Hello, I'm experiencing a critical issue with PassKit's shareable pass functionality. Despite having the necessary entitlements configured, I'm getting an entitlement error when calling PKAddShareablePassConfiguration.forPassMetaData. Failed to create PKAddShareablePassConfiguration: Error Domain=PKPassKitErrorDomain Code=4 "client is not entitled" UserInfo={NSDebugDescription=client is not entitled} private func createPassViewController(from response: PreparePushProvisioningResponse) { guard let passMetadata = PKShareablePassMetadata( provisioningCredentialIdentifier: response.provisioningCredentialIdentifier, cardConfigurationIdentifier: response.cardConfigurationIdentifier, sharingInstanceIdentifier: response.sharingInstanceIdentifier, passThumbnailImage: response.passThumbnailImage, ownerDisplayName: response.ownerDisplayName, localizedDescription: response.localizedDescription ) else { print("Failed to create PKShareablePassMetadata") return } print("PKShareablePassMetadata created successfully") // This is where the error occurs PKAddShareablePassConfiguration.forPassMetaData( [passMetadata], provisioningPolicyIdentifier: "", // Empty as per documentation action: .add ) { (configuration, error) in if let error = error { print("Failed to create PKAddShareablePassConfiguration: \(error)") // Error Domain=PKPassKitErrorDomain Code=4 "client is not entitled" return } guard let config = configuration else { print("PKAddShareablePassConfiguration is nil") return } // other code... } } The push provisioning preparation succeeds completely: Prepare push provisioning succeeded Credential ID: "XXXX-XXXX....." Owner: Teodora Description: Interflex NFC development PKShareablePassMetadata created successfully Then immediately fails at PKAddShareablePassConfiguration.forPassMetaData() with the entitlement error. Xcode Configuration Issues: When manually entering capabilities in Xcode's Signing & Capabilities tab, I receive this error: Provisioning profile "20250929 VIDC QA DEV" doesn't match the entitlements file's value for the com.apple.developer.contactless-payment-pass-provisioning entitlement. Profile qualification is using entitlement definitions that may be out of date. Connect to network to update. When I don't manually enter the capabilities in the Runner.entitlements file, the provisioning profile error disappears in Xcode, but the runtime entitlement error persists.

When I use the method provided in the document https://developer.apple.com/documentation/passkit/pkpasslibrary/activate(_:activationdata:completion:)?changes=_1__4,_1__4 to verify a card that has been added to Apple Wallet, I get an error code: 500 unknown error How can I troubleshoot the problem?

We have developed an app that communicates with an external reader using BLE, and the reader also supports NFC. We are implementing a feature that uses PKPassLibrary.requestAutomaticPassPresentationSuppression to prevent the Wallet from appearing when unlocking a lock. We have already completed the approval process for the entitlement required to enable Pass Presentation Suppression, referencing Apple’s documentation: https://developer.apple.com/documentation/passkit/pkpasslibrary/requestautomaticpasspresentationsuppression(responsehandler:) In most cases, this works as expected and the Wallet popup does not appear. However, in some cases — particularly when the app is running in the foreground — the Wallet still appears for users. We have verified that the app bundle includes the required entitlement, and the Info.plist correctly specifies the Pass Presentation Suppression key set to true. Could you please help us understand under what conditions this behavior might still occur, or if any additional configuration is required?

Looking for more information on web push provisioning. I have a bank issuing credit card, which needs to be pushed to apple mobile wallet. Need to understand the APIs and other details required to do this.

We have updated the PNO metadata to include the associatedApplicationIdentifiers for our wallet extensions and the issuer app. While we are able to successfully provision the card to Apple Wallet via pull provisioning, we are unable to retrieve the payment passes that have already been provisioned. How can we address this issue? let passLibrary = PKPassLibrary() let paymentPassLibrary = self.passLibrary.passes(of: .secureElement) paymentPassLibrary is an empty array even though we have passes provisioned.

