widget or during BLE communication? We would appreciate any guidance or best practices you can share regarding this scenario. Thank you.

Hello, I'm using PassKit with to perform Apple Pay payment in a financial application. Our approach are: On iOS application, define PKMerchantCapability threeDSecure and credit, perform apple pay experience and get the encrypted response. On PCI service, receive the encrypted data Payment token, decrypt this data, and use to perform the payment. The problem is, in MasterCard transaction the eciIndicator is missing. I want to know if has some rule or problem about it.

Hello everyone, I’m currently in the process of implementing Apple Pay on my company’s e-commerce website under a subscription model with recurring payments. I would appreciate some help in clarifying the following points: Is the applicationPrimaryAccountNumber the DPAN and the merchantTokenIdentifier the MPAN? If not, which fields represent each one or how do I recognise them? Is the onlinePaymentCryptogram used only for processing payments with the DPAN, or is it also involved when using the MPAN? Is the onlinePaymentCryptogram single-use or does it have an expiration time? Or is it reusable with no limits? According to Apple’s data policies, is it recommended for our servers to perform the payment token decryption (debundling), or should this only be handled by the payment gateway processor to stay compliant? Below is the payment request I’m using for testing, along with the decrypted payment token returned for a test card: Payment Request: { "countryCode": "US", "currencyCode": "USD", "merchantCapabilities": ["supports3DS", "supportsDebit", "supportsCredit"], "supportedNetworks": ["visa", "masterCard", "amex", "discover"], "requiredBillingContactFields": ["postalAddress", "name"], "lineItems": [ { "label": "Subtotal", "amount": "9" }, { "label": "Taxes", "amount": "1" } ], "total": { "label": "Demo (Card is not charged)", "amount": "10", "type": "final", "recurringPaymentIntervalUnit": "month" }, "recurringPaymentRequest": { "paymentDescription": "Recurring payment", "regularBilling": { "label": "Demo (Card is not charged)", "amount": "10", "type": "final", "paymentTiming": "recurring", "recurringPaymentIntervalUnit": "month" }, "managementURL": "${window.location.origin}/api/managePaymentMethod" } } Decrypted Payment Token: { "applicationPrimaryAccountNumber": "5204240494898922", "applicationExpirationDate": "280630", "currencyCode": "840", "transactionAmount": 0, "deviceManufacturerIdentifier": "050110030273", "paymentDataType": "3DSecure", "paymentData": { "onlinePaymentCryptogram": "MCt5xR+VnQAAAAM/8mUjAAADFIA=" }, "merchantTokenIdentifier": "DM4MMC1US000000042e438d170774669844e732a41c28e97", "merchantTokenMetadata": { "cardMetadata": { "longDescription": "Test Bank for MasterCard MTF", "cardCountry": "US", "shortDescription": "Test Bank 2", "fpanSuffix": "0049" }, "cardArt": [ { "url": "https://nc-crt-smp-device-asset.apple.com:443/broker/v1/assets/174ce63257704d93b00aff8aa09ec0d5", "name": "cardBackgroundCombined@2x.png", "type": "image/png" } ] } } Thanks in advance for your help and guidance.

Hi everyone, I have a question regarding App Store approval. In my country, Apple In-App Purchases are not supported, so for users in unsupported regions we need to use a third-party payment provider. For countries where In-App Purchases are supported, we plan to use Apple IAP. Could you please advise on the correct approach to ensure the app complies with App Store guidelines and can be approved?

Hello we are trying to renew our certificates. We are trying to extend the dates of verified domains following the docs https://developer.apple.com/documentation/applepayontheweb/maintaining-your-environment#Renew-Your-Domain-Verification and configure our server with https://developer.apple.com/documentation/ApplePayontheWeb/setting-up-your-server We've downloaded the apple-developer-merchantid-domain-association.txt and update it on their respective locations, click 'ok' button but we get redirected to the main page of the information of the merchant, and it shows the domains without the extending period of time. No popup showing what has failed or what could be the reason of this error, we only get a redirection to the main page.

