We are an issuer attempting to implement In-App Provisioning of Payment Cards leveraging Mastercard MDES and have successfully obtained our entitlement from Apple, but have not received the documentation titled "Getting Started with Apple Pay In-App Provisioning, Verification & Security". The latest copy I have found has been via Scribd for a version 3.0 from June 2020. I've tried contacting Apple Support and the In-App Provisioning Entitlements group but have had no luck. Thank you!

Hi everyone, I’m encountering a strange issue with Apple Pay in our React Native iOS app using the Stripe React Native SDK. Summary of the Problem: • Apple Pay shows up as an available payment method inside the Stripe Payment Sheet. • When I tap Apple Pay, the Apple Pay sheet opens normally. • After confirming payment, the Apple Pay sheet immediately closes, and nothing happens. • No payment is created and no request reaches Stripe’s servers. On Stripe Dashboard the PaymentIntent remains incomplete, with no errors, which means the failure happens before Stripe receives anything. Environment • React Native with @stripe/stripe-react-native • StripeProvider configured with: <StripeProvider publishableKey={...} merchantIdentifier="merchant.com.app.venga" stripeAccountId={...} urlScheme="venga" > Apple Pay works on our web checkout with the same merchant identifier. We have verified all of the required Apple Pay setup: • Merchant ID exists, active, and matches exactly. • Merchant ID added to the iOS app target in Xcode → Signing & Capabilities. • Apple Pay capability enabled. • Merchant domain is verified (web checkout works). • Apple Pay certificate and merchant certificate are valid. • Stripe publishable key and merchantIdentifier are correct. • Stripe SDK correctly initialized. • Device region supports Apple Pay. Extra Observations: • The PaymentIntent’s allowed_payment_methods includes "card" and Apple Pay does appear in the payment sheet. • But after tapping Pay → the Apple Pay sheet closes instantly. • There is no callback with an error, and nothing appears in Stripe logs. • We are testing in Sweden. As far as I know Apple Pay should work fine here. Questions: What could cause the Apple Pay sheet to dismiss instantly after attempting a payment? Could this be caused by a merchant ID mismatch—even if Apple Pay appears in the sheet? Is there any Apple-device-level requirement (region, wallet config, card type) that could cause this silent failure? Is there a way to get more detailed logs when Apple Pay closes before Stripe receives anything? Any help or suggestions would be greatly appreciated. Thanks!

When I use my iPhone to scan the apple pay QR code in chrome, the url is https://applepaydemo.apple.com/apple-pay-js-api, I keep geting the "Service Unavailable" error. Wonder know if you guys meet this error as well? Btw, the QR code feature needs IOS 18.

I have a question regarding the file apple-developer-merchantid-domain-association.txt. I understand that this file is used during API access for Apple Pay Web payments. However, is it necessary for our company to access this file during the payment process? Also, this domain validation file is expected to be placed in the publicly accessible “.well-known” folder on our web server. Is it acceptable for this file to remain readable by third parties on the Internet, including Apple’s servers, without posing any security risks? Since this file is generated during domain registration on the Apple Developer site and is unique to our domain, we believe there should be no security concerns even if accessed by third parties. However, are there any specific security requirements for this domain validation file? Please note that the domain validation has already been successfully completed. We appreciate your time and look forward to your guidance. Best regards,

