I cannot find any reference to this within the Apple developer documents (or certainly searching for multiple possible keywords yields no results).
The only reference I can find is to documents written in support of its announcement in 2002: https://developer.apple.com/news/?id=huqjyh7k.
Is there any further documentation on implementing or has the capability been deprecated?
Is there any further documentation on implementing … ?
No.
Note The original WWDC session that discusses this stuff, WWDC 2025 Session 10077 Replace CAPTCHAs with Private Access Tokens, is no longer available from Apple, but I’ve found that rummaging around on the Internet with the original URL (https://developer.apple.com/videos/play/wwdc2025/10077/) to be a fruitful exercise (-:
or has the capability been deprecated?
That doesn’t follow.
PATs are an industry standard thing. We don’t have Apple-specific documentation for that technology in the same way that we don’t have Apple-specific documentation for TCP.
However, the history here is a bit tricky:
- There were originally two Internet drafts: Private Access Tokens and Privacy Pass: The Protocol.
- Those got merged into Privacy Pass Issuance Protocol.
- Which was standardised as RFC 9578 Privacy Pass Issuance Protocols.
I also ran this past my pet PAT engineer and he suggested a few more resources:
- RFC 9474 RSA Blind Signatures — This is a key technical underpinned of the protocol.
- RFC 9577 The Privacy Pass HTTP Authentication Scheme
- About Automatic Verification — This is Apple Support’s user-facing description of the feature.
- Apple Business Register — This is where new token issuers can register with Apple.
Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"
