#mak_api
lament lionBOT
π Welcome to your new thread!
β²οΈ We'll be here soon! Typically we respond in a few minutes, but sometimes we might take a bit longer if the server is busy or if you have a particularly tricky question.
β±οΈ We close idle threads, which makes them read-only. Once a thread is closed it won't be reopened, but you can always start a new thread if you have another question.
π This thread will always be available, even after it's closed. You can find it again using Discord's search, or you can save this link: https://discord.com/channels/841573134531821608/1478735194159714324
π Have more to share? Add more details, code, screenshots, videos, etc. below.
frozen vine
π Hi there! Let me take a look
I'm not certain whether these are Stripe IP addresses. They're both on AWS, but not listed here at least: https://docs.stripe.com/ips
Does Apple have documentation saying that they make these checks from a specific IP range?
I'm not finding any mention of these IP addresses on our side so far. When did you receive the requests from these addresses?
snow palm
Does Apple have documentation saying that they make these checks from a specific...
we received lot of requests(well-know) from these IPs. not sure if these APIs were triggered when apple pay payment was initiated.
snow palm
Does Apple have documentation saying that they make these checks from a specific...
No. as far as we checked
frozen vine
Ah, ok. But as far as I can see, it's not something that's coming from Stripe
lament lionBOT
snow palm
ok. i have one more question
long rampart
π Sure, fire away
snow palm
Letβs consider the following use case:
We plan to use an additional processor alongside Stripe for Apple Pay.
Processor 1 β Stripe:
We received a domain verification file from Stripe that must be hosted on our server. It should be publicly accessible at the following path:
/.well-known/apple-developer-merchantid-domain-association
Processor 2 β Another Processor:
We also received a domain verification file from this processor, which must be hosted on the same server and be publicly accessible at the same path:
/.well-known/apple-developer-merchantid-domain-association
As shown above, we now have two different domain verification files, each containing different content, but both are required to be hosted at the same path on our server.
Since Apple does not provide any parameter in this API to indicate which processor is initiating the verification request, how should we determine which file to return?
long rampart
I believe this is a one-time verification, so if Apple has already performed the validation for one processor, it should be safe to replace the file contents with the one required for verifying the second one
snow palm
Thanks for clarification. But we are constantly receiving verification requests from above mentioned IPs, any idea on that?
long rampart
No idea, I'm afraid. As aaran mentioned, they don't appear to be Stripe IPs