Dear Apple Developer Support, I would like to request a technical escalation to the engineering team regarding an ongoing issue with Apple Pay domain verification. Error returned by Apple Even though Apple’s request to our domain returns HTTP 200, the verification still fails with: resultCode: 13014 resultString: "Domain verification failed. Review your TLS Certificate configuration to confirm that the certificate is accessible and a supported TLS Cipher Suite is used." requestUrl: https://developer.apple.com/services-account/QH65B2/account/ios/identifiers/verifyDomain TLS Certificate Validation We performed a full TLS analysis: Certificate issued by Sectigo Public Server Authentication CA DV E36 (public trusted CA) Full and correct certificate chain No handshake errors Configuration fully valid SSL Labs rating: A From our side, the TLS configuration is confirmed to be correct. Accessibility of the .well-known file The file is publicly and accessible It returns 200 OK and the content is exactly identical to the file downloaded from the Apple Developer Portal, without any modification. Our network team confirmed that Apple’s verification request also receives HTTP 200 when pressing “Verify” in the Apple Developer Console. Network-side findings We monitored Apple’s request in real time. Findings: TLS handshake succeeds No cipher mismatch File delivered correctly Status: 200 OK No redirect or transformation applied Despite this, Apple still returns error 13014. Request for engineering review We kindly request that an Apple engineer verify the following: The actual TLS handshake performed by Apple's verification service (cipher suite, protocol negotiation, SNI, trust chain). Whether the Sectigo issuing CA is fully trusted and supported by your domain-verification backend. If there is an internal reason behind error 13014—since the external message does not provide actionable details. Whether the response is rejected for reasons other than TLS, given that the file is accessible and the request returns 200. The exact condition that leads Apple to report “TLS Certificate configuration is incorrect” in this case. This issue is blocking an urgent deployment and must be resolved as soon as possible. Existing case reference Case ID: 102760005987 We are fully available to provide: full response headers packet captures (PCAP) SSL/TLS diagnostics file integrity checks server configuration details or join a technical call (Teams / WebEx) Thank you in advance for the escalation. Andrea

Hi, We’re a franchise business with over 100 franchisees, and each franchisee has their own unique Merchant ID. We're building a single app that allows customers to place orders, and based on the selected franchisee, the payment needs to be processed through that specific franchisee’s merchant account. However, when we integrate Apple Pay and publish the app, it asks us to provide a payment gateways' Merchant ID, but we don’t use just one – we have many. How can we handle this situation? Is there a way to dynamically use multiple Merchant IDs in one app, depending on which franchisee the customer is ordering from?

What am I missing in my checking for whether or not to offer Apple Pay on my website? <script async crossorigin src="https://applepay.cdn-apple.com/jsapi/v1.1.0/apple-pay-sdk.js" ></script> ... <style> apple-pay-button { display: none; } </style> ... <apple-pay-button buttonstyle="black" type="plain" locale="en-US" onclick="startApplePay('${APPLE_PAY_MERCHANT_ID}','${paymentForm.amount}');"></apple-pay-button> So, the button is not displayed by default. I only change the style to displayed if: window.onload = function() { if (isApplePaySupported()) { document.querySelector("apple-pay-button").style.display = "inline-block"; }; } function isApplePaySupported() { return (window.PaymentRequest && window.ApplePaySession && ApplePaySession.canMakePayments() && ApplePaySession.supportsVersion(applePayVersion)); } Yet, once in a while a click comes through that tries to create a PaymentRequest with const applePayMethod = { "supportedMethods": "https://apple.com/apple-pay", "data": { "version": applePayVersion, "merchantIdentifier": merchantIdentifier, "merchantCapabilities": [ "supports3DS" ], "supportedNetworks": [ "amex", "discover", "masterCard", "visa" ], "countryCode": "US" } }; and results in: NotSupportedError, The payment method is not supported What else might be "not supported" in the request for this particular user/device/wallet? In particular, that could be known immediately when the PaymentRequest is created, but before any payment instrument from the wallet is selected? And, is there anything I could detect before showing the button? Or, is it even possible for the button to be clicked by some kind of automation, even if it's not displayed?

