Hi, Somebody knows how to decode / decrypt emvData on Apple Pay e-commerce when paymentDataType=EMV? Thanks. Reference: https://developer.apple.com/documentation/passkit/payment-token-format-reference#Detailed-payment-data-keys-EMV

I'm currently integrating Apple Pay with my payment provider, and I'm encountering a signature validation error during the payment flow. Here's the setup: I’ve verified that my Merchant Certificate is valid, and I'm able to initialize the Apple Pay session without any issues. Also this curl works fine The Payment Processing Certificate was created by my PSP. PSP claims that the payment token signature is invalid during the transaction phase, which prevents payment completion. The parsed signature starts like this 0:d=0 hl=2 l=inf cons: SEQUENCE 2:d=1 hl=2 l= 9 prim: OBJECT :pkcs7-signedData 13:d=1 hl=2 l=inf cons: cont [ 0 ] 15:d=2 hl=2 l=inf cons: SEQUENCE 17:d=3 hl=2 l= 1 prim: INTEGER :01 20:d=3 hl=2 l= 13 cons: SET 22:d=4 hl=2 l= 11 cons: SEQUENCE 24:d=5 hl=2 l= 9 prim: OBJECT :sha256 35:d=3 hl=2 l=inf cons: SEQUENCE 37:d=4 hl=2 l= 9 prim: OBJECT :pkcs7-data 48:d=4 hl=2 l= 0 prim: EOC 50:d=3 hl=2 l=inf cons: cont [ 0 ] 52:d=4 hl=4 l= 995 cons: SEQUENCE 56:d=5 hl=4 l= 904 cons: SEQUENCE 60:d=6 hl=2 l= 3 cons: cont [ 0 ] 62:d=7 hl=2 l= 1 prim: INTEGER :02 65:d=6 hl=2 l= 8 prim: INTEGER :16634C8B0E305717 75:d=6 hl=2 l= 10 cons: SEQUENCE 77:d=7 hl=2 l= 8 prim: OBJECT :ecdsa-with-SHA256 87:d=6 hl=2 l= 122 cons: SEQUENCE 89:d=7 hl=2 l= 46 cons: SET 91:d=8 hl=2 l= 44 cons: SEQUENCE 93:d=9 hl=2 l= 3 prim: OBJECT :commonName 98:d=9 hl=2 l= 37 prim: UTF8STRING :Apple Application Integration CA - G3 I'm looking for guidance on what could be causing this signature failure. Does anyone know what else I can check regarding the merchant or payment processing certificates, private keys, or key usage that might cause Apple Pay signature validation to fail, even if the session initializes successfully? Domains are also verified. Any help or suggestions would be greatly appreciated.

we are currently using the requestAutomaticPassPresentationSuppression API in my app. to prevent the Wallet interface from appearing when an NFC/RF reader is detected during active app usage. Recently, a new transit card supporting Express Mode (T-money Transit Card) was released in Korea, and we are seeing an increasing number of users enabling Express Mode. However, this has introduced an issue where users are unable to use the BLE-based functionality we provide via our widget. Specifically, when the user taps our widget, it triggers a BLE signal broadcast for approximately 10 seconds. In this scenario, when the user brings their iPhone close to our reader, Express Mode is activated before the BLE interaction can be established. This prevents the BLE signal from being successfully received and processed. We would like to ask: Is it possible to suppress Express Mode behavior (similar to requestAutomaticPassPresentationSuppression) even when the app is launched via a widget interaction? Alternatively, is there any way to delay or defer Express Mode activation temporarily when launching from a widget or during BLE communication? We would appreciate any guidance or best practices you can share regarding this scenario. Thank you.

Hi Apple Team and Developers, I’ve been testing the Top-up flow in our app via the TestFlight environment. Across multiple devices (around 10 tested), everything works fine with no issues. However, on one specific device — iPhone 14 Pro Max running iOS 18.6.2 — I’ve noticed an intermittent issue: When performing a Top-up, the Apple UI first shows a successful purchase confirmation. Immediately afterward, another UI prompt appears asking the player to re-enter their Apple ID password. At the same time, Apple returns a ghost string that we cannot use to verify the user’s package bundle ID. This creates potential confusion for users, as they see both a success confirmation and an unexpected password prompt. I’m unsure if this behavior is expected or if there’s a recommended way to handle or prevent this issue. Has anyone else encountered something similar, or does Apple have a suggested fix/workaround for this? For reference, here’s a short video of the issue in action: \🔗 https://drive.google.com/file/d/1Ml-QpEu4ocoxn-W3wEMsFMbXy2QdwbHB/view?usp=sharing Any guidance would be greatly appreciated. Thank you for your support!

