Hi Apple Team and Developers, I’ve been testing the Top-up flow in our app via the TestFlight environment. Across multiple devices (around 10 tested), everything works fine with no issues. However, on one specific device — iPhone 14 Pro Max running iOS 18.6.2 — I’ve noticed an intermittent issue: When performing a Top-up, the Apple UI first shows a successful purchase confirmation. Immediately afterward, another UI prompt appears asking the player to re-enter their Apple ID password. At the same time, Apple returns a ghost string that we cannot use to verify the user’s package bundle ID. This creates potential confusion for users, as they see both a success confirmation and an unexpected password prompt. I’m unsure if this behavior is expected or if there’s a recommended way to handle or prevent this issue. Has anyone else encountered something similar, or does Apple have a suggested fix/workaround for this? For reference, here’s a short video of the issue in action: \🔗 https://drive.google.com/file/d/1Ml-QpEu4ocoxn-W3wEMsFMbXy2QdwbHB/view?usp=sharing Any guidance would be greatly appreciated. Thank you for your support!

On Applepay's docs it talks about the ability to do "flexible" payments and scheduling for future purchases. We need to be able to make only a single approval of an Apple payment for multiple submissions later on. Think, deferred payments at an arbitrary schedule without presenting the ApplePay dialog each and every time. The docs suggest that may be possible, but are maddeningly vague on how to do that. Is it possible or not? Can we store an approved merchant's token for example and leverage that for future transactions?

Hello we are trying to renew our certificates. We are trying to extend the dates of verified domains following the docs https://developer.apple.com/documentation/applepayontheweb/maintaining-your-environment#Renew-Your-Domain-Verification and configure our server with https://developer.apple.com/documentation/ApplePayontheWeb/setting-up-your-server We've downloaded the apple-developer-merchantid-domain-association.txt and update it on their respective locations, click 'ok' button but we get redirected to the main page of the information of the merchant, and it shows the domains without the extending period of time. No popup showing what has failed or what could be the reason of this error, we only get a redirection to the main page.

Hey everyone, hoping someone here has run into this before. I have a fully functional App Clip (com.didyoucatchit.app.Clip) linked to my main app (com.didyoucatchit.app). The Clip builds and runs perfectly, but I’m seeing issues trying to enable Apple Pay for it. When I try to link my Merchant ID under the “On Demand Install Capable” capability in the Apple Developer portal, I get this error: A relationship in the provided entity is not allowed for this request. The relationship 'undefined' can not be included in a 'bundleIdCapabilities' request. Here’s what I have already configured and confirmed: App Clip capabilities in Xcode include: Apple Pay Payment Processing Associated Domains (appclips:app.didyoucatchit.com) Provisioning profile includes: Apple Pay Payment Processing Associated Domains In-App Purchase On-Demand Install Capable Entitlements file for the Clip: <key>com.apple.developer.associated-domains</key> <array> <string>appclips:app.didyoucatchit.com</string> </array> <key>com.apple.developer.in-app-payments</key> <array> <string>merchant.com.didyoucatchit.app</string> </array> <key>com.apple.developer.parent-application-identifiers</key> <array> <string>$(AppIdentifierPrefix)com.didyoucatchit.app</string> </array> Merchant ID (merchant.com.didyoucatchit.app) is active and connected to Stripe Stripe Apple Pay configuration matches the same merchant ID and certificate Both provisioning profiles have been refreshed and downloaded However: The portal still throws the “relationship 'undefined'” error anytime I try to modify the Clip’s capabilities In testing, Apple Pay doesn’t show up as a payment option in the Clip (using Stripe’s Payment Element integration) Questions: Is this a known issue with the Developer portal when linking App Clips to merchant IDs? Is there a specific way to re-establish the parent–child relationship between the main app and the App Clip so the bundleIdCapabilities request includes the proper relationship JSON? Are there any additional configuration steps required when using Stripe for Apple Pay inside an App Clip? System Setup: Xcode: 16.2 (build 16C5032a) macOS: Sequoia 15.3.1 iOS: 18.5 (testing on physical device) Merchant ID: merchant.com.didyoucatchit.app Main App ID: com.didyoucatchit.app App Clip ID: com.didyoucatchit.app.Clip Any help or insight would be hugely appreciated Thanks in advance!

