We are developing an app which allows users to generate a HSBC virtual card using Mastercard API and add this card to an apple wallet. Staging test was passed successfully, but we are stuck in a production test phase. T&C is not even visible, 'Card is not added' is popped on a screen before that. User taps “Add to Apple Wallet” → we present PKAddPaymentPassViewController → they tap Next → after a few seconds the flow fails with "Set Up Later" alert. FB22332303 (MCDeanPortal app: In-App Provisioning Production Test fails) Thank you

We are trying to implement the the tokenNotificationUrl in a deferredBilling request so that we can get MPAN tokens (when supported) back from ApplePay. We want to be able to test that the events are working and firing. I have tried creating a deferred billing request, and then unlinked my test card from my test account and did not receive any event at my token notification endpoint. What is the best way to approach this from a lower environment perspective? We are trying to simulate the UNLINK EventType in the MerchantTokenEventResponse. Also can you confirm that providing this URL is what determines if we get an MPAN vs a DPAN (when MPAN is supported) or is there a different mechanism that turns that on?

My understanding is that MPAN is provided for any of the payment request types that support the tokenNotificationURL (deferred/recurring). If you omit the tokenNotificationURL from the request do you still get an MPAN (when supported by the banking network)? Or is it only if that property has a value? Is there a different way you are supposed to trigger an MPAN?

During the in‑app provisioning flow, we successfully obtain the provisioning certificates and generate object for posting. However, in the production environment the flow fails when posted to a broker. broker/v4/devices/{SEID}/cards The staging environment works correctly and provisioning completes without issues. Object {encryptedCardData, activationData, ephemeralPublicKey} is build. The T&C screen never appears. FB22332303

Hello. I have a few questions about the implementation of Apple Pay payments on websites. Could you help me From the documentation: Apple Pay issues an Apple Pay Merchant Token if the user’s payment network supports merchant-specific payment tokens. Otherwise, Apple Pay issues a device token for the payment request. How can we determine whether a token is a merchant token or a device token? Is it possible to determine this by any of the token fields? https://developer.apple.com/documentation/passkit/payment-token-format-reference Is it possible to understand this in other ways? Can I make recurring payments with the device token if it was issued instead of the merchant token? Is it necessary to include the tokenNotificationURL when generating a merchant token, or can we generate one without specifying it? What does the applicationExpirationDate field in the merchant token represent? Is this the date when the device token or merchant token expires and payments cannot be made with it?

Hi everyone, Is there a way to check the integrity of the auto updating version of the Apple Pay JS SDK? SRI can only be used for the semantic version. Any help/suggestion is appreciated.

Hello, We are encountering an issue with Apple Pay on the Web in the sandbox environment where payments cannot be completed because the onpaymentauthorized event is not triggered. The same implementation was working normally until March 5, but the issue started occurring consistently from March 6 without any changes to our code, certificates, or merchant configuration. Environment Apple Pay on the Web (JavaScript) Safari (iOS / macOS) Apple Pay Sandbox Merchant domain verified Merchant validation succeeds Observed Flow The Apple Pay flow proceeds normally until authentication: User clicks the Apple Pay button ApplePaySession.begin() is called onvalidatemerchant fires Merchant validation request succeeds completeMerchantValidation() is called Apple Pay sheet is displayed User authenticates with Face ID / Touch ID onpaymentauthorized is never triggered Because this event never fires, the payment token is not returned and the payment cannot proceed. ApplePaySession Request { "countryCode": "JP", "currencyCode": "JPY", "merchantCapabilities": ["supports3DS"], "supportedNetworks": ["visa", "masterCard"], "total": { "label": "Test Payment", "type": "final", "amount": "100" } } Merchant Validation Merchant validation succeeds and returns a valid session from Apple. Relevant fields from the merchant session: merchantIdentifier: 35A786BE6AB4... domainName: secure.telecom-awstest.com displayName: ApplePay Additional Notes Apple Pay sheet appears normally Authentication completes successfully No JavaScript errors are logged onpaymentauthorized is never fired Issue occurs consistently in the sandbox environment Confirmed across multiple iOS versions Question Has anyone experienced a similar issue recently in the Apple Pay sandbox environment, or are there any known changes that could cause the onpaymentauthorized event not to fire after authentication? Any insights would be greatly appreciated. Thank you.

