We are developing a native iOS financial application called Tradu: Stocks, Forex, and CFDs (Apple ID: 6473443264), which embeds a WKWebView to render all user-facing logic. All user interactions—including authentication with MFA—occur inside this WKWebView. To access native functionality, we use postMessage() to communicate between the web and native layers. This approach has worked successfully for biometric authentication, for example. We are currently integrating Apple Pay In-App Provisioning and have a few questions regarding compliance with the documentation provided by our Issuer Host (Modulr). In the document titled Getting Started with Apple Pay: In-App Provisioning, Verification, Security, and Wallet Extensions (Version 4.0, February 2023), all examples are based on a fully native application. We’ve managed to integrate most of the In-App Provisioning flow via postMessage() up to the point of passing encryptedData to the Payment View. Apple Pay button inside WKWebView In Section 7: Frontend Overview, the user initiates the provisioning by tapping a native PKPaymentButton (SwiftUI example). In our case, this button is rendered inside the WKWebView, styled according to the Apple Style Guide. While the document references this approach as a “raw mark text supplement,” is this method acceptable and compliant with Apple’s UX and technical guidelines? MFA requirement before provisioning In Section 4: Security Guidelines, it is stated that the user must have passed MFA at least once before starting the provisioning flow. In our implementation, users must complete MFA on every login (including on recognized devices) before the provisioning UI becomes available. Even though this is not tied specifically to “unrecognized devices,” is our MFA requirement sufficient to satisfy Section 4.2? Summary: Is using a web-rendered Apple Pay button inside WKWebView (instead of a native PKPaymentButton) considered compliant? Is our MFA enforcement model (required on every login) aligned with the security requirements outlined in Section 4.2 of the Apple Pay In-App Provisioning documentation?

Hello, I'm trying to test an app clip in TestFlight with a Local Experience. Is there any way to test app clips "end to end" from a local experence? The clip I'm developing uses Apple Pay, so we'd like to be able to test the full experience using sandbox accounts. The documentation indicates that this is possible: documentation link Testers can also configure a local experience to launch the App Clip you distribute with TestFlight. However, you must still associate your App Clip with your website so testers can launch it from the TestFlight app. In addition, testers must launch the App Clip from an App Clip experience you configure for testing in App Store Connect at least once to ensure that the App Clip is cached on the device. I've had some success with running the clip from a local Xcode build, then installing a TestFlight build "over top" of the Xcode build, e.g. I can scan a QR code with a URL configured for a local experience and the card will show and launch the clip, but that seems to "expire" after a period of time. More information: App (but not App Clip) is currently live in the app store. App Clip is in TestFlight and launches using TestFlight experiences App Clip and App are associated with our website Am able to launch the app via QR code with a full installation from TestFlight Am able to see Local Experiences when the clip has been built locally and run on my device using Xcode Local Experience does not show when using a fresh install from TestFlight even when configured with the same values Local Expereince does show and work when using a TestFlight build installed over top of an Xcode build

I'm facing problem with in-app-provisioning in production application. When we try to tokenize (before T&C step) we are getting error from topic. I've also posted this in Feedback Assistant: FB18403577. I'll be very happy if someone could help me to get what is wrong with data or configuration of application.

I am trying to play around on the Apple Pay demo page (https://applepaydemo.apple.com) and I am getting the following error response. PaymentRequest AbortError: The operation was aborted. I am using the Payment Request API

Dear Apple Developer Support team, I would like to request an official confirmation regarding the handling of transaction status in the App Store Server API, specifically for the GET /inApps/v1/transactions/{transactionId} endpoint. As per our current understanding from the official documentation (Get Transaction Info), the API’s behavior appears to be: If a transaction is finalized and successfully processed by App Store, querying this API will return HTTP 200 OK along with transaction details. If a transaction is still in a pending or deferred state (such as awaiting Ask to Buy approval or pending authorization), the API will not return a 200, and instead respond with HTTP 404 Not Found or an appropriate error. Could you please confirm if this behavior is accurate and officially supported? Specifically: Does a 200 OK response guarantee that a transaction is finalized and successfully recorded on App Store servers? In cases where a transaction is pending approval (e.g. Ask to Buy), is it correct that GET /transactions/{transactionId} would return 404 Not Found until the transaction is finalized? We would greatly appreciate your confirmation to align our server-side logic for transaction validation accordingly. Thank you very much for your support! Kind regards, cuongnx

Despite signing out of my sandbox Apple ID and disabling Developer Mode, my Wallet still appears to be in sandbox mode, and I’m unable to add any real payment cards. I have already tried the following steps: Signed out of all sandbox and developer accounts Turned off Developer Mode Restarted the device Reset all settings Updated to the latest iOS version Removed any configuration profiles Unfortunately, none of these actions helped. The Wallet interface still displays “sandbox” and rejects real cards.

