https://developer.apple.com/documentation/apple_pay_on_the_web/applepaypaymentrequest/3955945-multitokencontexts According to this document, I know that I can initialize a multiTokenContexts when initializing ApplePayPaymentRequest. But I am now facing a tricky problem. If the user's order does not require multiTokenContexts, then I will not initialize this field when I first make ApplePayPaymentRequest. When the user is in the payment process, I may update multiTokenContexts. But this time, the update is not allowed, ApplePay will be cancelled and the payment will be closed. For example, if the user's address in Apple Pay is different, I need to update multiTokenContexts to support the payment of goods to multiple merchants, which will generate an update of multiTokenContexts. MultiTokenContexts can be updated in the onshippingcontactselected method. https://developer.apple.com/documentation/apple_pay_on_the_web/applepaysession/1778009-onshippingcontactselected My question is that from the beginning, there was no multiTokenContexts to update multiTokenContexts in onshippingcontactselected, which would cause the user to close the payment and need to manually click to pay again. This user experience is not very friendly. Is there a better way for me to go from no multiTokenContexts to multiTokenContexts without interrupting the user's payment process?

I've encountered an issue with Apple Pay in PC Chrome with iOS 18. Below is the scenario and code for reference: Issue Scenario: A button is clicked to initiate the Apple Pay process. A QR code window pops up, which I scan with my phone. As soon as the session is established, the window closes immediately, not allowing the user to select a payment card. No errors appear in the console. Here's the code snippet for handling the Apple Pay button click: const onApplePayButtonClicked = () => { if (!window.ApplePaySession) { return; } log('Apple Pay button clicked'); const request = { countryCode: 'UA', currencyCode: 'UAH', merchantCapabilities: ['supports3DS'], supportedNetworks: ['visa', 'masterCard'], total: { label: 'PoC Merchant Apple Pay', type: 'final', amount: amount.toString(), }, }; const session = new window.ApplePaySession(3, request); session.onvalidatemerchant = async (event) => { try { log('Creating ApplePaySession'); const response = await fetchAppleSessionAPI(event.validationURL, applePayMercantId, { deviceId, refreshToken }); log('validateMerchantResponse', response); session.completeMerchantValidation(response.applePaySessionData); } catch (error) { log('validateMerchantError', error); } }; session.onshippingmethodselected = () => { const newTotal = { label: 'PoC Merchant Apple Pay', type: 'final', amount: amount.toString(), }; session.completeShippingMethodSelection(window.ApplePaySession.STATUS_SUCCESS, {}, newTotal); }; session.onpaymentauthorized = async (event) => { log('onpaymentauthorized', event); const result = { status: window.ApplePaySession.STATUS_SUCCESS, }; session.completePayment(result); log('TOKEN', event.payment.token); }; session.begin(); }; Troubleshooting Steps Taken: Verified that window.ApplePaySession is available. Checked for any console errors—none found. Confirmed that the QR code scanning and session initiation work as expected. Expected Behavior: After scanning the QR code and establishing the session, the user should be able to select a payment card and proceed with the payment flow. Current Behavior: The window closes immediately after the session is established, preventing card selection. Has anyone else faced this issue or has insights on how to resolve it? Thanks in advance!

iOS 16 and earlier On iOS 16 and earlier, Apple Pay on the Web required Safari—and all interactions with the Apple Pay API to come from the parent/top level page. In order to facilitate the Apple Pay button in an HTML inline frame (iframe), there will need to be cross frame communication between the child and parent pages. Cross frame communication should be secure and robust, therefore the use of postMessage for this purpose is recommended. The expectation is for all communication with Apple Pay to occur from the parent page, so the iframe must relay all Apple Pay related events to the parent to handle. Some examples: Apple Pay availability: The parent calls applePayCapabilities, then sends the message of the response to the iframe, which then uses the value to toggle the visibility of the Apple Pay button. Apple Pay session: The iframe receives an onclick() event when the Apple Pay button is clicked and sends the message to the parent (providing details about the transaction). The parent create the payment request to obtain the session validation URL, and eventually receive session credentials and invokes completeMerchantValidation() to prevent the payment sheet. After the payment is authorized by the Payment Service Provider (PSP), the parent either: Redirects the parent page to a payment success page; or Sends a message to the iframe to complete the transaction flow itself. iOS 17 and later On IOS 17 and later, the iframe HTML element should include the allow="payment" attribute, which should facilitate the cross frame communications instead of needing a dedicated JavaScript library. This means all of the Apple Pay code/calls can reside in the iframe page—which is typically a hosted page from a Payment Service Provider (PSP), all the parent page—typically a merchant—has to do is add the attribute mentioned above to the iframe element. Important: Regardless of the iOS version, the PSP/merchant always needs to make sure the parent page domain is the one registered in the Developer portal, and used in the request to generate a merchant session via ApplePaySession. Cheers, Paris X Pinkney |  WWDR | DTS Engineer