We have recently enrolled to the platform integrator program in order to be able to use this API https://developer.apple.com/documentation/applepaywebmerchantregistrationapi to verify our customers' domains for apple pay. We have distributed certifications and the domain association file and have successfully conducted the domain verification call. Consequently, the domain is registered for a given merchant. However, when conducting a payment session request, we receive an error response saying that the domain is not registered. Specific example: We POST to https://apple-pay-gateway.apple.com/paymentservices/registerMerchant with body: { "domainNames": [ "example.com" ], "encryptTo": "platformintegrator.com.example", "partnerInternalMerchantIdentifier": "example", "partnerMerchantName": "example" } and get a 200 response. The apple server successfully conducts the call to the example.com/.well-known/apple-developer-merchantid-domain-association resource. Then the GET request to https://apple-pay-gateway.apple.com/paymentservices/merchant/example lists the domain for this merchant: Response { "domainNames": [ "example.com" ], "partnerMerchantName": "example", "partnerInternalMerchantIdentifier": "example", "partnerMerchantValidationURI": "/.well-known/apple-developer-merchantid-domain-association", "encryptTo": "<hashed merchant id>", "delegatedCommerce": { "enabled": true } } However, when trying to initiate an apple pay payment session here: POST https://apple-pay-gateway.apple.com/paymentservices/paymentSession Body: { "merchantIdentifier": "platformintegrator.com.example", "displayName": "example", "initiative": "web", "initiativeContext": "example.com" } we receive this error response: { "statusMessage": "Payment Services Exception merchantId=<hashed merchant id> not registered for domain=example.com", "statusCode": "400" } Our assumption is that after registering a domain for a merchant the apple pay process should work. We already have a working apple pay implementation with the traditional domain verification process with merchant IDs. We would like to know if we are missing any detail or what is causing this error in our payment process.

Hello, I have recently started exploring the Apple Wallet extension and have a couple of questions I was hoping you could help clarify: Is there any form of communication between the UI extension and the non-UI extension? From my understanding, the UI extension handles the authorization and simply indicates whether the app approves it or not, without passing additional data. However, the non-UI extension is expected to make calls to the issuer app’s backend, which typically require a token obtained through prior authentication services and may even involve an OTP. Is there a recommended way to share this information between extensions within the Apple Wallet Extension framework, or is using App Groups the only option? Additionally, during the provisioning process, is there any possibility of re-invoking the UI extension if further validation is required? Furthermore, according to the documentation, testing is carried out via TestFlight and in production. Is there any way to test these extensions on a physical device directly from Xcode for debugging purposes, or is TestFlight the only available method? Thank you very much in advance for your time and assistance.

We are facing issues with the Apple Pay pop up addresses. So for Portugal and Romania, we would like to collect the user's Province/State as part of the checkout experience. We already do that with other payment methods, however, we noticed Apple Pay pop up doesn't include state/province fields for these two countries, which causes orders to arrive with that field as blank. This is causing a lot of logistics issues during fulfillment. Is there a way to fix this and have the field appear for Portugal and Romania users? Case reference: 102869141084 Thank you!

I've encountered an issue where we need multiple domain associations with separate Apple Pay implementations. Briefly, we have a /.well-known/apple-developer-merchantid-domain-association already setup with Stripe, and now we need another, different version of the file to get setup with FreedomPay. FreedomPay insists this file represents a three-way relationship between all parties and I have no reason to disbelieve them. I'm wondering if anyone has encountered this or if there is a standard procedure. I'm currently trying to find documentation on the exact way Apple Pay verification interacts with this file to see if we can produce it dynamically.

I have apple pay on the web running ok on our website, using ios devices When I load the cart in a browser and try using the 'scan now qr code', my pay sheet displays on my iphone and then immediately closes. How can I debug the issue? I'm not seeing any logging or issues.

Feedback ID: FB22759977 After clicking add to apple wallet in our app, I launch the PKAddPaymentPassViewController and click next. It loads for a few seconds and then I get: [] ProvisioningOperationComposer: Step '' failed with error Error Domain=PKProvisioningErrorDomain Code=5 UserInfo={PKErrorHTTPResponseStatusCodeKey=500}

Hi, I’m looking for clarification on Apple Pay merchant domain verification behavior. Our production domain’s verification expiry was extended without any action from our team. Previous expiry: May 21, 2026 Current expiry: October 6, 2026 The Verify button is greyed out, and we can’t download a new .txt file. We did not re‑verify the domain during this time. A few weeks prior, we did renew our Apple Pay Merchant Identity certificate for Apple Pay on the web. Could someone clarify: Does updating the Merchant Identity certificate trigger automatic domain revalidation or expiry extension? If so, why was the extension only 4 months? Does Apple automatically revalidate or extend merchant domain verification? Is this expected behavior, or should domains always be manually re‑verified?

