I am currently using StoreKit2 to set up the in-app purchase subscription flow, and I have already configured the subscription products in App Connect. I created a StoreKit Configuration file in Xcode and used it in the scheme. However, after completing the purchase, the transaction.jsonRepresentation data returns a transactionId of 0. After checking the documentation, I found that I need to disable the StoreKit Configuration and enable Sandbox Testing. But after disabling the StoreKit Configuration, I can't retrieve the real product data using Product.products(for: productIds). I can confirm that the ProductId I provided is real and matches the data configured in App Connect. Could you please help me identify the issue? Thank you
Apple Pay
RSS for tagDiscuss how to integrate Apple Pay into your app for secure and convenient payments.
Post
Replies
Boosts
Views
Activity
We have an app and we want to add tap to pay for Apple Pay. We'd also like to become a certified Payment Service Provider. What is the process to become a certified PSP?
When apple pay on the web does a onshippingcontactselected it appears to truncate the zip code.
If I enter:
11111
or
11111-1111
I always get 11111. Is there any way to get the plus 4?
I am trying to get a pass reader certified through the mFi / WPC certification process. The problem I have is that the Certifier app will not allow testing results to be submitted due to some missing information. I need support to discuss the missing information, but I have received no replies from the email provided for WPC Certification Representative.
Does anyone here know how to get support for the WPC Certification process?
We use the Transaction Info API for Apple Pay verification, but due to a surge in player payment requests during major game version updates, we've encountered a large backlog of orders and are unable to process all verifications in time. We're wondering if anyone knows the process for requesting an increase in the QPS limit? QAQ
Hi team at Apple, here is a scenario we came across:
The order of priority of payment methods in Apple Wallet follows:
Credit
Debit
Apple Cash
Our app displays a payment sheet that excludes credit cards. Instead of a debit card, the default payment option shown to the user on the payment sheet is Apple Cash.
Is this a known issue or have we configured something wrong in our end?
We have a checkout page on which clients can configure the providers we've integrated with for each currency.
One such provider is Stripe, with which we have already integrated ApplePay and host a merchant domain association file.
Now, we're getting requests to support ApplePay with other providers.
The issue is that we can't tell Apple to use a different path to domain association file for domain verification.
And, replacing the existing domain association file seems like a hack, since I believe it's needed for domain re-verification.
We're thinking of using subdomains for serving the domain association files for different providers.
But, we have some questions on how ApplePay domain verification works to understand how we can solve our problem.
Firstly, can we use subdomains for individual domain verification? If we already have example.com verified with Stripe, can we serve the domain association file for the other provider with provider.example.com and have the verification work?
Secondly, let's say our domain is example.com, and we can use provider.example.com to serve the domain association file and verify the domain. Then on example.com/checkout, will using an iframe with provider.example.com/applepay to host the ApplePay button work?
This thread suggests otherwise, but we want to confirm.
Lastly, is the only way to make an ApplePay payment for provider.example.com to use that subdomain? So redirecting to provider.example.com/applepay would work?
Thanks for your help!
We received a request directly from /apple/notifications. This subscription is not a renewal, but a first-time purchase. We associate the originalTransactionId with the user's ID to identify the subscribed user. However, since we do not have access to the user's ID on our server through this direct request, we are unable to properly process the subscription.
How should we handle this type of subscription request?
What is the source of this subscription, and why are some users able to bypass in-app purchases for first-time subscriptions and make the purchase directly?
Hi there,
is there a way, or a list of test cards, to simulate error on payment in an Apple Pay sandbox environment ?
I tried different cards mentioned here but every try was successful : https://developer.apple.com/apple-pay/sandbox-testing/
Hey everyone,
I wanted to check if anyone else has faced extreme delays when requesting access to Apple Pay Wallet APIs. It was Oct 11 2024 a year ago since we first applied to enable in-app provisioning for virtual cards in our app and we made 1% progress.
For context, we already got access from Google for Google Wallet—it was smooth, professional, and timely. But with Apple… it’s been nothing but an endless cycle of waiting.
We followed every step, submitted everything correctly, and even called Apple Developer Support multiple times. Their response? "We've escalated it." Again and again. But there’s no real progress. We’re rerouted, ignored, and left in limbo.
At this point, I don’t even know if anyone is actually reviewing these requests. If a business like ours—fully compliant and ready to integrate—can’t even get a response in 150 day, how is this process supposed to work?
I’m posting this here because I can’t be the only one. Has anyone else faced this? If you finally got access, how did you do it? Because right now, it feels like Apple Pay in-app provisioning is an impossible goal.
Hoping someone from Apple sees this and realizes how broken this process is. We’re just trying to innovate and offer Apple users a great experience—why is it so difficult?
