My Merchant Domains' SSL certificate expires every 3 months, that means I need to verify Apple Pay Merchant Domains every 3 months at least. Need API(s) to automate the verification process after my domain's SSL certificate updates: API to download the apple-developer-merchantid-domain-association file to be uploaded to my domain. API to verify the domain.

We're currently evaluating Apple Pay as a payment method on our site. For Amex US credit card payments, we charge a payment fee. For other credit cards, there is no such fee. However, for Apple Pay it seems we cannot configure this. What we currently tried is to implement onpaymentmethodselected. However, only the card type is part of the event, not the card network. Example code: session.onpaymentmethodselected = event => { /* event.paymentMethod only contains {type: "credit"} */ console.log('onpaymentmethodselected', event.paymentMethod); /* event.paymentMethod.network is therefore undefined, if we could have here 'amex', 'mastercard' etc, we could implement the payment fee we currently have*/ console.log('onpaymentmethodselected', event.paymentMethod.network); session.completePaymentMethodSelection({}); }; Is there a way to access the network in this callback? Or is there another way to implement payment fees with certain networks used via Apple Pay?

Hello there, i'm new in trying to use the apple wallet API. we want to create passes to add identification credentials in the costumer's apple wallet. but we have doubts, for example: is it mandatory to pay the apple developer memebership to use the examples of apple wallet api? also, is there a way or an example of using this API in node.js? Thanks for your attention, i will be waiting for your answers.

I currently have two merchant id's configured in our production environment which are tied to separate certificates. The one below was recently created for our OlO integration which uses Spreedly. The other integration is with Worldpay directly. When attempting to validate the new merchant id for OlO, we get the following response. Request Body { "merchantIdentifier":"merchant.com.cbolo.prod", "displayName":"Cracker Barrel", "initiative":"web", "initiativeContext":"stage.crackerbarrel.com" } Response Body { "statusMessage": "Payment Services Exception merchantId=745C2D1BC1B86B0E3FF898001666D44AADE6EC457F128075A723DA511D0BA0B4 unauthorized to process transactions on behalf of merchantId=D276804A1BF06DADBAE2DC291266FB87C15C8E6702959025D56CF4694FAB56C4 reason=D276804A1BF06DADBAE2DC291266FB87C15C8E6702959025D56CF4694FAB56C4 never authorized mass enablement transactions to occur via 745C2D1BC1B86B0E3FF898001666D44AADE6EC457F128075A723DA511D0BA0B4", "statusCode": "400" } We have followed all the steps documented around verifying our domains and still we get this error. Has anyone had this issue and been able to resolve? We opened an Apple Support case 4 business days ago and have heard nothing back. Case: 102259384074.

I work on integrating online payment gateways. We are currently integrating Stripe and Adyen payment gateways. However, when integrating with Stripe, we use the certificate file provided by Stripe, and for Adyen, since there are not many payment transactions, we cannot create our own account, so we are using an account from a partner company. Therefore, we also have to use the Apple Pay certificate file from the partner company. In other words, the certificate files for Stripe and Adyen are different, but we want to get verification for the same domain. How can we set up to differentiate between Stripe and Adyen for the same domain with two different certificate files? The framework we are using is React.js for the frontend and Node.js for the backend.

We were try to call Apple Pay startSession, but we are getting an following error, exception: Error: Error: socket hang up at SCAwsPay.validateSessiont (D:\projects\amazon_payment_nodejs\routes\controllers\secondaryControllers\SCAwsPay.js:158:19) at processTicksAndRejections (node:internal/process/task_queues:96:5) at async D:\projects\amazon_payment_nodejs\routes\awsPay.js:56:18, const { merchantIdentifier, domainName, initiativeContext, initiative, displayName } = payload; const httpsAgent = new https.Agent({ rejectUnauthorized: false, cert: certificate, key: key, passphrase: 'team123' }); const headers = { 'Content-Type': 'application/json', }; let response = await axios.post("https://apple-pay-gateway.apple.com/paymentservices/startSession", { merchantIdentifier, domainName, displayName, }, { // headers, httpsAgent }); I kindly request your support in resolving this issue as soon as possible. Apple Pay is an essential feature for me, and I would greatly appreciate any guidance or solutions you can provide. Thank you for your attention to this matter. I look forward to your prompt response and assistance in resolving this issue.

