We are essentially implementing a membership card feature wherein the card details originates from a third-party provider and gets stored in the Apple Wallet. We are utilizing the Passkit Generator ( https://www.npmjs.com/package/passkit-generator ) for this purpose.
The challenge, or rather issue, is that when this card is saved to Apple Wallet and tapped on the NFC reader, it only shows "Invalid Card."
When we attempted to gather information from the third-party provider regarding this issue on both Android and iOS, they stated:
"For IOS we do not have any experience to share with, rather than the fact we have implemented the VAS protocol under an NDA signed with Apple.
Related to Passkit we do not have any experience with it."
We require your assistance to identify any potential issues.
Apple Pay
RSS for tagDiscuss how to integrate Apple Pay into your app for secure and convenient payments.
Post
Replies
Boosts
Views
Activity
Hello everyone,
**I created a certificat using openssl using the steps below **
Generate a Certificate Signing Request (ecccertreq.csr)
Generate key pair in a key file
Code
openssl ecparam -genkey -name prime256v1 -out ecckey.key
Generate CSR from key pair in key file
Code
openssl req -new -sha256 -key ecckey.key -out ecccertreq.csr -subj '/O=Nahdi Merchant Identity'
Upload the Payment Processing Certificate CSR
Download the Apple signed Payment Processing Certificate
The certificate file (apple_pay.cer) appears in my Downloads folder
Generate the .p12 file (ecckeystore.p12)
Convert apple_pay.cer to PEM
Code
openssl x509 -inform DER -in apple_pay.cer -out apple_pay.pem
Import merchant certificate and private key to generate .p12
Code
openssl pkcs12 -export -out ecckeystore.p12 -inkey ecckey.key -in apple_pay.pem
But I am getting this error when testing using the curl_test.php file and also when trying to make a payment on our website, we already have a working certificat for another merchant id and we don't get the same error
Verbose info:
cURL Error
56 - OpenSSL SSL_read: error:14094418:SSL routines:ssl3_read_bytes:tlsv1 alert unknown ca, errno 0
Verbose information
* Trying 17.141.128.71:443...
* TCP_NODELAY set
* Connected to apple-pay-gateway.apple.com (17.141.128.71) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
* CAfile: /etc/ssl/certs/ca-certificates.crt
CApath: /etc/ssl/certs
* SSL connection using TLSv1.3 / TLS_AES_128_GCM_SHA256
* ALPN, server accepted to use http/1.1
* Server certificate:
* subject: businessCategory=Private Organization; jurisdictionC=US; jurisdictionST=California; serialNumber=C0806592; C=US; ST=California; L=Cupertino; O=Apple Inc.; CN=apple-pay-gateway.apple.com
* start date: Jul 24 19:05:42 2024 GMT
* expire date: Oct 22 19:15:42 2024 GMT
* subjectAltName: host "apple-pay-gateway.apple.com" matched cert's "apple-pay-gateway.apple.com"
* issuer: C=US; O=Apple Inc.; CN=Apple Public EV Server RSA CA 1 - G1
* SSL certificate verify ok.
> POST /paymentservices/paymentSession HTTP/1.1
Host: apple-pay-gateway.apple.com
Accept: */*
Content-Length: 131
Content-Type: application/x-www-form-urlencoded
* upload completely sent off: 131 out of 131 bytes
* OpenSSL SSL_read: error:14094418:SSL routines:ssl3_read_bytes:tlsv1 alert unknown ca, errno 0
* Closing connection 0
code-block
Hello,
I am seeking help to use AMEX cards provided in https://developer.apple.com/apple-pay/sandbox-testing/ and add them to apple pay/wallet and have them authorised to be used in app with the sandbox account that I am using, can you help?
Issue detailed:
It seems that the AMEX cards that are provided in the sandbox link can only be added to the SANDBOX account wallet and shortly after they get removed form it then marked as Unavailable after an attempt to get authorised
Please see screenshots of adding a AMEX card, Added & then Activating and after unavailable
All these cards have the same issue and are Amex the last on the list you can see in the first picture is saying activation and in the picture under Unavailable.
