Hello everyone,
I would like to register a merchant with a merchant identifier, calling https://apple-pay-gateway-cert.apple.com/paymentservices/registerMerchant, but I am getting a 401 error.
The payment processing certificate and the merchant identity certificate (with name merchant.com.identity.us.test) have already been defined on the apple account account.
I am executing this post request:
curl -v --cert-type P12 --cert keystore.p12:passwordForMyKeystore -d '{"domainNames":["my-test-domain.com","my-live-test-domain.com"], "partnerMerchantName":"TESTMERCH1", "partnerInternalMerchantIdentifier":"test-merch-partner", "encryptTo":"merchant.com.identity.us.test"}' -H "Content-Type: application/json" -X POST https://apple-pay-gateway-cert.apple.com/paymentservices/registerMerchant
The keystore.p12 I am using in the above post request, has been created with the identity certificate (merchant.com.identity.us.test) and with the private key created when generating the CSR.
The response I am getting is this one:
* ALPN: server accepted http/1.1
* Server certificate:
* subject: CN=apple-pay-gateway-cert.apple.com; O=Apple Inc.; L=Cupertino; ST=California; C=US; serialNumber=C0806592; jurisdictionStateOrProvinceName=California; jurisdictionCountryName=US; businessCategory=Private Organization
* start date: Jul 17 17:32:39 2023 GMT
* expire date: Oct 15 17:42:39 2023 GMT
* subjectAltName: host "apple-pay-gateway-cert.apple.com" matched cert's "apple-pay-gateway-cert.apple.com"
* issuer: C=US; O=Apple Inc.; CN=Apple Public EV Server RSA CA 1 - G1
* SSL certificate verify ok.
* using HTTP/1.1
> POST /paymentservices/registerMerchant HTTP/1.1
> Host: apple-pay-gateway-cert.apple.com
> User-Agent: curl/8.1.2
> Accept: */*
> Content-Type: application/json
> Content-Length: 304
>
< HTTP/1.1 401 Unauthorized
< x-keystone-correlationid: cdcf1cc6-1f6f-4b92-bd6c-245a602bcaa3
< content-type: application/json
< content-length: 87
< date: Thu, 05 Oct 2023 08:28:18 GMT
< x-envoy-upstream-service-time: 14
< x-apay-service-response-details: via_upstream
<
{
"statusMessage": "Payment Services Exception Unauthorized",
"statusCode": "401"
* Connection #0 to host apple-pay-gateway-cert.apple.com left intact
}
Have I done anything wrong in generating the Keystore?
Kind regards,
Antonio.
Apple Pay
RSS for tagDiscuss how to integrate Apple Pay into your app for secure and convenient payments.
Post
Replies
Boosts
Views
Activity
Hello,
I am getting a 401 when calling https://apple-pay-gateway-cert.apple.com/paymentservices/registerMerchant to register a merchant and link it to a merchant identity.
The merchant identity has been created, and both the merchant identity and the payment processing certificates have been created.
I have then dowloaded the merchant identity certificate from Apple, and create a keystore with the private key used to create the CSR.
The command I am issuing is the following:
curl -v --cert-type P12 --cert keystore.p12:passwordForKeystore -d '{"domainNames":["test-domain.com","live-domain.com"], "partnerMerchantName":"merchant-partner-name", "partnerInternalMerchantIdentifier":"merchant-partner-internal-identifier", "encryptTo":"merchant.identity.certificate.name"}' -H "Content-Type: application/json" -X POST https://apple-pay-gateway-cert.apple.com/paymentservices/registerMerchant
The response I am getting is the following:
* SSL certificate verify ok.
* using HTTP/1.1
> POST /paymentservices/registerMerchant HTTP/1.1
> Host: apple-pay-gateway-cert.apple.com
> User-Agent: curl/8.1.2
> Accept: */*
> Content-Type: application/json
> Content-Length: 304
>
< HTTP/1.1 401 Unauthorized
< x-keystone-correlationid: cdcf1cc6-1f6f-4b92-bd6c-245a602bcaa3
< content-type: application/json
< content-length: 87
< date: Thu, 05 Oct 2023 08:28:18 GMT
< x-envoy-upstream-service-time: 14
< x-apay-service-response-details: via_upstream
<
{
"statusMessage": "Payment Services Exception Unauthorized",
"statusCode": "401"
* Connection #0 to host apple-pay-gateway-cert.apple.com left intact
}
Has anyone had the same issue?
Hello,
I wanted to know the average response time to complete merchant validation and get the session so that we can configure the response timeout. We want to know this so that we can close the connection if Apple is not responding while making the merchant validation call.
Automatically presenting PassKit when approaching an NFC reader has been around for a while on iOS. Apple is already providing support to inhibit this behavior when using an app that has an approval-gated capability with the identifier com.apple.developer.passkit.pass-presentation-suppression.