Showing pre-authorization transaction as payment is confusing. It doesn't get removed even if we void the pre-authorization. Has anyone encountered this issue before, and if so, how did you resolve it?

I am seeking an assistance with an issue we've encountered during our efforts to integrate Apple Pay into our web application. We're using Angular on our client side. and our server side is powered by AEM(Adobe Experience Manager), which is based on Java. As part of our integration process, we're following the Apple Pay documentation. However, we've encountered a challenge during the merchant validation step. Our server-side implementation, responsible for validating the merchant identity and generating a session object for payment requests, is encountering an SSL handshake error. Here's the error message we're encountering: javax.net.ssl|FINE|01|main|2024-03-20 05:19:52.812 IST|SSLCipher.java:1817|KeyLimit read side: algorithm = AES/GCM/NOPADDING:KEYUPDATE countdown value = 137438953472 javax.net.ssl|FINE|01|main|2024-03-20 05:19:52.813 IST|SSLCipher.java:1971|KeyLimit write side: algorithm = AES/GCM/NOPADDING:KEYUPDATE countdown value = 137438953472 javax.net.ssl|FINE|01|main|2024-03-20 05:19:52.849 IST|SSLCipher.java:1817|KeyLimit read side: algorithm = AES/GCM/NOPADDING:KEYUPDATE countdown value = 137438953472 javax.net.ssl|FINE|01|main|2024-03-20 05:19:52.850 IST|SSLCipher.java:1971|KeyLimit write side: algorithm = AES/GCM/NOPADDING:KEYUPDATE countdown value = 137438953472 javax.net.ssl|FINE|01|main|2024-03-20 05:19:54.082 IST|Utilities.java:73|the previous server name in SNI (type=host_name (0), value=apple-pay-gateway-cert.apple.com) was replaced with (type=host_name (0), value=apple-pay-gateway-cert.apple.com) javax.net.ssl|FINE|01|main|2024-03-20 05:19:54.448 IST|SSLCipher.java:1817|KeyLimit read side: algorithm = AES/GCM/NOPADDING:KEYUPDATE countdown value = 137438953472 javax.net.ssl|FINE|01|main|2024-03-20 05:19:54.448 IST|SSLCipher.java:1971|KeyLimit write side: algorithm = AES/GCM/NOPADDING:KEYUPDATE countdown value = 137438953472 javax.net.ssl|SEVERE|01|main|2024-03-20 05:19:54.453 IST|TransportContext.java:369|Fatal (CERTIFICATE_UNKNOWN): sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target ( "throwable" : { sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) at sun.security.validator.Validator.validate(Validator.java:271) at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:312) at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:221) at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:128) at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1339) at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1230) at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1173) at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:376) at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:479) at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:457) at sun.security.ssl.TransportContext.dispatch(TransportContext.java:200) at sun.security.ssl.SSLTransport.decode(SSLTransport.java:155) at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280) at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ... 24 more} } We've reviewed our server configuration and checked that the SSL/TLS settings are correctly configured. Additionally, we've ensured that the server's SSL certificate is valid and up-to-date.

I am working in India office and working on Apple Pay integration through Adyen; however, I am facing challenges in making the Apple Pay button show up, even with Mac/Safari. The Apple Pay button shows up for my US colleagues !! Is there any wholistic and recommended settings that make Apple Pay development feasible from India ?

I want to create passes with Dynamic QR Codes which changes based on T-OTP. Google wallet do have this feature called RotatingBarCode, while there is nothing like this in Apple wallet. Can we do this by updating the passes? If yes, how? If apple wallet pass are getting updates using webServiceURL, how can we create the endpoint and what the body of get request will look like?

Case-ID: 6394971 Hi Apple Team, We are trying to implement “onvalidatemerchant” event, but we are facing below error. “System.Net.Http.HttpRequestException: An error occurred while sending the request. ---> System.Net.WebException: The underlying connection was closed: An unexpected error occurred on a send. ---> System.IO.IOException: Unable to read data from the transport connection: An existing connection was forcibly closed by the remote host. ---> System.Net.Sockets.SocketException: An existing connection was forcibly closed by the remote host” below is the sample code what we trying. string validationUrl = https://apple-pay-gateway.apple.com/paymentservices/startSession; var sessionRequestBody = new ApplePaySessionRequest { merchantIdentifier = "merchant.com.onepay.onepaygo", displayName = "Apple Pay OnePay", Initiative = "web", initiativeContext = "portaldev.onepay.com" }; We are also added the merchant certificate. We have also tried other url: string validationUrl = https://apple-pay-gateway-cert.apple.com/paymentservices/startSession. Let me know if you need any other info.

