Get your free and exclusive 80-page Banking Passkey Report

How does Apple’s SPC limitation block passkey checkouts?

Apple's limited SPC support in Safari prevents unified, frictionless cross-browser passkey checkout experiences. Learn how this affects payments.

Vincent Delitz

Vincent

Created: April 8, 2025

Updated: August 13, 2025

secure payment confirmation apple limitations

payment provider passkeys third party sdk

Read the full article

Learn how to create cross-origin passkeys as a payment provider. Compare iframe vs. redirect, offer Apple Pay-level UX & use analytics for higher adoption.

Read the full article

Read by 5,000+ security leaders.

How does Apple’s limited support for Secure Payment Confirmation (SPC) block a unified cross-browser passkey checkout?#

Apple’s limited support for Secure Payment Confirmation (SPC) significantly impacts the ability of payment providers to deliver a unified, seamless passkey checkout experience across different browsers. SPC, a web standard led by Google, is designed to standardize how payment providers authenticate users across multiple merchant sites, ensuring a frictionless and secure payment process similar to native solutions like Apple Pay.

Key limitations caused by Apple's approach#

Cross-Origin Restrictions#

Safari blocks passkey creation (navigator.credentials.create()) in cross-origin iframes. While authentication using existing passkeys is permitted, the inability to create new passkeys within embedded third-party contexts severely disrupts a smooth user experience during checkout.

No SPC Adoption in Safari#

Apple has not implemented SPC in Safari, likely as a strategic decision to keep Apple Pay as the preferred payment method within its ecosystem. Consequently, payment providers are forced into using alternative, less unified methods such as redirects or relying on passkeys previously established on their own domains.

Impact on User Experience#

Users experience increased friction as they're redirected away from merchants’ websites or are required to undergo additional steps, negatively affecting conversion rates and checkout fluidity.

WhitepaperEnterprise Icon

60-page Enterprise Passkey Whitepaper:
Learn how leaders get +80% passkey adoption. Trusted by Rakuten, Klarna & Oracle

Get free Whitepaper

How payment providers manage this limitation#

Hybrid Approaches:

  • Providers often use iframe-based methods for browsers supporting SPC and redirects for Safari to ensure compatibility.
  • Native apps rely on system browser sessions like ASWebAuthenticationSession (iOS) or Chrome Custom Tabs (Android) to bypass embedded WebView constraints.

By strategically addressing these barriers, payment providers can still offer robust passkey authentication solutions, although the friction introduced by Apple's restrictions remains a significant challenge to achieving a truly unified, cross-browser checkout experience.

Read the full article#

payment provider passkeys third party sdk

Read the full article

Learn how to create cross-origin passkeys as a payment provider. Compare iframe vs. redirect, offer Apple Pay-level UX & use analytics for higher adoption.

Read the full article

Read by 5,000+ security leaders.

Learn more about our enterprise-grade passkey solution.

Learn more

Share this article


LinkedInTwitterFacebook

Related FAQs

Related Terms