6

I'm working with a web application that allows our customers to integrate with Apple Pay on the web. The customers setup their own Apple Pay merchant accounts, a third party handles the actual payment processing, but our servers are responsible for web hosting and obtaining the payment sessions.

Sporadically for some customers, we receive a 400 error when obtaining the payment session, with a message of:

Payment Services Exception merchantId={id} unauthorized to process transactions on behalf of merchantId={id} reason="{id} never authorized mass enablement transactions to occur via {id}"

(Here all the {id} values will be the same).

Despite sounding like a configuration issue with the account, this will only affect some otherwise identical requests. (Same domain, merchant identity, etc.) It affects some customers but not most; when it does affect a customer, somewhere between 10% to 50% of the session requests will fail in this manner. We have several customers never hitting this error even after processing thousands of transactions.

The phrase "mass enablement" doesn't seem to show up in apple's documentation, and the exact phrase "never authorized mass enablement transactions to occur" produces no results at all when searching the web. The closest I can find is this thread on Apple's developer forums but its not an exact match, and has no answers in any case.

Has anyone seen this error and resolved it?

(I'm also pursuing this matter via Apple support; if that eventually proves fruitful I'll update with an answer.)

starwed
  • 2,536
  • 2
  • 25
  • 39
  • I have the same exact issue that recently started occurring in our production environment with respect to "never authorized mass enablement transactions" error. Please do provide an update when you can. Surprising there is no actual documentation on this or how to enable mass transactions – Patrick G. Dec 16 '20 at 20:53
  • Any update? Are you still encountering this issue? I ran some test transactions on my end that were identical and some return 400 while others will return 200. I used the same test device and kept all configurations (merchant identitfier and certificate) the same. – Patrick G. Dec 18 '20 at 16:50
  • @Patrick_870206 I'm not seeing it as an ongoing issue for any merchants right now, but am following up with Apple support to see if they can explain what happened. I'll update with an answer if that yields anything useful. (I got redirected to different branches of support twice, but now seem to be talking to someone how might be able to help?) – starwed Jan 14 '21 at 23:12
  • Hey @starwed, any update on this? Were you able to figure it out? – Nicholas Kajoh Jul 06 '21 at 11:16
  • 2
    @NicholasKajoh No -- I opened a code level support ticket with Apple, however after I provided some additional details they asked for, they simply stopped responding to the ticket. :| I've seen it a couple of additional times since then, but it seems fairly rare. My assumption is that this is a bug on their end of some sort. – starwed Jul 11 '21 at 17:32

3 Answers3

0

This happens when a domain has been registered to a merchant using Apple Pay's Mass Enablement API.

The domain (not the merchant ID) will need to be deregistered by whoever claimed the URL before you are able to proceed, although I would expect Apple Pay's support team would also be in a position to remove the registration for you.

https://developer.apple.com/documentation/applepaywebmerchantregistrationapi

Westie
  • 427
  • 3
  • 12
  • Hmm, (1) I can't the phrase "mass enablement" anywhere in apple's documentation, so I'm not sure what API you're referring to, and (2) if this was the cause, why would I see things like only 10 out of 100 identical requests fail? – starwed Apr 21 '21 at 19:04
  • https://developer.apple.com/documentation/applepaywebmerchantregistrationapi - hope this helps you @starwed – Westie May 02 '21 at 08:54
0

I got this error when using my localhost (not registered for Apple Pay) as the front end of the website making a session token request via the back end whose domain had been registered for Apple Pay.

David
  • 895
  • 8
  • 12
0

There are few things that needs to be considered here:

  1. Are you using the correct TLS config (the cert and the key) to make the request ?
  2. Are you using the correct merchant validation file send to you while approving mass enablement for the merchant ?

Once you confirm on these 2 things, there's a hole in the documentation provided by apple. After hitting https://apple-pay-gateway.apple.com/paymentservices/registerMerchant with above proper config and data this requires a param called partnerInternalMerchantIdentifier this is a unique merchant id that you can use on your end. register merchant

By default, to get a payment session (https://apple-pay-gateway.apple.com/paymentservices/paymentSession) we might send the primary merchant id that we use for merchant registration in above API which is fair as per their docs. docs

But to make it work we need to send the partnerInternalMerchantIdentifier which we sent in the above API. This acts as a sudo merchant id to get payment sessions. Get payment session for newly registered domain

somesh koli
  • 1
  • 2