We are developing an app which allows users to generate a HSBC virtual card using Mastercard API and add this card to an apple wallet. Staging test was passed successfully, but we are stuck in a production test phase. T&C is not even visible, 'Card is not added' is popped on a screen before that. User taps “Add to Apple Wallet” → we present PKAddPaymentPassViewController → they tap Next → after a few seconds the flow fails with "Set Up Later" alert. FB22332303 (MCDeanPortal app: In-App Provisioning Production Test fails) Thank you

We are implementing Apple Pay In-App Provisioning (EV_ECC_v2) for our EU app. The same codebase and encryption logic works successfully for our main app (different bundle ID and Adam ID), but the EU app consistently fails with HTTP 500. Environment: Entitlement: Granted (Case-ID: 18772317) Encryption scheme: EV_ECC_v2 Issue: During In-App Provisioning, the iOS app successfully obtains certificates, generates cryptographic material (encryptedCardData, activationData, ephemeralPublicKey), and POSTs to Apple's broker endpoint. The request fails at: Endpoint: POST /broker/v4/devices/{SEID}/cards Response: HTTP 500 with an HTML error page (not a JSON business error) <html> <head><title>500 Internal Server Error</title></head> <body> <center><h1>500 Internal Server Error</h1></center> <hr><center>Apple</center> </body> </html> Key observations: Our main app (different bundle ID/Adam ID) uses identical encryption code, private keys, and key alias — and works correctly in production. Manual card provisioning through Apple Wallet on the same device succeeds. The entitlement com.apple.developer.payment-pass-provisioning is confirmed present in the provisioning profile (verified via codesign). The 500 response is HTML rather than JSON, suggesting the request is rejected at the gateway level before reaching Apple Pay business logic. What we've verified: Entitlement correctly configured in provisioning profile ephemeralPublicKey is in uncompressed format (65 bytes, starts with 0x04) encryptionVersion is EV_ECC_v2 No double Base64 encoding Question: Could you please check whether Adam ID 6745866031 has been correctly added to the server-side allow list for In-App Provisioning in the production environment? Given the HTML 500 (not JSON) and that the identical code works for our other app, we suspect this may be an allow list or account configuration issue rather than a cryptography error. I will follow up with a Feedback Assistant ID including sysdiagnose logs shortly, per the steps outlined in https://developer.apple.com/forums/thread/762893

We are trying to implement the the tokenNotificationUrl in a deferredBilling request so that we can get MPAN tokens (when supported) back from ApplePay. We want to be able to test that the events are working and firing. I have tried creating a deferred billing request, and then unlinked my test card from my test account and did not receive any event at my token notification endpoint. What is the best way to approach this from a lower environment perspective? We are trying to simulate the UNLINK EventType in the MerchantTokenEventResponse. Also can you confirm that providing this URL is what determines if we get an MPAN vs a DPAN (when MPAN is supported) or is there a different mechanism that turns that on?

My understanding is that MPAN is provided for any of the payment request types that support the tokenNotificationURL (deferred/recurring). If you omit the tokenNotificationURL from the request do you still get an MPAN (when supported by the banking network)? Or is it only if that property has a value? Is there a different way you are supposed to trigger an MPAN?

During the in‑app provisioning flow, we successfully obtain the provisioning certificates and generate object for posting. However, in the production environment the flow fails when posted to a broker. broker/v4/devices/{SEID}/cards The staging environment works correctly and provisioning completes without issues. Object {encryptedCardData, activationData, ephemeralPublicKey} is build. The T&C screen never appears. FB22332303

Hi everyone, Is there a way to check the integrity of the auto updating version of the Apple Pay JS SDK? SRI can only be used for the semantic version. Any help/suggestion is appreciated.

