We are considering building a web application that uses Apple Pay On The Web.
I would like to know about the security of the domain verification file (apple-developer-merchantid-domain-association.txt) of Apple Pay.
It is assumed that the above domain verification file will be placed in the ".well-known" folder on the web server that will be released to the public, but this file itself is also from third parties including the Apple server on the Internet. Is there any particular problem even if it remains readable?
This file itself is created when the domain is registered on the Developer site, and since it is a domain-specific file, there is no security risk even if it is accessed by a third party, but there are security requirements for the domain verification file. Is not it.
Also, is this domain verification file only used for domain verification from the Developer site, and is it okay to delete this file after that?
I would like to know about the security of the domain verification file (apple-developer-merchantid-domain-association.txt) of Apple Pay.
It is assumed that the above domain verification file will be placed in the ".well-known" folder on the web server that will be released to the public, but this file itself is also from third parties including the Apple server on the Internet. Is there any particular problem even if it remains readable?
This file itself is created when the domain is registered on the Developer site, and since it is a domain-specific file, there is no security risk even if it is accessed by a third party, but there are security requirements for the domain verification file. Is not it.
Also, is this domain verification file only used for domain verification from the Developer site, and is it okay to delete this file after that?