I am sure I am missing a pretty elementary step - but - I'm at a loss. I can build a certificate using KeyChain Access, upload the CSR, download the Certificate from the developer portal website and sign Apple Wallet Passes all day long. No Problem. So I thought I'd try to automate some processes with the AppStoreConnectAPI. I want to download the certificate from the app store and use it to sigh passes instead of file on the disk. So I find the right certificate from the API, and one of the token in there is a big byte stream called "certificateContent"... which I assumed would be the same binary data as what I uploaded (and whats on disc). But it doesn't work - it "fails to sign". I must be missing some step that is preventing me from being able to use that key. I have a feeling the a key or something is missing from the certificate I download from Apple's API. Any ideas?

Hey everyone, I hope you're all doing well. I'm currently deep into the implementation of the AddPaymentPassView feature for my app. However, I've hit a roadblock concerning the verification of signatures for both the nonce and nonceSignature. Here's a snapshot of what's giving me a hard time: Within the context of the AddPaymentPassView, I'm having problems when trying to verify the certificate with the nonce and nonceSignature fields. I do recognize the critical nature of this step in terms of security, but I'm finding myself uncertain about the most effective approach. For clarity's sake, here's the function I've been utilizing to carry out signature verification in Swift: func verifySignature(certificateRaw:Data, nonce:Data, nonceSignature:Data ) { if #available(iOS 14, *) { var error: Unmanaged<CFError>? let certificate = SecCertificateCreateWithData(nil, certificateRaw as CFData) // Create a policy for X.509 certificate validation let policy = SecPolicyCreateBasicX509() // Create a certificate trust object with the certificate and policy var trust: SecTrust? let status = SecTrustCreateWithCertificates(certificate, policy, &trust) // Perform policy checks let trustResult = SecTrustEvaluateWithError(trust!, nil) // Extract the public key from the certificate let publicKey = SecTrustCopyKey(trust!) print("PUBLIC KEY \(publicKey)") print("nonceData \(nonce)") print("nonceSignatureData \(nonceSignature)") let result = SecKeyVerifySignature(publicKey!, SecKeyAlgorithm.ecdsaSignatureMessageX962SHA256,nonce as CFData, nonceSignature as CFData, &error) if result { print("Signature verification successful") } else { print("Signature verification failed: \(error?.takeRetainedValue() as Error?)") } } else { // Return something else here. print("NOT AVAILABLE") } } I'm invoking this function within the addPaymentPassViewController like so: func addPaymentPassViewController( _ controller: PKAddPaymentPassViewController, generateRequestWithCertificateChain certificates: [Data], nonce: Data, nonceSignature: Data, completionHandler handler: @escaping (PKAddPaymentPassRequest) -> Void) { verifySignature(certificate: certificates[0], nonce: nonce, nonceSignature: nonceSignature) However, the verification doesn't seem to be going as planned. Here's a snippet of the logs I'm getting: PUBLIC KEY Optional(<SecKeyRef curve type: kSecECCurveSecp256r1, algorithm id: 3, key type: ECPublicKey, version: 4, block size: 256 bits, y: 613361F002148F2DB831620CBBFD5D6AC711E5F4FF236D1958F0033A5A9D66FF, x: B3095C90197DECCB25B6688EA7C9F3507BEBE38F38D4E2B2CED198968956594A, addr: 0x155b6b080>) nonceData Optional(4 bytes) nonceSignatureData Optional(81 bytes) Signature verification failed: Optional(Error Domain=NSOSStatusErrorDomain Code=-67808 "EC signature verification failed (ccerr -7)" UserInfo={numberOfErrorsDeep=0, NSDescription=EC signature verification failed (ccerr -7)}) It's becoming a bit perplexing. I'm wondering if anyone else has encountered this issue and whether there might be alternative approaches or suggestions to tackle this problem. Any input, code snippets, or resources you can share would be invaluable to me right now. Thanks so much for taking the time to read this and for any assistance you might offer!

So creating a IOS-DEVELOPMENT certificate is pretty straight forward... and I suspect some of the other types as well ... but when I try to create a PASS_TYPE_ID certificate it fails with some response messages... "STATUS" : "404" "code" : "NOT_FOUND" "title" : "The specified resource does not exist" "detail" : "There is no identifier with ID 'null' on this team" So it would appear it's expecting more attributes to be set in the payload that are specific to creating that type of certificate. Which of course makes sense. There has to be a way of assigning it to a Pass Type ID that you have created. (It would be nice if the API could at least list existing Pass IDs, or even create them - but I've not seen how yet). But for the life of me I can't find or figure out the syntax for this. Anyone have any luck?

Hi everyone, Can anyone tell me is any charge for using the apple wallet generic pass? Is only pay for the development account only? anything else?

