elder sparrow
Hello,
I'm integrating Apple Pay merchant validation into a Cloudflare Worker and running into an issue with the mTLS binding. When making the merchant validation request to Apple's gateway, I receive an empty 500 response with no body or error details.
Environment:
- Pure Cloudflare Worker (no frameworks)
- mTLS cert uploaded via wrangler mtls-certificate upload --cert cert.pem --key key.pem
- Binding configured in wrangler.toml with [[mtls_certificates]]
- Cert is valid, not expired, correct merchant ID
The request:
const res = await env.APPLE_PAY_MTLS.fetch('https://apple-pay-gateway.apple.com/paymentservices/startSession', { method: 'POST', headers: { 'Content-Type': 'application/json' }, body: JSON.stringify({ merchantIdentifier: 'merchant.com.xxx.applepay', displayName: 'My Store', initiative: 'web', initiativeContext: 'checkout.mydomain.com', }), });
What we've ruled out:
The binding is present and shows as [object Fetcher], not null/undefined
The exact same cert and request body succeeds in Postman
The exact same cert works in C# using X509Certificate2
Tested in both a pure Worker and an OpenNext/Cloudflare Worker — same result either way
This leads us to believe the mTLS binding is not correctly presenting the client certificate to Apple's gateway. Has anyone run into this or is there something specific required for Apple Pay merchant validation?
carmine whale
devout jackal