When running the test app with test flight before actually opening the app, the execution region is Korea and the country code is Korea, but the currency code on the payment screen is displayed as dollars or euros instead of won. In the payment settings, the currency code is set to won for Korea and dollars for the United States, and the European region is not set at all, but in some phones it is displayed as euros, and in some phones it is not like this, and in some cases it is displayed as won normally.

I'm trying to create an Apple Pay session for my website. I'm starting with curl for now, just to get proof of concept. curl --cert cert.pem --pass {passphrase} --header "Content-Type: application/json" --request POST --data '{"merchantIdentifier":"{merchantIdentifier}","displayName":"testDisplayName", "initiative": "web", "initiativeContext": "{domain}"}' https://apple-pay-gateway.apple.com/paymentservices/paymentSession This is the response I get back { "statusMessage": "Payment Services Exception merchantId={VERY-LONG-ID} not registered for domain={domain}", "statusCode": "400" } I'm not sure why this is happening. {domain} is in the form of sub.site.tld with no protocol, such as https, which matches what I see in the list of the domains in the merchant identity dashboard. The {merchantIdentifier} also matches what I see in the top right, but the merchantId in the response is something I don't recognize. It's a long string of characters that appears to be hexadecimal. I added the apple-developer-merchantid-domain-association file to my .well-known directory and the dashboard does report that the domain is verified. I am making the request from the web server that the domain resolves to, if that matters. I can't think of any reason this would be happening. I'm not sure where the long merchantId in the response is coming from. Does it matter that it doesn't match what I supplied in the request? As far as I can tell, I am using the correct merchantIdentifier. It matches the dashboard and the CN field of the certificate. I found this other post that seems to have a similar error: https://forums.developer.apple.com/forums/thread/671227 The main difference is a 417 status code instead of the 400 I got. But the problem here was that there was no payment processing certificate and I do have one of those. I haven't checked with my processor to verify that the certificate is published, but I will do that soon. I wouldn't expect that to matter. Maybe it does? What other reason could I be getting this error? Could it be a problem with my merchant identity certificate? It took a lot of effort to make it work. But I suspect it's fine, otherwise I wouldn't be getting a response from Apple at all. I can't think of any other possible problems.

We have recently begun testing in our production environment and have been unable to push provision any cards, receiving a 500 error: default 11:15:59.136742-0300 PassbookUIService Response: https://pr-pod9-smp-device.apple.com:443/broker/v4/devices/SEID_NUMBER/cards 500 Time profile: 0.486102 seconds { x-conversation-id = "52463d9f488e428f829633a1518ea72d" Vary = "accept-language" Content-Type = "application/json" x-pod = "pr-pod9" x-keystone-correlationid = "058F11DE-839F-47AC-A623-741BF32CEA80" Date = "Thu, 16 Jan 2025 14:15:58 GMT" x-apay-service-response-details = "via_upstream" Content-Length = "81" x-envoy-upstream-service-time = "172" x-pod-region = "paymentpass.com.apple" } { statusCode = 500; statusMessage = "Broker Service Response exception"; } In 05/2024 we received an e-mail from applepayentitlementsapple.com confirming the granting of in-app provisioning entitlements for our production apps. We've already sent a feedback on Feedback Assistant. Here is the code to track: FB16344669. Also, we sent another e-mail to applepayentitlementsapple.com, Case-ID: 11317916, but we haven't received a reply yet. Can you help us? We are concerned, since our pre-certification starts on January 27th. Thanks in advance.

We have already completed the Apple Pay(App & Web) implementation according to the provided instructions. We have over 10,000 websites, each with a different domain. As per Apple’s documentation, we need to perform the domain verification process for each domain. Manually verifying all 10,000 domains is not feasible. For Google Pay, we have a streamlined process, and we would like to know if a similar solution exists for Apple Pay. Could you please provide us with any recommendations or solutions to facilitate this domain verification process efficiently?

