Hi, You're here because you've had issues with your implementation of In-App Provisioning Extensions for Apple Pay In-App Provisioning or In-App Verification. To prevent sending sensitive credentials in plain text, create a new report in Feedback Assistant to share the details requested below with the appropriate log profiles installed. Gathering Required Information for Troubleshooting Apple Pay In-App Provisioning or In-App Verification Issues While troubleshooting Apple Pay In-App Provisioning or In-App Verification, it is essential that the issuer is able to collect logs on their device and check those logs for error message. This is also essential when reporting issues to Apple. To gather the required data for your own debugging as well as reporting issues, please perform the following steps on the test device: Install the Apple Pay and Wallet profiles on your iOS or watchOS device. If the issue occurs on Mac, continue to Step 2. Reproduce the issue and make a note of the timestamp when the issue occurred, while optionally capturing screenshots or video. Gather a sysdiagnose on the same iOS or watchOS device, or on macOS. Create a Feedback Assistant report with the following information: The bundle IDs App bundle ID Non-UI app extension bundle ID (if applicable) UI app extension bundle ID (if applicable) The serial number of the device. For iOS and watchOS: Open Settings > General > About > Serial Number (tap and hold to copy). For macOS: Open the Apple () menu > About This Mac > Serial Number. The SEID (Secure Element Identifier) of the device, represented as a HEX encoded string. For iOS and watchOS: Open Settings > General > About > SEID (tap and hold to copy). For macOS: Open the Apple () menu > About This Mac > System Report > NVMExpress > Serial Number. The sysdiagnose gathered after reproducing the issue. The timestamp (including timezone) of when the issue was reproduced. The type of provisioning failure (e.g., error at Terms & Conditions, error when adding a card, etc.) The issuer/network/country of the provisioned card (e.g., Mastercard – US) Last 4 digits of the FPAN Last 4 digits of the DPAN (if available) Was this test initiated from the Issuer App? (e.g., yes or no) The type of environment (e.g., sandbox or production) Screenshots or videos of errors and unexpected behaviors (optional). Important: From the logs gathered above, you should be able to determine the cause of the failure from PassbookUIService, PassKit or PassKitCore, and by filtering for your SEID or bundle ID of your app or app extensions in the Console app. Submitting your feedback Before you submit to Feedback Assistant, please confirm the requested information above is included in your feedback. Failure to provide the requested information will only delay my investigation into the reported issue within your Apple Pay client. After your submission to Feedback Assistant is complete, please respond in your existing Developer Forums post with the Feedback ID. Once received, I can begin my investigation and determine if this issue is caused by an error within your client, a configuration issue within your developer account, or an underlying system bug. Cheers, Paris X Pinkney |  WWDR | DTS Engineer

Hi, To ensure the issue is not caused by an error within your app or web service request, please review the Apple Pay Merchant Integration Guide. Additionally, please review the following technotes on Apple Pay: TN3173: Troubleshooting issues with your Apple Pay merchant identifier configuration TN3174: Diagnosing issues with the Apple Pay payment sheet on your website TN3175: Diagnosing issues with displaying the Apple Pay button on your website TN3176: Troubleshooting Apple Pay payment processing issues If the resources above don’t help identify the cause of the error, please provide more information about your app or web services to get started. To prevent sending sensitive credentials in plain text, create a report in Feedback Assistant to share the details requested below. Additionally, if the error is something we need to investigate further, the appropriate engineering teams also have access to the same information and can communicate with you directly within Feedback Assistant for more information, as needed. Please follow the instructions below to submit your report. For issues occurring with your native app or web service, perform the following steps: Install the Apple Pay profile on your iOS or watchOS device. If the issue occurs on Mac, continue to Step 2. Reproduce the issue and make a note of the timestamp when the issue occurred, while optionally capturing screenshots or video. Gather a sysdiagnose on the same iOS or watchOS device, or on macOS. Create a Feedback Assistant report with the following information: The serial number of the device. For iOS and watchOS: Open Settings > General > About > Serial Number (tap and hold to copy). For macOS: Open the Apple () menu > About This Mac > Serial Number. The SEID (Secure Element Identifier) of the device, represented as a HEX encoded string. For iOS and watchOS: open Settings > General > About > SEID (tap and hold to copy). For macOS: Open the Apple () menu > About This Mac > System Report > NVMExpress > Serial Number. The sysdiagnose gathered after reproducing the issue. The timestamp of when the issue was reproduced. Screenshots or videos of errors and unexpected behaviors (optional). Important: From the logs gathered above, you should be able to determine the cause of the failure from PassbookUIService, PassKit or PassKitCore, and by filtering for your SEID or merchant domain in the Safari Web Inspector. See Inspecting Safari on macOS to learn more. Submitting your feedback Before you submit to Feedback Assistant, please confirm the requested information above is included in your feedback. Failure to provide the requested information will only delay my investigation into the reported issue within your Apple Pay website. After your submission to Feedback Assistant is complete, please respond in your existing Developer Forums post with the Feedback ID. Once received, I can begin my investigation and determine if this issue is caused by an error within your web implementation, a configuration issue within your developer account, or an underlying system bug. Cheers, Paris X Pinkney |  WWDR | DTS Engineer

