Apple Pay domain verification


I am trying to verify my domain for apple pay.
I’ve uploaded the verification file over 24 hours ago.
The status in my developer dash board is still ‘pending’

Is there something I am missing here?


:wave: The verification process is basically instant once the certificate is uploaded to the domain. If it’s still pending that means that the certificate isn’t correctly uploaded to the domain you configured. :slightly_smiling_face:

I assumed it would be instant.

When I visit I can see the contents of the verification file I uploaded.

Can you please check it out on your end, my application ID is sq0idp-x-CwkpTMmJ0P88m_FgfQIQ

So the certificate is displayed on the screen when you visit the /.well-known/apple-developer-merchantid-domain-association? It should trigger a download of the certificate if it’s uploaded in the right place. :slightly_smiling_face:

Yes, the contents of the file are displayed in my browser

I don’t want to post the actual link to my site on here, but it is there…

I should instead trigger a download not just display the contents. :slightly_smiling_face:

Okay so its a server configuration problem on my end.

I’ll work on it here

Hi Bryan,
I’ve added the verification and it’s showing on-screen, too.
I reached out to my server host and they’ve said that because it’s a readable file, it’ll show on-screen. I told them that it was expected to download and they said that’ll happen in the case of something like a .zip file.

So…what next?

The file shouldn’t be added as a zip file. You’ll want to make sure that the file is accessible when navigating to YOUR_DOMAING.well-known/apple-developer-merchantid-domain-association. :slightly_smiling_face:

It certainly IS accessible and showing on-screen. You mentioned to another user earlier that is SHOULDN’T show on-screen but, instead, trigger a download.

So, as mine IS accessible but only shows on-screen rather than triggering a download, what now?

Have you reached out to the domain provider to see if they need to you add the certificate a different way? :slightly_smiling_face:

If it’s showing in the browser with the path given above, it should be available for verification. The URL has to be an https URL from memory, so also worth checking that.

If verification is failing, I’d check to see what URL is being verified in the webserver access log; it could be verifying the wrong URL, the cert could be in the wrong place etc - you’ll be able to see the hit and the result (http status code, eg: 200, 403 etc). These two should be enough to get you going but please do update the thread.

Here’s the link:

My host doesn’t seem to think there’s an issue.

Do you have any additional security on the domain that could be blocking Square from seeing the certificate? I noticed I had to verity I was human when going to the above link. If you have additional security enabled does disabling it verify the domain? :slight_smile:

Cloudflare is attempting human verification on the link when it first appears. This will be blocking the attempt to verify. I’m thinking the best way to solve this is to talk to Cloudflare, you may be able to whitelist the Square IPs or whitelist the URL; Cloudflare should be able to advise.

I’m guessing you have some form of high-verification turned on, Cloudflare doesn’t normally verify everything.

ps: this looks like a list of IPs that Apple uses to verify; you might even to be able to whitelist * as that wouldn’t need maintenance over time (remember, this list might change as time goes on):