We are implementing in-app provisioning in our fintech app; We are reaching out to ask for your help in understanding what is going wrong so we can fix it. What happens: User taps “Add to Apple Wallet” → we present PKAddPaymentPassViewController → they tap Next → after a few seconds the flow fails with "Set Up Later" alert. Device log: "eligibility request failure", "Received HTTP 500" )'; underlyingError: 'Error Domain=PKPaymentWebServiceErrorDomain Code=0 "Unexpected error." UserInfo={PKErrorHTTPResponseStatusCodeKey=500, NSLocalizedDescription=Unexpected error.}'; userInfo: '{ PKErrorHTTPResponseStatusCodeKey = 500; }'; > Feedback Assistant ID: FB22176928 (In-App Provisioning issue 500 Internal Server Error)

Hello, we are trying to extend the dates of verified domains following the docs of https://developer.apple.com/documentation/applepayontheweb/maintaining-your-environment#Renew-Your-Domain-Verification and configured the server following https://developer.apple.com/documentation/ApplePayontheWeb/setting-up-your-server we've download the apple-developer-merchantid-domain-association.txt and update them on their respective locations, click 'ok' button and we get redirected to the main page of the merchant certificate, but the expiration dates have not been extended, we can see on our web crawler that Apple Requested the file and it return a 200. No popup errors are shown, no console developer error we only get redirected to the merchant certificate information page.

Please take a look at: FB22280049

We’ve integrated in-app card provisioning into our application. All required configurations have been completed, including: Token Service Provider (TSP) setup Certificates uploaded to the Apple Developer portal While the card is successfully added to the Wallet app, our application is currently unable to retrieve or read the added passes.

Hello everyone, I’m currently in the process of implementing Apple Pay on my company’s e-commerce website under a subscription model with recurring payments. I would appreciate some help in clarifying the following points: Is the applicationPrimaryAccountNumber the DPAN and the merchantTokenIdentifier the MPAN? If not, which fields represent each one or how do I recognise them? Is the onlinePaymentCryptogram used only for processing payments with the DPAN, or is it also involved when using the MPAN? Is the onlinePaymentCryptogram single-use or does it have an expiration time? Or is it reusable with no limits? According to Apple’s data policies, is it recommended for our servers to perform the payment token decryption (debundling), or should this only be handled by the payment gateway processor to stay compliant? Below is the payment request I’m using for testing, along with the decrypted payment token returned for a test card: Payment Request: { "countryCode": "US", "currencyCode": "USD", "merchantCapabilities": ["supports3DS", "supportsDebit", "supportsCredit"], "supportedNetworks": ["visa", "masterCard", "amex", "discover"], "requiredBillingContactFields": ["postalAddress", "name"], "lineItems": [ { "label": "Subtotal", "amount": "9" }, { "label": "Taxes", "amount": "1" } ], "total": { "label": "Demo (Card is not charged)", "amount": "10", "type": "final", "recurringPaymentIntervalUnit": "month" }, "recurringPaymentRequest": { "paymentDescription": "Recurring payment", "regularBilling": { "label": "Demo (Card is not charged)", "amount": "10", "type": "final", "paymentTiming": "recurring", "recurringPaymentIntervalUnit": "month" }, "managementURL": "${window.location.origin}/api/managePaymentMethod" } } Decrypted Payment Token: { "applicationPrimaryAccountNumber": "5204240494898922", "applicationExpirationDate": "280630", "currencyCode": "840", "transactionAmount": 0, "deviceManufacturerIdentifier": "050110030273", "paymentDataType": "3DSecure", "paymentData": { "onlinePaymentCryptogram": "MCt5xR+VnQAAAAM/8mUjAAADFIA=" }, "merchantTokenIdentifier": "DM4MMC1US000000042e438d170774669844e732a41c28e97", "merchantTokenMetadata": { "cardMetadata": { "longDescription": "Test Bank for MasterCard MTF", "cardCountry": "US", "shortDescription": "Test Bank 2", "fpanSuffix": "0049" }, "cardArt": [ { "url": "https://nc-crt-smp-device-asset.apple.com:443/broker/v1/assets/174ce63257704d93b00aff8aa09ec0d5", "name": "cardBackgroundCombined@2x.png", "type": "image/png" } ] } } Thanks in advance for your help and guidance.

In the docs, I see a button type with label "Pay With [apple logo]. https://developer.apple.com/design/human-interface-guidelines/apple-pay Although I don't see this type as an option here: https://developer.apple.com/documentation/PassKit/PKPaymentButtonType Wondering if I'm looking in the right place and if this button type is still available?

please bear with me, i am NOT a developer. we have third party developer creating a banking app that is throwing an error when trying to provision MasterCard for Apple Pay. MasterCard says they do not see the request come in at all. our developer says the issue is between mastercard and apple - and asked us to reach out to Apple. Information provided from our developer: “Error code 2 is 'system cancelled' from the PKAddPaymentPassError enum. Basically, there is an issue between Apple and Mastercard (using the encrypted card info from...” Response from Mastercard Connect: Upon further research with the examples you shared we are not seeing any attempt that reached to MC

We have updated the PNO metadata to include the associatedApplicationIdentifiers for our wallet extensions and the issuer app. While we are able to successfully provision the card to Apple Wallet via pull provisioning, we are unable to retrieve the payment passes that have already been provisioned. How can we address this issue? let passLibrary = PKPassLibrary() let paymentPassLibrary = self.passLibrary.passes(of: .secureElement) paymentPassLibrary is an empty array even though we have passes provisioned.