Hi, we are implementing ID&V and there is a requirement regarding the flow for Apple Pay. In order to clarify the case I will describe the use case scenario or steps to reproduce first: add a card to the iPhone wallet app (yellow path verification required). Do not complete the ID&V process. add a card to the Watch via the Wallet inside the iPhone Watch app (yellow path verification required). Same as before, do not complete the ID&V complete ID&V process using the Issuer App either from iPhone or Watch. the Issuer app receives the application:openURL:options: callback on its AppDelegate. In the options dictionary, we can not see the UIApplicationOpenURLOptionsSourceApplicationKey populated (it is nil). At this moment, for the card we are adding there are now two tokens, both to be verified via ID&V process. One is on the iPhone and one is on the Apple Watch associated with the same iPhone. The url received at step 4 contains the serial number which identifies the digitized card and matches with both the tokens in the iPhone and in the Apple Watch. We need something to detect programmatically if the digitization process started from the iPhone Wallet app or from the wallet inside the Watch app. Could you please help us to identify how we could discriminate if the ID&V process has been started for the iPhone token or for the Apple Watch token? Thanks

We’ve integrated in-app card provisioning into our application. All required configurations have been completed, including: Token Service Provider (TSP) setup Certificates uploaded to the Apple Developer portal While the card is successfully added to the Wallet app, our application is currently unable to retrieve or read the added passes.

Basic information: The issuer has implemented the feature to active Apple Card via URL Verification. The feature implemented by issuer is supported both in the APP and Clips. When Apple queries the activation method from UnionPay, UnionPay returns the "URL" activation method to Apple. Additionally, the apple-app-site-association file has been correctly deployed, and the configuration for Universal Links has been completed. Both the APP and Clips have undergone testing for Universal Link calls. The desired experiece is that when the APP is installed, Apple Wallet launches the APP, and the user completes the activation within the APP, and if the APP is not installed, Apple Wallet calls Clips, and the user completes the activation in Clips. Problem description: Under iOS 17 and iOS 18, when triggering Apple Pay card activation, the APP or Clips can be called as expected, and the activation can be completed well. However, Under iOS 26, regardless of whether the APP is installed, under the same circumstances, an internal browser within Apple Wallet opens to access the H5 page corresponding to the URL, instead of redirecting to the APP or Clips. Please assist in confirming whether this is a new feature of iOS 26 and how the same user experience can be achieved.

Hi, You're here because you've had issues with your implementation of In-App Provisioning Extensions for Apple Pay In-App Provisioning or In-App Verification. To prevent sending sensitive credentials in plain text, create a new report in Feedback Assistant to share the details requested below with the appropriate log profiles installed. Gathering Required Information for Troubleshooting Apple Pay In-App Provisioning or In-App Verification Issues While troubleshooting Apple Pay In-App Provisioning or In-App Verification, it is essential that the issuer is able to collect logs on their device and check those logs for error message. This is also essential when reporting issues to Apple. To gather the required data for your own debugging as well as reporting issues, please perform the following steps on the test device: Install the Apple Pay and Wallet profiles on your iOS or watchOS device. If the issue occurs on Mac, continue to Step 2. Reproduce the issue and make a note of the timestamp when the issue occurred, while optionally capturing screenshots or video. Gather a sysdiagnose on the same iOS or watchOS device, or on macOS. Create a Feedback Assistant report with the following information: The bundle IDs App bundle ID Non-UI app extension bundle ID (if applicable) UI app extension bundle ID (if applicable) The serial number of the device. For iOS and watchOS: Open Settings > General > About > Serial Number (tap and hold to copy). For macOS: Open the Apple () menu > About This Mac > Serial Number. The SEID (Secure Element Identifier) of the device, represented as a HEX encoded string. For iOS and watchOS: Open Settings > General > About > SEID (tap and hold to copy). For macOS: Open the Apple () menu > About This Mac > System Report > NVMExpress > Serial Number. The sysdiagnose gathered after reproducing the issue. The timestamp (including timezone) of when the issue was reproduced. The type of provisioning failure (e.g., error at Terms & Conditions, error when adding a card, etc.) The issuer/network/country of the provisioned card (e.g., Mastercard – US) Last 4 digits of the FPAN Last 4 digits of the DPAN (if available) Was this test initiated from the Issuer App? (e.g., yes or no) The type of environment (e.g., sandbox or production) Screenshots or videos of errors and unexpected behaviors (optional). Important: From the logs gathered above, you should be able to determine the cause of the failure from PassbookUIService, PassKit or PassKitCore, and by filtering for your SEID or bundle ID of your app or app extensions in the Console app. Submitting your feedback Before you submit to Feedback Assistant, please confirm the requested information above is included in your feedback. Failure to provide the requested information will only delay my investigation into the reported issue within your Apple Pay client. After your submission to Feedback Assistant is complete, please respond in your existing Developer Forums post with the Feedback ID. Once received, I can begin my investigation and determine if this issue is caused by an error within your client, a configuration issue within your developer account, or an underlying system bug. Cheers, Paris X Pinkney |  WWDR | DTS Engineer