Im encountering an issue with recurring payments using Apple Pay's tokenization system. The temporary token generated for a transaction isn't designed to be reused for recurring charges, which is causing problems for my merchant's monthly plan. Anyone find a workaround for this? is there a way to disable this temp token for my customers to buy a plan?

Hello, so am trying to setup Apple Pay for my stripe and in the steps says: Select the merchant ID you want to add this certificate to, then click 'Create Certificate' in the Apple Pay Payment Processing Certificates section. When it prompts you to upload a certificate signing request, select the .certSigningRequest file you just downloaded. Check that your certificate details are correct. Download to save the certificate locally. And for the first step they gave this link (https://developer.apple.com/account/resources/identifiers/list/merchant) but when i enter it i cant access it and it says: Access Unavailable This resource is only for developers enrolled in a developer program or members of an organization’s team in a developer program.

Suddenly I keep getting the following error: "HTTP Status 400 \u2013 Bad Requestbody {font-family:Tahoma,Arial,sans-serif;} h1, h2, h3, b {color:white;background-color:#525D76;} h1 {font-size:22px;} h2 {font-size:16px;} h3 {font-size:14px;} p {font-size:12px;} a {color:black;} .line {height:1px;background-color:#525D76;border:none;}HTTP Status 400 \u2013 Bad Request" Apple Merchant Identifier certificate and Apple Payment Processing certificate are fine. Everything was working fine some days ago. The domain has been successfully registered as well.

I am building a functionality where I am offering some discount to user based on some coupon code. The management of Coupon I am handling at my website and after applying coupon user can see the updated pricing. Now if the user proceed with the payment using ApplePay as per Apple docs https://developer.apple.com/design/human-interface-guidelines/apple-pay > Display the active coupon or promotional code, or give people a way to enter it. For example, if people can enter a code before the payment sheet appears, displaying it on the sheet can reassure them that the code works as they expect. Alternatively, allowing code entry on the payment sheet can be particularly beneficial in an express checkout flow. Looking into this it is not clear to me weather it is a good practice to follow or a strict guideline. What could be the consequences if I don't show any coupon discount related information on ApplePay payment page