Looking forward to hearing from anyone in the community who can help, Thanks! 🙏
Body:
Hello,
We are currently implementing iOS order verification and have encountered an issue. Some of the receipts we verify return with an empty in_app array, which makes it impossible to determine whether there is a valid in-app purchase.
Below is the code we’re using for verification and the result we receive:
Code Example:
public function iosVerifyReceipt($receipt, $password = '', $sandbox = false)
{
$url = $sandbox ? 'https://sandbox.itunes.apple.com/verifyReceipt' : 'https://buy.itunes.apple.com/verifyReceipt';
if (empty($password)) {
$data = json_encode(['receipt-data' => $receipt]);
} else {
$data = json_encode(['receipt-data' => $receipt, 'password' => $password]);
}
$ch = curl_init($url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, $data);
$result = curl_exec($ch);
curl_close($ch);
$result = json_decode($result, true);
$result = $result ?? [];
$result['sandbox'] = $sandbox;
if ($result['status'] != 0) {
Log::warning('ios verify receipt failed', ['receipt' => $receipt, 'result' => $result, 'sandbox' => $sandbox]);
if ($result['status'] == 21007) {
return $this->iosVerifyReceipt($receipt, $password, true);
}
}
return $result;
}
// Order validation check
if (empty($result) || $result['status'] != 0) {
throw new BadRequestHttpException("Ios Order Verify Error");
}
$appItemId = $result['receipt']['app_item_id'] ?? "";
if ($appItemId != MY_APP_ID) {
throw new BadRequestHttpException("Ios Order Verify Error");
}
$inApp = array_filter($result['receipt']['in_app'] ?? [], function ($item) use ($transactionId, $order) {
return $item['transaction_id'] == $transactionId && $item['product_id'] == $order->getProductId();
});
if (empty($inApp)) {
throw new BadRequestHttpException("Ios Order Verify Error");
}
Array
(
[receipt] => Array
(
[receipt_type] => Production
[adam_id] => *
[app_item_id] => *
[bundle_id] => *
[application_version] => *
[download_id] => *
[version_external_identifier] => *
[receipt_creation_date] => 2025-02-11 04:06:47 Etc/GMT
[receipt_creation_date_ms] => *
[receipt_creation_date_pst] => 2025-02-10 20:06:47 America/Los_Angeles
[request_date] => 2025-02-11 15:54:56 Etc/GMT
[request_date_ms] => *
[request_date_pst] => 2025-02-11 07:54:56 America/Los_Angeles
[original_purchase_date] => 2025-02-11 04:02:41 Etc/GMT
[original_purchase_date_ms] => *
[original_purchase_date_pst] => 2025-02-10 20:02:41 America/Los_Angeles
[original_application_version] => 5511
[preorder_date] => 2025-01-17 21:12:28 Etc/GMT
[preorder_date_ms] => *
[preorder_date_pst] => 2025-01-17 13:12:28 America/Los_Angeles
[in_app] => Array
(
)
)
[environment] => Production
[status] => 0
[sandbox] =>
)
Problem Description:
• We are noticing that in some orders, the in_app array is returned as empty. This causes difficulty in verifying the presence of in-app purchases.
• Our validation logic assumes that if in_app is empty, the order is invalid, but we would like clarification on whether this is correct or if such a scenario is normal under certain conditions.
Actions Taken:
• We have reviewed Apple’s documentation and other related resources, but no clear explanation is given about when in_app might be empty.
• Can we safely rely on an empty in_app array to consider the order invalid, or should we investigate further for potential issues like delays or errors during the verification process?
We would appreciate your guidance on how to handle such cases. Thank you for your support!
Body:
Hello,
We are currently implementing iOS order verification and have encountered an issue. Some of the receipts we verify return with an empty in_app array, which makes it impossible to determine whether there is a valid in-app purchase.
