Hello, We are implementing in-app provisioning in our banking app but are having trouble getting to the Terms & Conditions screen. User taps on “Add to Apple Wallet” > PKAddPaymentPassViewController > Next > the flow fails quickly with "Could Not Add Card -> Set Up Later" alert. The only notable thing in the logs, as far as I can see is the https://nc-pod12-smp-device.apple.com:443/broker/v4/devices/{SEID}/cards fails with: <html> <head><title>500 Internal Server Error</title></head> <body> <center><h1>500 Internal Server Error</h1></center> <hr><center>Apple</center> </body> </html> and maybe ProvisioningOperationComposer: Step 'eligibility' failed with error <PKProvisioningError: severity: 'terminal'; internalDebugDescriptions: '( "eligibility request failure", "Received HTTP 500" )'; underlyingError: 'Error Domain=PKPaymentWebServiceErrorDomain Code=0 "Unexpected error." UserInfo={PKErrorHTTPResponseStatusCodeKey=500, NSLocalizedDescription=Unexpected error.}'; userInfo: '{ PKErrorHTTPResponseStatusCodeKey = 500; }'; > Feedback Assistant ID: FB22932141 (Error during In-App Provisioning)

We had noticed “paymentCredentialsAvailable” is getting returned more from apple pay capabilities for some unexpected devices (our example is windows + chrome). Based off the documentation this should only be returning if this is linked to a wallet account w/ valid payment. From some investigation this appears to have changed from apple pay js v1.3.7 to v1.3.8 (latest). Previously the above windows + chrome example would return “paymentCredentialStatusUnknown” which is what would be expected in this case. Tried running chrome in icognito mode and clearing cookies just in case this check had some linkage to the apple account via QR code usage, but did not appear to affect the returned response. Unsure if this is a bug or a change to the logic, but doesn’t appear to be appropriately reflected in the documentation, also a change like this should not be appearing in a patch version. Has anyone else experienced this?

Hi, I’m encountering an issue in my app’s Wallet Extension, specifically within the Non-UI Extension, where we are unable to retrieve payment passes bound to a user’s account. The same code that successfully retrieves these bound cards in the main app does not work when used in the Non-UI Extension. Case-ID: 8932090 Steps to Reproduce: Set up In-App Provisioning: Ensure that the app has the necessary In-App Provisioning permissions. This functionality works correctly in the main app, confirming that the permissions are properly configured. Configure Wallet Extensions: Follow the Wallet Extensions documentation to configure the app, including all required settings for the Non-UI Extension. Add Code to Retrieve Payment Passes: In the main app’s LoginView, implement the following code in the handleLogin() method to retrieve payment passes: // Get the identifiers of payment passes that already exist in Apple Pay. paymentPassLibrary = self.passLibrary.passes(of: .secureElement) for pass in paymentPassLibrary { if let identifier = pass.secureElementPass?.primaryAccountIdentifier { if pass.isRemotePass && pass.deviceName.localizedCaseInsensitiveContains("Apple Watch") { remotePassIdentifiers.insert(identifier) } else if !pass.isRemotePass { passIdentifiers.insert(identifier) } } } Verify Functionality in Main App: Run the app and verify that the code successfully retrieves the payment passes bound to the user’s account. Implement Code in Non-UI Extension: Add the same code to the Non-UI Extension, specifically in the WNonUIExtHandler class within the override func status(completion: @escaping (PKIssuerProvisioningExtensionStatus) -> Void) method. Test in Wallet Extension: Run the Wallet Extension and observe that the payment passes are not retrieved when the code is executed in the Non-UI Extension. Has anyone encountered a similar issue or can provide insight into why the code might not work in the Non-UI Extension compared to the main app? Support Information: iOS Version: 17.5.1 Development environment: Xcode 15.4 (15F31d), macOS 14.3 (23D56) Any help or suggestions would be greatly appreciated. Thank you!

I am adding In-App provisioning to my app. I am able to access the Apple Pay Sandbox and I have successfully tested adding a secure element/payment pass to Apple Wallet. However, once the pass has been added to the wallet, I can not access or retrieve the pass from my app. I have confirmed with the PNO that the PNO Pass Metadata Configuration in the testing environment include the correct metadata for "associatedApplicationIdentifiers" and "associatedStoreIdentifiers". Does anyone know why I am having this issue and how I can resolve it? Steps used to access pass in Apple Wallet I am unable to view the pass when I attempt to access it using the PKPassLibrary function as follows: let library = PKPassLibrary() if #available(iOS 13.4, *) { // This returns an empty array library.passes(of: .secureElement) } else { // This also returns an empty array library.passes(of: .payment) } // This returns an empty array too library.passes() Steps used to add pass to Apple Wallet These are the steps I follow to add the card: I create a PKAddPaymentPassRequestConfiguration I use this config to instantiate a PKAddPaymentPassViewController. I provide the nonce, nonceSignature, and certificates to my PNO along with the card data. I receive the activationData, encryptedPassData, and ephemeralPublicKey from my PNO and create a PKAddPaymentPassRequest using this data. I add the pass to Apple Wallet. In the addPaymentPassViewController callback, I am able to view the pass data from the .didFinishAdding pass: PKPaymentPass? variable. I am also able to see that the pass has been added from Apple Wallet app. I am not able to access the pass using PKPassLibrary().passes() at this point. I am not able to access the pass at any point after adding it either.

