We are facing an issue with Apple Pay address details while customers are placing orders on our production site.
By default, the following values are being passed during checkout:
First Name: ApplePay Last Name: Express Address: ApplePay Street When we manually enter these same details, our validation correctly prevents the order from being placed and displays an appropriate error message. However, on our production site, real customers are still able to successfully place orders with these exact details.
Could you please help us understand:
How these orders are being allowed to proceed despite the validation? Is this behaviour expected from Apple Pay ? How can we prevent orders from being placed with such placeholder address details? Please let us know if you need any additional information from our side.
We have also attached an image showing the address details and the corresponding order number for reference.
Thanks in advance for your support.
Hi @SanjayKumarDas,
You wrote:
[...] How these orders are being allowed to proceed despite the validation? Is this behaviour expected from Apple Pay ? How can we prevent orders from being placed with such placeholder address details? Please let us know if you need any additional information from our side.
Apple Pay Express Checkout uses a privacy-preserving, two-phases data flow. The behavior you've reported is by design and expected. However, I suggest for you to submit a report via Feedback Assistant explaining your use case and concerns. Once submitted, please reply here with the Feedback ID so I may escalate to the Apple Pay engineering team directly.
Now, back to this expected behavior... To protect customer data before they authorize a payment, Apple Pay intentionally passes placeholder/redacted values during the early stages of the payment session:
- First Name:
ApplePay - Last Name:
Express - Address:
ApplePay Street - City:
City - Postal Code:
00000or region-specific dummy value
These placeholders are passed during events like onshippingaddresschange and onshippingmethodselected so your server can calculate shipping costs and taxes without ever seeing the real address. The real, full address is only revealed after the customer authenticates with Face ID, Touch ID, or passcode.
To resolve this, consider moving address validation to onpaymentauthorized. All meaningful address validation must happen inside the onpaymentauthorized callback, after the customer has authenticated.
session.onpaymentauthorized = async (event) => {
const payment = event.payment;
// ✅ Real address is now available here
const shippingContact = payment.shippingContact;
const billingContact = payment.billingContact;
// Run your address validation NOW
const isValid = validateAddress(shippingContact);
if (!isValid) {
// Reject the payment with a specific failure reason
session.completePayment({
status: ApplePaySession.STATUS_FAILURE,
errors: [
new ApplePayError(
'shippingContactInvalid',
'postalAddress',
'The shipping address provided is not valid for this order.'
)
]
});
return;
}
// Process payment token with your payment processor
const result = await processPayment(payment.token);
session.completePayment(
result.success
? ApplePaySession.STATUS_SUCCESS
: ApplePaySession.STATUS_FAILURE
);
};
Important: Never rely solely on client-side validation. Before fulfilling any order, validate the real contact details server-side after receiving the payment token.
For more information on the redacted contact info, see my answer on the post below:
How to correctly calculate sales tax for digital goods (no shipping address) before authorizing transaction
https://developer.apple.com/forums/thread/816204?answerId=893881022#893881022
Cheers,
Paris X Pinkney | WWDR | DTS Engineer