Hi, Please refer the info graphic . I'm an issuer Bank App, who wants to add a card to phone's Digital Wallet. When I hit add to Apple or Google wallet, my API call goes to a Token Requester server and then to Token Service provider. In this process, I do get a JWT token back, but when I try to add token to Digital Wallet, I always get the message "The pass cannot be read because it is not valid". So few question: Is there a way to debug the token that is received by the app? Is there any kind of API console that I can look to see what is happening and why the pass is not valid? I, being the Issuer Bank App, a Token Service Requester and A Token Service Provider, who should be communicating with Apple servers? Are there any documents that explicitly shows (example) the flow of adding a credit card to Digital Wallet from iOS perspective? Any other help is appreciated. On my end, I have done this: public void AddToDeviceAsync(string data) { try { var dataArray = Encoding.UTF8.GetBytes(data); if (data.Length > 0) { if (PKAddPassesViewController.CanAddPasses && PKPassLibrary.IsAvailable) { _nsData = NSData.FromArray(dataArray); ObjCRuntime.Class.ThrowOnInitFailure = false; _pkPass = new PKPass(_nsData, out NSError e); if (!string.IsNullOrWhiteSpace(e?.LocalizedDescription)) { UserDialogs.Instance.AlertAsync(e.LocalizedDescription, AppResources.Alert); return; } if (!PkLibrary.Contains(_pkPass)) { var controller = new PKAddPassesViewController(_pkPass); var rootViewController = UIApplication.SharedApplication.Delegate.GetWindow().RootViewController; if (rootViewController != null) { var topController = TopViewControllerWithRootViewController(rootViewController); topController?.PresentViewController(controller, true, null); } } else { UserDialogs.Instance.AlertAsync(AppResources.Pass_Already_Present, AppResources.Alert); } } } else { UserDialogs.Instance.AlertAsync(AppResources.Invalid_Pass_Data, AppResources.Alert); } } catch (Exception e) { UserDialogs.Instance.AlertAsync(e.Message, AppResources.Alert); } }

Hello team , We have created a sandbox tester and added all the setting as per the guidelines but the sandbox tester account is blocked from adding the test card . All the test cards show as invalid card . We are not able to able to add wallet from iCloud . We are not able to sign into iTunes with the sandbox tester account . Please help on how to resolve this . Thanks in Advance

Hello, we are developing in app provisioning of our American Express network cards. After clicking add to apple wallet in our app, I launch the PKAddPaymentPassViewController and click next. It loads for a few seconds and then I get: [<private>] ProvisioningOperationComposer: Step '<private>' failed with error Error Domain=PKProvisioningErrorDomain Code=5 UserInfo={PKErrorHTTPResponseStatusCodeKey=500} Does anyone have any insight on what this error means?

I am seeking an assistance with an issue we've encountered during our efforts to integrate Apple Pay into our web application. We're using Angular on our client side. and our server side is powered by AEM(Adobe Experience Manager), which is based on Java. As part of our integration process, we're following the Apple Pay documentation. However, we've encountered a challenge during the merchant validation step. Our server-side implementation, responsible for validating the merchant identity and generating a session object for payment requests, is encountering an SSL handshake error. Here's the error message we're encountering: javax.net.ssl|FINE|01|main|2024-03-20 05:19:52.812 IST|SSLCipher.java:1817|KeyLimit read side: algorithm = AES/GCM/NOPADDING:KEYUPDATE countdown value = 137438953472 javax.net.ssl|FINE|01|main|2024-03-20 05:19:52.813 IST|SSLCipher.java:1971|KeyLimit write side: algorithm = AES/GCM/NOPADDING:KEYUPDATE countdown value = 137438953472 javax.net.ssl|FINE|01|main|2024-03-20 05:19:52.849 IST|SSLCipher.java:1817|KeyLimit read side: algorithm = AES/GCM/NOPADDING:KEYUPDATE countdown value = 137438953472 javax.net.ssl|FINE|01|main|2024-03-20 05:19:52.850 IST|SSLCipher.java:1971|KeyLimit write side: algorithm = AES/GCM/NOPADDING:KEYUPDATE countdown value = 137438953472 javax.net.ssl|FINE|01|main|2024-03-20 05:19:54.082 IST|Utilities.java:73|the previous server name in SNI (type=host_name (0), value=apple-pay-gateway-cert.apple.com) was replaced with (type=host_name (0), value=apple-pay-gateway-cert.apple.com) javax.net.ssl|FINE|01|main|2024-03-20 05:19:54.448 IST|SSLCipher.java:1817|KeyLimit read side: algorithm = AES/GCM/NOPADDING:KEYUPDATE countdown value = 137438953472 javax.net.ssl|FINE|01|main|2024-03-20 05:19:54.448 IST|SSLCipher.java:1971|KeyLimit write side: algorithm = AES/GCM/NOPADDING:KEYUPDATE countdown value = 137438953472 javax.net.ssl|SEVERE|01|main|2024-03-20 05:19:54.453 IST|TransportContext.java:369|Fatal (CERTIFICATE_UNKNOWN): sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target ( "throwable" : { sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) at sun.security.validator.Validator.validate(Validator.java:271) at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:312) at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:221) at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:128) at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1339) at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1230) at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1173) at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:376) at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:479) at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:457) at sun.security.ssl.TransportContext.dispatch(TransportContext.java:200) at sun.security.ssl.SSLTransport.decode(SSLTransport.java:155) at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280) at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ... 24 more} } We've reviewed our server configuration and checked that the SSL/TLS settings are correctly configured. Additionally, we've ensured that the server's SSL certificate is valid and up-to-date.

