Hello, we have problem. Kind regards, -Martin

Hello, we are experiencing issues with adding VISA cards via In-App Provisioning on iOS using PassKit. The same flow works correctly with Mastercard, but for VISA cards the Apple broker endpoint returns HTTP 500. Details Device: iPhone15,3 (iPhone 15 Pro), iOS 18.6.1 (22G90) Region: CZ App: [REDACTED] (version 0.4.3) Issuer ID: [REDACTED] Merchant ID and entitlements are configured and validated. SEID: [REDACTED] Request flow GET /broker/v4/devices/{SEID}/issuerProvisioningCertificates?encryptionVersion=EV_ECC_v2 Request ID: B61363A8-0BFF-4CD6-92BC-52C461DFFAAD Response: 200 OK Conversation ID: e12c64c9a0b54981adfad8d00800d836 Returned nonce: [REDACTED] Timestamp: 2025.08.21_14-01-46+0200 POST /broker/v4/devices/{SEID}/cards Request ID: F29B73CA-CDDE-4C0C-9F40-B87AE006FDDD Payload fields present (values redacted): encryptedCardData [REDACTED], ephemeralPublicKey [REDACTED], publicKeyHash [REDACTED], nonce [REDACTED], issuerIdentifier [REDACTED], encryptionVersion=EV_ECC_v2 Response: 500 Internal Server Error (latency ~0.41s) Timestamp: 2025.08.21_14-01-47+0200 Observation Provisioning succeeds with Mastercard but consistently fails with VISA. The GET issuerProvisioningCertificates succeeds; the POST …/cards returns 500. Request Could you please: Provide internal error details for Request ID F29B73CA-CDDE-4C0C-9F40-B87AE006FDDD (and/or Conversation ID e12c64c9a0b54981adfad8d00800d836), Confirm whether the 500 originates before or after the broker’s call to VTS (Visa Token Service), and Validate that our app/merchant/issuer configuration is fully enabled for VISA push provisioning in our region. Attached privately: sysdiagnose with full traces (can share via secure channel upon request). Kind regards, Martin

Hi all, I’m building a password manager app for iOS. The app implements an ASCredentialProviderExtension and has the entitlement com.apple.developer.authentication-services.autofill-credential-provider. From a UX perspective, I’d like to help users enable my app under: Settings → General → AutoFill & Passwords What I’ve observed: Calling UIApplication.openSettingsURLString only opens my app’s own Settings page, not the AutoFill list. Some apps (e.g. Google Authenticator) appear to redirect users directly into the AutoFill Passwords & Passkeys screen when you tap “Enable AutoFill.” 1Password goes even further: when you tap “Enable” in 1Password App, it shows a system pop-up, prompts for Face ID, and then enables 1Password as the AutoFill provider without the user ever leaving the app. Questions: Is there a public API or entitlement that allows apps to deep-link users directly to the AutoFill Passwords & Passkeys screen? Is there a supported API to programmatically request that my app be enabled as an AutoFill provider (similar to what 1Password seems to achieve)? If not, what is the recommended approach for guiding users through this flow? Thanks in advance!

Hello everyone, I am building a React Native (Expo) application where the customer requested a simple “Add to Wallet” button. However, instead of handling Wallet provisioning or passes, the requirement is just to open the Apple Wallet app when the user taps this button. My questions are: Is it allowed by App Store Review Guidelines to have a button that simply launches the Wallet app, without actually adding a pass (.pkpass) or card? After navigation to the Apple app user just can manually add the card to the Apple Wallet. If so, should I avoid using the official “Add to Apple Wallet” badge, since nothing is being added? Would a custom label like “Open Wallet” be more appropriate to comply with Apple’s branding rules? Could my app risk App Store rejection if I implement this simplified behavior? I want to make sure I follow the guidelines and avoid misleading users or violating branding rules. Any clarification or experiences from others who have submitted apps with similar functionality would be greatly appreciated. Thank you!