I am currently working on decrypting Apple Pay tokens with Laravel PHP, and I have encountered a few uncertainties regarding the decryption process and the usage of AES-GCM. Could you please clarify the following points: Algorithm Confirmation: Am I using the correct algorithm for decrypting the data key? Specifically, I am utilizing AES-256-GCM with the algorithm ID "id-aes256-GCM" (2.16.840.1.101.3.4.1.46), as specified in the documentation. Is this the recommended algorithm for decrypting the Apple Pay token's data key? Authentication Tag: In the decryption process, it seems that an authentication tag is required, but I am not sure where to obtain it from. Could you confirm how the authentication tag is generated or provided during the encryption process? If the tag is part of the token or is transmitted separately, could you clarify where I can retrieve it in order to proceed with the decryption successfully? IV and Other Parameters: I am using an initialization vector (IV) of 16 null bytes (00000000000000000000000000000000) as specified in the documentation. Could you confirm that this is correct and aligns with the expected parameters for the AES-GCM decryption? Are there any other specific parameters or considerations I should be aware of when implementing the decryption of Apple Pay tokens? GCM vs Other Encryption Modes: Can you confirm that AES-GCM is the preferred and required encryption mode, or is there any flexibility to use other modes (e.g., AES-CBC) without compromising security? Your guidance would be greatly appreciated to ensure I am following the correct decryption procedure for Apple Pay tokens. Thank you in advance for your support.

We’ve integrated in-app card provisioning into our application. All required configurations have been completed, including: Token Service Provider (TSP) setup Certificates uploaded to the Apple Developer portal While the card is successfully added to the Wallet app, our application is currently unable to retrieve or read the added passes.

Hi all, I’m running into a confusing issue with Apple Pay domain verification. Apple’s documentation says to host the verification file at: https://yourdomain.com/.well-known/apple-developer-merchantid-domain-association And the portal itself seems to expect the file to be served with .txt extension during verification. My first verification passed, but subsequent checks are failing — and I’m wondering if this mismatch is the cause. Should I Keep the .txt and configure my server to serve it at both paths? Would appreciate any insights or official clarification. Thanks!

My client has provided me with admin access to the Apple Developer console. However, when I log in, I am prompted to enroll in the Apple Developer Program. Should I proceed with the enrollment myself, or does the client need to complete the enrollment from their own account?

I am trying to play around on the Apple Pay demo page (https://applepaydemo.apple.com) and I am getting the following error response. PaymentRequest AbortError: The operation was aborted. I am using the Payment Request API

We plan to set Manual PAN Entry Allowed = N and accept only issuer push provisioning (PKAddPaymentPass). Is there any Apple Pay programme rule that obliges us to keep MANUAL_ENTRY enabled? Will disabling it affect “Participating Issuer” listing?

Hi, I’ve been trying to integrate Apple Pay, but for some reason, the payment button is not showing up. The project is built with Laravel 11 and Vue. I imported the script as follows: <script crossorigin crossorigin src="https://applepay.cdn-apple.com/jsapi/1.latest/apple-pay-sdk.js" ></script> Then I added the following the steps: <style> apple-pay-button {{ --apple-pay-button-width: --apple-pay-button-width: 150px;; --apple-pay-button-height: --apple-pay-button-height: 30px;; --apple-pay-button-border-radius: --apple-pay-button-border-radius: 3px;; --apple-pay-button-padding: --apple-pay-button-padding: 0px 0px;; --apple-pay-button-box-sizing: border-box; } </style> <apple-pay-button buttonstyle="black" type="plain" locale="en-US"></apple-pay-button> I followed all the steps from the official Apple Pay demo: https://applepaydemo.apple.com/ I also configured the Content Security Policy (CSP) to allow all necessary resources. However, when I test my integration, the button doesn’t appear. I’ve checked the console, but there are no errors. At the same time, I have my certificate imported into the Keychain, and I’ve completed the entire process of creating both the certificate and the private key. However, when I try to validate the session using the certificate and key with Apple’s API, I get an error: 400 The SSL certificate error https://apple-pay-gateway-cert.apple.com/paymentservices/