I have apple pay on the web running ok on our website, using ios devices When I load the cart in a browser and try using the 'scan now qr code', my pay sheet displays on my iphone and then immediately closes. How can I debug the issue? I'm not seeing any logging or issues.

While submitting post request for Apple Pay Session in Sandbox enviornment, we are getting "The request was aborted: Could not create SSL/TLS secure channel" . The site is deployed in IIS and has TLS1.2 enabled , with Application using .NET 4.8 framework. All the setup required for Apple Pay as mentioned in the apple pay site are verified e.g. Ciphers, TLS , IPs whitesliting etc and they look good. We are able to connect thro Postman and same code works when tested from a sample console application in the server hosting the applicaiton However issue happens only when the session is initiated from the Application. Any pointers to the above is appreciated.....

When integrating the Wallet Extension, after clicking my app icon from the "From Apps on Your iPhone" list, I encountered the message: "Cannot Add Card. '***' is not responding. Wait a few minutes and try again. If the problem continues, contact the card issuer's customer service" instead of the configured login page appearing as expected. What could be causing this issue, and how should I resolve it?

Hi support, Since June 26th 2025 we are experiencing an issue with the ApplePay SSL server certificate installed on our servers in Production environment. We are facing an exception error during the initializing of a payment session while calling the url: https://apple-pay-gateway.apple.com/paymentservices/startSession The exception is Untrusted Server Certificate Chain: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: Untrusted Server Certificate Chain       at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)       at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1915)       at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:306)       at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:300)       at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1577)       at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:213)       at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1010)       at sun.security.ssl.Handshaker.process_record(Handshaker.java:946)       at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1034)       at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1343)       at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1370)       at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1354) It seems that the issue occurs randomly: we are experiencing this exception on most of our payment transactions, but there are some cases of users that have correctly paid on our site using this method and in those cases this error did not appear. We installed the new certificate on our servers on July 3rd 2025 and renewed on Aug 7th 2025. The new certificate validity is: Not Before: Aug 6 18:43:52 2025 GMT Not After : Nov 4 18:08:57 2025 GMT I must specify that this issue is blocking the correct placement of AppleyPay orders of our customers. Can you please help us find the problem and a possible solution?

I am looking for help with validation of an Apple Pay payload from the perspective of an Apple Pay processor. Further details would require an NDA.

really easy to access to you account

Hi, we are implementing the push provisioning via the Apple Wallet Extension starting from the example at https://developer.apple.com/documentation/passkit/implementing-wallet-extensions. To correctly manage the push provisioning on Apple Watch, specifically for a card tokenised in the iPhone but not in the Watch, we need to know if there is a connected Apple Watch to the iPhone. We are using the following code from the Apple Wallet Extension example to detect whether there is a connected watch: WCSession* session = [WCSession defaultSession]; session.delegate = delegate; [session activateSession]; In the main target of the app, at the end of the activation the system correctly calls the delegate method: session:activationDidCompleteWithState:error: but we noticed it is not being called in the UI extension context (the one having NSExtensionPointIdentifier: com.apple.PassKit.issuer-provisioning.authorization). We don't understand why the delegate is not being called in the UI extension, can you please help? Thanks! Steps to Reproduce: Start with a card not added in the Apple Wallet app Open the Apple Wallet app Click on add card Select the app to launch the Wallet Extension flow The Apple Wallet Extension with UI is on screen and invokes the activateSession method, the delegate method is not invoked and session.isPaired returns "no". Xcode Version 16.2 macOS Version 15.6.1 (24G90) Feedback ID FB20082564

