Hello team , We have created a sandbox tester and added all the setting as per the guidelines but the sandbox tester account is blocked from adding the test card . All the test cards show as invalid card . We are not able to able to add wallet from iCloud . We are not able to sign into iTunes with the sandbox tester account . Please help on how to resolve this . Thanks in Advance

Hi, We are trying to make payment from ecomm merchant. The last request during process is { "sessionData": { "epochTimestamp": "1741082241", "expiresAt": "1741092241", "merchantSessionIdentifier": "SSH88312C485D_7E0DD10173", "nonce": "3f6dc197", "merchantIdentifier": "5F9BC6BAF8", "domainName": "libertybank.ge", "displayName": "Apple Pay Purchase", "signature": "3080060000", "operationalAnalyticsIdentifier": "Apple Pay Purchase:5F9BC6BAF8", "retries": 0, "pspId": "5F9BC6BAF8" } } which is successfully validated applePaySession.completeMerchantValidation(data.sessionData) After this, the "oncancel" handler is triggered in applePay. Please help us to understand what is wrong. Please note the domain where the applepay button is located is at txpg.libertypay.ge Which is successfully verified.

Hello I'm getting an error when the Apple Pay sheet opens on a third party browser like Chrome when completeShippingMethodSelection is called 'DataCloneError: Failed to execute 'postMessage' on 'Window': #<Object> could not be cloned.' I'm also seeing this warning when the apple pay sheet opens Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://applepay.cdn-apple.com') does not match the recipient window's origin although I also see this warning on https://applepaydemo.apple.com/

We created the P12 key from the Merchant ID certificate using KeyChain Access when developing Apple Pay for web. Now we are in the process of deploying Apple Pay to Prod, do we need to generate a new P12 key for Prod? I am not sure about the process here, and need some assistance or understanding. Do I need to create a new P12 for Production deployment or can I use the P12 created when developing? Thanks

We were try to call Apple Pay startSession, but we are getting an following error, exception: Error: Error: socket hang up at SCAwsPay.validateSessiont (D:\projects\amazon_payment_nodejs\routes\controllers\secondaryControllers\SCAwsPay.js:158:19) at processTicksAndRejections (node:internal/process/task_queues:96:5) at async D:\projects\amazon_payment_nodejs\routes\awsPay.js:56:18, const { merchantIdentifier, domainName, initiativeContext, initiative, displayName } = payload; const httpsAgent = new https.Agent({ rejectUnauthorized: false, cert: certificate, key: key, passphrase: 'team123' }); const headers = { 'Content-Type': 'application/json', }; let response = await axios.post("https://apple-pay-gateway.apple.com/paymentservices/startSession", { merchantIdentifier, domainName, displayName, }, { // headers, httpsAgent }); I kindly request your support in resolving this issue as soon as possible. Apple Pay is an essential feature for me, and I would greatly appreciate any guidance or solutions you can provide. Thank you for your attention to this matter. I look forward to your prompt response and assistance in resolving this issue.

Hi all, Recently Apple made Buy Now, Pay Later options available on devices running on iOS 18 or above. Is there a way to disable that option in the payment sheet? I tried looking through the PKPaymentNetwork enums, and didn't find anything that corresponded with Affirm or Klarna. Is there another way that I can disable it?