Hi everyone, We're working on a fitness and wellness app that offers subscription-based content like workout videos, nutrition plans, and personal coaching. We've read the updated documentation on the External Link Account Entitlement (ELAE), which allows certain apps to include a link to an external website for account management and payments. However, based on what Apple describes as eligible “reader apps” (video streaming, books, audio, etc.), it's unclear whether fitness apps can apply for and use this entitlement. Our questions: Can a fitness app use the External Link Account Entitlement to link out to a web-based subscription page? If not currently supported, is there any plan to expand this to other categories like health & fitness? We are fully compliant with App Store IAP rules today, but we're exploring all legitimate options as we aim to provide a smooth and transparent experience across platforms (iOS, Android, and web). Any insights from the community or Apple team would be appreciated! Thanks, Onur Hazar

I have created an app and for the final stage i added subscription feature. This works great in testflight, but not when i push out to external testers. I set up what i needed to in apple store connect (i must have done it right as it works in testflight), and i linked it to th emost recent version. Nothing I do seems to get the sub info to display and pull through to the app in the sub box when selected. No price and the usual stuff. I was told send for review. Failed the review and im working on that but something tell sme this is a glitch athat needs fixed on my account maybe. Can anyone help please

Hi all, I've received emails from other apps after making a purchase, with content like: You have purchased {App Name} on {Date & Time} and acknowledged that if you download or use this in-App Purchase within fourteen days of buying it, you will no longer be eligible to cancel this purchase. Do anyone know under what circumstances Apple sends a Purchase Confirmation Letter to the user's email after they purchase our digital products via IAP? Is this something developers can control? Additionally, I've seen pop-up reminders before making a payment in apps, with content similar to the above message. Are these reminders provided by Apple, or can developers create their own guidance to help users avoid accidental purchases? Kindly, Vanto

Hello -- We're preparing to roll out Apple Pay on website in the next week but encountered some issues during testing. While we successfully processed transactions using a VISA card, we ran into errors when testing with other card brands. Has anyone come across this issue before?

我是一个银行app开发人员，请问怎么将银行名称显示在苹果钱包“选取银行”列表中，实现用户点击跳转银行app进行免输卡号签约绑定，是否有详细接入步骤和文档？

When I use my iPhone to scan the apple pay QR code in chrome, the url is https://applepaydemo.apple.com/apple-pay-js-api, I keep geting the "Service Unavailable" error. Wonder know if you guys meet this error as well? Btw, the QR code feature needs IOS 18.

Hi Apple Developer Community and Support, We are implementing Apple Pay on the Web and are encountering a persistent issue with merchant validation when the ApplePaySession is initiated from a JavaScript application running within a cross-origin iframe. Our Setup: Top-Level Domain: https://application.my.com/ (where the Apple Pay button is displayed, and the iframe is embedded) iFrame Content Origin: https://cashier.my.com/ (Our custom JavaScript application that handles the Apple Pay integration and directly calls our Payment Service Provider's (PSP) API for merchant validation). iFrame allow attribute: The iframe correctly includes allow="payment *". The Problem: When a user clicks the Apple Pay button, the ApplePaySession is successfully created and the Apple Pay sheet opens in Safari iOS. This suggests the browser recognizes the allow="payment *" attribute and allows the API calls. However, during the session.onvalidatemerchant callback, our JavaScript code makes a direct API call to our PSP (Nuvei)'s endpoint. This call consistently fails with an "Invalid domain name!" error, and the Apple Pay sheet then shows "Payment Not Completed." PSP's Diagnosis: Our PSP (Nuvei) has investigated and stated that for this specific endpoint (getAppleValidationApiFlow.do), "there is no explicit way to pass domain to the endpoint and domain for which session is issued is based on 'Referer' header." Our Question for Apple: Given that Safari 17+ now supports allow="payment" for cross-origin iframes to enable Apple Pay APIs, we have the following questions: What is Apple's official guidance or expectation regarding the Referer header for ApplePaySession.onvalidatemerchant calls when the ApplePaySession is instantiated from a cross-origin iframe? Is it expected that the Referer header for calls originating from the iFrame will always be the iFrame's origin? Does Apple's merchant validation process (when the PSP calls apple-pay-gateway.apple.com/paymentservices/startSession) itself rely on or interpret the Referer from the initial client-to-PSP call? Are there recommended best practices or standard approaches for PSP integrations in this cross-origin iFrame scenario to ensure the Referer validation (or equivalent domain validation) is correctly satisfied? We're trying to understand if our PSP's specific reliance on the Referer for this validation is a standard requirement implicitly set by Apple for this flow, or if there are other architectural approaches that should allow this scenario to work seamlessly. Thank you for any insights or guidance you can provide.