Hi everyone, I am new to Apply Pay, but I have already implemented IAP for subscriptions in my app. My app also has other functionalities, it also acts as a person-to-person marketplace, as users can post events or online courses which can be bought by other users to participate. My question is that I have read Apple's review guidelines but it is still unclear for me if I can use Apple Pay (with for example Stripe) or do I still need to use IAP for this online content. Also non profit organizations also can register which can recieve donations, can I also use Apple Pay for that or do I still need IAP there, because it would be nice if Apple would take 30% of donations.

A team observed lots of timeouts from the Apple Pay session endpoint: https://apple-pay-gateway-cert.apple.com/paymentservices/paymentSession Is it expected or some kind of an implementation issue from the caller side? Thanks!

We are seeking assistance with an issue encountered during the integration of Apple Pay into our web application using the third-party payment gateway Heartland. Our application uses JavaScript on the client side and PHP on the server side. Despite following all the guidelines provided by Heartland, we are unable to validate the merchant at the backend. The validation consistently returns false. We request your guidance or a step-by-step solution to help resolve this issue. Steps Followed: Registered a merchant identifier in our Apple Developer account. Enabled the Apple Pay Processing Certificate for the merchant. Logged into the Heartland account, accessed the Apple Pay setup page from the "Keys and Credentials" section, and created a Certificate Signing Request (CSR). Uploaded the CSR from Heartland to the Apple Pay Processing Certificate in the Apple Developer account. Downloaded the signed certificate from the Apple Developer account and uploaded it to Heartland. For the web application: Registered the merchant identifier and validated our domain in the Apple Developer account. Created a Merchant Identity Certificate linked to the same merchant identifier. Followed the same steps 2–5 from the in-app implementation. Code Implementation: Client-Side (React): import React from 'react'; const Button = () => { const initializeApplePay = () => { if (window.ApplePaySession && window.ApplePaySession.canMakePayments()) { const paymentRequest = { countryCode: 'US', currencyCode: 'USD', supportedNetworks: ['visa', 'masterCard', 'amex'], merchantCapabilities: ['supports3DS'], total: { label: 'Your Store', amount: '1.00' }, }; const session = new window.ApplePaySession(3, paymentRequest); // Merchant Validation session.onvalidatemerchant = (event) => { fetch('https://staging-api.parkengage.com/apple-pay-session', { method: 'POST', headers: { 'Content-Type': 'application/json' }, body: JSON.stringify({ initiative: 'web', initiativeContext: 'parkengage.com', validationURL: event.validationURL, }), }) .then((response) => response.json()) .then((data) => { if (data.error) { console.error('Merchant validation failed:', data.error); } else { session.completeMerchantValidation(data); } }) .catch((error) => console.error('Validation error:', error)); }; session.onpaymentauthorized = (event) => { const paymentToken = event.payment.token; fetch('/process-payment', { method: 'POST', headers: { 'Content-Type': 'application/json' }, body: JSON.stringify({ token: paymentToken }), }) .then((response) => response.json()) .then((data) => { if (data.success) { session.completePayment(window.ApplePaySession.STATUS_SUCCESS); } else { session.completePayment(window.ApplePaySession.STATUS_FAILURE); } }) .catch((error) => console.error('Payment error:', error)); }; session.begin(); } else { console.log('Apple Pay is not supported on this device.'); } }; return ( Buy with Apple Pay ); }; export default Button; Server-Side (PHP cURL): curl 'https://staging-api.parkengage.com/apple-pay-session' -X 'POST' -H 'Content-Type: application/json' --data-binary '{ "initiative": "web", "initiativeContext": "https://parkengage.com", "validationURL": "https://apple-pay-gateway-cert.apple.com/paymentservices/startSession" }' Issue: The merchant validation fails and returns false. Please guide us on troubleshooting this issue or provide insights on missing configurations.

