Good day) Colleagues, please tell me how can I change the notification on the locked screen "pass changed" in PKPASS when changing several fields? Thank you very much for your answer

We have Wallet and Watch application on iPhone. Both of them can add card and then waiting for activation. However, When the same card is added to Wallet and Watch respectively, waiting for the app-to-app mode to be activated. Client doesn't aware the source application. Because deeplink is exactly the same. Any adivse how does the client have to choose which card to activate?

My application is from a bank that provides payment passes, and when I try to retrieve passes already enrolled in the wallet, it always returns empty. Is there something I need to configure for it to work? This is what I've tried, and it hasn't worked: let pkPassLibrary = PKPassLibrary() let paymentPasses = pkPassLibrary.passes(of:.payment) let pkPassLibrary = PKPassLibrary() let paymentPasses: [PKSecureElementPass]=pkPassLibrary .passes(of: .secureElement) .compactMap { $0 as? PKSecureElementPass }

I'm creating an event ticket Apple Wallet Pass and setting a light-coloured background image. When I do this, it automatically sets the foregroundColor to white, even when I explicitly set it to black. What's strange is that on my Mac, the foregroundColor appears as intended, and I can set it to any color I want, but when I AirDrop the pass to my iPhone, it sets the color to white, regardless of what I set the foregroundColor to. This means the text becomes completely illegible for my users, with white text on a white background image. If I remove the background image, the foregroundColor works fine. Is there a way to have a light-colored background image with dark text, or am I forced to have a dark-colored background image? Here are the colors in my pass.json: backgroundColor: "rgb(255, 255, 255)" foregroundColor: "rgb(0, 0, 0)" labelColor: "rgb(0, 0, 0)" I've attached what the pass looks like on my Mac and my iPhone.

We are getting vulnerabilities for passkit generator, used for apple wallet creation. Could you please suggest how to resolve this issue In our system we updated MIME with latest version but passkit is referring older version 1.4.1 npm audit report mime <1.4.1 Severity: high mime Regular Expression Denial of Service when MIME lookup performed on untrusted user input - https://github.com/advisories/GHSA-wrvr-8mpx-r7pp No fix available node_modules/mime passkit * Depends on vulnerable versions of mime node_modules/passkit 2 high severity vulnerabilities Some issues need review, and may require choosing a different dependency.

My application is from a bank that provides payment passes, and when I try to retrieve passes already enrolled in the wallet, it always returns empty. Is there something I need to configure for it to work? This is what I've tried, and it hasn't worked

I want to be able to retrieve payment form wallet, I've used the PKPassLibrary but it hasn't worked

Hi, We are distributing pk pass files via a web browser. When a user taps Add in the system pass preview, the pass is added successfully, the preview is dismissed, and the user remains in the browser. From a user experience perspective, we would like to better guide users to their newly added pass in Apple Wallet. Is there a supported API, URL scheme, or documented mechanism that allows a web-based flow to transition the user to the Wallet app after a pass has been added? If direct app transitions are not supported in this scenario, what is the recommended best practice for helping users locate and open their newly added pass in Wallet? Thank you for your guidance.

Hello there, We’re currently integrating Apple Wallet pass functionality into our application and am looking for clarification around the automatic update flow. Particularly regarding secure management of the authenticationToken. We’ve reviewed the documentation here: Adding a Web Service to Update Passes authenticationToken Documentation From our understanding: When a user downloads a pass from our service, the .pkpass includes both a webServiceURL and an authenticationToken. Once the pass is added to Wallet, the Wallet app makes authenticated requests to our webServiceURL, using the token in the Authorization header. We then validate this token server-side to serve updates or handle device registration. So far, this flow is clear. However, we’re looking for clarification on two key scenarios: If a user adds the same pass twice on the same device, should the authenticationToken remain the same in both cases? If the same user adds the same pass on a different device, should the authenticationToken also remain consistent across devices? If the answer to both is “yes,” we assume that our backend must store the original authenticationToken in a retrievable form (not just as a hash) to regenerate the same pass for re-download or multi-device sync. Our main question is: What is Apple’s recommended or acceptable approach to storing authenticationToken values securely on the backend? Should these tokens be: Stored in plaintext (e.g. in a protected DB field)? Encrypted using a symmetric key? Hashed (not reversible, but limits reuse)? We want to ensure we align with Apple’s best practices for Wallet security and token management, especially in contexts where the same pass may be installed on multiple devices or reissued later.