Im integrating the cybersource Magento 2 Module for Apple pay https://commercemarketplace.adobe.com/cybersource-global-payment-management.html I have created all the certificates and domain registration etc as mention in the document below https://commercemarketplace.adobe.com/media/catalog/product/cybersource-global-payment-management-3-5-6-ece/user_guides.pdf On frontend we can see the apple pay button, By pressing, we get the payment popup. It validate the merchant and provide us the apple pay session. we pass the session to completeMerchantValidation Session data is below { "session": { "epochTimestamp": 1708324489053, "expiresAt": 1708328089053, "merchantSessionIdentifier": "SSH544DA4D256BE4F6488E8EFC2A5A1E4A0_916523AAED1343F5BC5815E12BEE9250AFFDC1A17C46B0DE5A943F0F94927C24", "nonce": "b27da5ca", "merchantIdentifier": "730A9A8614BF57A050E2111C3579925ADCA174167207862B85F122AD2BFB73EF", "domainName": "https://m2dev-tm.tm8.co.uk/", "displayName": "ApplePayTM", "signature": "308006092a864886f70d010702a0803080020101310d300b0609608648016503040201308006092a864886f70d0107010000a080308203e330820388a00302010202084c304149519d5436300a06082a8648ce3d040302307a312e302c06035504030c254170706c65204170706c69636174696f6e20496e746567726174696f6e204341202d20473331263024060355040b0c1d4170706c652043657274696669636174696f6e20417574686f7269747931133011060355040a0c0a4170706c6520496e632e310b3009060355040613025553301e170d3139303531383031333235375a170d3234303531363031333235375a305f3125302306035504030c1c6563632d736d702d62726f6b65722d7369676e5f5543342d50524f4431143012060355040b0c0b694f532053797374656d7331133011060355040a0c0a4170706c6520496e632e310b30090603550406130255533059301306072a8648ce3d020106082a8648ce3d03010703420004c21577edebd6c7b2218f68dd7090a1218dc7b0bd6f2c283d846095d94af4a5411b83420ed811f3407e83331f1c54c3f7eb3220d6bad5d4eff49289893e7c0f13a38202113082020d300c0603551d130101ff04023000301f0603551d2304183016801423f249c44f93e4ef27e6c4f6286c3fa2bbfd2e4b304506082b0601050507010104393037303506082b060105050730018629687474703a2f2f6f6373702e6170706c652e636f6d2f6f63737030342d6170706c65616963613330323082011d0603551d2004820114308201103082010c06092a864886f7636405013081fe3081c306082b060105050702023081b60c81b352656c69616e6365206f6e207468697320636572746966696361746520627920616e7920706172747920617373756d657320616363657074616e6365206f6620746865207468656e206170706c696361626c65207374616e64617264207465726d7320616e6420636f6e646974696f6e73206f66207573652c20636572746966696361746520706f6c69637920616e642063657274696669636174696f6e2070726163746963652073746174656d656e74732e303606082b06010505070201162a687474703a2f2f7777772e6170706c652e636f6d2f6365727469666963617465617574686f726974792f30340603551d1f042d302b3029a027a0258623687474703a2f2f63726c2e6170706c652e636f6d2f6170706c6561696361332e63726c301d0603551d0e041604149457db6fd57481868989762f7e578507e79b5824300e0603551d0f0101ff040403020780300f06092a864886f76364061d04020500300a06082a8648ce3d0403020349003046022100be09571fe71e1e735b55e5afacb4c72feb445f30185222c7251002b61ebd6f55022100d18b350a5dd6dd6eb1746035b11eb2ce87cfa3e6af6cbd8380890dc82cddaa63308202ee30820275a0030201020208496d2fbf3a98da97300a06082a8648ce3d0403023067311b301906035504030c124170706c6520526f6f74204341202d20473331263024060355040b0c1d4170706c652043657274696669636174696f6e20417574686f7269747931133011060355040a0c0a4170706c6520496e632e310b3009060355040613025553301e170d3134303530363233343633305a170d3239303530363233343633305a307a312e302c06035504030c254170706c65204170706c69636174696f6e20496e746567726174696f6e204341202d20473331263024060355040b0c1d4170706c652043657274696669636174696f6e20417574686f7269747931133011060355040a0c0a4170706c6520496e632e310b30090603550406130255533059301306072a8648ce3d020106082a8648ce3d03010703420004f017118419d76485d51a5e25810776e880a2efde7bae4de08dfc4b93e13356d5665b35ae22d097760d224e7bba08fd7617ce88cb76bb6670bec8e82984ff5445a381f73081f4304606082b06010505070101043a3038303606082b06010505073001862a687474703a2f2f6f6373702e6170706c652e636f6d2f6f63737030342d6170706c65726f6f7463616733301d0603551d0e0416041423f249c44f93e4ef27e6c4f6286c3fa2bbfd2e4b300f0603551d130101ff040530030101ff301f0603551d23041830168014bbb0dea15833889aa48a99debebdebafdacb24ab30370603551d1f0430302e302ca02aa0288626687474703a2f2f63726c2e6170706c652e636f6d2f6170706c65726f6f74636167332e63726c300e0603551d0f0101ff0404030201063010060a2a864886f7636406020e04020500300a06082a8648ce3d040302036700306402303acf7283511699b186fb35c356ca62bff417edd90f754da28ebef19c815e42b789f898f79b599f98d5410d8f9de9c2fe0230322dd54421b0a305776c5df3383b9067fd177c2c216d964fc6726982126f54f87a7d1b99cb9b0989216106990f09921d00003182018730820183020101308186307a312e302c06035504030c254170706c65204170706c69636174696f6e20496e746567726174696f6e204341202d20473331263024060355040b0c1d4170706c652043657274696669636174696f6e20417574686f7269747931133011060355040a0c0a4170706c6520496e632e310b300906035504061302555302084c304149519d5436300b0609608648016503040201a08193301806092a864886f70d010903310b06092a864886f70d010701301c06092a864886f70d010905310f170d3234303231393036333434395a302806092a864886f70d010934311b3019300b0609608648016503040201a10a06082a8648ce3d040302302f06092a864886f70d010904312204200ec2a0bbeaa1791676d1e55dfa5508f1804078c30819015aa5cf0dff581dbbb7300a06082a8648ce3d040302044630440220583b5904fe628bcf5b717915e71fbe4042bdf2173e7bcfb8528e5c451790b9a702203bd50451d8aa9b426f60b647137294cacff5f43f591503e8c0b61700fb124bab000000000000", "operationalAnalyticsIdentifier": "ApplePayTM:730A9A8614BF57A050E2111C3579925ADCA174167207862B85F122AD2BFB73EF", "retries": 0, "pspId": "730A9A8614BF57A050E2111C3579925ADCA174167207862B85F122AD2BFB73EF" } } but it goes directly to appleSession.oncancel after passing it to completeMerchantValidation Is anyone face the same issue ?