The automatic presentation feature has been added in watchOS 10 without the offering of a similar inhibiting method. This is degrading the experience for watchOS 10 users in use cases where the Apple Watch is expected to be close to an NFC-enabled device.
I've noticed that the API is present in watchOS as well, although it's marked as unavailable. Calling requestAutomaticPassPresentationSuppressionWithResponseHandler: is always returning 0 (notSupported), and that might be due to the fact that including the capability breaks code signing.
I've opened a FB, was wondering what is the best way to better communicate this need to Apple engineering and product teams. (FB13234179)
Hi,
I created a bundle of passes using this doc: https://developer.apple.com/documentation/walletpasses/distributing_and_updating_a_pass and sent it as an attachment to an email. But when I try to open it with my iPhone (iOS 16), it doesn't suggest the add to wallet.
When I send each pass individually, there is no problem, they are added to my wallet.
Does anyone have any suggestions?
Trying to use Apple Pay with the Payment Request API, created a merchant validation with the following details:
URL: https://apple-pay-gateway.apple.com/paymentservices/startSession
Body: {"merchantIdentifier":"merchant.xxxxxxxxxxxxx","domainName":"labs.xxxxxxxx.com","displayName":"Mxxxxx"}
The response is:
cURL error 56: OpenSSL SSL_read: OpenSSL/1.1.1p: error:1409445C:SSL routines:ssl3_read_bytes:tlsv13 alert certificate required, errno 0
Any ideas why this could be?
As per Requesting an Apple Pay Payment Session, i have got a session from Apple's Server, i am passing the same in the completeMerchantValidation function, still the Payment Sheet keeps on processing. After timeout interval it gets closed automatically.
I am using Sandbox Account and Production Environment.
What could be the reason for this?
Hi,
the certificate apple-pay-gateway.apple.com (https://developer.apple.com/documentation/apple_pay_on_the_web/setting_up_your_server) used for payments has expired :
Server Key and Certificate #1
Subject apple-pay-gateway.apple.com
Fingerprint SHA256: 19a1e3eeb0b13c3aefe03d4c02de6befb4200430ead97ee4150b3e0eaad89ec6
Pin SHA256: 38yRXBg6sU+IsJldFjKUj6TwTqkbVymXhyvMBWxMtV0=
Common names apple-pay-gateway.apple.com
Alternative names cn-apple-pay-gateway-tj-pod2.apple.com apple-pay-gateway-nc-pod1.apple.com apple-pay-gateway-nc-pod4.apple.com apple-pay-gateway-sh-pod2.apple.com cn-apple-pay-gateway-pr-pod3.apple.com apple-pay-gateway-pr-pod3.apple.com apple-pay-gateway-nc.apple.com apple-pay-gateway-tj-pod1.apple.com apple-pay-gateway-tj-pod2.apple.com apple-pay-gateway-pr-pod5.apple.com cn-apple-pay-gateway-nc-pod4.apple.com cn-apple-pay-gateway-pr-pod1.apple.com cn-apple-pay-gateway-sh-pod3.apple.com cn-apple-pay-gateway.apple.com cn-apple-pay-gateway-tj-pod3.apple.com apple-pay-gateway-nc-pod2.apple.com apple-pay-gateway-pr-pod1.apple.com apple-pay-gateway-pr-pod4.apple.com apple-pay-gateway-sh-pod3.apple.com cn-apple-pay-gateway-sh-pod1.apple.com cn-apple-pay-gateway-nc-pod3.apple.com cn-apple-pay-gateway-pr-pod2.apple.com apple-pay-gateway-nc-pod3.apple.com apple-pay-gateway-pr-pod.apple.com apple-pay-gateway-nc-pod5.apple.com apple-pay-gateway-tj-pod3.apple.com cn-apple-pay-gateway-pr-pod4.apple.com apple-pay-gateway-sh-pod1.apple.com cn-apple-pay-gateway-nc-pod5.apple.com apple-pay-gateway-pr-pod2.apple.com cn-apple-pay-gateway-sh-pod.apple.com cn-apple-pay-gateway-nc-pod1.apple.com apple-pay-gateway.apple.com cn-apple-pay-gateway-nc-pod2.apple.com cn-apple-pay-gateway-sh-pod2.apple.com apple-pay-gateway-pr.apple.com cn-apple-pay-gateway-tj-pod1.apple.com apple-pay-gateway-nc-pod.apple.com
Serial Number 0b2ffee60fc2a32e5046bf43075c1f89
Valid from Tue, 18 Jul 2023 10:53:06 UTC
Valid until Mon, 16 Oct 2023 11:03:06 UTC (expired 38 minutes and 13 seconds ago) EXPIRED
Trusted : No NOT TRUSTED
can I use the Apple Pay Sandbox in Jordan, to add test cards for VISA and MASTER cards?
