We are implementing Apple Pay In-App Provisioning (EV_ECC_v2) for our EU app. The same codebase and encryption logic works successfully for our main app (different bundle ID and Adam ID), but the EU app consistently fails with HTTP 500. Environment: Entitlement: Granted (Case-ID: 18772317) Encryption scheme: EV_ECC_v2 Issue: During In-App Provisioning, the iOS app successfully obtains certificates, generates cryptographic material (encryptedCardData, activationData, ephemeralPublicKey), and POSTs to Apple's broker endpoint. The request fails at: Endpoint: POST /broker/v4/devices/{SEID}/cards Response: HTTP 500 with an HTML error page (not a JSON business error) <html> <head><title>500 Internal Server Error</title></head> <body> <center><h1>500 Internal Server Error</h1></center> <hr><center>Apple</center> </body> </html> Key observations: Our main app (different bundle ID/Adam ID) uses identical encryption code, private keys, and key alias — and works correctly in production. Manual card provisioning through Apple Wallet on the same device succeeds. The entitlement com.apple.developer.payment-pass-provisioning is confirmed present in the provisioning profile (verified via codesign). The 500 response is HTML rather than JSON, suggesting the request is rejected at the gateway level before reaching Apple Pay business logic. What we've verified: Entitlement correctly configured in provisioning profile ephemeralPublicKey is in uncompressed format (65 bytes, starts with 0x04) encryptionVersion is EV_ECC_v2 No double Base64 encoding Question: Could you please check whether Adam ID 6745866031 has been correctly added to the server-side allow list for In-App Provisioning in the production environment? Given the HTML 500 (not JSON) and that the identical code works for our other app, we suspect this may be an allow list or account configuration issue rather than a cryptography error. I will follow up with a Feedback Assistant ID including sysdiagnose logs shortly, per the steps outlined in https://developer.apple.com/forums/thread/762893

We are trying to implement the the tokenNotificationUrl in a deferredBilling request so that we can get MPAN tokens (when supported) back from ApplePay. We want to be able to test that the events are working and firing. I have tried creating a deferred billing request, and then unlinked my test card from my test account and did not receive any event at my token notification endpoint. What is the best way to approach this from a lower environment perspective? We are trying to simulate the UNLINK EventType in the MerchantTokenEventResponse. Also can you confirm that providing this URL is what determines if we get an MPAN vs a DPAN (when MPAN is supported) or is there a different mechanism that turns that on?

My understanding is that MPAN is provided for any of the payment request types that support the tokenNotificationURL (deferred/recurring). If you omit the tokenNotificationURL from the request do you still get an MPAN (when supported by the banking network)? Or is it only if that property has a value? Is there a different way you are supposed to trigger an MPAN?

During the in‑app provisioning flow, we successfully obtain the provisioning certificates and generate object for posting. However, in the production environment the flow fails when posted to a broker. broker/v4/devices/{SEID}/cards The staging environment works correctly and provisioning completes without issues. Object {encryptedCardData, activationData, ephemeralPublicKey} is build. The T&C screen never appears. FB22332303

Hi everyone, Is there a way to check the integrity of the auto updating version of the Apple Pay JS SDK? SRI can only be used for the semantic version. Any help/suggestion is appreciated.

We have recently enrolled to the platform integrator program in order to be able to use this API https://developer.apple.com/documentation/applepaywebmerchantregistrationapi to verify our customers' domains for apple pay. We have distributed certifications and the domain association file and have successfully conducted the domain verification call. Consequently, the domain is registered for a given merchant. However, when conducting a payment session request, we receive an error response saying that the domain is not registered. Specific example: We POST to https://apple-pay-gateway.apple.com/paymentservices/registerMerchant with body: { "domainNames": [ "example.com" ], "encryptTo": "platformintegrator.com.example", "partnerInternalMerchantIdentifier": "example", "partnerMerchantName": "example" } and get a 200 response. The apple server successfully conducts the call to the example.com/.well-known/apple-developer-merchantid-domain-association resource. Then the GET request to https://apple-pay-gateway.apple.com/paymentservices/merchant/example lists the domain for this merchant: Response { "domainNames": [ "example.com" ], "partnerMerchantName": "example", "partnerInternalMerchantIdentifier": "example", "partnerMerchantValidationURI": "/.well-known/apple-developer-merchantid-domain-association", "encryptTo": "<hashed merchant id>", "delegatedCommerce": { "enabled": true } } However, when trying to initiate an apple pay payment session here: POST https://apple-pay-gateway.apple.com/paymentservices/paymentSession Body: { "merchantIdentifier": "platformintegrator.com.example", "displayName": "example", "initiative": "web", "initiativeContext": "example.com" } we receive this error response: { "statusMessage": "Payment Services Exception merchantId=<hashed merchant id> not registered for domain=example.com", "statusCode": "400" } Our assumption is that after registering a domain for a merchant the apple pay process should work. We already have a working apple pay implementation with the traditional domain verification process with merchant IDs. We would like to know if we are missing any detail or what is causing this error in our payment process.