We are working with two types of wallet passes. Provisioning works successfully for one pass type via wallet extensions, but the same process is not functioning for the other. For the second pass type, we are able to generate the required data for pull provisioning and send it to Apple. Additionally, in-app push provisioning for this pass type completes without issue. We would appreciate guidance on how to further debug and resolve this provisioning problem.

Hello Apple Team, I’ve encountered a regression in iOS 26.1 when building my app with Xcode 26 (iOS 26 SDK). The issue affects PKPaymentButtonType.plain, which now renders as fully invisible and produces transparent snapshots, even though the same code worked correctly in previous Xcode/iOS versions. This has a real-world impact because many apps generate static images from PKPaymentButton for payment selection UIs using UIGraphicsImageRenderer, layer.render(in:), or custom snapshot utilities. When using PKPaymentButton(paymentButtonType: .plain, paymentButtonStyle: .black) on iOS 26.1, when built with Xcode 26, the button: Appears blank / invisible Cannot be snapshotted Produces a fully transparent UIImage, even though the CGImage object exists Behaves differently than older SDKs (Xcode 16.x / iOS < 26.1 This regression only appears when compiling with the new SDK. Other button types work fine. Expected Behavior .plain button should render glyphs as documented snapshot generated via UIGraphicsImageRenderer or drawHierarchy(in:) should produce a visible image Behavior should be consistent with older SDKs unless explicitly deprecated in release notes Expected Behavior .plain button should render glyphs as documented Snapshot generated via UIGraphicsImageRenderer or drawHierarchy(in:) should produce a visible image Behavior should be consistent with older SDKs unless explicitly deprecated in release notes Actual Behavior .plain button renders no glyph at all Snapshot image is fully transparent (alpha = 0), even though size and CGImage metadata are correct Only happens when built with Xcode 26 SDK Same build from Xcode 16.x does not reproduce the issue Steps to Reproduce Create a minimal sample project in Xcode 26 Add the following code: let button = PKPaymentButton(paymentButtonType: .plain, paymentButtonStyle: .black) button.frame = CGRect(x: 0, y: 0, width: 180, height: 48) let renderer = UIGraphicsImageRenderer(size: button.bounds.size) let image = renderer.image { _ in button.drawHierarchy(in: button.bounds, afterScreenUpdates: true) } print(image) Run on iOS 26.1 device or simulator Observe that: The button appears visually empty The generated image is fully transparent Environment Xcode: 26.x (iOS 26 SDK) iOS: 26.1 (iPhone 15 Pro tested) Device: Real device Framework: UIKit + PassKit Button type: .plain ONLY Other types: .pay/.buy/.checkout = OK

Hi everyone, I'm developing a custom Apple Wallet pass using a Django backend and exposing my local server through ngrok during development. For the first ~30 minutes, everything works exactly as expected: the pass registers correctly, silent push notifications trigger instant updates, Wallet immediately performs the GET request to fetch the new .pkpass, and the changeMessage displays almost instantly on the lock screen. At some point, however, the pass stops updating entirely. Apple APNs continues to return 200 OK for every silent push I send, but the device never performs the required GET /v1/passes// call to download the updated pass. As a result, even the internal content of the pass (ex: points/balance fields) no longer updates, which confirms that Wallet is not fetching the new .pkpass at all. No changeMessage appears either. This behavior has been described informally by other developers as Apple Wallet Pass Update Throttling, where the Wallet daemon begins ignoring silent pushes after repeated updates or certain internal conditions. I’m trying to confirm whether this is indeed throttling, what triggers it, and how to avoid it during development.

Hi, I am developing an app that uses the Host Card Emulation (HCE) technology available on iOS. Our team is using the official HCE app entitlement, and we are testing the SDK’s behavior when the app is selected as the default contactless payment application. On devices located in supported regions, the system automatically displays a setting where the user can choose the default app. For colleagues who are located in those regions, the toggle appears normally. For development and QA purposes, I would like to understand whether there is an officially supported method to test the default-app selection behavior on devices that are not in a region where the feature is available. Any guidance on the correct testing approach would be appreciated. Thank you!

