We are experiencing intermittent 403 Forbidden errors during Apple Pay on web merchant validation in our production and sandbox environment. Has anyone else started seeing 403 Forbidden errors recently (since mid-2025)? Why would merchant validation be sometimes successful and sometimes fail with 403? Could this be related to new Apple Pay gateway changes or stricter validation rules? Any additional debug steps or permanent solutions we should try? Thank you.

Hi :) I'm new to app store connect, and I just want to verify what does it take to be able to test subscription for a new app that isn't approved yet using sandbox? Or is this not possible that the app has to be approved first? More context below: My app is a new app, I only submitted for review and I linked the subscription from the app’s In-App Purchases and Subscriptions section on the version page when submit it for review. It got rejected for now. When the app review status is both in-review and rejected, I've tried to test my subscription, where there is a button (like "subscribe"/"become a member") in my app that user can click on, which it calls ios's IAPProvider.startMembershipPurchase, I just get Error: [IAPService] Product not found: [<my_subscription_id>]. I ensured my subscription's product id in app store connect matches with the one in my code. I can see the "rejected" status both on my app and the subscription. So can anyone help clarify if the app has to be approved first in order to test subscription? Or am I missing any other setup? Or it might just be my code? Thanks in advance! Any info is super helpful!

We created apps for many credit unions in Canada. Some of those apps has the feature to directly add users' debit cards to Apple Wallet (which is called by Apple as "in-app provisioning"). The feature has been working fine for at least 6 years for many credit unions. Recently, after updating one of those existing apps, we found out that the in-app provisioning is no longer working. Found it very strange, as we didn't touch the code base related to this feature for a very long time. One thing we found out is that the option to add in-app provisioning entitlement is missing during generating "provisioning profile" for the app. Is this a misconfiguration by App? Or do we need to request for additional entitlement migration as mentioned in the page: https://developer.apple.com/help/account/reference/provisioning-with-managed-capabilities ? Apple, please help, it's rather urgent.

We are integrating Apple Pay In-App Provisioning in our banking application using an external SDK. The provisioning flow works on the iOS Simulator (mock sheet appears), but fails on real devices via TestFlight with the error: internalInconsistency: "PKAddPaymentPassViewController can not be created" Environment: Xcode 16 iOS 18 Real device: iPhone (tested via TestFlight / Distribution build) Card network: Mastercard What we've verified: com.apple.developer.payment-pass-provisioning entitlement is set to YES in our .entitlements file The entitlement is confirmed present in our Development provisioning profile via security cms -D -i embedded.mobileprovision | grep payment-pass → returns <true/> PKAddPaymentPassViewController.canAddPaymentPass() returns true on the device The card is NOT already in Apple Wallet (0 local/remote Secure Element passes) All provisioning data is present and valid (encryptedPayload, authorizationCode, primaryAccountSuffix, cardholderName) The external SDK is configured successfully at app launch Diagnostic logs from TestFlight build: canAddPaymentPass: true Local SE passes: 0 Remote SE passes: 0 suffix: 6165 name: [redacted] encryptedPayload length: 1130 authCode length: 514 scheme: Mastercard Card already in Wallet: false Error: internalInconsistency("PKAddPaymentPassViewController can not be created") Testing matrix: Environment Result Simulator Mock sheet appears (not a real test) Device + Debugger attached PKAddPaymentPassViewController error Device + Debugger detached (Dev build) SDK error 903: "device environment unsafe" TestFlight (Distribution) PKAddPaymentPassViewController cannot be created Questions: Can PKAddPaymentPassViewController fail to be created even when canAddPaymentPass() returns true? What other conditions could cause this? Is there a way to verify that the Distribution provisioning profile correctly includes the payment-pass-provisioning entitlement after it has been approved by Apple? Are there any additional Apple Pay entitlements or configurations (e.g., Wallet merchant setup, pass type identifiers) required beyond com.apple.developer.payment-pass-provisioning for In-App Provisioning to work? Does regenerating the Distribution provisioning profile on Apple Developer Portal resolve cases where entitlements were added after the profile was originally created? Any guidance would be greatly appreciated. Thank you.

Apple Sandbox is not available in India, also Apple Pay itself is not supported by Indian Banks. How can I still test using Apple Pay sandbox in India? I am trying to add test cards on my iPhone and it fails to add it. It tries to connect to Issuer, which it should not for sandbox Apple Id. Can anyone help how to achieve this?