Hello, I have recently started exploring the Apple Wallet extension and have a couple of questions I was hoping you could help clarify: Is there any form of communication between the UI extension and the non-UI extension? From my understanding, the UI extension handles the authorization and simply indicates whether the app approves it or not, without passing additional data. However, the non-UI extension is expected to make calls to the issuer app’s backend, which typically require a token obtained through prior authentication services and may even involve an OTP. Is there a recommended way to share this information between extensions within the Apple Wallet Extension framework, or is using App Groups the only option? Additionally, during the provisioning process, is there any possibility of re-invoking the UI extension if further validation is required? Furthermore, according to the documentation, testing is carried out via TestFlight and in production. Is there any way to test these extensions on a physical device directly from Xcode for debugging purposes, or is TestFlight the only available method? Thank you very much in advance for your time and assistance.

We are facing issues with the Apple Pay pop up addresses. So for Portugal and Romania, we would like to collect the user's Province/State as part of the checkout experience. We already do that with other payment methods, however, we noticed Apple Pay pop up doesn't include state/province fields for these two countries, which causes orders to arrive with that field as blank. This is causing a lot of logistics issues during fulfillment. Is there a way to fix this and have the field appear for Portugal and Romania users? Case reference: 102869141084 Thank you!

Feedback ID: FB22759977 After clicking add to apple wallet in our app, I launch the PKAddPaymentPassViewController and click next. It loads for a few seconds and then I get: [] ProvisioningOperationComposer: Step '' failed with error Error Domain=PKProvisioningErrorDomain Code=5 UserInfo={PKErrorHTTPResponseStatusCodeKey=500}

Hi, I’m looking for clarification on Apple Pay merchant domain verification behavior. Our production domain’s verification expiry was extended without any action from our team. Previous expiry: May 21, 2026 Current expiry: October 6, 2026 The Verify button is greyed out, and we can’t download a new .txt file. We did not re‑verify the domain during this time. A few weeks prior, we did renew our Apple Pay Merchant Identity certificate for Apple Pay on the web. Could someone clarify: Does updating the Merchant Identity certificate trigger automatic domain revalidation or expiry extension? If so, why was the extension only 4 months? Does Apple automatically revalidate or extend merchant domain verification? Is this expected behavior, or should domains always be manually re‑verified?

We are seeing trial conversions for our auto-renewable monthly subscription wingman_monthly (App ID 6758346525) land in a persistent "Pending" state in users' iOS Purchase History after the 3-day free trial ends, with no debit reaching the user's payment method. App Store Server Notifications V2 indicate the renewals succeeded — each affected transaction is delivered as DID_RENEW (subType BILLING_RECOVERY not present) with is_trial_conversion: true, period_type: NORMAL, a new expires_date set 31 days in the future, AUD 19.99 attributed, no expirationIntent, no is_in_billing_retry_period, and no cancellation_reason. So Apple's billing layer reports the renewals as successful, but settlement does not appear to complete. The same trial-to-paid flow on our yearly product wingman_yearly in the same subscription group converts and debits cleanly. The pattern is specific to wingman_monthly.

In testing in-app push provisioning with a production TestFlight build built with Xcode Cloud (Xcode 26.4.1) the flow is failing when attempting to add cards. I start the flow by choosing the add to wallet button from within the app. I get to the stage “Add Card” and choosing continue fails with “Could Not Add Card” and a button “Set Up Later” Analysing the sysdiagnose logs reveals that the eligibility stage is failing with a HTTP 500 error. [9ix8SPBHSfWEcxLjj+j5bA] ProvisioningOperationComposer: Step 'eligibility' failed with error <PKProvisioningError: severity: 'terminal'; internalDebugDescriptions: '( "eligibility request failure", "Received HTTP 500" )'; underlyingError: 'Error Domain=PKPaymentWebServiceErrorDomain Code=0 "Unexpected error." UserInfo={PKErrorHTTPResponseStatusCodeKey=500, NSLocalizedDescription=Unexpected error.}'; userInfo: '{ PKErrorHTTPResponseStatusCodeKey = 500; }'; > FB22761556

We as a PSP register merchantIdentifiers when registering merchants to ApplePay. We then use these identifiers in a multiTokenContexts during ApplePay session creation / validation / payment. "multiTokenContexts": [ { "merchantIdentifier": "ABC-MID-1", "externalIdentifier": "MAIN_PURCHASE", "merchantName": "Main", "amount": "2.50" }, { "merchantIdentifier": "ABC-MID-1", "externalIdentifier": "CONVENIENCE_FEE", "merchantName": "Fee Processing", "merchantDomain": "m2.example.com", "amount": "2.50" } ] in response we get "authenticationResponses": [ { "merchantIdentifier": "0aff534d6d46fd653f60e6161c53101ee8d9cbc20b1bc40533c929d0a6aae6bc", "authenticationData": "AAAIAKnglVRsCyOvcgI*=", "transactionAmount": "250" }, { "merchantIdentifier": "bfc9a63b4ebab8cde90234731cb18a544c306b0af747d93d773fedb603f0945e", "authenticationData": "AAAIANBEqODkDcrDTgI*=", "transactionAmount": "250" } ] We need to know how to match the entries in the request array to the response array. Is the order guarantied? We did not find any documentation on how the response hash for the identifier is computed.

We are an Apple Pay consumer and observed elevated response times and intermittent timeouts affecting the create‑session API (apple-pay-gateway.apple.com/paymentservices/paymentSession) between approximately 8:01 PM and 8:35 PM PST today. We are reaching out to understand whether there were any service disruptions during this timeframe, as we do not see corresponding updates on the system status pages. We would like to confirm whether this behavior was related to a broader Apple Pay issue or specific to our integration.