I'm seeking clarification on how Requirement 4.1 ("Card Issuers with a Mobile App must support In-App provisioning") applies when the card issuer uses a third-party mobile banking platform rather than a self-developed app. Our situation: We are a small credit union (the card issuer) Our mobile banking app is provided by a third-party digital banking vendor (white-label, but branded with our name) Card processing is handled by a separate vendor The ambiguity: The Apple Pay Specifications define "Card Issuer Mobile App" as: "The Card Issuer-branded, iOS software application made available on a Device that is used by such Card Issuer's customers to manage, administer, or use Cards." Our mobile banking app meets this definition—it's branded with our name and used by our members to manage their accounts and cards. However, we don't develop or directly control the app; our digital banking vendor does. The webinar FAQ stated: "Do we have to implement in-app provisioning? Yes, if you have an app." Our digital banking vendor interprets this as not applying to them because they are "not the issuer." They've stated: "Apple's requirements are at the card-processor level... our credit unions and, by extension, we are not required to support Apple Pay's in-app provisioning." Our card processor has indicated they will support in-app provisioning integrations but notes "this would be digital provisioning and we would need the digital banking vendor to work with us to enable." Specific questions: When a card issuer uses a third-party mobile banking app (branded for the issuer but developed/maintained by a vendor), does Requirement 4.1 apply? If yes, who bears compliance responsibility—the issuer, the mobile app vendor, or both? If the mobile app vendor does not implement in-app provisioning by January 15, 2026, what is the issuer's exposure? Does the issuer face suspension from the Program due to vendor non-compliance? Is there an alternative compliance path under Requirement 4.8 (Web Provisioning) for issuers whose mobile app vendors cannot deliver in-app provisioning by the deadline? This scenario likely affects hundreds of small financial institutions using shared digital banking platforms. Clarity on vendor vs. issuer responsibility would help the entire ecosystem prepare appropriately. Thank you.

Dear Apple team and developers, We integrated Apple Pay E-Commerce on our system and made successful transaction at January using following certificates. Merchant Identity Certificate (generated from our Apple developer account) Payment Processing Certificate (generated from our Apple developer account) Payment Session Server Certificate (used following command and generated from apple-pay-gateway-cert.apple.com:443 test URL) Command: openssl s_client -connect apple-pay-gateway-cert.apple.com:443 -key MIC_priv.key -cert MIC_merchant_id.pem -showcerts | openssl x509 -outform DER &gt; apay_ident_trusted_cert_test.der Root CA G3 (Downloaded “Apple Root CA – G3 Root” from https://www.apple.com/certificateauthority/ ) But at this month, we got new certificate problem (please check following) when we try to execute Apple Pay E-Commerce transaction. Certificate 'C=US,O=Apple Inc.,OU=Apple Certification Authority,CN=Apple Application Integration CA - G3' is not valid Certificate. What is this certificate? And Where can I download or generate this certificate from? Could you please advise/give us good information for this certificate problem? Best Regards, Bilguun Enkhbaatar

Hello, I'm using PassKit with to perform Apple Pay payment in a financial application. Our approach are: On iOS application, define PKMerchantCapability threeDSecure and credit, perform apple pay experience and get the encrypted response. On PCI service, receive the encrypted data Payment token, decrypt this data, and use to perform the payment. The problem is, in MasterCard transaction the eciIndicator is missing. I want to know if has some rule or problem about it.

For Apple Pay Testing purposes, we're trying out cards from https://developer.apple.com/apple-pay/sandbox-testing/ Visa, AMEX, Discover cards can be added to the wallet. But all 5 of the listed options for Mastercard cannot be added to the wallet with the error "Card Device Limit". How can we resolve this?

The details provided in this documentation do not seem have instructions on configuring authentication for the user webhook. I plan on using oauth with the webhook, but I do not know where to provide the relevant issuer and client id/secret to the merchant token management service.

We are on a .NET ecommerce site hosted on AWS on a windows 2012R2 server. We have apple pay for the web integrated on the site and the certificates (merchant id and apple pay) were set to expire shortly. We created a new merchant id and apple pay cert, however we are now stuck as the new merchant ID certificate doesn't appear to be working although the old one did. Note there have been no code changes. Basically the apple pay process is failing on the merchant validation. Here are the steps we took: Created a CSR in Keychain Access Generated a Merchant ID cert in the Apple Developer account with that CSR. Imported the Merchant ID cert back into Keychain Access and exported as a p12 file the cert and the private key used to generate the CSR. Imported the p12 file into Windows 2012 R2. I can see in our debugging that the new certificate is being loaded but a SSL/TSL connection couldn't be made. So it seems there is an issue with the cert. Has anyone encountered this? I'm out of ideas at this point and under a lot of pressure from management to fix what was supposed to be a routine maintenance issue. If anyone has any ideas, that would be greatly appreciated.