Why did my sandbox test fail due to not being able to obtain the product list?

During our Apple Pay integration testing, we encountered an issue that we're unsure how to resolve. Below are the steps we followed: Created an Apple Pay sandbox test account for Raul and added a test card, following the documentation here: https://developer.apple.com/apple-pay/sandbox-testing/ Opened the Golfmanager platform and initiated a booking. For payment, selected Apple Pay as the method. Raul clicked the Apple Pay button on the Golfmanager UI. He scanned the QR code using his iPhone, logged in with the test account. Apple Pay began validating our merchant identity and retrieved the wallet token to proceed with payment. The Apple Pay payment sheet appeared on Raul's iPhone, showing the card details and the amount requested by Golfmanager. Suddenly, the Apple Pay sheet closed unexpectedly, and we have no insight into what went wrong or what might be missing on our end. Here is the video: https://drive.google.com/file/d/1r-73edQ9eBZzXi6HoSYYGjKO8LbxBrZi/view?usp=drive_web

Hi, We are trying to make payment from ecomm merchant. The last request during process is { "sessionData": { "epochTimestamp": "1741082241", "expiresAt": "1741092241", "merchantSessionIdentifier": "SSH88312C485D_7E0DD10173", "nonce": "3f6dc197", "merchantIdentifier": "5F9BC6BAF8", "domainName": "libertybank.ge", "displayName": "Apple Pay Purchase", "signature": "3080060000", "operationalAnalyticsIdentifier": "Apple Pay Purchase:5F9BC6BAF8", "retries": 0, "pspId": "5F9BC6BAF8" } } which is successfully validated applePaySession.completeMerchantValidation(data.sessionData) After this, the "oncancel" handler is triggered in applePay. Please help us to understand what is wrong. Please note the domain where the applepay button is located is at txpg.libertypay.ge Which is successfully verified.