Below is the code we’re using for verification and the result we receive:
Code Example:
public function iosVerifyReceipt($receipt, $password = '', $sandbox = false)
{
$url = $sandbox ? 'https://sandbox.itunes.apple.com/verifyReceipt' : 'https://buy.itunes.apple.com/verifyReceipt';
if (empty($password)) {
$data = json_encode(['receipt-data' => $receipt]);
} else {
$data = json_encode(['receipt-data' => $receipt, 'password' => $password]);
}
$ch = curl_init($url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, $data);
$result = curl_exec($ch);
curl_close($ch);
$result = json_decode($result, true);
$result = $result ?? [];
$result['sandbox'] = $sandbox;
if ($result['status'] != 0) {
Log::warning('ios verify receipt failed', ['receipt' => $receipt, 'result' => $result, 'sandbox' => $sandbox]);
if ($result['status'] == 21007) {
return $this->iosVerifyReceipt($receipt, $password, true);
}
}
return $result;
}
// Order validation check
if (empty($result) || $result['status'] != 0) {
throw new BadRequestHttpException("Ios Order Verify Error");
}
$appItemId = $result['receipt']['app_item_id'] ?? "";
if ($appItemId != MY_APP_ID) {
throw new BadRequestHttpException("Ios Order Verify Error");
}
$inApp = array_filter(
$result['receipt']['in_app'] ?? [],
function ($item) use ($transactionId,$order) {
return $item['transaction_id'] == $transactionId && $item['product_id'] == $order->getProductId();
}
);
if (empty($inApp)) {
throw new BadRequestHttpException( "Ios Order Verify Error");
}
Array
(
[receipt] => Array
(
[receipt_type] => Production
[adam_id] => *
[app_item_id] => *
[bundle_id] => *
[application_version] => 5511
[download_id] => *
[version_external_identifier] => *
[receipt_creation_date] => 2025-02-11 04:06:47 Etc/GMT
[receipt_creation_date_ms] => *
[receipt_creation_date_pst] => 2025-02-10 20:06:47 America/Los_Angeles
[request_date] => 2025-02-11 15:54:56 Etc/GMT
[request_date_ms] => *
[request_date_pst] => 2025-02-11 07:54:56 America/Los_Angeles
[original_purchase_date] => 2025-02-11 04:02:41 Etc/GMT
[original_purchase_date_ms] => *
[original_purchase_date_pst] => 2025-02-10 20:02:41 America/Los_Angeles
[original_application_version] => *
[preorder_date] => 2025-01-17 21:12:28 Etc/GMT
[preorder_date_ms] => *
[preorder_date_pst] => 2025-01-17 13:12:28 America/Los_Angeles
[in_app] => Array
(
)
)
[environment] => Production
[status] => 0
[sandbox] =>
)
When I click to my Apple Pay button, my function below doesn't trigger the completeMerchantValidation method as expected, but the oncancel method (which logs errorCode "unknown" in Safari developer tools) :
const processApplePayment = async () => {
if (window.ApplePaySession) {
const session = new window.ApplePaySession(6, {
countryCode: 'FR',
currencyCode: 'EUR',
merchantCapabilities: ['supports3DS'],
supportedNetworks: ['visa', 'masterCard'],
total: {
label: `Bon d'achat ${partnerName}`,
type: 'final',
amount: cartTotalValue.toString()
}
});
session.onvalidatemerchant = async event => {
try {
const merchantSession = await validateMerchantSession(event.validationURL);
console.log('merchant session : ', merchantSession);
if (!merchantSession) {
console.error('Invalid Apple Pay merchant session');
}
session.completeMerchantValidation(merchantSession);
} catch (error) {
console.error('merchant validation error : ', error);
session.abort();
}
};
session.onpaymentauthorized = async event => {
console.log('payment authorization event : ', event);
try {
const link = await authorizePayment(
event.payment.token,
userInfo,
partnerId,
order.id
);
console.log('payment authorized link : ', link);
window.location.href = link;
} catch (error) {
console.error('Apple Payment authoriation error : ', error);
const errorUrl = `${PATH.EBON_ERROR_PATH}-${partnerId}?paiement=error&orderId=${order.id}`;
window.location.href = errorUrl;
}
};
session.oncancel = event => console.log('Apple Pay cancel event : ', event);
session.begin();
}
};
The validateMerchantSession function successfully returns this payment session from Apple server :
{
"epochTimestamp":1739279973502,
"expiresAt":1739283573502,
"merchantSessionIdentifier":"SSH108C7ED6746A48E38EA8D253D33CCAA5_916523AAED1343F5BC5815E12BEE9250AFFDC1A17C46B0DE5A943F0F94927C24",
"nonce":"150de193",
"merchantIdentifier":"11CA4E31493E748848A91A0DAB1685A8417C41B62B9863EF59A618B91239471A",
"domainName":"lesnumeriques-bonsdachat.htmal1.com",
"displayName":"Les Numériques",
"signature":"308006092a86...779cd643c000000000000", // long string
"operationalAnalyticsIdentifier":"Les Numériques:11CA4E31493E748848A91A0DAB1685A8417C41B62B9863EF59A618B91239471A",
"retries":0,
"pspId":"11CA4E31493E748848A91A0DAB1685A8417C41B62B9863EF59A618B91239471A"
}
What could I do wrong and how could I fix it please ?
I am developing an app to add Discover cards to Apple Wallet. Unlike Visa, MasterCard, etc., Discover does not have APIs that return activationData, encryptedPassData and ephemeralPublicKey for a given card, so I have created a backend server to handle this. In my server, I am unsure how to generate the ephemeralPublicKey. Do I need to use the merchant certificate? If so, how do I use it to generate the ephemeralPublicKey?