Hello Everyone, I am trying to integrate apple pay on my website and have followed the following steps. Created a merchant identifier in my apple developer account. Generated a payment processing certificate using Certificate signing Request generated through keychain. Downloaded the certificate and converted that to pem file using the following command openssl x509 -inform DER -in apple_pay.cer -out apple_pay.pem Imported the cer file into keychain and exported .p12 file and generated private key using the following command. openssl pkcs12 -in Certificates.p12 -out private_key.pem -nocerts Utilizing apple_pay.pem and private_key.pem files for merchant verification call and getting the following response. cURL Error: OpenSSL SSL_read: error:14094418:SSL routines:ssl3_read_bytes:tlsv1 alert unknown ca, errno 0 Trying 17.141.128.7:443...\n* TCP_NODELAY set\n* Connected to apple-pay-gateway.apple.com (17.141.128.7) port 443 (#0)\n* ALPN, offering h2\n* ALPN, offering http/1.1\n* successfully set certificate verify locations:\n* CAfile: /etc/ssl/certs/ca-certificates.crt\n CApath: /etc/ssl/certs\n* SSL connection using TLSv1.3 / TLS_AES_128_GCM_SHA256\n* ALPN, server accepted to use http/1.1\n* Server certificate:\n* subject: businessCategory=Private Organization; jurisdictionC=US; jurisdictionST=California; serialNumber=C0806592; C=US; ST=California; L=Cupertino; O=Apple Inc.; CN=apple-pay-gateway.apple.com\n* start date: Dec 19 00:22:44 2024 GMT\n* expire date: Mar 12 19:42:00 2025 GMT\n* issuer: C=US; O=Apple Inc.; CN=Apple Public EV Server RSA CA 1 - G1\n* SSL certificate verify ok.\n> POST /paymentservices/startSession HTTP/1.1\r\nHost: apple-pay-gateway.apple.com\r\nAccept: /\r\nContent-Type: application/json\r\nContent-Length: 143\r\n\r\n* upload completely sent off: 143 out of 143 bytes\n* OpenSSL SSL_read: error:14094418:SSL routines:ssl3_read_bytes:tlsv1 alert unknown ca, errno 0\n* Closing connection I also tried to include AppleWWDRCAG2 and AppleRootCA-G2 certificated but same response every time.

I am seeking an assistance with an issue we've encountered during our efforts to integrate Apple Pay into our web application. We're using Angular on our client side. and our server side is powered by AEM(Adobe Experience Manager), which is based on Java. As part of our integration process, we're following the Apple Pay documentation. However, we've encountered a challenge during the merchant validation step. Our server-side implementation, responsible for validating the merchant identity and generating a session object for payment requests, is encountering an SSL handshake error. Here's the error message we're encountering: javax.net.ssl|FINE|01|main|2024-03-20 05:19:52.812 IST|SSLCipher.java:1817|KeyLimit read side: algorithm = AES/GCM/NOPADDING:KEYUPDATE countdown value = 137438953472 javax.net.ssl|FINE|01|main|2024-03-20 05:19:52.813 IST|SSLCipher.java:1971|KeyLimit write side: algorithm = AES/GCM/NOPADDING:KEYUPDATE countdown value = 137438953472 javax.net.ssl|FINE|01|main|2024-03-20 05:19:52.849 IST|SSLCipher.java:1817|KeyLimit read side: algorithm = AES/GCM/NOPADDING:KEYUPDATE countdown value = 137438953472 javax.net.ssl|FINE|01|main|2024-03-20 05:19:52.850 IST|SSLCipher.java:1971|KeyLimit write side: algorithm = AES/GCM/NOPADDING:KEYUPDATE countdown value = 137438953472 javax.net.ssl|FINE|01|main|2024-03-20 05:19:54.082 IST|Utilities.java:73|the previous server name in SNI (type=host_name (0), value=apple-pay-gateway-cert.apple.com) was replaced with (type=host_name (0), value=apple-pay-gateway-cert.apple.com) javax.net.ssl|FINE|01|main|2024-03-20 05:19:54.448 IST|SSLCipher.java:1817|KeyLimit read side: algorithm = AES/GCM/NOPADDING:KEYUPDATE countdown value = 137438953472 javax.net.ssl|FINE|01|main|2024-03-20 05:19:54.448 IST|SSLCipher.java:1971|KeyLimit write side: algorithm = AES/GCM/NOPADDING:KEYUPDATE countdown value = 137438953472 javax.net.ssl|SEVERE|01|main|2024-03-20 05:19:54.453 IST|TransportContext.java:369|Fatal (CERTIFICATE_UNKNOWN): sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target ( "throwable" : { sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) at sun.security.validator.Validator.validate(Validator.java:271) at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:312) at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:221) at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:128) at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1339) at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1230) at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1173) at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:376) at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:479) at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:457) at sun.security.ssl.TransportContext.dispatch(TransportContext.java:200) at sun.security.ssl.SSLTransport.decode(SSLTransport.java:155) at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280) at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ... 24 more} } We've reviewed our server configuration and checked that the SSL/TLS settings are correctly configured. Additionally, we've ensured that the server's SSL certificate is valid and up-to-date.