Good day) Colleagues, please tell me how can I change the notification on the locked screen "pass changed" in PKPASS when changing several fields? Thank you very much for your answer

Good day) I am developing an application for generating PKPASS in Java. PKPASS itself is generated and installed on the device and updated. But I encountered a problem. When sending information about the update to the APNs service, PKPASS is updated, but the push notification is not shown on the device. On the device, all tooltypes are set to receive the update. As well as the basic settings: We go to the APNs service using = JWT token. "apns-push-type"= "alert" "apns-topic" = PassTypeIdentifier payload = {} I would also like to add that we send push notifications to the production environment. P. S. Six months ago, push notifications came

Hello, We are trying to provision in apple wallet, I am getting an error "Card can not be added". Please check below and let me know if I am missing anything. SEID: 04401D7BCE578001930001236930311377D86C15D956BBA1 TimeStamp: 2025-08-18 11:53:04.570431-0500. CST Last 4 FPAN: 2345 Thanks

We have developed Apple Wallet Extension for our App. The in-app provisioning for the card is working. However when we try to add the card from Wallet extension it gives error saying "Your issuer does not yet offer support for this card". From the apple documentation we can see the issues is same as mentioned in Scenario 2 at following link https://applepaydemo.apple.com/in-app-provisioning#8.4 We are getting eligibilityStatus as 0 Below is the response from Wallet captured using SysDiagnosis https://crt-pod1-smp-device.apple.com:443/broker/v4/devices/0434320BCB1A90022306073796318273728D0A367FA927F4/cards 200 Time profile: 1.77856 seconds { x-conversation-id = ...... Content-Type = "application/json" x-pod = "crt-pod1" x-xss-protection = "1; mode=block" Server = "Apple" x-pod-region = "paymentpass.com.apple" regionbrokerurl = "https://crt-pod1-smp-device.apple.com:443/broker" Date = "Wed, 06 Aug 2025 11:39:30 GMT" Content-Length = "488" x-envoy-upstream-service-time = "1400" Strict-Transport-Security = "max-age=31536000; includeSubdomains" cross-origin-opener-policy = "same-origin" x-keystone-correlationid = ...... x-content-type-options = "nosniff" Vary = "accept-language" x-frame-options = "SAMEORIGIN" } { applicationIdentifier = ......; auxiliaryCapabilities = { }; cardType = 4; deviceProvisioningDataExpected = 1; eligibilityStatus = 0; identifier = ......; learnMoreURL = "https://www.apple.com/ae/apple-pay/banks/ae/en-ae.html"; nonce = ......; paymentApplications = ( { appletTypeIdentifier = Argon; paymentType = Credit; } ); region = "paymentpass.com.apple"; sanitizedPrimaryAccountNumber = 7008; sanitizedPrimaryAccountPrefix = ""; }

Hi, We’re a franchise business with over 100 franchisees, and each franchisee has their own unique Merchant ID. We're building a single app that allows customers to place orders, and based on the selected franchisee, the payment needs to be processed through that specific franchisee’s merchant account. However, when we integrate Apple Pay and publish the app, it asks us to provide a payment gateways' Merchant ID, but we don’t use just one – we have many. How can we handle this situation? Is there a way to dynamically use multiple Merchant IDs in one app, depending on which franchisee the customer is ordering from?

Hi, Upon reviewing our app, we got feedback that our app icon within the Wallet app is not behaving as expected when the home screen is set to "light mode" only. In that case, on the home screen, the app icon remains its default color (e.g., red), regardless of the device's appearance settings (light or dark), which is expected. However, in the apple Wallet, e.g., under the From Apps from your device, app icons change their color (e.g., red in light mode, black in dark mode) when iOS appearance is changed - which is reported as an app issue. I've noticed that all apps in that section are changing the color, not just ours, so it seems to me like a bug in iOS or a behavior that was not clearly defined in the app store guidelines. If there is an API we must use to cover that case, which one would that be? Is this a bug that Apple should resolve, or is this the intended behaviour?