We are seeing trial conversions for our auto-renewable monthly subscription wingman_monthly (App ID 6758346525) land in a persistent "Pending" state in users' iOS Purchase History after the 3-day free trial ends, with no debit reaching the user's payment method. App Store Server Notifications V2 indicate the renewals succeeded — each affected transaction is delivered as DID_RENEW (subType BILLING_RECOVERY not present) with is_trial_conversion: true, period_type: NORMAL, a new expires_date set 31 days in the future, AUD 19.99 attributed, no expirationIntent, no is_in_billing_retry_period, and no cancellation_reason. So Apple's billing layer reports the renewals as successful, but settlement does not appear to complete. The same trial-to-paid flow on our yearly product wingman_yearly in the same subscription group converts and debits cleanly. The pattern is specific to wingman_monthly.

We as a PSP register merchantIdentifiers when registering merchants to ApplePay. We then use these identifiers in a multiTokenContexts during ApplePay session creation / validation / payment. "multiTokenContexts": [ { "merchantIdentifier": "ABC-MID-1", "externalIdentifier": "MAIN_PURCHASE", "merchantName": "Main", "amount": "2.50" }, { "merchantIdentifier": "ABC-MID-1", "externalIdentifier": "CONVENIENCE_FEE", "merchantName": "Fee Processing", "merchantDomain": "m2.example.com", "amount": "2.50" } ] in response we get "authenticationResponses": [ { "merchantIdentifier": "0aff534d6d46fd653f60e6161c53101ee8d9cbc20b1bc40533c929d0a6aae6bc", "authenticationData": "AAAIAKnglVRsCyOvcgI*=", "transactionAmount": "250" }, { "merchantIdentifier": "bfc9a63b4ebab8cde90234731cb18a544c306b0af747d93d773fedb603f0945e", "authenticationData": "AAAIANBEqODkDcrDTgI*=", "transactionAmount": "250" } ] We need to know how to match the entries in the request array to the response array. Is the order guarantied? We did not find any documentation on how the response hash for the identifier is computed.

We are an Apple Pay consumer and observed elevated response times and intermittent timeouts affecting the create‑session API (apple-pay-gateway.apple.com/paymentservices/paymentSession) between approximately 8:01 PM and 8:35 PM PST today. We are reaching out to understand whether there were any service disruptions during this timeframe, as we do not see corresponding updates on the system status pages. We would like to confirm whether this behavior was related to a broader Apple Pay issue or specific to our integration.

APP被下架后是否会影响之前已经订阅了自动续费产品用户的定期扣费

Hello, we are developing in app provisioning of our American Express network cards. After clicking add to apple wallet in our app, I launch the PKAddPaymentPassViewController and click next. It loads for a few seconds and then I get: [<private>] ProvisioningOperationComposer: Step '<private>' failed with error Error Domain=PKProvisioningErrorDomain Code=5 UserInfo={PKErrorHTTPResponseStatusCodeKey=500} Does anyone have any insight on what this error means?

In testing in-app push provisioning with a production TestFlight build built with Xcode Cloud (Xcode 26.4.1) the flow is failing when attempting to add cards. I start the flow by choosing the add to wallet button from within the app. I get to the stage “Add Card” and choosing continue fails with “Could Not Add Card” and a button “Set Up Later” Analysing the sysdiagnose logs reveals that the eligibility stage is failing with a HTTP 500 error. [9ix8SPBHSfWEcxLjj+j5bA] ProvisioningOperationComposer: Step 'eligibility' failed with error <PKProvisioningError: severity: 'terminal'; internalDebugDescriptions: '( "eligibility request failure", "Received HTTP 500" )'; underlyingError: 'Error Domain=PKPaymentWebServiceErrorDomain Code=0 "Unexpected error." UserInfo={PKErrorHTTPResponseStatusCodeKey=500, NSLocalizedDescription=Unexpected error.}'; userInfo: '{ PKErrorHTTPResponseStatusCodeKey = 500; }'; > FB22761556