Hello! We use Apple's "master account" scheme to register new clients trough API due to the fact that the number of merchant IDs in a developer account cannot exceed 100 records. It's been almost a year since we successfully used the master account ( ex. "merchant.com.xxx") and register clients via Postman. At the moment, the certificates for the master merchant ID start to expire on July 11 which will affect all customers which is under Master ID. We know that when updating certificates at the identifier level(our master id), new universal identity certificate files that we use to send to the merchants (merchant_id.pem, privkey.key) will be generated for authentication on the merchant side, as well as a new keystore. Since many of our clients are integrated with current files and keystores and have live traffic, we would like to know—is it possible to update certificates on the master account without changing the keystores and certificate identities? The impossibility of this will entail a large gap when switching to new certificates. Thanks in advance for your answer.

I am encountering an issue with the in-app provisioning flow using PKAddPaymentPassViewController. Specifically, when presenting the controller to allow users to add a pass to Apple Wallet, the device selection screen is showing all the devices, even after setting the primaryAccountIdentifier on the PKAddPaymentPassRequestConfiguration. Here's the context: I'm using PKAddPaymentPassViewController for in-app provisioning. I provide a valid primaryAccountIdentifier in the configuration. But after adding the pass, if i print back the primaryAccountIdentifier it displays some other value different than the identifier i had set(Example masked identifier: FAPLMC1GB000000066aa4xxxxxxxxxxxa744f16axxxxxxxx). The provisioning flow works, but the device list shown to the user includes all the devices (e.g., Apple Watches and iPhone even though it is already added to Apple Watch or iPhone).

Hi all, I’m running into a confusing issue with Apple Pay domain verification. Apple’s documentation says to host the verification file at: https://yourdomain.com/.well-known/apple-developer-merchantid-domain-association And the portal itself seems to expect the file to be served with .txt extension during verification. My first verification passed, but subsequent checks are failing — and I’m wondering if this mismatch is the cause. Should I Keep the .txt and configure my server to serve it at both paths? Would appreciate any insights or official clarification. Thanks!

We have updated the PNO metadata to include the associatedApplicationIdentifiers for our wallet extensions and the issuer app. While we are able to successfully provision the card to Apple Wallet via pull provisioning, we are unable to retrieve the payment passes that have already been provisioned. How can we address this issue? let passLibrary = PKPassLibrary() let paymentPassLibrary = self.passLibrary.passes(of: .secureElement) paymentPassLibrary is an empty array even though we have passes provisioned.

We are working with two types of wallet passes. Provisioning works successfully for one pass type via wallet extensions, but the same process is not functioning for the other. For the second pass type, we are able to generate the required data for pull provisioning and send it to Apple. Additionally, in-app push provisioning for this pass type completes without issue. We would appreciate guidance on how to further debug and resolve this provisioning problem.