I'm creating an event ticket Apple Wallet Pass and setting a light-coloured background image. When I do this, it automatically sets the foregroundColor to white, even when I explicitly set it to black. What's strange is that on my Mac, the foregroundColor appears as intended, and I can set it to any color I want, but when I AirDrop the pass to my iPhone, it sets the color to white, regardless of what I set the foregroundColor to. This means the text becomes completely illegible for my users, with white text on a white background image. If I remove the background image, the foregroundColor works fine. Is there a way to have a light-colored background image with dark text, or am I forced to have a dark-colored background image? Here are the colors in my pass.json: backgroundColor: "rgb(255, 255, 255)" foregroundColor: "rgb(0, 0, 0)" labelColor: "rgb(0, 0, 0)" I've attached what the pass looks like on my Mac and my iPhone.

Hello, I'm using PassKit with to perform Apple Pay payment in a financial application. Our approach are: On iOS application, define PKMerchantCapability threeDSecure and credit, perform apple pay experience and get the encrypted response. On PCI service, receive the encrypted data Payment token, decrypt this data, and use to perform the payment. The problem is, in MasterCard transaction the eciIndicator is missing. I want to know if has some rule or problem about it.

During Apple Pay in-app provisioning (EV_ECC_v2), our iOS app successfully obtains the issuer provisioning certificates and generates cryptographic material. The flow fails when Apple posts the card blob to Apple’s broker (card creation step), returning HTTP 500 from .../broker/v4/devices/{SEID}/cards. Steps: Call issuerProvisioningCertificates?encryptionVersion=EV_ECC_v2 → 200 OK; returns ECC leaf + Apple Root CA chain; nonce=2a831be4. 2. Build {encryptedCardData, activationData, ephemeralPublicKey} 3. POST /broker/v4/devices/{SEID}/cards Expected: 200 OK on /broker/v4/devices/{SEID}/cards, or 5xx with a descriptive error if payload/cryptography is invalid. Observed: 500 Internal Server Error from Apple broker on /cards (labeled “eligibility” in PassKit logs), causing a terminal failure in Wallet UI.

I´m tring to integrate InApp push provisioning but when I send the information from the issuer to SDK to add my debit card to wallet I saw this error: PKPassKitErrorDomain Code 2 error Looking in the forum I found how to see part of the logs to get more detail on the error and I found: POST https://pr-pod9-smp-device.apple.com:443/broker/v4/devices/04131B65D01590022288082867404947F3CCA674C3D41F3C/cards/683986c983984251b9aecfc8ff51d88a/enable 'Error Domain=PKPaymentWebServiceErrorDomain Code=0 "Error inesperado." UserInfo={PKErrorHTTPResponseStatusCodeKey=500, NSLocalizedDescription=Error inesperado.

Hi, When I try to add a card to wallet, I get this PKPassKitErrorDomain Code=2 error from my logs, and from the SysDiagnose, I get some more detailed error log Error details: Date: December 15, 2025 Time: 15:16 UTC Request URL: https://nc-pod9-smp-device.apple.com:443/broker/v4/devices/041B4183BA1490022104102123315131EBFE2BE7… Response: HTTP Status: 500 – Internal Server Error Time profile: 0.505452 seconds Response headers: Server: Apple Content-Type: text/html X-Content-Type-Options: nosniffStrict-Transport-Security: max-age=31536000; includeSubdomainsDate: Mon, 15 Dec 2025 15:16:59 GMT X-Frame-Options: SAMEORIGIN X-XSS-Protection: 1; mode=blockCross-Origin-Opener-Policy: same-origin Content-Length: 170 Connection: close Response body: Anyone have faced this problem before?

Hi, We are distributing pk pass files via a web browser. When a user taps Add in the system pass preview, the pass is added successfully, the preview is dismissed, and the user remains in the browser. From a user experience perspective, we would like to better guide users to their newly added pass in Apple Wallet. Is there a supported API, URL scheme, or documented mechanism that allows a web-based flow to transition the user to the Wallet app after a pass has been added? If direct app transitions are not supported in this scenario, what is the recommended best practice for helping users locate and open their newly added pass in Wallet? Thank you for your guidance.