I have some questions related to MPAN. What is the format of an MPAN? Is it the same as DPAN? Is it PAN preserving format? Is a Cryptogram required and if yes, what kind of cryptogram? Is it the same format as DPAN? Thanks in Advance!

Hi, I’ve been trying to integrate Apple Pay, but for some reason, the payment button is not showing up. The project is built with Laravel 11 and Vue. I imported the script as follows: <script crossorigin crossorigin src="https://applepay.cdn-apple.com/jsapi/1.latest/apple-pay-sdk.js" ></script> Then I added the following the steps: <style> apple-pay-button {{ --apple-pay-button-width: --apple-pay-button-width: 150px;; --apple-pay-button-height: --apple-pay-button-height: 30px;; --apple-pay-button-border-radius: --apple-pay-button-border-radius: 3px;; --apple-pay-button-padding: --apple-pay-button-padding: 0px 0px;; --apple-pay-button-box-sizing: border-box; } </style> <apple-pay-button buttonstyle="black" type="plain" locale="en-US"></apple-pay-button> I followed all the steps from the official Apple Pay demo: https://applepaydemo.apple.com/ I also configured the Content Security Policy (CSP) to allow all necessary resources. However, when I test my integration, the button doesn’t appear. I’ve checked the console, but there are no errors. At the same time, I have my certificate imported into the Keychain, and I’ve completed the entire process of creating both the certificate and the private key. However, when I try to validate the session using the certificate and key with Apple’s API, I get an error: 400 The SSL certificate error https://apple-pay-gateway-cert.apple.com/paymentservices/

We have an app that uses the pass-presentation-suppression entitlement and calls requestAutomaticPassPresentationSuppression to prevent the Wallet app from being presented when the device is displaying a barcode to a barcode/nfc reader. This works as expected for users of the standard Apple Wallet app. However, it does not prevent third-party wallet apps from being launched, which hides the barcode and prevents it from being scanned properly. What options do I have to prevent third-party wallet apps from launching or interfering while our app is actively presenting a barcode?

Hi everyone, I am new to Apply Pay, but I have already implemented IAP for subscriptions in my app. My app also has other functionalities, it also acts as a person-to-person marketplace, as users can post events or online courses which can be bought by other users to participate. My question is that I have read Apple's review guidelines but it is still unclear for me if I can use Apple Pay (with for example Stripe) or do I still need to use IAP for this online content. Also non profit organizations also can register which can recieve donations, can I also use Apple Pay for that or do I still need IAP there, because it would be nice if Apple would take 30% of donations.

To perform the integration, it must be done under the same domain that has been validated. Is it not possible to do it in a local environment? Could that be the reason why I can't display the button or complete the validation with the API?

Hello, We are currently developing an application that uses the Host-based Card Emulation (HCE) entitlement to enable corporate access functionality. With this entitlement, we have successfully established HCE communication and can interact with our access control systems to unlock doors. Our question is related to improving the user experience: We would like this access functionality to work without requiring the app to be in the foreground, as this adds friction for users during entry. Specifically, we would like to know: Is it possible for our app to coexist with Apple Wallet as the default contactless app, so that: Our app handles NFC interactions for corporate access (e.g., opening doors). Apple Wallet remains the default for payments. If that coexistence is not possible, and our app is set as the default contactless app, Will the system still need to launch our app into the foreground to complete a transaction (e.g., to emulate the NFC card)? Or is there a way to trigger HCE responses in the background (e.g., using a background process or service extension)? Any guidance on how to configure the app for optimal background access behavior, while maintaining compatibility with Wallet, would be greatly appreciated. Thank you in advance.

When I use my iPhone to scan the apple pay QR code in chrome, the url is https://applepaydemo.apple.com/apple-pay-js-api, I keep geting the "Service Unavailable" error. Wonder know if you guys meet this error as well? Btw, the QR code feature needs IOS 18.

Hello, We’re seeing an issue where the Apple Pay button is visible in Safari but not clickable for certain users, while it works normally for others. This happens on our site (https://store-qa2.enphase.com/ ) as well as on other sites for the same affected users. Currently, we display the Apple Pay button based on the following condition: Boolean(window.ApplePaySession) && ApplePaySession.canMakePayments(); For affected users, the button shows up as expected, but it’s not interactive. All users (both affected and unaffected) are on the latest versions of Safari and macOS/iOS. Could someone clarify what additional conditions Safari/Apple Pay requires for the button to be fully functional? And under what circumstances could it be visible but not clickable?