We have recently enrolled to the platform integrator program in order to be able to use this API https://developer.apple.com/documentation/applepaywebmerchantregistrationapi to verify our customers' domains for apple pay. We have distributed certifications and the domain association file and have successfully conducted the domain verification call. Consequently, the domain is registered for a given merchant. However, when conducting a payment session request, we receive an error response saying that the domain is not registered. Specific example: We POST to https://apple-pay-gateway.apple.com/paymentservices/registerMerchant with body: { "domainNames": [ "example.com" ], "encryptTo": "platformintegrator.com.example", "partnerInternalMerchantIdentifier": "example", "partnerMerchantName": "example" } and get a 200 response. The apple server successfully conducts the call to the example.com/.well-known/apple-developer-merchantid-domain-association resource. Then the GET request to https://apple-pay-gateway.apple.com/paymentservices/merchant/example lists the domain for this merchant: Response { "domainNames": [ "example.com" ], "partnerMerchantName": "example", "partnerInternalMerchantIdentifier": "example", "partnerMerchantValidationURI": "/.well-known/apple-developer-merchantid-domain-association", "encryptTo": "<hashed merchant id>", "delegatedCommerce": { "enabled": true } } However, when trying to initiate an apple pay payment session here: POST https://apple-pay-gateway.apple.com/paymentservices/paymentSession Body: { "merchantIdentifier": "platformintegrator.com.example", "displayName": "example", "initiative": "web", "initiativeContext": "example.com" } we receive this error response: { "statusMessage": "Payment Services Exception merchantId=<hashed merchant id> not registered for domain=example.com", "statusCode": "400" } Our assumption is that after registering a domain for a merchant the apple pay process should work. We already have a working apple pay implementation with the traditional domain verification process with merchant IDs. We would like to know if we are missing any detail or what is causing this error in our payment process.

Hello, I have recently started exploring the Apple Wallet extension and have a couple of questions I was hoping you could help clarify: Is there any form of communication between the UI extension and the non-UI extension? From my understanding, the UI extension handles the authorization and simply indicates whether the app approves it or not, without passing additional data. However, the non-UI extension is expected to make calls to the issuer app’s backend, which typically require a token obtained through prior authentication services and may even involve an OTP. Is there a recommended way to share this information between extensions within the Apple Wallet Extension framework, or is using App Groups the only option? Additionally, during the provisioning process, is there any possibility of re-invoking the UI extension if further validation is required? Furthermore, according to the documentation, testing is carried out via TestFlight and in production. Is there any way to test these extensions on a physical device directly from Xcode for debugging purposes, or is TestFlight the only available method? Thank you very much in advance for your time and assistance.

We are facing issues with the Apple Pay pop up addresses. So for Portugal and Romania, we would like to collect the user's Province/State as part of the checkout experience. We already do that with other payment methods, however, we noticed Apple Pay pop up doesn't include state/province fields for these two countries, which causes orders to arrive with that field as blank. This is causing a lot of logistics issues during fulfillment. Is there a way to fix this and have the field appear for Portugal and Romania users? Case reference: 102869141084 Thank you!

Feedback ID: FB22759977 After clicking add to apple wallet in our app, I launch the PKAddPaymentPassViewController and click next. It loads for a few seconds and then I get: [] ProvisioningOperationComposer: Step '' failed with error Error Domain=PKProvisioningErrorDomain Code=5 UserInfo={PKErrorHTTPResponseStatusCodeKey=500}

Hi, I’m looking for clarification on Apple Pay merchant domain verification behavior. Our production domain’s verification expiry was extended without any action from our team. Previous expiry: May 21, 2026 Current expiry: October 6, 2026 The Verify button is greyed out, and we can’t download a new .txt file. We did not re‑verify the domain during this time. A few weeks prior, we did renew our Apple Pay Merchant Identity certificate for Apple Pay on the web. Could someone clarify: Does updating the Merchant Identity certificate trigger automatic domain revalidation or expiry extension? If so, why was the extension only 4 months? Does Apple automatically revalidate or extend merchant domain verification? Is this expected behavior, or should domains always be manually re‑verified?