Hello, I find it difficult to find information about this function, but Apple would allow you to download a Wallet ticket via a JWT signed token, without going through a pkpass, by calling the url https://wallet.apple.com/push/pass? Jwt= + jwt I have made several attempts with a different payload, either I am redirected to the Apple Pay presentation page, or I have a 403 error. I think I'm on my way, but I must miss a step in my signature. Could someone help me and give me the structure or how to manage the key? At the moment I use an Identifiers type PassType ID linked to a Certificate. Has anyone heard of this novelty? According to ChatGPT it should date from iOS 16-18 and potentially not be open to all devs. Thank you! Beautiful day

who can I change the logo of wallet extension "from apps on your iPhone", the problem is the background is not showing the real

We are observing multiple different deviceId values linked to the same user within short timeframes. In some instances, a new deviceId appears every few minutes or hours. We utilize this identifier for managing Apple Wallet pass updates. We would appreciate understanding which scenarios might cause the deviceId to change. Could it be influenced by: Device restoration or factory reset procedures App reinstallation or data clearing iOS version updates iCloud account changes or Apple ID authentication status changes Privacy feature activation (such as App Tracking Transparency or Private Relay) Testing environment usage (simulators or automated testing frameworks) We aim to determine whether this behavior is expected or if it suggests atypical usage patterns. Thank you for your assistance!

We are developing a native iOS financial application called Tradu: Stocks, Forex, and CFDs (Apple ID: 6473443264), which embeds a WKWebView to render all user-facing logic. All user interactions—including authentication with MFA—occur inside this WKWebView. To access native functionality, we use postMessage() to communicate between the web and native layers. This approach has worked successfully for biometric authentication, for example. We are currently integrating Apple Pay In-App Provisioning and have a few questions regarding compliance with the documentation provided by our Issuer Host (Modulr). In the document titled Getting Started with Apple Pay: In-App Provisioning, Verification, Security, and Wallet Extensions (Version 4.0, February 2023), all examples are based on a fully native application. We’ve managed to integrate most of the In-App Provisioning flow via postMessage() up to the point of passing encryptedData to the Payment View. Apple Pay button inside WKWebView In Section 7: Frontend Overview, the user initiates the provisioning by tapping a native PKPaymentButton (SwiftUI example). In our case, this button is rendered inside the WKWebView, styled according to the Apple Style Guide. While the document references this approach as a “raw mark text supplement,” is this method acceptable and compliant with Apple’s UX and technical guidelines? MFA requirement before provisioning In Section 4: Security Guidelines, it is stated that the user must have passed MFA at least once before starting the provisioning flow. In our implementation, users must complete MFA on every login (including on recognized devices) before the provisioning UI becomes available. Even though this is not tied specifically to “unrecognized devices,” is our MFA requirement sufficient to satisfy Section 4.2? Summary: Is using a web-rendered Apple Pay button inside WKWebView (instead of a native PKPaymentButton) considered compliant? Is our MFA enforcement model (required on every login) aligned with the security requirements outlined in Section 4.2 of the Apple Pay In-App Provisioning documentation?

I'm working on implementing Apple Wallet passes using background push notifications. My server successfully sends the push notification using APNs. The response from the server is HTTP/2 200, and the device receives the push — I can confirm this from device logs. However, the device logs show the following error: "Failed to parse JSON message payload for topic " "Unable to deserialize JSON message payload" My payload is below 2 payload. //string payload = "{"aps":{"content-available":1}}"; string payload = JsonConvert.SerializeObject(new { aps = new Dictionary<string, object> { { "content-available", 1 } } }); string curlArgs = $"-s -o nul -w \"%{{http_code}}\" " + $"--data-binary \"{payload}\" " + $"-H \"apns-topic: {bundleId}\" " + $"-H \"apns-push-type: background\" " + $"-H \"apns-priority: 5\" " + $"-H \"content-type: application/json\" " + $"-H \"authorization: bearer {jwt}\" " + $"--http2 https://api.push.apple.com/3/device/{token}"; I’ve confirmed that: The device has the Wallet pass installed. The apns-topic header is set to my passTypeIdentifier. The apns-push-type is background and apns-priority is 5. Steps to Reproduce: Install Wallet pass on iOS device. Send background push to device using the above payload. Observe the device logs using Console.app or log stream. See error: unable to deserialize JSON message payload. Is there a specific payload format expected for Wallet passes? Or any additional fields required in the push payload to avoid this deserialization error?