Hi!!! I can't publish the app as I have a paid membership through Stripe. I have a wordpress site and have a paid membership to access the content... The app is geared by a third party service and I can't put any code into it... What can I do? There is an idea that in the application to display a link to the site where to place the payment for membership... Please advise, I'm not the first to face this....

I am writing regarding an issue I have encountered while attempting to complete a payment using test users created within the Sandbox environment of Apple Pay. The problem persists specifically when trying to make payments through the demo page at https://applepaydemo.apple.com/. Problem Description: When initiating a payment process with either of the following test user accounts. The flow proceeds as follows: The Apple Pay window appears correctly. Processing begins but does not conclude successfully. After processing concludes, there is no prompt for 'Pay with Touch ID'. Additional Information: Device & OS Version: MacOS 15.3.2 Browser & Version: Safari 18.3.1 Real Device or Simulator: Real device used First Occurrence: Before January 1st, 2025 Custom Configurations or Backend Used: No custom configurations or backend modifications are being utilized during interaction with the demo page. Could you please provide assistance in resolving this issue?

Hi, I’ve been reviewing the Apple Wallet provisioning documentation (Getting Started with Apple Pay In-App Provisioning_ Verification_Security_Wallet Extensions )and had a few questions regarding the color path recommendation (Green, Yellow, Orange, Red) returned during the in-app provisioning flow: Who determines the color path—is it Apple directly, the Payment Network Operator (PNO), or both? What criteria are used to determine the color path (e.g., device info, Apple ID reputation, past provisioning attempts)? At what point in the provisioning flow is the color path recommendation received? Is it included in the response after the PKAddPaymentPassRequest is submitted? Is it accessible through any specific property or callback in the delegate method? Additionally, for Orange Path with Reason Code 0G, I understand that in-app verification is not allowed and must be handled via tenured channels (e.g., SMS/email). Can you confirm if this logic still applies for requests initiated from within the issuer's iOS app? Would appreciate any clarification or pointers to related documentation.

Is anyone face the similar kind of issue? We are using the react native : 0.74.1 react-native-apay react-native-payments

I'm implementing Apple Pay in a Flutter iOS app using the pay plugin and Braintree as the payment processor. I have followed all necessary steps as outlined by Apple and community resources (e.g., Medium articles, official Apple Developer documentation), but the Apple Pay button does not appear on a real device. Here's what I've completed: Created an Apple Pay Merchant ID Created and downloaded the Apple Pay Payment Processing Certificate, then uploaded it to Braintree Downloaded the Braintree-signed certificate and confirmed it's active in the Apple Developer portal Added the Merchant ID under Signing & Capabilities in Xcode Enabled Apple Pay capability in Xcode Added the Merchant ID to Info.plist Installed required Flutter packages (e.g., pay) Using a valid Apple Pay payment configuration file in Flutter (see below) Tested on a real iOS device with a valid Apple Pay test card added to Wallet Flutter Payment Configuration (in Dart JSON): json Copy Edit { "provider": "apple_pay", "data": { "merchantIdentifier": "merchant.com.example", "displayName": "My Store", "merchantCapabilities": ["3DS", "debit", "credit"], "supportedNetworks": ["visa", "masterCard", "amex"], "countryCode": "US", "currencyCode": "USD" } } Despite this complete setup, the ApplePayButton widget remains invisible There are no errors in the console. Can you help identify what may be missing or misconfigured at the code or configuration level?

Apple Sandbox is not available in India, also Apple Pay itself is not supported by Indian Banks. How can I still test using Apple Pay sandbox in India? I am trying to add test cards on my iPhone and it fails to add it. It tries to connect to Issuer, which it should not for sandbox Apple Id. Can anyone help how to achieve this?

I'm encountering an issue with Apple Pay on both Wallet and the Watch app where the app name is not showing up on the back of the payment card(Card details). The pass was successfully provisioned, and everything seems to be working, but the expected app name or brand isn't displayed, and instead, I see the generic "Something went wrong. Try again Later" message. Do we need to configure something to get this displayed in Wallet app?