Hello everyone, I am trying to figure out the difference between the AddPassToWalletButton and the PKAddPassButton. When I read through the Apple Wallet documentation, it always mentions using the PKAddPassButton. Now I'm using SwiftUI, which the PKAddPassButton isn't compatible with. During my research I came across the AddPassToWalletButton (https://developer.apple.com/documentation/passkit/addpasstowalletbutton) and wanted to know whether it is the equivalent of PKAddPassButton (for SwiftUI) and whether it can be used in accordance with the apple developer guidelines (https://developer.apple.com/wallet/add-to-apple-wallet-guidelines/). It got me wondering since the guidelines only refer to the PKAddPassButton. Thanks for your help.

I am attempting to implement the Tap to Present ID (Data Request) feature and am wondering if the Data Request will succeed without a reader token. From the wording in the WWDC video (31:50 in WWDC2023-10114 video), it sounds the reader token is necessary, but the example is building off of the previous MobileDriversLicenseDisplayRequest example where the the reader token was used only for the branding to be displayed. In my app running on Simulator, I'm able to get the placeholder data to return from a MobileDriversLicenseDataRequest without using a reader token. Since I'm unable to test this on physical device (I don't live in a state that has Mobile ID's), I'm hoping an Apple engineer can comment on if the reader token is required strictly for the branding to be presented, and not for the Data Request itself to succeed. Thank you.

I am working on a banking application (includes iPhone and iPad) which includes add to wallet feature. During the implementation I saw one document it is mentioned that for iPad app, the app must be extended to support Apple pay functionality. Details from document says "Card Issuers with an iOS mobile banking app must support Card Issuer iOS Wallet extension functionality to enable Card issuer mobile app customers to provision new cards directly from the iOS Wallet app with all eligible Apple iOS devices. If the Card Issuer has a dedicated iPad App, that App must be extended to support Apple Pay functionality. " Is wallet extension implementation required for Apple pay to work in iPhone and iPad? Is wallet extension a mandatory implementation for Add to Apple Wallet feature to work and approved by Apple? I am little confused in this. Anyone who integrated Apple pay or done add to Apple Wallet feature recently without wallet extension faced any rejection? Any help would be much appreciated.

I am working on a project where it needs to implement wallet extension to add cards from Apple wallet. I am stuck in the flow where app is not getting displayed in wallet while trying to add. Any sample implementation available? Any help would be much appreciated

I have a team on my company looking to develop a let say "link" to distribute between some sale employes to "automatically" create a Business Card inside Apple Wallet. The idea is that "link" will have all the public employe information and the look&feel of the card. They are following this page: https://github.com/alexandercerutti/passkit-generator/wiki/Generating-Certificates So they are asking us those certificates: Signer Certificate (Developer) Signer Certificate Key (Developer) WWDR (Apple WorldWide Developer Relations) G4 Certificate Can someone explain me if giving those certificates to the develpers could have some security risk? Or what else they can do having those certificates? Thanks!

Hi, I am using DOTNET-Passbook library to generate apple wallet pass, it was successfully generated and saved. Now when I am updating the pass using push notification. Push notification not showing on phone. I have followed the wallet protocol for API creation following this Article https://developer.apple.com/library/archive/documentation/PassKit/Reference/PassKit_WebService/WebService.html after the API implementation, I am successfully getting device token and push token from API and I am using Pass Type ID certificate to update pass and sending notification on push token received from API. Following this article for configuration: https://medium.com/@yangzhoupostbox/part-2-push-notification-for-updating-apple-pass-in-asp-net-6020768d112

On simulator, everything works fine. But when I run on an iOS beta 3 device, the UI simply doesn't change. I just see the one button stay there. Logs show the below upon every click. I know there's the expected System UI with "Hold here to present" based on the simulator, but I can't see it on a real device. Is there some Terms & Conditions thing I should expect, maybe? Please advise. Thanks. . . . [for reference, the below are the error logs in Xcode] An error occurred while reading a mobile document: The operation couldn’t be completed. (ProximityReader.MobileDocumentReaderError error 6.) serviceUnavailable Could not create identity session due to: [ Error Domain=ProximityReader.IdentityReaderErrorInternal Code=15 UserInfo={NSDebugDescription=, code=} ]

Hi, I'm currently developing Apple Pay In-App Provisioning and have encountered an issue with viewing logs necessary for debugging. I've followed the instructions listed in https://download.developer.apple.com/iOS/iOS_Logs/Wallet_Logging_Instructions.pdf and have installed the relevant wallet profile. After repeating the issue, and opening up the sysdiagnose file on my mac, the logs that i'm interested in is still hidden with private tags. The device I'm using to develop on is an iPhone 11, runnning on iOS 16.5. The version of Xcode is 14.3. I am also using a sandbox account on the device if that is relevant to the issue. Below are screenshots of the logs I'm interested in. Any help in solving this issue will be greatly appreciated.

Hello. we are looking in adding an additional verification method as part of our in app provisioning to apple wallet. the method is called app to app verification method where basically when the customer adds their card (debit or credit) on apple wallet they can be verified through a third party app. does apple support this? where can i find any material related to this?