Hello Dear Network, We are developing a banking application and are implementing Apple Wallet In-App Provisioning with Wallet UI and Non-UI extensions. Our App Store submission fails with the error: "Missing entitlement com.apple.developer.payment-pass-provisioning" for both Wallet UI and Non-UI extensions. In the Apple Developer portal, we do not see the "Apple Pay" or "In-App Provisioning" capabilities available for our App ID or extension App IDs. We would like to request enablement of: Apple Pay Payment Pass Provisioning In-App Provisioning for our Apple Developer Team and related App IDs. Please let us know what we need to do for can upload build with that Entitlements, what can be problem? Thank you.

Hello everyone, My team is exploring the implementation of an Apple Wallet pass for a loyalty program linked to a brand in an age-restricted product category. The intended use cases for the Wallet pass are: Member identification at events — Quick verification at brand events or exclusive venues, with tier-based perks (e.g., priority entry for higher tiers) Support services — Members present their card at retail locations to receive assistance Tier and points display — Dynamic visual changes based on loyalty level and current points balance Notifications — Pass updates for expiring points, upcoming events, or relevant announcements The pass would function as a standard Store Card (membership/loyalty) — no payments, no stored value, just identification and informational display. Before investing development effort, I'd like to understand: Has anyone successfully implemented Wallet passes for brands in restricted categories (tobacco, alcohol, etc.)? Are there specific guidelines or restrictions I should be aware of beyond the standard Wallet documentation? Is there a recommended channel to get official guidance from Apple on eligibility before building? Any insights or experiences would be appreciated. Thanks!

I'm implementing the in app provisioning in a financial project. I got my entitlement identifier, I'm also implementing the wallet extension but I have the problem with Xcode. Domain: IXUserPresentableErrorDomain Code: 1 ... NSExtensionPointIdentifier key in the NSExtension dictionary in its Info.plist that does not correspond to a known extension point. But I'm not sure what does this mean, I reviewed the info.plist form the project and the wallet extension

In Xcode, under Signing & Capabilities (Release) for our bundle ID the selected provisioning profile does include the entitlement: com.apple.developer.payment-pass-provisioning However, when we upload a new build to TestFlight, the Build Metadata → Entitlements section for the same bundle ID does not include com.apple.developer.payment-pass-provisioning. Because of this, PKAddPaymentPassViewController does not open in TestFlight builds. This suggests that while the entitlement is enabled for the App ID and visible in Xcode, it may not yet be propagated to App Store Connect’s signing service for TestFlight/App Store builds. Please Note: The Wallet Entitlements team had confirmed that they had granted entitlements for our team and the apple IDs Xcode : 26.0.1 Profile being used: Distribution Profile

Hello there, We’re currently integrating Apple Wallet pass functionality into our application and am looking for clarification around the automatic update flow. Particularly regarding secure management of the authenticationToken. We’ve reviewed the documentation here: Adding a Web Service to Update Passes authenticationToken Documentation From our understanding: When a user downloads a pass from our service, the .pkpass includes both a webServiceURL and an authenticationToken. Once the pass is added to Wallet, the Wallet app makes authenticated requests to our webServiceURL, using the token in the Authorization header. We then validate this token server-side to serve updates or handle device registration. So far, this flow is clear. However, we’re looking for clarification on two key scenarios: If a user adds the same pass twice on the same device, should the authenticationToken remain the same in both cases? If the same user adds the same pass on a different device, should the authenticationToken also remain consistent across devices? If the answer to both is “yes,” we assume that our backend must store the original authenticationToken in a retrievable form (not just as a hash) to regenerate the same pass for re-download or multi-device sync. Our main question is: What is Apple’s recommended or acceptable approach to storing authenticationToken values securely on the backend? Should these tokens be: Stored in plaintext (e.g. in a protected DB field)? Encrypted using a symmetric key? Hashed (not reversible, but limits reuse)? We want to ensure we align with Apple’s best practices for Wallet security and token management, especially in contexts where the same pass may be installed on multiple devices or reissued later.