Why did my sandbox test fail due to not being able to obtain the product list?

I have a question regarding the file apple-developer-merchantid-domain-association.txt. I understand that this file is used during API access for Apple Pay Web payments. However, is it necessary for our company to access this file during the payment process? Also, this domain validation file is expected to be placed in the publicly accessible “.well-known” folder on our web server. Is it acceptable for this file to remain readable by third parties on the Internet, including Apple’s servers, without posing any security risks? Since this file is generated during domain registration on the Apple Developer site and is unique to our domain, we believe there should be no security concerns even if accessed by third parties. However, are there any specific security requirements for this domain validation file? Please note that the domain validation has already been successfully completed. We appreciate your time and look forward to your guidance. Best regards,

Hi, we are implementing the push provisioning via the Apple Wallet Extension starting from the example at https://developer.apple.com/documentation/passkit/implementing-wallet-extensions. To correctly manage the push provisioning on Apple Watch, specifically for a card tokenised in the iPhone but not in the Watch, we need to know if there is a connected Apple Watch to the iPhone. We are using the following code from the Apple Wallet Extension example to detect whether there is a connected watch: WCSession* session = [WCSession defaultSession]; session.delegate = delegate; [session activateSession]; In the main target of the app, at the end of the activation the system correctly calls the delegate method: session:activationDidCompleteWithState:error: but we noticed it is not being called in the UI extension context (the one having NSExtensionPointIdentifier: com.apple.PassKit.issuer-provisioning.authorization). We don't understand why the delegate is not being called in the UI extension, can you please help? Thanks! Steps to Reproduce: Start with a card not added in the Apple Wallet app Open the Apple Wallet app Click on add card Select the app to launch the Wallet Extension flow The Apple Wallet Extension with UI is on screen and invokes the activateSession method, the delegate method is not invoked and session.isPaired returns "no". Xcode Version 16.2 macOS Version 15.6.1 (24G90) Feedback ID FB20082564

I am facing an issue with Apple Pay js while doing the integration we are using reference https://applepaydemo.apple.com/apple-pay-js-api In this I can generate the merchantSession correctly But when I pass that merchantSession in session.completeMerchantValidation(merchantValidation) as per documentation It is getting failed and also no appropriate error is being shown in the console

When accessing https://applepaydemo.apple.com/payment-request-api, the "Approve with Side Button" prompt is displayed, but it does not appear when using our test domain. I implemented the Payment Request API based on the sample source code from the following URL. On an iPhone device, the Apple Pay payment screen is displayed, but the "Approve with Side Button" icon below the amount does not appear, and instead a spinning loading icon is shown continuously. Could you please help identify the cause? ■ Reference URL: https://applepaydemo.apple.com/payment-request-api ■ Changed parameter: "merchantIdentifier": "〇〇.dev" ■ Accessed domain: 〇〇test.com ■ Test device: iPhone 13 iOS: 18.4.1

Currently, on our Production environment, when calling https://apple-pay-gateway.apple.com/paymentservices/paymentSessio,n we are randomly receiving: "Payment Services Exception merchantId={Value} unauthorized to process transactions on behalf of merchantId={Value} reason={Value} is not a registered merchant in WWDR and isn't properly authorized via Mass Enablement, either." Since launching Apple Pay on our platform we have received a new Domain Verification File and looking at some of the Domain Verification File that are hosted on the domains they are different to ours. Questions around the Domain Verification File Would we have to update every single Domain Verification File every time we receive a new one ? Does the paymentSession verfiy/call the Domain Verification File on the domain listed at https://[DOMAIN_NAME]/.well-known/apple-developer-merchantid-domain-association ? What happens if the Domain Verification File doesnt match the one that we currently have ? Would we have to regrester our Domains everytime we get a new Domain Verification File ?

Hello, I am currently testing an Adyen integration with Sylius and need to verify Apple Pay with Cartes Bancaires in the sandbox environment. Could you please advise how Cartes Bancaires can be tested in Apple Pay Sandbox (e.g. cards details)? Thank you in advance for your guidance. Best regards, Grzegorz