---
title: Providing Merchant Validation
framework: applepayontheweb
role: article
role_heading: Article
path: applepayontheweb/providing-merchant-validation
---

# Providing Merchant Validation

Validate your merchant identity and receive a session object for each payment request.

## Overview

Overview As soon as the system displays the payment sheet, the Apple Pay JS API calls your session object’s onvalidatemerchant event handler to verify that the request is coming from a valid merchant. It passes the function an ApplePayValidateMerchantEvent object that contains the validation URL. important: The URL you receive can vary, so always use the URL provided in the validationURL property. Your server must provide allow-listed access to all the validation URLs, specified in Setting Up Your Server. In your onvalidatemerchant function: You call your server, passing it the URL from the event’s validationURL property. Your server uses the validation URL to request a session from the Apple Pay server, as described in Requesting an Apple Pay payment session. Never send the request for a merchant session from the client. In response, your server receives an opaque merchant session object. You pass the merchant session object to your Apple Pay session’s completeMerchantValidation method. You can use the merchant session object a single time. It expires five minutes after it is created.

## See Also

### Related Documentation

- [Configuring Your Environment](applepayontheweb/configuring-your-environment.md)
- [Setting Up Your Server](applepayontheweb/setting-up-your-server.md)

### Apple Pay session

- [Creating an Apple Pay Session](applepayontheweb/creating-an-apple-pay-session.md)
- [Requesting an Apple Pay payment session](applepayontheweb/requesting-an-apple-pay-payment-session.md)
- [ApplePaySession](applepayontheweb/applepaysession.md)