Pre-Conditions to set account and wallet & reproduce
Should have a SandBox account
The Sandbox users is set in US
The region of the device is set to US
The card that is attempted to be added is AMEX from the provided list
iOS versions 17.4.1 to 17.6 version possibly earlier too
Device iPhone 11 and others
Steps to reproduce:
Open wallet
Tap on Add Card
Add the Required test data Name/Card/ Date and CID
Tap on Agree & wait
Then Card is added
Wait for the process and for the card to be activated
Actual Result
1.The card is never shown as activated instead its marked as Unavailable
2. Amex Cant be added as a Default card assuming because its marked as Unavailable
Expected Result
The Amex card can be added and activated for use
Set as default should possibly not be a problem
Extra: if the user is using AMEX card from previous cards that are saved the card can get stuck on Activating.
https://developer.apple.com/documentation/appstoreservernotifications/app_store_server_notifications_version_1
It says that v1 is deprecated, but we have a lot of servers use v1, and we have to no time to update server code to move v1 to v2. So my question is, even v1 is deprecate, but if we don't need the new notification types in v2, can we still receive v1 notifications? cuz I can't find anywhere says when v1 will stop sending.
In our testing, we found that Apple Wallet Express Transit card is not being disabled when the default contactless app has been changed to a third party contactless payment app.
In this case, even if the user has changed his default setting, he has to disable his Express Transit card in Apple Pay settings as well. This leads to frictions in the consumer journey: Consumers tapping their card on an express terminal, expecting to pay their transit through the 3rd party app, will end up paying through Apple Pay.
Will Apple provide a fix for this in a subsequent iOS version and disable Express Transit together with the change of default app?
Hello,
I'm trying to build a wallet UI extension for card push provisioning of Apple Pay.
I try to add a user authentication step to the wallet app extension. I went through the documentations and app demo, but all the guidelines are based on swift UI, while I want to reuse the code from my Angular containing app (html, css, typescript) compiled to iOS native app with capacitor.
Does anyone have any experience how this can be done? Do I need to separate the authentication logic in my Angular project and compile it to a separate iOS native app using capacitor?
Thank you in advance.
Greetings,
Some background:
We have a setup where we have more than 100 domains where we want to enable ApplePay. At the moment we use normal web merchants and are able to support only 99domains, but are moving towards the registerMerchant API ( https://developer.apple.com/documentation/applepaywebmerchantregistrationapi/registermerchantrequest) so that we can create multiple internal merchant IDs to support more than a 100 domains.
One more important thing to note here is that we have 2 merchants for web, Merchant A and merchant B, and they are linked to different payment gateways and we need to support both due to some business logic.
So theoretically, if we have 140 domains, we want to register all 140 of these under both web merchants (A & B). Since each merchant can support 99, we plan on distributing the 140 domains across the merchant by using the registerMerchant API where we'll be creating internal merchant identifiers, for example, Merchant.A.1, Merchant.A.2, Merchant.B.1, and Merchant.B.2. Thus, we will be able to support all 140 domains on both.
While setting up, we noticed that we got a txt file for merchant A and B. We placed the txt file under the .wellknown path for merchant A and used the registerMerchant API to add a domain under merchant.A.1 and it worked. A few questions around this:
When we try to register the same domain under Merchant B, it works too even though the txt file is missing there for Merchant B. is this because domains are verified on an account level and not merchant level? And can we rely on this behaviour to always work? Can we say that registering all our 140 domains with merchant A, would ensure that when we try to verify them under Merchant B, it'll automatically work ( ofcourse we need to call the registerMerchant API,I am trying to understand the actual verification process)
When these domains are near expiration, the current re-verification process calls the same path to re-verify the domain. When using multiple merchants, which merchant txt file would be expected? Both? or just the original one?
Please let me know if there are any better ways of doing what we are trying to achieve and if they are documented anywhere.
Thank you!
