domainName missing from create payment sessions request in sandbox

Question

Created 1d

Replies 3

Boosts 0

Participants 2

We have been using ApplePay on the web for years, but we are running into a problem since today in sandbox where domainName is missing from the create payment sessions request. We haven't changed anything related to this request any time recently.

Static payment sessions url being hit in sandbox: https://apple-pay-gateway-cert.apple.com/paymentservices/paymentSession

request format:

    "merchantIdentifier": "merchant.com.identifier",
    "displayName": "Test Store",
    "initiative": "web",
    "initiativeContext": "test.example.com",
    "domainName": "test.example.com"

response format:

{
    "epochTimestamp": 1763533367972,
    "expiresAt": 1763536967972,
    "merchantSessionIdentifier": "<merchantSessionIdentifier>",
    "nonce": "<nonce>",
    "merchantIdentifier": "<merchantIdentifier>",
    "displayName": "Test Store",
    "signature": "<signature>",
    "initiative": "web",
    "initiativeContext": "test.example.com",
    "signedFields": [
        "merchantIdentifier",
        "merchantSessionIdentifier",
        "initiative",
        "initiativeContext",
        "displayName",
        "nonce"
    ],
    "operationalAnalyticsIdentifier": "Test Store:<identifier>",
    "retries": 0,
    "pspId": "<pspId>"
}

Production create session request to https://apple-pay-gateway.apple.com/paymentservices/paymentSession is behaving as expected, sending the following fields as response: epochTimestamp, expiresAt, merchantSessionIdentifier, nonce, merchantIdentifier, domainName, displayName, signature, operationalAnalyticsIdentifier, retries, pspId

Claude seems to suggest this is a response when Messages for Business is enabled, but this ApplePay Payment Processing merchant is only configured for Apple Pay on the Web.

Any ideas or pointers to check for? We are worried this will spill over in production as well, which will break our ApplePay integration.

Thanks in advance!

Boost

Answer 1

leroyjv OP

1d

sorry, title should have said domainName missing from create payment sessions response in sandbox

0

Answer 2

Frameworks Engineer OP

Apple

53m

Hi! The response for the Apple Pay Merchant Session should be treated as opaque, so you shouldn't need to inspect or type check the object. The format, layout and field names of the response is liable to change without notice.

In the example you posted, whilst the domainName field in the response is no longer there, the domain name is still represented through the initiativeContext field, so the device should still correctly verify the domain name when processing the session.

Did you see any issues when trying to use Apple Pay in the sandbox environment because of this?

1

Answer 3

leroyjv OP

18m

Our design is for our backend to make the paymentSession call and return the response to the frontend. However, we are doing an exact field mapping while reading the response, which meant the backend errored out validation when it couldn't find domainName in the response. In addition, the "new" fields (like initiativeContext) being returned weren't mapped and hence not sent back to frontend, meaning signature validation later on would have failed as well.

We can see the response format has now reverted back to the "old" format. Until that, ApplePay in our preprod environments was fully down. Would this change happen again? If so, is there a possibility of an announcement or notification so we can be better prepared?

0