Hi everyone, I’m encountering a strange issue with Apple Pay in our React Native iOS app using the Stripe React Native SDK. Summary of the Problem: • Apple Pay shows up as an available payment method inside the Stripe Payment Sheet. • When I tap Apple Pay, the Apple Pay sheet opens normally. • After confirming payment, the Apple Pay sheet immediately closes, and nothing happens. • No payment is created and no request reaches Stripe’s servers. On Stripe Dashboard the PaymentIntent remains incomplete, with no errors, which means the failure happens before Stripe receives anything. Environment • React Native with @stripe/stripe-react-native • StripeProvider configured with: <StripeProvider publishableKey={...} merchantIdentifier="merchant.com.app.venga" stripeAccountId={...} urlScheme="venga" > Apple Pay works on our web checkout with the same merchant identifier. We have verified all of the required Apple Pay setup: • Merchant ID exists, active, and matches exactly. • Merchant ID added to the iOS app target in Xcode → Signing & Capabilities. • Apple Pay capability enabled. • Merchant domain is verified (web checkout works). • Apple Pay certificate and merchant certificate are valid. • Stripe publishable key and merchantIdentifier are correct. • Stripe SDK correctly initialized. • Device region supports Apple Pay. Extra Observations: • The PaymentIntent’s allowed_payment_methods includes "card" and Apple Pay does appear in the payment sheet. • But after tapping Pay → the Apple Pay sheet closes instantly. • There is no callback with an error, and nothing appears in Stripe logs. • We are testing in Sweden. As far as I know Apple Pay should work fine here. Questions: What could cause the Apple Pay sheet to dismiss instantly after attempting a payment? Could this be caused by a merchant ID mismatch—even if Apple Pay appears in the sheet? Is there any Apple-device-level requirement (region, wallet config, card type) that could cause this silent failure? Is there a way to get more detailed logs when Apple Pay closes before Stripe receives anything? Any help or suggestions would be greatly appreciated. Thanks!

During checkout at apple.com using a non-supported Apple Pay on the Web browser, apple.com presents a QR like code offering to "Scan Code with iPhone" to pay. The payment continues using Apple Pay on the iPhone after scan. We already offer Apple Pay and Apple Pay on the Web. Is this QR code option available for us for non-supported browsers? Could you point me to the docs to add it? Thank you.

Hello, I am setting up a feature for my company's banking app that allows users to add their payment/debit card they have with us to the Apple Wallet on their device. We have the in-app provisioning entitlement setup and configured in the app and configured with our banking partner/TSP. We are able to manually provision production environment cards via the Wallet app. I am using test card data from my TSP. I send them the two certificates, nonce, and nonce signature data and am given activationData, encryptedPassData, and an ephmeralPublicKey that we then set on an instance of PKAddPaymentPassRequest. We call the handler on the delegate method that is called with that request object and get an error: The operation couldn’t be completed. (PKPassKitErrorDomain error 2.) Looking at the PassKit library shows this is PKUnsupportedVersionError - Unsupported pass version. Our TSP hasn't been super helpful in troubleshooting this issue and just said we should contact Apple as it is an Apple error. I am trying to figure out if the issue is with how we are implementing the feature or with the test data itself given to us.

We plan to set Manual PAN Entry Allowed = N and accept only issuer push provisioning (PKAddPaymentPass). Is there any Apple Pay programme rule that obliges us to keep MANUAL_ENTRY enabled? Will disabling it affect “Participating Issuer” listing?

My client has provided me with admin access to the Apple Developer console. However, when I log in, I am prompted to enroll in the Apple Developer Program. Should I proceed with the enrollment myself, or does the client need to complete the enrollment from their own account?

Cybersource production support has clarified issue as below "On the BAD Case, it seems that the Apple Payload did not contain the "onlinePaymentCryptogram" object within the JSON. The Cryptogram is critical and mandatory. Since the merchant cannot really control this, and since CYBS is just decrypting the payload and uses it, we cannot comment as to why it was missing. The merchant would need to reach out to Apple and/or decrypt the payment themselves locally to check if and why this data was not present, for troubleshooting purposes."

Cybersource production support has clarified issue as below "On the BAD Case, it seems that the Apple Payload did not contain the "onlinePaymentCryptogram" object within the JSON. The Cryptogram is critical and mandatory. Since the merchant cannot really control this, and since CYBS is just decrypting the payload and uses it, we cannot comment as to why it was missing. The merchant would need to reach out to Apple and/or decrypt the payment themselves locally to check if and why this data was not present, for troubleshooting purposes."