Hi everyone, With the rapid growth of digital banking, payments, and AI-driven financial services, building secure and scalable FinTech apps on iOS has become more complex than ever. From handling sensitive user data to ensuring compliance and seamless performance, iOS developers face multiple technical challenges. Key areas that usually require deep expertise include: Apple Pay and Wallet integrations Secure authentication (Face ID / Touch ID / biometrics) Real-time transaction processing Core ML for financial predictions SwiftUI dashboards for financial analytics Data encryption and regulatory compliance https://www.nimbleappgenie.com At Nimble AppGenie, we’ve worked extensively as a FinTech app development expert, helping startups and enterprises design and build iOS financial applications that are secure, scalable, and user-centric. Our experience shows that the most successful fintech apps are those that balance strong security architecture with intuitive UX and performance optimization. I’m interested to hear from the community: What are the biggest challenges you’ve faced while building fintech apps on iOS? Are there any recent iOS updates or Apple frameworks that significantly improved your fintech workflows? How are you handling compliance and security in production apps? Looking forward to learning from everyone’s experiences and best practices.

Hello, I'm implementing the wallet extension for a financial app. Right now I'm having a problem, I want to redirect to the main app when the user hasn't logged in. Is it possible? This is my code in the WalletUI. It just doesn't work. let urlString = "bank://login" guard let url = URL(string: urlString) else { return } self.extensionContext?.open(url, completionHandler: { success in if !success { print("Success") } else { self.completionHandler?(.canceled) } }) }

We have tried using multiple test devices to dev and test Digital Wallet provisioning and unable to do it successfully as the rule decision goes into orange flow. This is a blocker for our project involving digial wallet provisioning testing. Is there a way that our test devices could be excluded from hitting orange rule so we can continue with provisioning?

As a company, we would like to implement digital passes in the Apple Wallet. We're wondering which option we should follow to be able to do so. Our company creates and manages access control devices to put on waste drop-off points. Our goal is to give the opportunity to our final users to unlock these drop-off points with their iphone. A contact told us to use the NFC & SE but this solution seems not to be available in France and not directly integrated with the Apple Wallet. We've seen Apple Wallet Access and Apple Wallet VAS as alternatives but we're not sure any of these two are really matching our usecase. We definitely want our passes to be directly integrated within the wallet, without an app.

noticed something here, dont underasand why. but here in Retrieve the registrations for a device in Apple Developer Documentation in Retrieve the registrations for a device. There is no Authorization in the header to include, however, other endpoints support that? Is this header will be sent from Walle? meaning that it has been missed in the documentation ? https://developer.apple.com/documentation/walletorders/retrieve-the-registrations-for-a-device

As per the guide, we need to email apple-pay-provisioning @apple.com but email bounces with error recipient no longer on server We also tried to send email to apple-pay-inquiries @apple.com but getting the same error. How do we contact Apple to request for the entitlement?

Hello, I’m trying to better understand the implementation flow for Tap to Pay on iPhone. In a partner onboarding portal (Partner Hub), the process is presented in the following stages: • Registration • Prerequisites • Operations & Setup • Certification • Launch However, it’s not clear what actually changes after completing the “Prerequisites” stage. Questions: After completing “Prerequisites”, are there any changes in terms of entitlements or capabilities provided by Apple? Is access to Tap to Pay functionality enabled at this point, or does it depend on steps outside of Apple’s developer environment? At what stage is the production entitlement typically granted? Is there any Apple-specific action required between “Prerequisites” and “Operations & Setup”? I would appreciate any clarification on how this transition works from Apple’s perspective. Thank you.