Greetings,
We are using the paymentSession API to create sessions using the merchant ID and domain for our apple pay integration. We noticed that on production env, things work as expected and invalid domains don't create session. But while using this api on sandbox, we noticed that even invalid TLDs and unregistered domains are allowed to create sessions. is this expected? if yes, is it possible to make sure sandbox works the same way as production? We are trying to validate the working on internal merchant identifier and the discrepancy is making it harder to do so.
The API link - https://apple-pay-gateway.apple.com/paymentservices/paymentSession
Thank you!
Hi there,
We're experiencing difficulties setting up Apple Pay for our native macOS app written in Swift. The main issue seems to be with the "Apple Pay Merchant Identity" configuration.
When setting up the Merchant ID on the Apple Developer portal (https://developer.apple.com/account/resources/certificates/list), the only available platform listed is iOS. There's no option for us to add macOS to the supported platforms.
Our app uses PKPaymentAuthorizationController to present the Apple Pay sheet, but it fails immediately with a "Payment Not Completed" error. The macOS Console.app shows:
com.apple.PassKit.PaymentAuthorizationUIExtension - Payment failed with fatal error <private>
PKPeerPaymentService XPC Error: Error Domain=NSCocoaErrorDomain Code=4099 "The connection to service named com.apple.passd.peer-payment was invalidated: failed at lookup with error 159 - Sandbox restriction." UserInfo={NSDebugDescription=The connection to service named com.apple.passd.peer-payment was invalidated: failed at lookup with error 159 - Sandbox restriction.}
We've verified that our code works correctly on iOS, but we can't get it functioning on macOS. It seems like adding Apple Pay to a macOS app might not be fully supported, although the developer docs outline support for macOS.
Additionally, we suspect this could be an issue with sandboxing.
Are there additional steps or configurations required for Apple Pay on macOS that differ from iOS? Any guidance on properly setting up Apple Pay for a native macOS app would be greatly appreciated.
After setting up the code and panel as per the documentation of app store connect and revenue cat, when I try to fetch the product from my app, it shows following error:
PlatformException(2, There was a problem with the App Store., {readable_error_code: STORE_PROBLEM, userCancelled: false, underlyingErrorMessage: An unknown error occurred, code: 2, message: There was a problem with the App Store., readableErrorCode: STORE_PROBLEM}, null)
We now want to take this a step further adding Rewards Enrollment via the terminal. So scenario is:
customer pays with apple pay on adyen terminal
we check if the customer has the NFC pass in the wallet
if so, they earn points (regular flow which is working)
if not, wallet asks if you want to onboard into the program. We use personalization.json for for this and a webservice from us
We have everything setup, but the personalization isn’t working. We follow all these steps:
https://developer.apple.com/library/archive/documentation/UserExperience/Conceptual/PassKit_PG/PassPersonalization.html
The issue is that we never receive a POST request from wallet on the /personalize route we needed to set up. It simply never triggers.
We tried to do it manually from wallet using the ‘Add Personal Info’ button that appears now (because we added personalization.json to the pkpass bundle), but this triggers a message ‘Unable to personalise pass’, while it should show the personalization fields with our logo on top. See 2 attchements, one with the error, second one how it should look after clicking the ‘Add Personal Info’ button.
I'm developing an App Clip to add cards to Apple Wallet,and I want to check if card already added to PassKit library.For example, to show "Apple Pay enabled" checkmark on a card's UI.
when I call these codes:
PKPassLibrary *passLibrary = [[PKPassLibrary alloc] init];
NSArray<PKPass *> *paymentPasses = [passLibrary passesOfType:PKPassTypePayment];
the paymentPasses returns an empty array.I want to know if App Clip can access passes, and how can I get the entitlements to query the pass library.
is there any avaiable demo for java?