Hi everyone, I am new to Apply Pay, but I have already implemented IAP for subscriptions in my app. My app also has other functionalities, it also acts as a person-to-person marketplace, as users can post events or online courses which can be bought by other users to participate. My question is that I have read Apple's review guidelines but it is still unclear for me if I can use Apple Pay (with for example Stripe) or do I still need to use IAP for this online content. Also non profit organizations also can register which can recieve donations, can I also use Apple Pay for that or do I still need IAP there, because it would be nice if Apple would take 30% of donations.

Hello! We are using "Apple Pay Web Merchant Registration API" https://developer.apple.com/documentation/applepaywebmerchantregistrationapi Recently we successfully updated the Payment/identity certificates at our main merchant ID And we have a few questions: Do we need make the Domain verification for all of our sub-merchants again after the Certificates update? How we can check the expiration of domain verification of merchants that we integrate trough API endpoint (https://apple-pay-gateway.apple.com/paymentservices/registerMerchant), and do verified domains via API have an expiration date??? How we can understand does the our universal domain verification file (apple-developer-merchantid-domain-association) have expiration too? Thanks in advance!

We are facing an issue with Apple Pay address details while customers are placing orders on our production site. By default, the following values are being passed during checkout: First Name: ApplePay Last Name: Express Address: ApplePay Street When we manually enter these same details, our validation correctly prevents the order from being placed and displays an appropriate error message. However, on our production site, real customers are still able to successfully place orders with these exact details. Could you please help us understand: How these orders are being allowed to proceed despite the validation? Is this behaviour expected from Apple Pay ? How can we prevent orders from being placed with such placeholder address details? Please let us know if you need any additional information from our side. We have also attached an image showing the address details and the corresponding order number for reference. Thanks in advance for your support.

We are unable to add/remove Merchant IDs in App IDs identifier profile, after pressing "Edit" button on "Apple Pay Payment Processing" section, then choosing desired Merchant ID to check/uncheck from the available Merchant IDs, then pressing Continue/Save/Confirm buttons - nothing happens, the "Save" button text briefly changes to "Processing" and then back To "Save" and we still have previously enabled Merchant IDs and the Save button is still in enabled state, any help?

Hello, We are working on integrating billing into our dating app, targeted at the Russian market. Our main requirement is to support subscriptions with automatic renewal and cancellation. We understand that, according to App Store Review Guideline, all digital subscriptions should use Apple In-App Purchase (IAP). However, we are unsure how this applies in Russia, where some local regulations may limit the use of non-Russian payment processors, and where not all Russian bank cards are accepted by Apple. Our question is: -For iOS apps in Russia, is it strictly required to use Apple IAP for subscriptions? -Are there any approved exceptions allowing integration with local processors such as Robokassa or YooKassa? -How are other developers currently handling subscriptions for the Russian market? We want to ensure full compliance and avoid any risk of rejection or removal. Thank you in advance for any clarification. Best regards, Dan

你好，我们6月1日收到比较多的韩国用户反馈购买我们的内购以后，系统会在稍后的几分钟再次多次从用户的卡里扣出相应的款项，但是我们没有办法第一时间反馈给你们，导致很多用户流失，请问我们怎么才能第一时间联系到你们，还有我们怎么才能第一时间知道是你们的系统是否某个功能出了问题，是否也有相应的论坛我们可以第一时间看到你们相关问题的报道，这样我们排查问题就没那么辛苦，感谢

Hi Team, For last 24 hours one of our team members is unable to login to apple dev portal due to two factor authentication not being sent. Error we are getting is "Verification codes can't be sent to this phone number at this time. Please try again later"