Environment: Apple sandbox environment Test card number: 4622 9431 2318 9343 Phone models: iPhone 17 Pro Max, iPhone 16 Pro ios version: 26.3.1(a) Problem Description: After biometric verification passed, the Apple-provided JS method onpaymentauthorized was not called. Instead, the session.oncancel method was triggered directly. session.completeMerchantValidation(session): { epochTimestamp: 1774586541529, expiresAt: 1774590141529, merchantSessionIdentifier: 'SSH172FFE4410DA4F4E9C52E66AD440E472_A0E617ED4A56A343E07C6E1255BD4098423B3A8E1243236462D07B14B4A0F7C3', nonce: 'db797548', merchantIdentifier: '8D78418145EFBC98571CE62A98832FC4286A5F465FA1B0570919E156E901D33F', domainName: 'bifrost.lianlianpay-inc.com', displayName: '', signature: '308006092a864886f70d010702a0803080020101310d300b0609608648016503040201308006092a864886f70d0107010000a080308203e330820388a003020102020816634c8b0e305717300a06082a8648ce3d040302307a312e302c06035504030c254170706c65204170706c69636174696f6e20496e746567726174696f6e204341202d20473331263024060355040b0c1d4170706c652043657274696669636174696f6e20417574686f7269747931133011060355040a0c0a4170706c6520496e632e310b3009060355040613025553301e170d3234303432393137343732375a170d3239303432383137343732365a305f3125302306035504030c1c6563632d736d702d62726f6b65722d7369676e5f5543342d50524f4431143012060355040b0c0b694f532053797374656d7331133011060355040a0c0a4170706c6520496e632e310b30090603550406130255533059301306072a8648ce3d020106082a8648ce3d03010703420004c21577edebd6c7b2218f68dd7090a1218dc7b0bd6f2c283d846095d94af4a5411b83420ed811f3407e83331f1c54c3f7eb3220d6bad5d4eff49289893e7c0f13a38202113082020d300c0603551d130101ff04023000301f0603551d2304183016801423f249c44f93e4ef27e6c4f6286c3fa2bbfd2e4b304506082b0601050507010104393037303506082b060105050730018629687474703a2f2f6f6373702e6170706c652e636f6d2f6f63737030342d6170706c65616963613330323082011d0603551d2004820114308201103082010c06092a864886f7636405013081fe3081c306082b060105050702023081b60c81b352656c69616e6365206f6e207468697320636572746966696361746520627920616e7920706172747920617373756d657320616363657074616e6365206f6620746865207468656e206170706c696361626c65207374616e64617264207465726d7320616e6420636f6e646974696f6e73206f66207573652c20636572746966696361746520706f6c69637920616e642063657274696669636174696f6e2070726163746963652073746174656d656e74732e303606082b06010505070201162a687474703a2f2f7777772e6170706c652e636f6d2f6365727469666963617465617574686f726974792f30340603551d1f042d302b3029a027a0258623687474703a2f2f63726c2e6170706c652e636f6d2f6170706c6561696361332e63726c301d0603551d0e041604149457db6fd57481868989762f7e578507e79b5824300e0603551d0f0101ff040403020780300f06092a864886f76364061d04020500300a06082a8648ce3d0403020349003046022100c6f023cb2614bb303888a162983e1a93f1056f50fa78cdb9ba4ca241cc14e25e022100be3cd0dfd16247f6494475380e9d44c228a10890a3a1dc724b8b4cb8889818bc308202ee30820275a0030201020208496d2fbf3a98da97300a06082a8648ce3d0403023067311b301906035504030c124170706c6520526f6f74204341202d20473331263024060355040b0c1d4170706c652043657274696669636174696f6e20417574686f7269747931133011060355040a0c0a4170706c6520496e632e310b3009060355040613025553301e170d3134303530363233343633305a170d3239303530363233343633305a307a312e302c06035504030c254170706c65204170706c69636174696f6e20496e746567726174696f6e204341202d20473331263024060355040b0c1d4170706c652043657274696669636174696f6e20417574686f7269747931133011060355040a0c0a4170706c6520496e632e310b30090603550406130255533059301306072a8648ce3d020106082a8648ce3d03010703420004f017118419d76485d51a5e25810776e880a2efde7bae4de08dfc4b93e13356d5665b35ae22d097760d224e7bba08fd7617ce88cb76bb6670bec8e82984ff5445a381f73081f4304606082b06010505070101043a3038303606082b06010505073001862a687474703a2f2f6f6373702e6170706c652e636f6d2f6f63737030342d6170706c65726f6f7463616733301d0603551d0e0416041423f249c44f93e4ef27e6c4f6286c3fa2bbfd2e4b300f0603551d130101ff040530030101ff301f0603551d23041830168014bbb0dea15833889aa48a99debebdebafdacb24ab30370603551d1f0430302e302ca02aa0288626687474703a2f2f63726c2e6170706c652e636f6d2f6170706c65726f6f74636167332e63726c300e0603551d0f0101ff0404030201063010060a2a864886f7636406020e04020500300a06082a8648ce3d040302036700306402303acf7283511699b186fb35c356ca62bff417edd90f754da28ebef19c815e42b789f898f79b599f98d5410d8f9de9c2fe0230322dd54421b0a305776c5df3383b9067fd177c2c216d964fc6726982126f54f87a7d1b99cb9b0989216106990f09921d00003182018730820183020101308186307a312e302c06035504030c254170706c65204170706c69636174696f6e20496e746567726174696f6e204341202d20473331263024060355040b0c1d4170706c652043657274696669636174696f6e20417574686f7269747931133011060355040a0c0a4170706c6520496e632e310b3009060355040613025553020816634c8b0e305717300b0609608648016503040201a08193301806092a864886f70d010903310b06092a864886f70d010701301c06092a864886f70d010905310f170d3236303332373034343232315a302806092a864886f70d010934311b3019300b0609608648016503040201a10a06082a8648ce3d040302302f06092a864886f70d01090431220420de088abe02a4f981acade953307d1922bf121ff836f7dfdeedd7689f6aa8c82c300a06082a8648ce3d04030204463044022040e4fbacada10a457f02cbabfd75dea2c9316494458ab473d70fd4e600673fd902204efcde5b48f29c9a99a179a8193d56a954ed216f6643afc2af0d80acfcc2e879000000000000', operationalAnalyticsIdentifier: ':8D78418145EFBC98571CE62A98832FC4286A5F465FA1B0570919E156E901D33F', retries: 0, pspId: '8D78418145EFBC98571CE62A98832FC4286A5F465FA1B0570919E156E901D33F' }