Hello, We are implementing in-app provisioning in our fintech app; the card issuer is a third party, so we have limited control and visibility. We have ruled out the causes we could investigate on our side and on the card issuer’s side. We are reaching out to ask for your help in understanding what is going wrong so we can fix it. What happens: User taps “Add to Apple Wallet” → we present PKAddPaymentPassViewController → they tap Next → after a few seconds the flow fails with "Set Up Later" alert. Device log: ProvisioningOperationComposer: Step 'eligibility' failed with error <PKProvisioningError: severity: 'terminal'; internalDebugDescriptions: '( "eligibility request failure", "Received HTTP 500" )'; underlyingError: 'Error Domain=PKPaymentWebServiceErrorDomain Code=0 "Unexpected error." UserInfo={PKErrorHTTPResponseStatusCodeKey=500, NSLocalizedDescription=Unexpected error.}'; userInfo: '{ PKErrorHTTPResponseStatusCodeKey = 500; }'; Feedback Assistant ID: FB22007923 (Error during the In-App Provisioning process)

We are implementing Apple Pay In-App Provisioning (EV_ECC_v2) for our EU app. The same codebase and encryption logic works successfully for our main app (different bundle ID and Adam ID), but the EU app consistently fails with HTTP 500. Environment: Entitlement: Granted (Case-ID: 18772317) Encryption scheme: EV_ECC_v2 Issue: During In-App Provisioning, the iOS app successfully obtains certificates, generates cryptographic material (encryptedCardData, activationData, ephemeralPublicKey), and POSTs to Apple's broker endpoint. The request fails at: Endpoint: POST /broker/v4/devices/{SEID}/cards Response: HTTP 500 with an HTML error page (not a JSON business error) <html> <head><title>500 Internal Server Error</title></head> <body> <center><h1>500 Internal Server Error</h1></center> <hr><center>Apple</center> </body> </html> Key observations: Our main app (different bundle ID/Adam ID) uses identical encryption code, private keys, and key alias — and works correctly in production. Manual card provisioning through Apple Wallet on the same device succeeds. The entitlement com.apple.developer.payment-pass-provisioning is confirmed present in the provisioning profile (verified via codesign). The 500 response is HTML rather than JSON, suggesting the request is rejected at the gateway level before reaching Apple Pay business logic. What we've verified: Entitlement correctly configured in provisioning profile ephemeralPublicKey is in uncompressed format (65 bytes, starts with 0x04) encryptionVersion is EV_ECC_v2 No double Base64 encoding Question: Could you please check whether Adam ID 6745866031 has been correctly added to the server-side allow list for In-App Provisioning in the production environment? Given the HTML 500 (not JSON) and that the identical code works for our other app, we suspect this may be an allow list or account configuration issue rather than a cryptography error. I will follow up with a Feedback Assistant ID including sysdiagnose logs shortly, per the steps outlined in https://developer.apple.com/forums/thread/762893

During Apple Pay in-app provisioning (EV_ECC_v2), our iOS app successfully obtains the issuer provisioning certificates and generates cryptographic material. The flow fails when Apple posts the card blob to Apple’s broker (card creation step), returning HTTP 500 from .../broker/v4/devices/{SEID}/cards. Steps: Call issuerProvisioningCertificates?encryptionVersion=EV_ECC_v2 → 200 OK; returns ECC leaf + Apple Root CA chain; nonce=2a831be4. 2. Build {encryptedCardData, activationData, ephemeralPublicKey} 3. POST /broker/v4/devices/{SEID}/cards Expected: 200 OK on /broker/v4/devices/{SEID}/cards, or 5xx with a descriptive error if payload/cryptography is invalid. Observed: 500 Internal Server Error from Apple broker on /cards (labeled “eligibility” in PassKit logs), causing a terminal failure in Wallet UI.

I've encountered an issue where we need multiple domain associations with separate Apple Pay implementations. Briefly, we have a /.well-known/apple-developer-merchantid-domain-association already setup with Stripe, and now we need another, different version of the file to get setup with FreedomPay. FreedomPay insists this file represents a three-way relationship between all parties and I have no reason to disbelieve them. I'm wondering if anyone has encountered this or if there is a standard procedure. I'm currently trying to find documentation on the exact way Apple Pay verification interacts with this file to see if we can produce it dynamically.