iOS 16 and earlier On iOS 16 and earlier, Apple Pay on the Web required Safari—and all interactions with the Apple Pay API to come from the parent/top level page. In order to facilitate the Apple Pay button in an HTML inline frame (iframe), there will need to be cross frame communication between the child and parent pages. Cross frame communication should be secure and robust, therefore the use of postMessage for this purpose is recommended. The expectation is for all communication with Apple Pay to occur from the parent page, so the iframe must relay all Apple Pay related events to the parent to handle. Some examples: Apple Pay availability: The parent calls applePayCapabilities, then sends the message of the response to the iframe, which then uses the value to toggle the visibility of the Apple Pay button. Apple Pay session: The iframe receives an onclick() event when the Apple Pay button is clicked and sends the message to the parent (providing details about the transaction). The parent create the payment request to obtain the session validation URL, and eventually receive session credentials and invokes completeMerchantValidation() to prevent the payment sheet. After the payment is authorized by the Payment Service Provider (PSP), the parent either: Redirects the parent page to a payment success page; or Sends a message to the iframe to complete the transaction flow itself. iOS 17 and later On IOS 17 and later, the iframe HTML element should include the allow="payment" attribute, which should facilitate the cross frame communications instead of needing a dedicated JavaScript library. This means all of the Apple Pay code/calls can reside in the iframe page—which is typically a hosted page from a Payment Service Provider (PSP), all the parent page—typically a merchant—has to do is add the attribute mentioned above to the iframe element. Important: Regardless of the iOS version, the PSP/merchant always needs to make sure the parent page domain is the one registered in the Developer portal, and used in the request to generate a merchant session via ApplePaySession. Cheers, Paris X Pinkney |  WWDR | DTS Engineer

Hi, we are implementing ID&V and there is a requirement regarding the flow for Apple Pay. In order to clarify the case I will describe the use case scenario or steps to reproduce first: add a card to the iPhone wallet app (yellow path verification required). Do not complete the ID&V process. add a card to the Watch via the Wallet inside the iPhone Watch app (yellow path verification required). Same as before, do not complete the ID&V complete ID&V process using the Issuer App either from iPhone or Watch. the Issuer app receives the application:openURL:options: callback on its AppDelegate. In the options dictionary, we can not see the UIApplicationOpenURLOptionsSourceApplicationKey populated (it is nil). At this moment, for the card we are adding there are now two tokens, both to be verified via ID&V process. One is on the iPhone and one is on the Apple Watch associated with the same iPhone. The url received at step 4 contains the serial number which identifies the digitized card and matches with both the tokens in the iPhone and in the Apple Watch. We need something to detect programmatically if the digitization process started from the iPhone Wallet app or from the wallet inside the Watch app. Could you please help us to identify how we could discriminate if the ID&V process has been started for the iPhone token or for the Apple Watch token? Thanks

Hello, we are trying to extend the dates of verified domains following the docs of https://developer.apple.com/documentation/applepayontheweb/maintaining-your-environment#Renew-Your-Domain-Verification and configured the server following https://developer.apple.com/documentation/ApplePayontheWeb/setting-up-your-server we've download the apple-developer-merchantid-domain-association.txt and update them on their respective locations, click 'ok' button and we get redirected to the main page of the merchant certificate, but the expiration dates have not been extended, we can see on our web crawler that Apple Requested the file and it return a 200. No popup errors are shown, no console developer error we only get redirected to the merchant certificate information page.

We are working with two types of wallet passes. Provisioning works successfully for one pass type via wallet extensions, but the same process is not functioning for the other. For the second pass type, we are able to generate the required data for pull provisioning and send it to Apple. Additionally, in-app push provisioning for this pass type completes without issue. We would appreciate guidance on how to further debug and resolve this provisioning problem.

Hello, I am currently testing an Adyen integration with Sylius and need to verify Apple Pay with Cartes Bancaires in the sandbox environment. Could you please advise how Cartes Bancaires can be tested in Apple Pay Sandbox (e.g. cards details)? Thank you in advance for your guidance. Best regards, Grzegorz

On Applepay's docs it talks about the ability to do "flexible" payments and scheduling for future purchases. We need to be able to make only a single approval of an Apple payment for multiple submissions later on. Think, deferred payments at an arbitrary schedule without presenting the ApplePay dialog each and every time. The docs suggest that may be possible, but are maddeningly vague on how to do that. Is it possible or not? Can we store an approved merchant's token for example and leverage that for future transactions?