I have an Apple subscription with a 2-week introductory offer and a 3-month promotional offer code. There are 2 subscription plans: 1-month subscription 12-month subscription For the 1-month plan, my promotional offer code is "Monthly_Free," and for the 12-month plan, my promotional offer code is "Yearly_Free." However, when users try to enter the respective promo codes for the 1-month or 12-month plans, they receive the following error: "Offer not available. Your account is not eligible for this offer. You can still subscribe at the regular plan price." This works fine in the sandbox account, where I can use the promo codes as many times as needed, switching between the 1-month and 12-month plans easily. What could be the issue here?

Hi, Please refer the info graphic . I'm an issuer Bank App, who wants to add a card to phone's Digital Wallet. When I hit add to Apple or Google wallet, my API call goes to a Token Requester server and then to Token Service provider. In this process, I do get a JWT token back, but when I try to add token to Digital Wallet, I always get the message "The pass cannot be read because it is not valid". So few question: Is there a way to debug the token that is received by the app? Is there any kind of API console that I can look to see what is happening and why the pass is not valid? I, being the Issuer Bank App, a Token Service Requester and A Token Service Provider, who should be communicating with Apple servers? Are there any documents that explicitly shows (example) the flow of adding a credit card to Digital Wallet from iOS perspective? Any other help is appreciated. On my end, I have done this: public void AddToDeviceAsync(string data) { try { var dataArray = Encoding.UTF8.GetBytes(data); if (data.Length > 0) { if (PKAddPassesViewController.CanAddPasses && PKPassLibrary.IsAvailable) { _nsData = NSData.FromArray(dataArray); ObjCRuntime.Class.ThrowOnInitFailure = false; _pkPass = new PKPass(_nsData, out NSError e); if (!string.IsNullOrWhiteSpace(e?.LocalizedDescription)) { UserDialogs.Instance.AlertAsync(e.LocalizedDescription, AppResources.Alert); return; } if (!PkLibrary.Contains(_pkPass)) { var controller = new PKAddPassesViewController(_pkPass); var rootViewController = UIApplication.SharedApplication.Delegate.GetWindow().RootViewController; if (rootViewController != null) { var topController = TopViewControllerWithRootViewController(rootViewController); topController?.PresentViewController(controller, true, null); } } else { UserDialogs.Instance.AlertAsync(AppResources.Pass_Already_Present, AppResources.Alert); } } } else { UserDialogs.Instance.AlertAsync(AppResources.Invalid_Pass_Data, AppResources.Alert); } } catch (Exception e) { UserDialogs.Instance.AlertAsync(e.Message, AppResources.Alert); } }

I am encountering an issue related to the status property within the payment object of the order.json file when opening an order in the iOS Wallet. According to the official documentation, the status property in the payment object is marked as deprecated. Based on this information, I removed the status property from the order.json. However, when I attempt to open the order in the iOS Wallet app, an error occurs, preventing the order from being opened. This creates confusion, as the documentation implies that the status property in the payment object is no longer required. However, the iOS Wallet app seems to still rely on the presence of this property or encounters an error when it’s missing. Tested on IOS 17.6.1 & IOS 18

I have a question regarding the file apple-developer-merchantid-domain-association.txt. I understand that this file is used during API access for Apple Pay Web payments. However, is it necessary for our company to access this file during the payment process? Also, this domain validation file is expected to be placed in the publicly accessible “.well-known” folder on our web server. Is it acceptable for this file to remain readable by third parties on the Internet, including Apple’s servers, without posing any security risks? Since this file is generated during domain registration on the Apple Developer site and is unique to our domain, we believe there should be no security concerns even if accessed by third parties. However, are there any specific security requirements for this domain validation file? Please note that the domain validation has already been successfully completed. We appreciate your time and look forward to your guidance. Best regards,

Hey Everyone, i am trying the credentials for AMEX and Discover from here: https://developer.apple.com/apple-pay/sandbox-testing/ The problem is, none of the AMEX and Discover is working with my CyberSource integration, not sure why? the same VISA and Master is working good