Scenario User is actively subscribed to Monthly Package From the Device App (Manage Subscriptions), user upgrades to Yearly Package Purchase completes successfully on device Issue Do not receive any server notification for this action Month Package Purchase Date: 2025-11-11 19:06:45.537 +0600 Month to Yearly Upgradation Date: 2025-12-11 paymentReferenceId: 510002270528780

Hello. What is the process to get my company listed as an approved Apple Pay Payment Service provider here: https://developer.apple.com/apple-pay/payment-platforms/ We are integrating Apple Pay on our gateway. Our customers are merchants who accept ecommerce payments via our payment gateway. We would like to appear on the list here: https://developer.apple.com/apple-pay/payment-platforms/ Thank you.

Hello -- We're preparing to roll out Apple Pay on website in the next week but encountered some issues during testing. While we successfully processed transactions using a VISA card, we ran into errors when testing with other card brands. Has anyone come across this issue before?

Hi, We are trying to make the PKAddPaymentPassViewController to show the correct list of devices to where the pass can be added. We have analysed the documentation and we are using the PrimaryAccountIdentifier field which is the field that supposedly controls this behavior but the list of devices presented in the view controller always include one iPhone and one Apple Watch, regardless of where the card has been already added. We are initializing the PKAddPaymentPassRequestConfiguration object with: PKEncryptionScheme PrimaryAccountIdentifier CardholderName PrimaryAccountSuffix LocalizedDescription PaymentNetwork PrimaryAccountIdentifier CardholderName PrimaryAccountSuffix LocalizedDescription We have also verified the configuration in our payment pass processor and everything should be ok. We would like to have some help on achieving the desired flow for Apple Pay, which is to present the PKAddPaymentPassViewController with the correct list of available devices and not the full list. Thank you.

We are looking for sample payload for merchant registration API. We have tried to test the api and getting an error. Request: curl --location 'https://apple-pay-gateway-cert.apple.com/paymentservices/registerMerchant' --header 'Content-Type: application/json' --data '{ "domainNames": "https://checkout.dev.sandbox-netvalve.com", "encryptTo": "platformintegrator.com.netvalve.uat", "partnerInternalMerchantIdentifier": "merchant.test.netvalve", "partnerMerchantName": "Test" }' Response: { "statusMessage": "Payment Services Exception invalid or Malformed Json Received", "statusCode": "400" }

Two subscriptions, Plus and Max, are under the same subscription group, with Max having a higher tier than Plus. Promotional Offers for Max are configured in Apple Store Connect. When a user subscribes to Plus and then upgrades to Max using Promotional Offers, they are prompted with "Upgrade upon expiration" (Figure 1); if they don't use Promotional Offers, they are prompted to "Upgrade immediately" (Figure 2). Question 1: What is the situation with the "upgrade upon expiration" message in Figure 1? Is upgrading using Promotional Offers special? I couldn't find any relevant explanation in Apple's technical documentation. Question 2: Figure 1 shows an "upgrade upon expiration," but after subscribing, the webhook still shows the subscription start time as the current time, meaning the upgrade hasn't started immediately. Is the message incorrect?

We created apps for many credit unions in Canada. Some of those apps has the feature to directly add users' debit cards to Apple Wallet (which is called by Apple as "in-app provisioning"). The feature has been working fine for at least 6 years for many credit unions. Recently, after updating one of those existing apps, we found out that the in-app provisioning is no longer working. Found it very strange, as we didn't touch the code base related to this feature for a very long time. One thing we found out is that the option to add in-app provisioning entitlement is missing during generating "provisioning profile" for the app. Is this a misconfiguration by App? Or do we need to request for additional entitlement migration as mentioned in the page: https://developer.apple.com/help/account/reference/provisioning-with-managed-capabilities ? Apple, please help, it's rather urgent.