Hi, I am currently implementing a recurring payment feature using the Apple Pay JS API. Based on the official demo (https://applepaydemo.apple.com/apple-pay-js-api), it appears that the recurringPaymentRequest object only supports a maximum of two stages: trialBilling and regularBilling. However, our service requires a multi-stage billing model with three or more different cycles/amounts as shown below: Example Schedule: Stage 1: 2,000 JPY (2026-03-01 to 2026-04-01) Stage 2: 1,500 JPY (2026-04-01 to 2026-10-01) Stage 3: 1,000 JPY (2026-10-01 to 2027-10-01) Stage 4: 500 JPY (Thereafter) Questions: Is there any way to directly define and display three or more different billing cycles/amounts on the Apple Pay payment sheet? If the API is strictly limited to two stages, what is the Apple-recommended way to provide transparency for such complex schedules while remaining compliant with the guidelines? For instance, is it acceptable to set the final amount in regularBilling and explain the preceding stages in the billingAgreement or paymentDescription fields? I would appreciate any insights or official guidance on this. Best regards,

Cybersource production support has clarified issue as below "On the BAD Case, it seems that the Apple Payload did not contain the "onlinePaymentCryptogram" object within the JSON. The Cryptogram is critical and mandatory. Since the merchant cannot really control this, and since CYBS is just decrypting the payload and uses it, we cannot comment as to why it was missing. The merchant would need to reach out to Apple and/or decrypt the payment themselves locally to check if and why this data was not present, for troubleshooting purposes."

We are unable to add/remove Merchant IDs in App IDs identifier profile, after pressing "Edit" button on "Apple Pay Payment Processing" section, then choosing desired Merchant ID to check/uncheck from the available Merchant IDs, then pressing Continue/Save/Confirm buttons - nothing happens, the "Save" button text briefly changes to "Processing" and then back To "Save" and we still have previously enabled Merchant IDs and the Save button is still in enabled state, any help?

We plan to set Manual PAN Entry Allowed = N and accept only issuer push provisioning (PKAddPaymentPass). Is there any Apple Pay programme rule that obliges us to keep MANUAL_ENTRY enabled? Will disabling it affect “Participating Issuer” listing?

Hello, We are experiencing an issue with Apple Pay integration in our application. We are using WKWebView to handle various payment methods, but we are unable to complete payments via Apple Pay. Upon debugging the WKWebView, we received the following error message: "400 No required SSL certificate was sent" when attempting to process the payment. Currently, we are using a Let's Encrypt SSL certificate. Could you please confirm whether this certificate is suitable for Apple Pay, or if we should be using a different SSL certificate?

We are observing unexpected behavior in Apple Wallet for transactions processed via an online delivery platform. Here is the specific flow: Initial Authorization: The original order was placed for $22.30. Order Amendment: The user added an item 10 minutes later for $6.20, bringing the total to $28.50. The Issue: Apple Wallet only displays the $6.20 transaction. The initial $22.30 amount is not visible in the transaction list. Technical Verification: We confirmed that both backend authorization messages for the original amount and the add-on were approved. We verified that the final settlement amounts correctly reflect the sum of both charges ($28.50). We have confirmed the transaction lifecycle completed successfully on our end. Despite this, the customer only sees the $6.20 entry in their Wallet history, which creates confusion as it doesn't reflect the total spent. Has anyone encountered this sync issue between settlement totals and Wallet display, or is there a specific way we should be linking these related authorizations? Thanks!

I have some questions related to MPAN. What is the format of an MPAN? Is it the same as DPAN? Is it PAN preserving format? Is a Cryptogram required and if yes, what kind of cryptogram? Is it the same format as DPAN? Thanks in Advance!

Currently, on our Production environment, when calling https://apple-pay-gateway.apple.com/paymentservices/paymentSessio,n we are randomly receiving: "Payment Services Exception merchantId={Value} unauthorized to process transactions on behalf of merchantId={Value} reason={Value} is not a registered merchant in WWDR and isn't properly authorized via Mass Enablement, either." Since launching Apple Pay on our platform we have received a new Domain Verification File and looking at some of the Domain Verification File that are hosted on the domains they are different to ours. Questions around the Domain Verification File Would we have to update every single Domain Verification File every time we receive a new one ? Does the paymentSession verfiy/call the Domain Verification File on the domain listed at https://[DOMAIN_NAME]/.well-known/apple-developer-merchantid-domain-association ? What happens if the Domain Verification File doesnt match the one that we currently have ? Would we have to regrester our Domains everytime we get a new Domain Verification File ?