I'm successfully using Apple subscriptions in my app, but I'm encountering SKErrorCodeDomain error 18 when trying to apply a subscription offer. I want apply offer code first time only for subscription. Below are details of what i set in appstore and what i have tested. Subscription Offer Details Offer Type: For the first month Customer Eligibility: New, Existing, and Expired Subscribers Code Status: Active Offer Code Creation Steps: App Store Connect → App → Subscription → Select Subscription Product → Offer Codes → Add → Add Custom Codes Signature Generation for Promotional Offers I'm following Apple's documentation to generate a signature: https://developer.apple.com/documentation/storekit/generating-a-signature-for-promotional-offers I’ve constructed the payload as instructed: appBundleId + '\u2063' + keyIdentifier + '\u2063' + productIdentifier + '\u2063' + offerIdentifier + '\u2063' + appAccountToken + '\u2063' + nonce + '\u2063' + timestamp Keys and Identifiers keyIdentifier, issuerId, and .p8 file are obtained from: App Store Connect → Users and Access → Integrations → In-App Purchase Test user created under: App Store Connect → Users and Access → Sandbox → Test Accounts Logged in with this account on the iPhone What I’ve Tried Verified all values used in the payload are correct Tried both seconds and milliseconds for the timestamp (as per documentation, it should be in milliseconds) Tried setting appAccountToken to: a valid UUID an empty string not setting it at all Used Apple’s sample code to generate a signature: https://developer.apple.com/documentation/storekit/generating-a-promotional-offer-signature-on-the-server Verified the generated signature locally, and it validated successfully: https://developer.apple.com/documentation/storekit/generating-a-signature-for-promotional-offers#Validate-locally-and-encode-the-signature Apple’s sample code to generate a signature Downloaded from const express = require('express'); const router = express.Router(); const crypto = require('crypto'); const ECKey = require('ec-key'); const secp256k1 = require('secp256k1'); const uuidv4 = require('uuid/v4'); const KeyEncoder = require('key-encoder'); const keyEncoder = new KeyEncoder('secp256k1'); const fs = require('fs'); function getKeyID() { return "KEYIDXXXXX"; } router.post('/offer', function(req, res) { const appBundleID = req.body.appBundleID; const productIdentifier = req.body.productIdentifier; const subscriptionOfferID = req.body.offerID; const applicationUsername = req.body.applicationUsername; const nonce = uuidv4(); const currentDate = new Date(); const timestamp = currentDate.getTime(); const keyID = getKeyID(); const payload = appBundleID + '\u2063' + keyID + '\u2063' + productIdentifier + '\u2063' + subscriptionOfferID + '\u2063' + applicationUsername + '\u2063'+ nonce + '\u2063' + timestamp; // Get the PEM-formatted private key string associated with the Key ID. // const keyString = getKeyStringForID(keyID); // Read the .p8 file const keyString = fs.readFileSync('./SubscriptionKey_47J5826J8W.p8', 'utf8'); // Create an Elliptic Curve Digital Signature Algorithm (ECDSA) object using the private key. const key = new ECKey(keyString, 'pem'); // Set up the cryptographic format used to sign the key with the SHA-256 hashing algorithm. const cryptoSign = key.createSign('SHA256'); // Add the payload string to sign. cryptoSign.update(payload); /* The Node.js crypto library creates a DER-formatted binary value signature, and then base-64 encodes it to create the string that you will use in StoreKit. */ const signature = cryptoSign.sign('base64'); /* Check that the signature passes verification by using the ec-key library. The verification process is similar to creating the signature, except it uses 'createVerify' instead of 'createSign', and after updating it with the payload, it uses `verify` to pass in the signature and encoding, instead of `sign` to get the signature. This step is not required, but it's useful to check when implementing your signature code. This helps debug issues with signing before sending transactions to Apple. If verification succeeds, the next recommended testing step is attempting a purchase in the Sandbox environment. */ const verificationResult = key.createVerify('SHA256').update(payload).verify(signature, 'base64'); console.log("Verification result: " + verificationResult) // Send the response. res.setHeader('Content-Type', 'application/json'); res.json({ 'keyID': keyID, 'nonce': nonce, 'timestamp': timestamp, 'signature': signature }); }); module.exports = router; Postman request and response Request URL: http://192.168.1.141:3004/offer Request JSON: { "appBundleID":"com.app.bundleid", "productIdentifier":"subscription.product.id", "offerID":"OFFERCODE1", "applicationUsername":"01234b43791ea309a1c3003412bcdaaa09d39a615c379cc246f5f479760629a1" } Response JSON: { "keyID": "KEYIDXXXXX", "nonce": "f98f2cda-c7a6-492f-9f92-e24a6122c0c9", "timestamp": 1753510571664, "signature": "MEYCIQCnA8UGWhTiCF+F6S55Zl6hpjnm7SC3aAgvmTBmQDnsAgIhAP6xIeRuREyxxx69Ve/qjnONq7pF1cK8TDn82fyePcqz" } Xcode Code func buy(_ product: SKProduct) { let discountOffer = SKPaymentDiscount( identifier: "OFFERCODE1", keyIdentifier: "KEYIDXXXXX", nonce: UUID(uuidString: "f98f2cda-c7a6-492f-9f92-e24a6122c0c9")!, signature: "MEYCIQCnA8UGWhTiCF+F6S55Zl6hpjnm7SC3aAgvmTBmQDnsAgIhAP6xIeRuREyxxx69Ve/qjnONq7pF1cK8TDn82fyePcqz", timestamp: 1753510571664) let payment = SKMutablePayment(product: product) payment.applicationUsername = "01234b43791ea309a1c3003412bcdaaa09d39a615c379cc246f5f479760629a1" payment.paymentDiscount = discountOffer SKPaymentQueue.default().add(payment) } Issue Even following instructions to the documentation and attempting various combinations, the offer keeps failing with SKErrorCodeDomain error 18. Has anyone else experienced this? Any suggestions as to what may be amiss or how it can be corrected?

Hi, We have app in which we take donations from people and send to non-profit organisations. I have read that Apple Pay can be integrated on non profit platforms to take donations, but we are middle man, we are not non profit .. we take donations, cut our platform fees and then sent to donations to non profit orgs. My question is can we integrate Apple Pay in our iOS app to take donations from apple? as we have integrated Apple Pay on the web.

Hi to everyone looking for more information about recurring payments I wonder if there is any way to test (maybe by using some default event id) the merchant token event token detail endpoint, it would be very helpful for merchants if there was some configuration or event id that always returned some particular event, that way we could do a better testing process instead of doing all this with a production environment. If there is any way to use some tool or sandbox to test this part of the process please tell us about it.