Hi everyone, I have a question regarding App Store approval. In my country, Apple In-App Purchases are not supported, so for users in unsupported regions we need to use a third-party payment provider. For countries where In-App Purchases are supported, we plan to use Apple IAP. Could you please advise on the correct approach to ensure the app complies with App Store guidelines and can be approved?

We have been informed by a third-party subscription tracking service(Adjust) that, due to the following specification of App Store Connect, it is not possible to connect an STG app (a non-published testing app) with their server: Specification: Since Apple’s API only allows access for apps that are already published, it is not possible to enable subscription tracking for iOS apps that are not yet published. Could you please confirm if our understanding of this specification is correct? Additionally, is there any method or recommended approach to verify subscription tracking behavior with an STG (non-published) app before the app is released? Thank you very much for your support.

Dears, Please take a look at case: FB21940123 (Wallet Extension unable to add card) Thanks

Cybersource production support has clarified issue as below "On the BAD Case, it seems that the Apple Payload did not contain the "onlinePaymentCryptogram" object within the JSON. The Cryptogram is critical and mandatory. Since the merchant cannot really control this, and since CYBS is just decrypting the payload and uses it, we cannot comment as to why it was missing. The merchant would need to reach out to Apple and/or decrypt the payment themselves locally to check if and why this data was not present, for troubleshooting purposes."

Hello, On my website, I have a button to make a payment via Apple Pay. When I click on it, the Touch ID window opens correctly. However, when I place my finger on the Touch ID, I get a payment error. This issue only occurs in production mode. In sandbox mode, everything works perfectly. Here is a log file : log.txt Thank you in advance for your help.

we are currently using the requestAutomaticPassPresentationSuppression API in my app. to prevent the Wallet interface from appearing when an NFC/RF reader is detected during active app usage. Recently, a new transit card supporting Express Mode (T-money Transit Card) was released in Korea, and we are seeing an increasing number of users enabling Express Mode. However, this has introduced an issue where users are unable to use the BLE-based functionality we provide via our widget. Specifically, when the user taps our widget, it triggers a BLE signal broadcast for approximately 10 seconds. In this scenario, when the user brings their iPhone close to our reader, Express Mode is activated before the BLE interaction can be established. This prevents the BLE signal from being successfully received and processed. We would like to ask: Is it possible to suppress Express Mode behavior (similar to requestAutomaticPassPresentationSuppression) even when the app is launched via a widget interaction? Alternatively, is there any way to delay or defer Express Mode activation temporarily when launching from a widget or during BLE communication? We would appreciate any guidance or best practices you can share regarding this scenario. Thank you.

Bank Accounts details are outdated and status is stack on processing with error: "Your banking updates are processing, and you should see the changes in 24 hours. You won't be able to make any additional updates until then." This is now stack for a few years since we activated a previous Apple developer account. we must change banking details as it holds up development of an app with in-app purchases. Finance department has been contacted and they do not answer What shall we do? senior support staff keep referring to finance department and is not helping

We have an app that uses the pass-presentation-suppression entitlement and calls requestAutomaticPassPresentationSuppression to prevent the Wallet app from being presented when the device is displaying a barcode to a barcode/nfc reader. This works as expected for users of the standard Apple Wallet app. However, it does not prevent third-party wallet apps from being launched, which hides the barcode and prevents it from being scanned properly. What options do I have to prevent third-party wallet apps from launching or interfering while our app is actively presenting a barcode?