Acutally, i use code below to decrypt wrappedKey :
Cipher oaepFromInit = Cipher.getInstance("RSA/ECB/OAEPWithSHA-256AndMGF1Padding", new org.bouncycastle.jce.provider.BouncyCastleProvider());
OAEPParameterSpec oaepParams = new OAEPParameterSpec("SHA-256", "MGF1", new MGF1ParameterSpec("SHA-1"), PSource.PSpecified.DEFAULT);
PKCS8EncodedKeySpec pkcs8KeySpec = new PKCS8EncodedKeySpec(privKey);
KeyFactory keyFactory = KeyFactory.getInstance("RSA");
Key privateKey = keyFactory.generatePrivate(pkcs8KeySpec);
oaepFromInit.init(Cipher.DECRYPT_MODE, privateKey, oaepParams);
return oaepFromInit.doFinal(wrappedKeyBytes);
But this code can't decrypt wrappedKey, always occur error:
Exception in thread "main" org.bouncycastle.jcajce.provider.util.BadBlockException: unable to decrypt block
at org.bouncycastle.jcajce.provider.asymmetric.rsa.CipherSpi.getOutput(Unknown Source)
at org.bouncycastle.jcajce.provider.asymmetric.rsa.CipherSpi.engineDoFinal(Unknown Source)
at javax.crypto.Cipher.doFinal(Cipher.java:2168)
at Caused by: org.bouncycastle.crypto.InvalidCipherTextException: data wrong
at org.bouncycastle.crypto.encodings.OAEPEncoding.decodeBlock(Unknown Source)
at org.bouncycastle.crypto.encodings.OAEPEncoding.processBlock(Unknown Source)
... 5 more
publicKeyHash value match my publicKey and privateKey, and I can use my publicKey and privatekey to encrypt and decrypt my own text in same algorithm.
Hello,
In the wallet implementation guide there's note:
‘
Note
If the issuer uses an explicit App ID, it may not match their developer account Team ID. See Developer
Account Help for more information.`
Does an explicit App ID prefix (different from the current team id) impact in any way the app's integration with Apple Pay? Should the app switch to the default TeamID prefix?
Greetigs has anyone been able to use storekit sandbox when making a purchase of any product consumable non-consumable or subscription it completes the purchase then starts the purchase flow in an infinite loop and suggestions
During the WWDC2022 talk "What's new in Apple Pay - WWDC2022" the new SwiftUI implementation of Pay with Apple Pay was introduced.
During the talk only a code snipped is shared (screenshot).
Is there any example app or reference code that uses the APIs? Especially:
PayWithApplePayButton and
PayWithApplePayButtonPaymentAuthorizationPhase
Link to the talk: What's new in Apple Pay - WWDC2022
Hi. I'm planning of creating a system for in-office access control that allows putting employee ID card in Apple Wallet to unlock the door without unlocking iPhone, something like HID Global's Employee Badge in Apple Wallet.
I searched and it seems that Apple Access is suitable for unlocking the office door, but I couldn't find any relevant development documentation.
What kind of enrollment or application is required to put my employee ID card in Apple Wallet with Apple Access and use Express mode?
Also, could one share any related development documents please?
Thank you in advance.
Hello, I have a question to consult. My app includes app purchase, and I will receive the receipt after the purchase. During the testing process, it was found that with the increase of orders without "Finish" (simulating the situation of a user's order loss), the length of receipt would also increase. At present, our test account contains a maximum of 10 orders that are not "finished", and the length of "receipt" is increased from the first voucher length: [12812 characters] [9609 bytes] to the tenth voucher length: [17220 characters] [12913 bytes], currently we are testing in a sandbox environment. My question is whether there is a maximum length limit for the field receipt in a formal environment, and if so, what is the maximum length?
Is there a way to query the available credit/debit cards in the users Apple Wallet? I want to be able to load a specific card when the user is about to pay with Apple Pay.
I don't need the card numbers or anything, just the card brand (like "Wells Fargo Active Cash"). I'm not a card issuer.
Hey there, I have a question about the Payment Processing Certificate.
Does this certificate need to be in an account that is only using Push Provisioning in the apps? We don't have any payments being made in app.
Do the Wallet app use this certificate to make the payments? Or only stores uses it to make in-app payments?
The final question is: can we remove this certificate?