I am facing an issue with Apple Pay js while doing the integration we are using reference https://applepaydemo.apple.com/apple-pay-js-api In this I can generate the merchantSession correctly But when I pass that merchantSession in session.completeMerchantValidation(merchantValidation) as per documentation It is getting failed and also no appropriate error is being shown in the console

Dear Team, we are from Austria and want to test our apple pay on the web implementation via Apple Sandbox. As far as we can see Austria is not on the list that sandbox supports Apple Pay testing for. Can you please advise how can we move forward with testing? We have already created and also tried out our Sandbox account on iPhone 11 and successfully added test cards to the Wallet. Can we expect please in later stage some restrictions due to our region? Thank you in advance. Iveta

What am I missing in my checking for whether or not to offer Apple Pay on my website? <script async crossorigin src="https://applepay.cdn-apple.com/jsapi/v1.1.0/apple-pay-sdk.js" ></script> ... <style> apple-pay-button { display: none; } </style> ... <apple-pay-button buttonstyle="black" type="plain" locale="en-US" onclick="startApplePay('${APPLE_PAY_MERCHANT_ID}','${paymentForm.amount}');"></apple-pay-button> So, the button is not displayed by default. I only change the style to displayed if: window.onload = function() { if (isApplePaySupported()) { document.querySelector("apple-pay-button").style.display = "inline-block"; }; } function isApplePaySupported() { return (window.PaymentRequest && window.ApplePaySession && ApplePaySession.canMakePayments() && ApplePaySession.supportsVersion(applePayVersion)); } Yet, once in a while a click comes through that tries to create a PaymentRequest with const applePayMethod = { "supportedMethods": "https://apple.com/apple-pay", "data": { "version": applePayVersion, "merchantIdentifier": merchantIdentifier, "merchantCapabilities": [ "supports3DS" ], "supportedNetworks": [ "amex", "discover", "masterCard", "visa" ], "countryCode": "US" } }; and results in: NotSupportedError, The payment method is not supported What else might be "not supported" in the request for this particular user/device/wallet? In particular, that could be known immediately when the PaymentRequest is created, but before any payment instrument from the wallet is selected? And, is there anything I could detect before showing the button? Or, is it even possible for the button to be clicked by some kind of automation, even if it's not displayed?

Como consigo um código TestFlight. Alguém pode me ajudar, por gentileza

I am working on implementing merchant token notifications. When calling this endpoint https://developer.apple.com/documentation/merchanttokennotificationservices/merchant-token-event-retrieval, the result contains a CardMetadata object with an expirationDate field (see https://developer.apple.com/documentation/merchanttokennotificationservices/cardmetadata). What is the format of this field? The spec only mentions that it has a maximum length of 8 characters.

I can’t send or receive money with Apple Cash My account is restricted but only Apple Cash everything else works fine help

On Applepay's docs it talks about the ability to do "flexible" payments and scheduling for future purchases. We need to be able to make only a single approval of an Apple payment for multiple submissions later on. Think, deferred payments at an arbitrary schedule without presenting the ApplePay dialog each and every time. The docs suggest that may be possible, but are maddeningly vague on how to do that. Is it possible or not? Can we store an approved merchant's token for example and leverage that for future transactions?

I am helping one of my clients to build an app. Their app offers people to purchase an appointment with a trainer for some one-on-one training (i.e. exercises, weight lifting, cardio, ...etc.). According to 3.1.3(d) in https://developer.apple.com/app-store/review/guidelines/#in-app-purchase 3.1.3(d) Person-to-Person Services: If your app enables the purchase of real-time person-to-person services between two individuals (for example tutoring students, medical consultations, real estate tours, or fitness training), you may use purchase methods other than in-app purchase to collect those payments. One-to-few and one-to-many real-time services must use in-app purchase. They want to use Stripe for in-app purchase. In this situation, how would Apple charge the commission? Do I need to file a report of some sort to Apple for the amount of charges? In addition, I saw a link regarding using alternative payment method in the EU https://developer.apple.com/support/apps-using-alternative-payment-providers-in-the-eu/#:~:text=Requirements%20for%20linking%20out%20to,for%20purchase%20on%20your%20website. What about in the United States? Are there any requirements we need to adhere to for the implementation please?