I'm facing problem with in-app-provisioning in production application. When we try to tokenize (before T&C step) we are getting error from topic. I've also posted this in Feedback Assistant: FB18403577. I'll be very happy if someone could help me to get what is wrong with data or configuration of application.

CarKeySession stays in the foreground with no BLE connection and disconnection events passthrough to the App! Here is my code: public func remoteControlSession(_ session: CarKeyRemoteControlSession, vehicleDidUpdateReport: VehicleReport) { Log.i(tag: "carKeySession", "vehicle connect state: (vehicleDidUpdateReport.isConnected)") Log.i(tag: "carKeySession", "vehicle identifier: (vehicleDidUpdateReport.identifier.lowercased()), (self.vehicleIdentifier.lowercased())") } } I don't know why it was not called. And the method which is "func remoteControlSession(_ session: CarKeyRemoteControlSession, didReceivePassthroughData: Data, fromVehicle vehicleID: String)" can work well!

Hello Apple Developer Community and Apple Team, I want to raise awareness and gather support for an important feature request regarding NFC support on iPhone devices in Argentina. Millions of Argentinians use the official public transit card, SUBE, daily to pay for buses, subways, and trains. On Android devices, the SUBE app allows users to: • Check balance via NFC • Reload credit instantly • Confirm top-ups by holding the card near the phone • Use a digital version of the card (in some cases) However, iPhone users cannot use these NFC features because iOS currently does not allow third-party apps like SUBE to access the NFC chip fully. This limitation negatively impacts iPhone users, many of whom rely heavily on SUBE. I have submitted detailed feedback to Apple requesting the enablement of controlled NFC access for third-party transit apps in Argentina, starting with SUBE. I encourage fellow developers, users, and community members to support this request. Enabling this would greatly improve the user experience for millions of iPhone users, align Apple with local needs, and potentially attract new customers from Android. If anyone has insights or updates on this topic, please share. Thank you.

Dear Apple Developer Support team, I would like to request an official confirmation regarding the handling of transaction status in the App Store Server API, specifically for the GET /inApps/v1/transactions/{transactionId} endpoint. As per our current understanding from the official documentation (Get Transaction Info), the API’s behavior appears to be: If a transaction is finalized and successfully processed by App Store, querying this API will return HTTP 200 OK along with transaction details. If a transaction is still in a pending or deferred state (such as awaiting Ask to Buy approval or pending authorization), the API will not return a 200, and instead respond with HTTP 404 Not Found or an appropriate error. Could you please confirm if this behavior is accurate and officially supported? Specifically: Does a 200 OK response guarantee that a transaction is finalized and successfully recorded on App Store servers? In cases where a transaction is pending approval (e.g. Ask to Buy), is it correct that GET /transactions/{transactionId} would return 404 Not Found until the transaction is finalized? We would greatly appreciate your confirmation to align our server-side logic for transaction validation accordingly. Thank you very much for your support! Kind regards, cuongnx

I've been using Apple's push service for pass notifications for years (since 2012) and everything has been working fine until recently. With no code changes, the push service has stopped working. Passes can still be installed on the device and pull to refresh does get the updates and highlights changes properly, so the pass signing is working properly, it's just the push notices don't seem to be getting to the device. I am getting log messages back from the APNS, and fwrite is returning the number of bytes written so I don't think there are any authentication issues. I'm using PHP on my own web server in case that's relevant. I also disabled rate limiting in the developer settings on my device to make sure that isn't the issue. I've also verified there are no outstanding messages in the feedback service (which also works fine without any errors). In fact, there are no errors and acting like everything is working which is why it is frustrating to troubleshoot since the problem seems to be between Apple and the device. I don't know if this may be related, but I know I saw this post from apple about a certificate change: https://developer.apple.com/news/?id=09za8wzy I have checked that the server has the new certificate per the instructions in this post: https://developer.apple.com/forums/thread/772665 Still no push updates work, however the Lock Screen location messages do appear and pass update notifications do appear on the Lock Screen correctly but only after pulling to refresh on the back of the pass. Does anyone have any ideas on how to fix or even start troubleshooting why the pushes aren't being delivered to the phone?