I would appreciate it if someone could provide me with a step-by-step guide on how to generate ephemeralPublicKey for provisioning a card.
all mastercard cards expired in 2024
So we are developing an NFC reader for a client and one of the requirements was Apple ECP. We submitted a product plan and it was approved and we were given access to the specific documentation for ECP. We are looking to only use Loyalty passes via NFC. Not Apple Pay. We wish to develop passes that have NFC capability and apparently you need another approval for NFC Entitlement. Apple just denied our application. No reason given, just denied. How are we suppose to develop a solution when we can only do one side of the development? Also we are seeing VAS mentioned and believe we also need access to this documentation as well, but no idea where to request it. Nothing in our developer portal or wpc portal. Can someone from Apple please steer us in the right direction.
As we understand it we need:
Approved hardware product plan (which we have)
Access to ECP 2.0 documentation (which we have)
Access to VAS protocol documentation (we don't have)
NFC entitlement to be able to create NFC enabled passes.
Let me know what we need to do or if I am not understanding things correctly.
Thanks
Hi, I'm developer in fintech company, we have setup process for onboarding merchants for our partner and processing payments with usage of Apple Pay API. Daily system is processing ca. 10k payments but every day ca. 100 of transactions are declined because of merchant validation error:
request to https://apple-pay-gateway.apple.com/paymentservices/paymentSession (with all required parameters in body)
is returning response with status code 417
"statusMessage": "Payment Services Exception
merchantId={root merchant id}
unauthorized to process transactions on behalf of
merchantId={merchant id hash}
reason={merchant id hash} is
not a registered merchant in WWDR and isn't properly authorized via Mass
Enablement, either."
Issue impacts recurring merchants, most of their transactions are processed successfully but randomly some of them are failing with such reason. All prerequisites are met: merchant have deployed 'apple-developer-merchantid-domain-association' certificate, certificates are valid and not expired. Apple Support is not able to provide any information based on provided requests timestamps. We would to know what may be the reason just part of the requests are failing and what 417 error code means.
Hi - I have a question. I am trying to understand when Apple Pay will be available on non-IOS desktop devices (specifically Google Chrome). I was hoping to understand better the process, specifically the following:
How can I get the Apple Pay QR code installed on my desktop checkout page on Google Chrome?
How long does this process usually take?
If I work with Stripe, do I need to get approval from them to install the Apple QR code onto my Google Chrome checkout page?
Is this readily available to all merchants (i.e., installing Apple Pay on Google Chrome)/
I have not seen this on any other checkout pages yet. Are there any examples you could point me to of merchants that have installed Apple Pay onto non-IOS desktop so I could trial the process (i.e., a list of existing merchants that have put the QR code onto their Google Chrome checkout pages)?
Hello
My app has implementation of In App Provisioning which is working fine. We have now added Wallet Extensions to it, but my App is not shown in Apple Wallet "From apps on your iphone"
I have uploaded Feedback (FB16450547) at
https://feedbackassistant.apple.com/feedback/16450547
Kindly request for your advice
After opening the Apple Pay Popup and try to close the popup (without scanning the QR Code), the oncancel handler (accociated with the created session) doesn't fire.
Meanwhile if the merchant scanned the QR code and the UI of the popup changed, then cancel the popup manually (using close (X) button), it fires the session.oncancel event handler.
Here is applied setup:
const { ApplePaySession } = window;
if (!(ApplePaySession && ApplePaySession.canMakePayments())) {
return new Error('Apple Pay Session is not available');
}
const paymentCapabilities = await ApplePaySession.applePayCapabilities(
applePaymentOptionsMetaData.merchantIdentifier,
);
if (paymentCapabilities.paymentCredentialStatus === 'applePayUnsupported') {
console.error('ApplePaySession is not supported.');
return;
}
const request = {
"countryCode": "KW",
"currencyCode": "KWD",
"merchantCapabilities": [
"supports3DS"
],
"supportedNetworks": [
"VISA",
"MASTERCARD"
],
"billingContact": {
"phoneNumber": "201000000000",
"emailAddress": "example@test.com",
"givenName": "Ahmed",
"familyName": "Sharkawy"
},
"total": {
"amount": "3.085",
"label": "Merchant Testing"
}
}
const session = new ApplePaySession(5, request);
session.onvalidatemerchant = async event => {
if (debug) {
console.info('Creating merchant session and validating merchant session');
console.info('onvalidatemerchant event', event);
}
try {
// Validation Merchant Request
session.completeMerchantValidation(data);
} catch (error: any) {
session.completePayment({ status: ApplePaySession.STATUS_FAILURE });
}
};
session.onpaymentauthorized = async (event) => {
session.completePayment({ status: ApplePaySession.STATUS_SUCCESS });
};
// This doesn't fire
session.oncancel = () => {
console.info('EVENT: oncancel');
};
session.begin();