Updating Apple Pay cards results in Authorization Exception

[calvinl]

General information

• SDK/Library version: 3.35.0

• Environment: Sandbox, unsure about production

• Language, language version, and OS: PHP 5.6.33, Ubuntu & Amazon Linux

Issue description

When trying to update a payment method, specifically Apple Pay Card methods using the following:

$token = 'aka12p'; // an apple pay token
$gateway->paymentMethod()->update($token, [
    'options'=> [
        'makeDefault'=>true, 
        'verifyCard'=>false
    ]
]);

Responds with:

Braintree\Exception\Authorization with message ''

Full Stack Trace (from a Laravel application):

in Util.php line 59
at Util::throwStatusCodeException('403') in Http.php line 72
at Http->put('/merchants/[redacted]/payment_methods/any/[redacted]', array('payment_method' => array('options' => array('verifyCard' => false, 'makeDefault' => true)))) in PaymentMethodGateway.php line 231
at PaymentMethodGateway->_doUpdate('/payment_methods/any/[redacted]', array('payment_method' => array('options' => array('verifyCard' => false, 'makeDefault' => true)))) in PaymentMethodGateway.php line 91
at PaymentMethodGateway->update('[redacted]', array('options' => array('verifyCard' => false, 'makeDefault' => true))) in MemberController.php line 1079
at MemberController->make_default(object(Request))
at call_user_func_array(array(object(MemberController), 'make_default'), array(object(Request))) in Controller.php line 80
at Controller->callAction('make_default', array(object(Request))) in ControllerDispatcher.php line 146
at ControllerDispatcher->call(object(MemberController), object(Route), 'make_default') in ControllerDispatcher.php line 94
at ControllerDispatcher->Illuminate\Routing{closure}(object(Request))

This works fine with non-apple pay payment tokens. Is there something else I need to pass to update Apple Pay cards?

[Epreuve]

@calvinl I'd be happy to take a look at this. Could you provide the actual token you're using when you receive these exceptions? The token is fine to share given it's a sandbox, and additionally it can't be used by anyone without your merchant Id, public & private keys.

We can then take a look and see what might be the case here.

[calvinl]

@Epreuve thanks! Here's the token: kcpp43

[Epreuve]

Hey @calvinl Our support team let us know they received your email and are going to look into this for you.

While this doesn't appear to be an issue with the SDK specifically, I agree this seems inconsistent in behavior. I'm going to keep this issue open until our support team can take a look into this for you and we'll act accordingly based on their findings if necessary.

[calvinl]

@Epreuve Thank you! Appreciate the speedy responses.

[Epreuve]

In case anyone finds their way here in a similar situation, there are some limitations on using payment methods such as Apple Pay and Google Pay with the Braintree Vault.

Since the guidelines for these payment methods are such that the customer should authorize each transaction individually, setting these payment methods as default to be used with future transactions is prevented.

There is the ability to use these same payment methods for subscriptions, however this does not require the payment method token to be a default. Subscriptions also differ in that they will typically be a set amount per month, as opposed to a varying amount per transaction. There are grey areas around usage based subscriptions, and ultimately the respective companies behind the payment method can choose to decline such subscription based transactions.

We're looking into the best way to clarify this in the documentation to explain this behavior, and also possibly provide a more descriptive message/error rather than simply a 403.