We created the P12 key from the Merchant ID certificate using KeyChain Access when developing Apple Pay for web. Now we are in the process of deploying Apple Pay to Prod, do we need to generate a new P12 key for Prod? I am not sure about the process here, and need some assistance or understanding. Do I need to create a new P12 for Production deployment or can I use the P12 created when developing? Thanks

Issue Description In our Apple Pay integration process, the validation URL returned from the onvalidatemerchant callback is: https://apple-pay-gateway.apple.com/paymentservices/startSession However, according to Apple’s official documentation (reference link), the correct validation URL is: https://apple-pay-gateway.apple.com/paymentservices/paymentSession We are seeking clarification and assistance regarding the following issues: Issue 1 Will continuing to use the startSession URL cause problems or errors? Are there functional differences between the two URLs (startSession and paymentSession)? Does Apple still officially support startSession, or are we required to switch to paymentSession? Issue 2 We occasionally experience the following 400 error, even though the URL we use for validation is the one returned from the onvalidatemerchant callback: 400: { "statusMessage": "Payment Services Exception merchantId=*** not registered for domain=***.com", "statusCode": "400" } We have verified the following: Our Merchant ID and certificates are valid. All Apple Pay configuration details, including merchant domain verification and placement of the .well-known/apple-developer-merchantid-domain-association file, have been correctly set up and verified. However, we still encounter the error intermittently. Questions: If we need to transition to using paymentSession, how should we do this? Could this error be related to the use of startSession? If not, how should we troubleshoot further? Support Needed Confirmation and clarification on the proper usage and differences between the two URLs: startSession and paymentSession. Guidance on how we can investigate and resolve the 400 error to ensure that the Apple Pay validation process works consistently. We appreciate your assistance and support!

