Unable to verify Salesforce domain with Apple Pay

Question

Created Jul ’20

Replies 5

Boosts 0

Views 2.1k

Participants 5

Hi all,

Has anyone figured out how to verify a Salesforce domain with Apple Pay?

Basically, Salesforce does provide a way to verify a domain by going to Setup - Domains and clicking Verify. That prompts you to upload the verification file but Salesforce seems to place it under
your.domain/.well-known/apple-developer-domain-association.txt
whereas Apple is looking for it at
your.domain/.well-known/apple-developer-merchantid-domain-association.txt
(note the extra merchantid- in the file name).

The main issue is that Salesforce's multi tenant platform doesn't allow for direct access to the file that's placed in .well-known directory and there doesn't seem to be any way to control the file name. Is there any alternative way to verify domain ownership in this case?

Boost

Answer 1

HibberTJibbets OP

Jul ’20

I ran into the same issue and had to do this programmatically. We updated the storefront cartridge to create the destination /.well-known/apple-developer-domain-association.txt and added the attribute as a site preference to populate the value so that it can be updated as needed. We have seven storefronts, so the site preference makes it easy to manage for each domain.

0

Answer 2

HibberTJibbets OP

Jul ’20

I pasted the wrong URL: we added /.well-known/apple-developer-merchantid-domain-association.txt

1

Answer 3

Zane-Zh OP

Jul ’20

Hello devloader,

Do you have fixed the issue? I also want to implement Apple pay. But i can't find the 'Verify' link next to the domain name by following the Verify a Domain with an External Service article, help.salesforce.com/articleView?id=domainmgmtverify_external.htm&type=5.

0

Answer 4

devloader OP

Jul ’20

Accepted Answer

I managed to find a solution. Here are the steps:

In your Salesforce site create a new static resource of type text/plain. Paste the contents of the verification file provided by Apple into that resource.
Create a controller apex class:

Code Block public class ResourceReaderController {
		public String getContent() {
				return new PageReference('/resource/1394899484000/SiteSamples/SiteStyles.css').getContent().toString();
		}
}

3. Create a visualforce page to output the contents of that static resource:

Code Block <apex:page controller="ResourceReaderController" contentType="text/plain">
		<apex:outputText value="{!Content}" escape="false" />
</apex:page>

4. In your Salesforce site's url rewriter class have a rule that maps the path that Apple is looking for (/.well-known/apple-developer-merchantid-domain-association.txt) to your newly created visualforce page

0

Answer 5

JoelFuller OP

Sep ’25

The solution to serve the cert provided by @devloader works to successfully serve the cert, as that is the same path I went down. However, it seems that using URLRewriter only works for visualforce sites. At least this is what support has indicated. Thus, if you have commerce cloud/experience cloud the instructions for "sites" for URLRewriter do not apply, and requests to your commerce store domain will not be handled properly. There is a built-in component for Apply Pay in B2B/D2C sites but it requires using Salesforce Payments, and setting up the cert if "behind the scenes." It is still unclear how we can host the certificate using Salesforce Commerce. Can someone suggest an alternative to satisfy the "seemingly fixed" apply pay url at /.well-known/apple-developer-merchantid-domain-association.txt?

SALESFORCE SUPPORT RESPONSE: The reason it isn’t working in your case is because the URL rewriter only applies to Visualforce sites.

In your implementation, the Experience Cloud site actually consists of two sites:

Lightning / LWR site URL: https://mysite.com/

Visualforce site URL: https://mysite.com/vforcesite/

When you try to access the URL at: https://mysite.com/.well-known/apple-developer-merchantid-domain-association

…it is hitting the LWR site, not the Visualforce site. Since the URL rewriter only applies to the Visualforce site, it does not take effect in this case.

The correct URL (with the apex URL rewriter configured) would be: https://mysite.com/vforcesite/.well-known/apple-developer-merchantid-domain-association

In short: If you want to use the URL rewriter, the request needs to go through the Visualforce site.

If the file must be served from the root path (/.well-known/...), then the Visualforce site would need to be hosted at /, and the LWR site would require a path prefix.

0