I have a question regarding the file apple-developer-merchantid-domain-association.txt.
I understand that this file is used during API access for Apple Pay Web payments. However, is it necessary for our company to access this file during the payment process?
Also, this domain validation file is expected to be placed in the publicly accessible “.well-known” folder on our web server. Is it acceptable for this file to remain readable by third parties on the Internet, including Apple’s servers, without posing any security risks?
Since this file is generated during domain registration on the Apple Developer site and is unique to our domain, we believe there should be no security concerns even if accessed by third parties. However, are there any specific security requirements for this domain validation file?
Please note that the domain validation has already been successfully completed.
We appreciate your time and look forward to your guidance.
Best regards,