I'm successfully using Apple subscriptions in my app, but I'm encountering SKErrorCodeDomain error 18 when trying to apply a subscription offer. I want apply offer code first time only for subscription. Below are details of what i set in appstore and what i have tested. Subscription Offer Details Offer Type: For the first month Customer Eligibility: New, Existing, and Expired Subscribers Code Status: Active Offer Code Creation Steps: App Store Connect → App → Subscription → Select Subscription Product → Offer Codes → Add → Add Custom Codes Signature Generation for Promotional Offers I'm following Apple's documentation to generate a signature: https://developer.apple.com/documentation/storekit/generating-a-signature-for-promotional-offers I’ve constructed the payload as instructed: appBundleId + '\u2063' + keyIdentifier + '\u2063' + productIdentifier + '\u2063' + offerIdentifier + '\u2063' + appAccountToken + '\u2063' + nonce + '\u2063' + timestamp Keys and Identifiers keyIdentifier, issuerId, and .p8 file are obtained from: App Store Connect → Users and Access → Integrations → In-App Purchase Test user created under: App Store Connect → Users and Access → Sandbox → Test Accounts Logged in with this account on the iPhone What I’ve Tried Verified all values used in the payload are correct Tried both seconds and milliseconds for the timestamp (as per documentation, it should be in milliseconds) Tried setting appAccountToken to: a valid UUID an empty string not setting it at all Used Apple’s sample code to generate a signature: https://developer.apple.com/documentation/storekit/generating-a-promotional-offer-signature-on-the-server Verified the generated signature locally, and it validated successfully: https://developer.apple.com/documentation/storekit/generating-a-signature-for-promotional-offers#Validate-locally-and-encode-the-signature Apple’s sample code to generate a signature Downloaded from const express = require('express'); const router = express.Router(); const crypto = require('crypto'); const ECKey = require('ec-key'); const secp256k1 = require('secp256k1'); const uuidv4 = require('uuid/v4'); const KeyEncoder = require('key-encoder'); const keyEncoder = new KeyEncoder('secp256k1'); const fs = require('fs'); function getKeyID() { return "KEYIDXXXXX"; } router.post('/offer', function(req, res) { const appBundleID = req.body.appBundleID; const productIdentifier = req.body.productIdentifier; const subscriptionOfferID = req.body.offerID; const applicationUsername = req.body.applicationUsername; const nonce = uuidv4(); const currentDate = new Date(); const timestamp = currentDate.getTime(); const keyID = getKeyID(); const payload = appBundleID + '\u2063' + keyID + '\u2063' + productIdentifier + '\u2063' + subscriptionOfferID + '\u2063' + applicationUsername + '\u2063'+ nonce + '\u2063' + timestamp; // Get the PEM-formatted private key string associated with the Key ID. // const keyString = getKeyStringForID(keyID); // Read the .p8 file const keyString = fs.readFileSync('./SubscriptionKey_47J5826J8W.p8', 'utf8'); // Create an Elliptic Curve Digital Signature Algorithm (ECDSA) object using the private key. const key = new ECKey(keyString, 'pem'); // Set up the cryptographic format used to sign the key with the SHA-256 hashing algorithm. const cryptoSign = key.createSign('SHA256'); // Add the payload string to sign. cryptoSign.update(payload); /* The Node.js crypto library creates a DER-formatted binary value signature, and then base-64 encodes it to create the string that you will use in StoreKit. */ const signature = cryptoSign.sign('base64'); /* Check that the signature passes verification by using the ec-key library. The verification process is similar to creating the signature, except it uses 'createVerify' instead of 'createSign', and after updating it with the payload, it uses `verify` to pass in the signature and encoding, instead of `sign` to get the signature. This step is not required, but it's useful to check when implementing your signature code. This helps debug issues with signing before sending transactions to Apple. If verification succeeds, the next recommended testing step is attempting a purchase in the Sandbox environment. */ const verificationResult = key.createVerify('SHA256').update(payload).verify(signature, 'base64'); console.log("Verification result: " + verificationResult) // Send the response. res.setHeader('Content-Type', 'application/json'); res.json({ 'keyID': keyID, 'nonce': nonce, 'timestamp': timestamp, 'signature': signature }); }); module.exports = router; Postman request and response Request URL: http://192.168.1.141:3004/offer Request JSON: { "appBundleID":"com.app.bundleid", "productIdentifier":"subscription.product.id", "offerID":"OFFERCODE1", "applicationUsername":"01234b43791ea309a1c3003412bcdaaa09d39a615c379cc246f5f479760629a1" } Response JSON: { "keyID": "KEYIDXXXXX", "nonce": "f98f2cda-c7a6-492f-9f92-e24a6122c0c9", "timestamp": 1753510571664, "signature": "MEYCIQCnA8UGWhTiCF+F6S55Zl6hpjnm7SC3aAgvmTBmQDnsAgIhAP6xIeRuREyxxx69Ve/qjnONq7pF1cK8TDn82fyePcqz" } Xcode Code func buy(_ product: SKProduct) { let discountOffer = SKPaymentDiscount( identifier: "OFFERCODE1", keyIdentifier: "KEYIDXXXXX", nonce: UUID(uuidString: "f98f2cda-c7a6-492f-9f92-e24a6122c0c9")!, signature: "MEYCIQCnA8UGWhTiCF+F6S55Zl6hpjnm7SC3aAgvmTBmQDnsAgIhAP6xIeRuREyxxx69Ve/qjnONq7pF1cK8TDn82fyePcqz", timestamp: 1753510571664) let payment = SKMutablePayment(product: product) payment.applicationUsername = "01234b43791ea309a1c3003412bcdaaa09d39a615c379cc246f5f479760629a1" payment.paymentDiscount = discountOffer SKPaymentQueue.default().add(payment) } Issue Even following instructions to the documentation and attempting various combinations, the offer keeps failing with SKErrorCodeDomain error 18. Has anyone else experienced this? Any suggestions as to what may be amiss or how it can be corrected?

To continue your enrollment, complete your purchase now But when I tried to purchase I am not able to pay

I am encountering an issue related to the status property within the payment object of the order.json file when opening an order in the iOS Wallet. According to the official documentation, the status property in the payment object is marked as deprecated. Based on this information, I removed the status property from the order.json. However, when I attempt to open the order in the iOS Wallet app, an error occurs, preventing the order from being opened. This creates confusion, as the documentation implies that the status property in the payment object is no longer required. However, the iOS Wallet app seems to still rely on the presence of this property or encounters an error when it’s missing. Tested on IOS 17.6.1 & IOS 18