I'm using Apple Pay JS api to enable Apple Pay on the web. Does Apple Pay on the web support Diners Club cards? The apple doc doesn't have a network entry for Diners Club: supportedNetworks But on the DinersClub website indicates a customer can use their Diners card for Apple Pay: https://www.dinersclubus.com/home/consumer-cards/conscards-l2/apple-pay What network name needs to be used when initializing ApplePayPaymentRequest/supportedNetworks array on the payment sheet to indicate that Diners Club is supported?

Hi, We would like to test the processing of ApplePay transaction with Visa card for which the Acquirer doesn`t get the liability shift, meaning we get the ECI=7 in the payment token data. In theory, this should be for all cards outside of Europe, but we have noticed that all test cards listed for Visa result in ECI=5, regardless of the Issuer country. Can you please provide us a test card for Visa with ECI=7? Thanks, Dijana

We’ve an implementation of apple pay with asia pay as gateway . We want to access that from external iframe . although we’ve been able to load the apple pay widget not able to validate merchant and tokenize in iframe. Please let us know if apple pay with asia pay is available to be used within iframe.

Getting issue while doing merchant validation from windows server behind load balancer. "System.IO.IOException: The decryption operation failed, see inner exception.\r\n ---> System.ComponentModel.Win32Exception (0x80090326): The message received was unexpected or badly formatted.\r\n --- End of inner exception stack trace ---\r\n at System.Net.Security.SslStream.ReadAsyncInternal[TIOAdapter](TIOAdapter adapter, Memory`1 buffer)\r\n at System.Net.Http.HttpConnection.InitialFillAsync(Boolean async)\r\n at System.Net.Http.HttpConnection.SendAsyncCore(HttpRequestMessage request, Boolean async, CancellationToken cancellationToken)" Please anyone can help here code snippet : // POST the data to create a valid Apple Pay merchant session. string json = JsonSerializer.Serialize(request); string path = "apple-pay-cert.pem"; string jsonfilepath = _configuration.GetSection("ApplePay").GetValue<string>("MerchantCertificateFileName"); if (!string.IsNullOrEmpty(jsonfilepath)) { path = _hostingEnvironment.ContentRootFileProvider.GetFileInfo(jsonfilepath)?.PhysicalPath; } var cert = new X509Certificate2(path, "", X509KeyStorageFlags.UserKeySet | X509KeyStorageFlags.PersistKeySet | X509KeyStorageFlags.Exportable); var sslOptions = new SslClientAuthenticationOptions(); var shHandler = new SocketsHttpHandler { MaxConnectionsPerServer = 100, AutomaticDecompression = DecompressionMethods.GZip | DecompressionMethods.Deflate, PooledConnectionLifetime = TimeSpan.FromMinutes(3), ConnectTimeout = TimeSpan.FromSeconds(100), PooledConnectionIdleTimeout = TimeSpan.FromSeconds(60), ResponseDrainTimeout = TimeSpan.FromSeconds(60), }; if (cert != null) { shHandler.SslOptions = new SslClientAuthenticationOptions() { ClientCertificates = new X509CertificateCollection(), }; shHandler.SslOptions.ClientCertificates.Add(cert); shHandler.SslOptions.LocalCertificateSelectionCallback = (object sender, string targetHost, X509CertificateCollection localCertificates, X509Certificate remoteCertificate, string[] acceptableIssuers) => cert; } ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12; var httpClient = new HttpClient(shHandler); using var content = new StringContent(json, Encoding.UTF8, MediaTypeNames.Application.Json); using var response = await httpClient.PostAsync(requestUri, content, cancellationToken); response.EnsureSuccessStatusCode(); // Read the opaque merchant session JSON from the response body. using var stream = await response.Content.ReadAsStreamAsync(); return await JsonDocument.ParseAsync(stream, cancellationToken: cancellationToken);