In testing in-app push provisioning with a production TestFlight build built with Xcode Cloud (Xcode 26.4.1) the flow is failing when attempting to add cards. I start the flow by choosing the add to wallet button from within the app. I get to the stage “Add Card” and choosing continue fails with “Could Not Add Card” and a button “Set Up Later” Analysing the sysdiagnose logs reveals that the eligibility stage is failing with a HTTP 500 error. [9ix8SPBHSfWEcxLjj+j5bA] ProvisioningOperationComposer: Step 'eligibility' failed with error <PKProvisioningError: severity: 'terminal'; internalDebugDescriptions: '( "eligibility request failure", "Received HTTP 500" )'; underlyingError: 'Error Domain=PKPaymentWebServiceErrorDomain Code=0 "Unexpected error." UserInfo={PKErrorHTTPResponseStatusCodeKey=500, NSLocalizedDescription=Unexpected error.}'; userInfo: '{ PKErrorHTTPResponseStatusCodeKey = 500; }'; > FB22761556

We as a PSP register merchantIdentifiers when registering merchants to ApplePay. We then use these identifiers in a multiTokenContexts during ApplePay session creation / validation / payment. "multiTokenContexts": [ { "merchantIdentifier": "ABC-MID-1", "externalIdentifier": "MAIN_PURCHASE", "merchantName": "Main", "amount": "2.50" }, { "merchantIdentifier": "ABC-MID-1", "externalIdentifier": "CONVENIENCE_FEE", "merchantName": "Fee Processing", "merchantDomain": "m2.example.com", "amount": "2.50" } ] in response we get "authenticationResponses": [ { "merchantIdentifier": "0aff534d6d46fd653f60e6161c53101ee8d9cbc20b1bc40533c929d0a6aae6bc", "authenticationData": "AAAIAKnglVRsCyOvcgI*=", "transactionAmount": "250" }, { "merchantIdentifier": "bfc9a63b4ebab8cde90234731cb18a544c306b0af747d93d773fedb603f0945e", "authenticationData": "AAAIANBEqODkDcrDTgI*=", "transactionAmount": "250" } ] We need to know how to match the entries in the request array to the response array. Is the order guarantied? We did not find any documentation on how the response hash for the identifier is computed.

We are an Apple Pay consumer and observed elevated response times and intermittent timeouts affecting the create‑session API (apple-pay-gateway.apple.com/paymentservices/paymentSession) between approximately 8:01 PM and 8:35 PM PST today. We are reaching out to understand whether there were any service disruptions during this timeframe, as we do not see corresponding updates on the system status pages. We would like to confirm whether this behavior was related to a broader Apple Pay issue or specific to our integration.

We are currently experiencing a critical issue with our Apple Developer account related to production certificates for live customers using Apple Pay. Each customer integration requires a minimum of two certificates. At present, our account has reached 20 certificates, and we are facing limitations that impact our ability to onboard new customers. Recently, deletion of certain certificates caused a major outage, resulting in service disruption for live customers. This outage has had significant financial implications,  This may be held liable for the revenue lost. We urgently request clarification on the following: What are the official license limit restrictions for production certificates on Apple Developer accounts? Is there a way to extend or increase the certificate limit to support multiple live customer integrations? What best practices should we follow to avoid outages when managing certificates for Apple Pay? Given the severity of this issue, we kindly ask for immediate guidance and support to prevent further disruptions.

I'm on a 16" MacBook Pro M4 Max w/ 36 GB RAM Apple Pay had been working with the beta releases with not issues, but after the macOS 26.6 beta update, Apple Pay was deactivated and is showing an error message: Apple Pay has been disabled because the security settings of this Mac were modified I found suggested fixes on the non-beta Apple forums (since this issue has apparently struck past release-versions of macOS), but none of them have worked. Does anyone here have any notions? Thanks!

Hi, We’re testing Apple Pay In-App Provisioning in the production environment using a TestFlight build, and the provisioning flow fails before the Terms & Conditions screen is shown. From the device logs, the failure happens during the eligibility step: ProvisioningOperationComposer: Step 'eligibility' failed eligibility request failure Received HTTP 500 PKPaymentWebServiceErrorDomain We submitted a Feedback Assistant report with the sysdiagnose and all requested private details. Feedback ID: FB22911853 We also verified the exported IPA: It is signed with Store provisioning profiles. get-task-allow is false. ProvisionedDevices is absent. com.apple.developer.payment-pass-provisioning is present in both the app signature entitlements and the embedded provisioning profile entitlements. Could you please advise what we should check next? We’re trying to understand whether this points to a client payload issue, Apple Pay production configuration issue, allowlist issue, or payment network configuration issue. Thanks