I would like to renew Apple Developer Program, but cannot change the credit card information, pop up "cannot update....please contact support" when I update credit card information and submit, please advise.
ApplePay.tsx
Sometimes when we load the Apple sheet for the first time, the onshippingcontactselected is not called at all, although there is a default address selected, when we try again it works.
In some cases as well the Apple sheet freezes, all the buttons become un clickable.
There are no errors.
I'm testing on Mac version 11.5.2.
please see the attached the code.
During the period from 2023/10/16 19:07 to 21:03, when I called the validationURL, I received an error message stating "certificate has expired."
I verified that my merchant identity certificate is not set to expire until 2024.
Additionally, validation has been successful at other times. What could be the issue?
Hi Apple released external payment for some new regions
https://developer.apple.com/documentation/storekit/external_purchase
but i don't fully undersant, can i use in one application for allowed region, external payment link, for all others Apple pay. Don't found clear explanations of that
I am trying to add girocard in my wallet Sandbox from our app but I am getting an error like in screenshot. Even through PKAddPaymentPassRequestConfiguration is correct, I can't continue provisioning.
In that webpage, there is only information regarding credit cards. https://developer.apple.com/apple-pay/sandbox-testing/
Can you please help me regarding that issue?
guard let addPaymentPassRequestConfiguration = PKAddPaymentPassRequestConfiguration(
encryptionScheme: .ECC_V2
) else { return }
addPaymentPassRequestConfiguration.style = .payment
addPaymentPassRequestConfiguration.cardholderName = debitCard.cardholder
addPaymentPassRequestConfiguration.primaryAccountSuffix = String(girocard.cardNumber.suffix(4))
addPaymentPassRequestConfiguration.localizedDescription = girocard.cardType.cardDisplayName
addPaymentPassRequestConfiguration.paymentNetwork = .girocard
guard let addPaymentPassViewController = AddPaymentPassViewController(
requestConfiguration: addPaymentPassRequestConfiguration,
delegate: self
) else { return }
let addPaymentPassRequest = PKAddPaymentPassRequest()
addPaymentPassRequest.encryptedPassData = giroCardPaymentPassData.encryptedData
addPaymentPassRequest.activationData = giroCardPaymentPassData.activationData
addPaymentPassRequest.ephemeralPublicKey = giroCardPaymentPassData.ephemeralPublicKey
handler(addPaymentPassRequest)
The domains registered for several of my merchant ID's had their status changed to “Pending” in some moment, but I didn’t receive any alert.
We just realized that this happened when there was a payment attempt and it was denied.
How can this be avoided in the future?
Is there some email registered to receive messages alerting for these changes?
Can I update it?
Hi,
I was wondering if it's possible to use our API (backend app) in between my website (frontend app) and Apple servers.
This means having a website (frontend app) with all the logic to present the Apple Pay button and handle ApplePaySession events, on the click to pay it communicates with our API (backend app), and that will communicate with Apple servers. Receiving the response and send it back to the front-end website.
With Merchant Identity Certificate set up for the API, and assuming that for the Domain validation, we need only the API domain as well.
As an example let's say that the website runs on https://website.example.com and the API on https://api.example.com, both as HTTPS. So the flow would be:
Website (frontend app) <-> API (backend app) <-> Apple server
Is this implementation possible?
Thanks!
Hi Team
I am trying to integrate apple pay into my system but session.completeMerchantValidation() is failing
Error
For generating merchant session I am using this url
https://apple-pay-gateway-cert.apple.com/paymentservices/paymentSession
In response i am getting merchant session but after passing that merchant session I am getting error as mentioned above in the image
I am stuck since 2 weeks but not getting any solution, your quick response will clear my blocker
Regards
Rutvij Doshi
I have troubles sometimes (with slow internet connections) when the customers clicks on my Buy Now button, i got the error "Must crerate a new ApplePaySession from a user gesture hanlder..."
