Payment Services Exception Unauthorized

Hi @yamanlakis,

The partner internal merchant identifier is not registered in our systems. This is why your account is not authorized to use the Apple Pay Web Merchant Registration API. To complete the registration, you'll need to request access to the API once again by following the steps outlined in the documentation below:

Applying to use the registration API and configuring IDs

https://developer.apple.com/documentation/applepaywebmerchantregistrationapi/applying-to-use-the-registration-api-and-configuring-ids

Cheers,

Paris X Pinkney |  WWDR | DTS Engineer

Hi @yamanlakis,

Sorry for the delayed response while we focused on planning, preparing and staffing WWDC26.

I want to provide more guidance for other platform integrators receiving 401 errors from the registerMerchant endpoint.

Troubleshoot the 401 Unauthorized error

A 401 Unauthorized error when calling the Apple Pay Web Merchant Registration API typically indicates that the platform integrator identity certificate used for mutual TLS (mTLS) authentication is not correctly configured or is not recognized by Apple Pay servers. Ensure that you are using the correct platform integrator identity certificate and that your server is configured for mutual TLS 1.2 or later with a supported cipher suite.

Verify certificate and key configuration

1. Ensure the platform integrator identity certificate is correctly associated with your Payment Platform Integrator ID in the Apple Developer portal and that you're approved to use the API.

2. Verify that the private key used for the mTLS connection matches the public key of the identity certificate uploaded to the Apple Developer portal.

3. If you exported the identity from Keychain, ensure you exported it as a .p12 file containing both the certificate and the private key, and then correctly extracted them into PEM format.

Confirm you're using the correct certificate type

There are multiple certificates in the Apple Pay ecosystem:

• Merchant Identity Certificate — Used with mTLS for individual merchant integrations.
• Platform Integrator Identity Certificate — Used with mTLS for platform/PSP integrations.
• Payment Processing Certificate — Used for encrypting payment tokens and decrypting payment data.

Since you're a platform integrator, please confirm the following:

• Your certificate was generated under the correct Platform Integrator ID (not a Merchant ID).
• The certificate is specifically the Identity Certificate (not the Payment Processing one).
• It was created in the Apple Developer portal under Certificates, Identifiers & Profiles > Identifiers > Platform Integrator IDs.

Validate server-side mTLS setup

Your server must perform mutual TLS authentication when calling the registration API. Ensure your server is configured to present the platform integrator identity certificate during the TLS handshake. You can test your certificate configuration using curl to verify that the certificate is accepted by the Apple Pay gateway:

% curl -v \
  --cert /path/to/cert.pem \
  --key /path/to/key.pem \
  https://apple-pay-gateway.apple.com/paymentservices/registerMerchant \
  -H "Content-Type: application/json" \
  -d '{
    "merchantIdentifier": "merchant.com.example",
    "domainNames": ["example.com"],
    "partnerInternalMerchantIdentifier": "internal-id",
    "partnerMerchantName": "Example Store"
  }'

Check the verbose (-v) output for:

* TLSv1.2 (OUT), TLS handshake, Certificate (11):

If an empty certificate message is returned, the certificate isn't being sent.

Please let me know if you have any further questions or are unable to resolve the 401 errors.

Cheers,

Paris X Pinkney |  WWDR | DTS Engineer