Hi Support, When the applepay express transit option is used on emv payment cards, like this iPhone - Open “Settings” → “Wallet & Apple Pay” → “Express Transit Card”. And a emv single card has been enabled under Express Transit And on transit reader Apple Enhanced contactless Polling support is provided, ( with VAS not supported, user authentciation not supported) Sometimes ATQB response also comes from the iPhone or iWatch instead of the ATQA response, and then it causes the transit reader to report as collision error in the polling. Sequence of the packets: WUPA WUPB ECP frame WUPA WUPB ATQB WUPA ATQA

Hi, I'm adding deferredPaymentRequest container to get MPan, but payment is now cancelled by Webkit, no other explanation What is the next step to get mpan ? Regards, Louis "deferredPaymentRequest": { "deferredBilling": { "label": "Deferred Payment", "amount": "1.99", "type": "final", "paymentTiming": "deferred", "deferredPaymentDate": "2024-06-1", }, "managementURL": 'https://.../apmsim/pay/appleManagement', "paymentDescription": "this is a paymentDescription", }

I work on integrating online payment gateways. We are currently integrating Stripe and Adyen payment gateways. However, when integrating with Stripe, we use the certificate file provided by Stripe, and for Adyen, since there are not many payment transactions, we cannot create our own account, so we are using an account from a partner company. Therefore, we also have to use the Apple Pay certificate file from the partner company. In other words, the certificate files for Stripe and Adyen are different, but we want to get verification for the same domain. How can we set up to differentiate between Stripe and Adyen for the same domain with two different certificate files? The framework we are using is React.js for the frontend and Node.js for the backend.

Earlier this year implemented saving event tickets to Apple Wallet (and Google Wallet, which was painful by comparison!), as an optional alternative to recipients leaving the QR Codes in email or printing them. Scanning barcodes on entry is done using camera on phones (either iPhone or Android). This is a somewhat pressured situation with lots of people needing scans in quite a short period of time. I do not do this myself but I do get feedback. it was reported to me that Apple Wallet barcodes are significantly harder to scan accurately than those in Google Wallet. They think that is because the Apple QR Codes are quite a bit smaller (and presumably harder, therefore, to get focussed properly). They do work, it just takes longer to get a successful scan. This doesn’t seem to be anything I can control, and there seems to be plenty of space to make them bigger, even on my iPhone mini. These aren’t terribly dense barcodes; I imagine they would be harder still if they were. I also guess specialised barcode readers might do better, but we don’t have that luxury. I’d appreciate it if they could be bigger when displayed in Apple Wallet, or at least to have that as an option.

We are implementing Apple Pay and Wallet features in our app and using mocked data for testing purposes. Specifically, in the status(completion:) method of PKIssuerProvisioningExtensionHandler, we return: passEntriesAvailable: true, remotePassEntriesAvailable: true, requiresAuthentication: true, In the passEntries(completion:) method, we provide mocked data for our card. The issue is that the app icon inconsistently appears under the "From Apps on Your iPhone" section in the Wallet app. Sometimes it shows up as expected, but other times it does not. On recent occasions, when the app is selected and mocked authorization is paased, the behavior includes a system error 'Cannot Add Card' even though we provided status that indicates that the app has available cards for Wallet. For reference: The app uses two bundle IDs supporting in-app provisioning and PNO Pass Metadata has not been configured yet. Could you help clarify the potential reasons for this inconsistent behavior?

can change Apple Cash ?

We are on a .NET ecommerce site hosted on AWS on a windows 2012R2 server. We have apple pay for the web integrated on the site and the certificates (merchant id and apple pay) were set to expire shortly. We created a new merchant id and apple pay cert, however we are now stuck as the new merchant ID certificate doesn't appear to be working although the old one did. Note there have been no code changes. Basically the apple pay process is failing on the merchant validation. Here are the steps we took: Created a CSR in Keychain Access Generated a Merchant ID cert in the Apple Developer account with that CSR. Imported the Merchant ID cert back into Keychain Access and exported as a p12 file the cert and the private key used to generate the CSR. Imported the p12 file into Windows 2012 R2. I can see in our debugging that the new certificate is being loaded but a SSL/TSL connection couldn't be made. So it seems there is an issue with the cert. Has anyone encountered this? I'm out of ideas at this point and under a lot of pressure from management to fix what was supposed to be a routine maintenance issue. If anyone has any ideas, that would be greatly appreciated.