I removed some logics to shipping to nt make this too long, but essentially my code is:
export default function ApplePayButton({setLoadingApple}) {
// Effects
React.useEffect(() => {
// listen click
const button = document.querySelector('apple-pay-button')
if(button){
button.addEventListener('click', startApplePaySession)
}
return () => {
button.removeEventListener('click', startApplePaySession)
}
}, [])
// Methods
const selectStep = step => {
// Check if step is available
if (state.steps.allowed >= step) {
dispatch({
type: 'UPDATE_STEPS',
data: {
...state.steps,
current: step
}
})
}
}
const startApplePaySession = () => {
const apple = window.buckedup.payment_extensions.find(extension => extension.code === 'apple_pay')
if (window.ApplePaySession && apple) {
setLoadingApple(true)
let clientToken
if (window.braintree_config) {
const {
token
} = window.braintree_config
clientToken = token
}
window.braintree.client.create({
authorization: clientToken
}, (clientErr, clientInstance) => {
if (clientErr) {
setLoadingApple(false)
console.error('Error creating client:', clientErr)
return
}
window.braintree.applePay.create({
client: clientInstance
}, (applePayErr, applePayInstance) => {
if (applePayErr) {
setLoadingApple(false)
console.error('Error creating applePayInstance:', applePayErr)
return
}
const amount = state.totals.amount_due.amount
const appleSession = window.ApplePaySession
// Build request object
const request = applePayInstance.createPaymentRequest({
'countryCode': 'US',
'currencyCode': 'USD',
'merchantCapabilities': [
'supports3DS',
'supportsDebit',
'supportsCredit'
],
'shippingMethods': [],
'shippingType': 'shipping',
'supportedNetworks': [
'visa',
'masterCard',
'amex',
'discover'
],
'requiredBillingContactFields': [
'postalAddress',
'name'
],
'requiredShippingContactFields': [
'postalAddress',
'name',
'phone',
'email'
],
'total': {
'label': 'Bucked Up',
'amount': amount,
'type': 'final'
}
})
// Define ApplePayPaymentRequest
const session = new appleSession(3, request)
// Validate merchant
session.onvalidatemerchant = async event => {
// Do request
const response = await getApplePay()
applePayInstance.performValidation({
validationURL: event.validationURL,
displayName: 'Bucked Up'
}, (err, merchantSession) => {
if (err) {
setLoadingApple(false)
return
}
session.completeMerchantValidation(response.data)
setLoadingApple(false)
})
}
// Validate payment method
session.onpaymentmethodselected = async event => {
// Update totals
const totals = await postApplePayment()
const update = {
'newTotal': {
'label': 'Bucked Up',
'amount': totals.data.amount_owed
}
}
session.completePaymentMethodSelection(update)
}
// Request to track shipping user data
session.onshippingcontactselected = async event => {
// Extract user available
const dataShipping = event.shippingContact
let body
// Do first request to checkout endpoint
const responseData = await shippingService(body)
if (responseData.success) {
// Get Shipping methods
const body = {
combined_shipments: true
}
const responseMethods = await getMethods(body)
if (responseMethods.success) {
const methods = responseMethods.data.shipments
// Do request to update totals
const responseTotals = await postApplePayment()
const update = {
'newTotal': {
'label': 'Bucked Up',
'amount': responseTotals.data.amount_owed
},
'newShippingMethods': mappedMethods
}
session.completeShippingContactSelection(update)
}
}
}
// Authorize purchase
session.onpaymentauthorized = async (event) => {
applePayInstance.tokenize({
token: event.payment.token
}, async (tokenizeErr, payload) => {
if (tokenizeErr) {
console.error('Error tokenizing Apple Pay:', tokenizeErr)
session.completePayment(appleSession.STATUS_FAILURE)
return
}
const nonce = payload.nonce
const billing = event.payment.billingContact
const shipping = event.payment.shippingContact
const body = {
shipping,
billing
}
const response = await patchApplePayment(body)
if (response.success) {
// Process payment
const bodyBraintree = {
apple_pay: true,
payment_method_nonce: nonce
}
const responseBraintree = await postBraintree(bodyBraintree)
if (responseBraintree.success) {
// Define ApplePayPaymentAuthorizationResult
const result = {
'status': appleSession.STATUS_SUCCESS
}
session.completePayment(result)
location.href = `${API_URL}checkout/thank-you`
}
}
})
}
session.oncancel = (event) => {
console.log(event, 'session cancel')
setLoadingApple(false)
selectStep(1)
}
session.begin()
}
)
})
}
}
return (
<apple-pay-button buttonstyle='black' locale='en' type='plane' />
)
}
I've implemented Apple Pay in our app and I'm wondering if there is a webhook or some form of callback that I can register with to ensure I always get the response.
【Event】
The Apple Pay certificate will expire.
Used to encrypt Apple Pay tokens.
We use stripe.
【Steps】
Download the .certSigningRequest (CSR file) from Stripe (on the Stripe dashboard).
Select the merchant ID to add to this certificate, click 'Create Certificate' in the Apple Pay Payment Processing Certificate section (on Apple).
When prompted to upload a certificate signing request, select the .certSigningRequest file you have downloaded and proceed to download.
Verify that the details of the certificate are correct, and download the certificate locally.
Upload the new certificate file on Stripe.
Go back to Apple’s Developer Center, select the MerchantID and activate the Apple Pay Payment Processing Certificate (Apple Pay settlement processing certificate) you created.
【Question】
I would like to understand the method for rolling back in case the update of the certificate unexpectedly fails. I am contemplating the following measures; would they be feasible?
Preserve the old certificate
Reactivate the old certificate once more
Additionally, do you have any other proposals?