Hello everyone, I’m currently in the process of implementing Apple Pay on my company’s e-commerce website under a subscription model with recurring payments. I would appreciate some help in clarifying the following points: Is the applicationPrimaryAccountNumber the DPAN and the merchantTokenIdentifier the MPAN? If not, which fields represent each one or how do I recognise them? Is the onlinePaymentCryptogram used only for processing payments with the DPAN, or is it also involved when using the MPAN? Is the onlinePaymentCryptogram single-use or does it have an expiration time? Or is it reusable with no limits? According to Apple’s data policies, is it recommended for our servers to perform the payment token decryption (debundling), or should this only be handled by the payment gateway processor to stay compliant? Below is the payment request I’m using for testing, along with the decrypted payment token returned for a test card: Payment Request: { "countryCode": "US", "currencyCode": "USD", "merchantCapabilities": ["supports3DS", "supportsDebit", "supportsCredit"], "supportedNetworks": ["visa", "masterCard", "amex", "discover"], "requiredBillingContactFields": ["postalAddress", "name"], "lineItems": [ { "label": "Subtotal", "amount": "9" }, { "label": "Taxes", "amount": "1" } ], "total": { "label": "Demo (Card is not charged)", "amount": "10", "type": "final", "recurringPaymentIntervalUnit": "month" }, "recurringPaymentRequest": { "paymentDescription": "Recurring payment", "regularBilling": { "label": "Demo (Card is not charged)", "amount": "10", "type": "final", "paymentTiming": "recurring", "recurringPaymentIntervalUnit": "month" }, "managementURL": "${window.location.origin}/api/managePaymentMethod" } } Decrypted Payment Token: { "applicationPrimaryAccountNumber": "5204240494898922", "applicationExpirationDate": "280630", "currencyCode": "840", "transactionAmount": 0, "deviceManufacturerIdentifier": "050110030273", "paymentDataType": "3DSecure", "paymentData": { "onlinePaymentCryptogram": "MCt5xR+VnQAAAAM/8mUjAAADFIA=" }, "merchantTokenIdentifier": "DM4MMC1US000000042e438d170774669844e732a41c28e97", "merchantTokenMetadata": { "cardMetadata": { "longDescription": "Test Bank for MasterCard MTF", "cardCountry": "US", "shortDescription": "Test Bank 2", "fpanSuffix": "0049" }, "cardArt": [ { "url": "https://nc-crt-smp-device-asset.apple.com:443/broker/v1/assets/174ce63257704d93b00aff8aa09ec0d5", "name": "cardBackgroundCombined@2x.png", "type": "image/png" } ] } } Thanks in advance for your help and guidance.

We have updated the PNO metadata to include the associatedApplicationIdentifiers for our wallet extensions and the issuer app. While we are able to successfully provision the card to Apple Wallet via pull provisioning, we are unable to retrieve the payment passes that have already been provisioned. How can we address this issue? let passLibrary = PKPassLibrary() let paymentPassLibrary = self.passLibrary.passes(of: .secureElement) paymentPassLibrary is an empty array even though we have passes provisioned.

So I'm wondering if Apple makes commission on those payments since they're made in the app. For example a user may pay another user to clean their car. This will be handled with Stripe Connect and their balance, payment history, etc will be displayed in the app. Does Apple charge commission on that? The section the app review guidelines that I'm refrencing is below, but I'm still a little confused. 3.1.3(e) Goods and Services Outside of the App: If your app enables people to purchase physical goods or services that will be consumed outside of the app, you must use purchase methods other than in-app purchase to collect those payments, such as Apple Pay or traditional credit card entry.

We are an acquirer/payment provider offering Apple Pay. Our merchants use our hosted checkout to accept payments. After a user pays with Apple Pay on our checkout, the Wallet transaction record shows our checkout domain as the payee. We would like it to display the merchant’s brand/name so users can recognize or contact the merchant. Is there any parameter or configuration that controls what Wallet shows as the payee? For example, can this be set via a specific field/parameter, or is it strictly derived from the Merchant ID’s display name (or other Apple Pay configuration)? What is the correct approach for a PSP/acquirer to have the merchant’s brand shown in Wallet transaction record? Additional detail: The field in question is the merchant/payee name shown in the Apple Wallet receipt—directly under the transaction amount at the top of the receipt, and again beneath the “Total” line.

Hello, We are experiencing an issue with Apple Pay integration in our application. We are using WKWebView to handle various payment methods, but we are unable to complete payments via Apple Pay. Upon debugging the WKWebView, we received the following error message: "400 No required SSL certificate was sent" when attempting to process the payment. Currently, we are using a Let's Encrypt SSL certificate. Could you please confirm whether this certificate is suitable for Apple Pay, or if we should be using a different SSL certificate?

Hello, We are implementing Apple Wallet extensions (PKIssuerProvisioningExtensionHandler). While our UI extension works as expected, our Non-UI extension is unable to detect payment passes provisioned by our app. Specifically, PKPassLibrary().passes(of: .secureElement) returns an empty array when called from the Non-UI extension, even though the same call correctly returns the passes when executed from the Main iOS App. Our Payment Network Operator has confirmed that our extension bundle identifiers are correctly registered in the metadata on their side. They suggested that the Wallet Extensions entitlement (com.apple.developer.payment-pass-provisioning) may require additional backend enablement for these specific Extension App IDs. Is there a known reason why PKPassLibrary would behave differently in the Non-UI extension vs the Main App? Beyond the standard entitlement request, is there a specific process to "activate" these IDs for extension visibility? Does anyone have guidance on reaching the appropriate team for backend entitlement activation issues? Any insights would be greatly appreciated.