I am coding for Apple Pay in-App provisioning extension, but there was a problem when Apple Wallet load authorization UI extension: The source code: The principal class .h file #import &lt;UIKit/UIKit.h&gt; NS_ASSUME_NONNULL_BEGIN @interface IssuerProvisioningViewController : UIViewController @end NS_ASSUME_NONNULL_END The principal class .m file #import "IssuerProvisioningViewController.h" #import &lt;PassKit/PassKit.h&gt; @interface IssuerProvisioningViewController ()&lt;PKIssuerProvisioningExtensionAuthorizationProviding&gt; @end @implementation IssuerProvisioningViewController @synthesize completionHandler; - (instancetype)init { NSLog(@"--- init"); self = [super init]; return self; } - (instancetype)initWithNibName:(NSString *)nibNameOrNil bundle:(NSBundle *)nibBundleOrNil { NSLog(@"--- initWithNibName nibNameOrNil"); self = [super initWithNibName:nibNameOrNil bundle:nibBundleOrNil]; return self; } - (void)viewDidLoad { NSLog(@"viewDidLoad"); // Do any additional setup after loading the view from its nib. } @end The Info.plist: &lt;?xml version="1.0" encoding="UTF-8"?&gt; &lt;!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"&gt; &lt;plist version="1.0"&gt; &lt;dict&gt; &lt;key&gt;NSExtension&lt;/key&gt; &lt;dict&gt; &lt;key&gt;NSExtensionPointIdentifier&lt;/key&gt; &lt;string&gt;com.apple.PassKit.issuer-provisioning.authorization&lt;/string&gt; &lt;key&gt;NSExtensionPrincipalClass&lt;/key&gt; &lt;string&gt;IssuerProvisioningViewController&lt;/string&gt; &lt;/dict&gt; &lt;/dict&gt; The entitlement file: &lt;?xml version="1.0" encoding="UTF-8"?&gt; &lt;!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"&gt; &lt;plist version="1.0"&gt; &lt;dict&gt; &lt;key&gt;com.apple.developer.payment-pass-provisioning&lt;/key&gt; &lt;true/&gt; &lt;/dict&gt; &lt;/plist&gt; Environment: iOS 16.4.1 I found the method viewDidLoad was not be called after invoking method init. Thanks for reading and any advice.

We are developing an app with the "Add card to Wallet" feature and facing an issue while adding a card to Apple Watch via the Wallet app with an app extension. Steps to reproduce: Open Wallet on iPhone Tap on “Add Card” Select card from Issuer app at "Add to Wallet" screen and complete provisioning Now 'Add card to Watch screen' is displayed on phone Continue provisioning on Watch Expected result: Card is added to Watch successfully without requiring CVV/CVC. Actual result: User is requested for CVV to add card to watch In-app-provisioning works fine from the app with iPhone and watch. Is it possible to skip entering the CVV step because our users don't know it?

I'm encountering an issue with the Apple Pass Store card type backfield hyperlink not working when opened from double-clicking the power button. The value contains an HTML tag with a reference to our webpage. Everything works fine when we open it from the Wallet app, but the hyperlink doesn't seem to work when opened from the power button double-click. Has anyone else experienced this issue or have any suggestions for troubleshooting? Any help would be greatly appreciated. Thank you!

Hi, How can I send push notification for point update and promos to my loyalty wallet users. Currently I get push notification Id when user install loyalty wallet and I use it for sending wallet updates. But when I tried to use this push notification id for custom APN messages it doesn't appear anywhere. Thank you.

I am working on Issuer Extension using which user can add debit/ credit card through wallet directly. This is Extension based (Non and UI Extension. I am nearly implemented this however have doubts about PKIssuerProvisioningExtensionHandler methods which are below open func status(completion: @escaping (PKIssuerProvisioningExtensionStatus) -> Void)  open func passEntries(completion: @escaping ([PKIssuerProvisioningExtensionPassEntry]) -> Void) open func generateAddPaymentPassRequestForPassEntryWithIdentifier(_ identifier: String, configuration: PKAddPaymentPassRequestConfiguration, certificateChain certificates: [Data], nonce: Data, nonceSignature: Data, completionHandler completion: @escaping (PKAddPaymentPassRequest?) -> Void) My query is what is the significance of configuration in last callback. Can anyone please help with this. Thanks in advance

Hey all, i have created a quick spring api as a web service provider to test out registering my apple pass. The pass itself works fine and can install in on sim and physical iphones. The issue i am seeing is when I host locally or via https, the device is able to send the DELETE unregister requests, but never see any traffic for any other endpoint. Am i missing something? I have set the webservice URL in the json fine and can see the requests for the DELTE but never any others. I had though the simulator was maybe unable to do POST over http so published a https service and used physical iphone but still the same results. Any help would be welcomed

Why is there no public APIs for developers (PassKit) to implement Apple Wallet NFC for employee badges as announced in WWDC 2021 Keynote? Can a simple Apple platforms developer implement this for the organization they are working on and don't have to go to third-party providers which seem to have this capability? Seems that I need to reach out to the below companies to enable this in the current organization I'm working with: third party providers: https://swiftconnect.io/owners/ https://www.hidglobal.com/solutions/access-control/hid-mobile-access-solutions