Hi guys, we are trying to implement In-App Provisioning for our banking application. After some iterations of determining responsibilities for providing data, we managed to gather all info required, but the process is failing. When user tries to provision a card, the Provisioning UI flow stops after selecting a device to provision the card on. It presents an alert: "Could Not Add Card", and offers just "Set Up Later". Further investigation (Console.app) shows that PassbookUIService has an error saying: [qv4t2XcQQ1G+AWP9HINjFQ] ProvisioningOperationComposer: Step 'eligibility' failed with error <PKProvisioningError: severity: 'terminal'; internalDebugDescriptions: '( "eligibility request failure", "Received HTTP 500" )'; underlyingError: 'Error Domain=PKPaymentWebServiceErrorDomain Code=0 "Unexpected error." UserInfo={PKErrorHTTPResponseStatusCodeKey=500, NSLocalizedDescription=Unexpected error.}'; userInfo: '{ PKErrorHTTPResponseStatusCodeKey = 500; }'; > Also, when filtering Console output by my SEID, I can see that the request is failing with HTTP 500 code: default 15:09:22.599860+0200 PassbookUIService Response: https://pr-pod10-smp-device.apple.com:443/broker/v4/devices/???/cards 500 Time profile: 0.274013 seconds { Server = "Apple" Content-Type = "text/html" X-Content-Type-Options = "nosniff" Strict-Transport-Security = "max-age=31536000; includeSubdomains" Date = "Wed, 03 Jun 2026 13:09:22 GMT" X-Frame-Options = "SAMEORIGIN" X-XSS-Protection = "1; mode=block" Cross-Origin-Opener-Policy = "same-origin" Content-Length = "170" Connection = "close" } <html> <head><title>500 Internal Server Error</title></head> <body> <center><h1>500 Internal Server Error</h1></center> <hr><center>Apple</center> </body> </html> I've submitted a Feedback assistant with the guidelines found here. Feedback ID: FB22924636 (In-App Provisioning failing) Would appreciate if anyone has some pointers as to what to focus on to resolve this issue. Thank you!

Hello, We are implementing in-app provisioning in our banking app but are having trouble getting to the Terms & Conditions screen. User taps on “Add to Apple Wallet” > PKAddPaymentPassViewController > Next > the flow fails quickly with "Could Not Add Card -> Set Up Later" alert. The only notable thing in the logs, as far as I can see is the https://nc-pod12-smp-device.apple.com:443/broker/v4/devices/{SEID}/cards fails with: <html> <head><title>500 Internal Server Error</title></head> <body> <center><h1>500 Internal Server Error</h1></center> <hr><center>Apple</center> </body> </html> and maybe ProvisioningOperationComposer: Step 'eligibility' failed with error <PKProvisioningError: severity: 'terminal'; internalDebugDescriptions: '( "eligibility request failure", "Received HTTP 500" )'; underlyingError: 'Error Domain=PKPaymentWebServiceErrorDomain Code=0 "Unexpected error." UserInfo={PKErrorHTTPResponseStatusCodeKey=500, NSLocalizedDescription=Unexpected error.}'; userInfo: '{ PKErrorHTTPResponseStatusCodeKey = 500; }'; > Feedback Assistant ID: FB22932141 (Error during In-App Provisioning)

Dear Apple Pay team, We are having issues with adding some cards with the extension. Everything seems to go well, we can choose the credit card, and then it is failing, and we have absolutely no idea what could be wrong. Debit card provisioning with the wallet works, provisioning with the app works, but provisioning some credit cards (some users can, some users cannot) doesnt work, and on the console the only thing we can observe is: error Passbook PKAddPaymentPassRequest (0x123456): encryptedPassData missing error Passbook [] ProvisioningOperationComposer: Step 'generateCryptographicMaterial' failed with error Error Domain=PKProvisioningErrorDomain Code=4 UserInfo={NSLocalizedRecoverySuggestion=, NSLocalizedDescription=, NSLocalizedFailureReason=} Could this be some issue with base64 encoding? In app we just do Data(base64Encoding: , options: []) but in the wallet we saw there is a difference where we replace occurrences of _ with / and - with + (for urlSafe) and we add padding to the base64 string : while (newBase64String.count %4 != 0 { newBase64String.append("=") } for some obscure reason, this code was not implemented by me and I dont see the need to do this... If that is prob not the case for our error, what could it be? how to debug it?