Environment: Apple sandbox environment Test card number: 4622 9431 2318 9343 Phone models: iPhone 17 Pro Max, iPhone 16 Pro ios version: 26.3.1(a) Problem Description: After biometric verification passed, the Apple-provided JS method onpaymentauthorized was not called. Instead, the session.oncancel method was triggered directly. session.completeMerchantValidation(session): The session is as follows { epochTimestamp: 1774586541529, expiresAt: 1774590141529, merchantSessionIdentifier: 'SSH172FFE4410DA4F4E9C52E66AD440E472_A0E617ED4A56A343E07C6E1255BD4098423B3A8E1243236462D07B14B4A0F7C3', nonce: 'db797548', merchantIdentifier: '8D78418145EFBC98571CE62A98832FC4286A5F465FA1B0570919E156E901D33F', domainName: 'bifrost.lianlianpay-inc.com', displayName: '', signature: '308006092a864886f70d010702a0803080020101310d300b0609608648016503040201308006092a864886f70d0107010000a080308203e330820388a003020102020816634c8b0e305717300a06082a8648ce3d040302307a312e302c06035504030c254170706c65204170706c69636174696f6e20496e746567726174696f6e204341202d20473331263024060355040b0c1d4170706c652043657274696669636174696f6e20417574686f7269747931133011060355040a0c0a4170706c6520496e632e310b3009060355040613025553301e170d3234303432393137343732375a170d3239303432383137343732365a305f3125302306035504030c1c6563632d736d702d62726f6b65722d7369676e5f5543342d50524f4431143012060355040b0c0b694f532053797374656d7331133011060355040a0c0a4170706c6520496e632e310b30090603550406130255533059301306072a8648ce3d020106082a8648ce3d03010703420004c21577edebd6c7b2218f68dd7090a1218dc7b0bd6f2c283d846095d94af4a5411b83420ed811f3407e83331f1c54c3f7eb3220d6bad5d4eff49289893e7c0f13a38202113082020d300c0603551d130101ff04023000301f0603551d2304183016801423f249c44f93e4ef27e6c4f6286c3fa2bbfd2e4b304506082b0601050507010104393037303506082b060105050730018629687474703a2f2f6f6373702e6170706c652e636f6d2f6f63737030342d6170706c65616963613330323082011d0603551d2004820114308201103082010c06092a864886f7636405013081fe3081c306082b060105050702023081b60c81b352656c69616e6365206f6e207468697320636572746966696361746520627920616e7920706172747920617373756d657320616363657074616e6365206f6620746865207468656e206170706c696361626c65207374616e64617264207465726d7320616e6420636f6e646974696f6e73206f66207573652c20636572746966696361746520706f6c69637920616e642063657274696669636174696f6e2070726163746963652073746174656d656e74732e303606082b06010505070201162a687474703a2f2f7777772e6170706c652e636f6d2f6365727469666963617465617574686f726974792f30340603551d1f042d302b3029a027a0258623687474703a2f2f63726c2e6170706c652e636f6d2f6170706c6561696361332e63726c301d0603551d0e041604149457db6fd57481868989762f7e578507e79b5824300e0603551d0f0101ff040403020780300f06092a864886f76364061d04020500300a06082a8648ce3d0403020349003046022100c6f023cb2614bb303888a162983e1a93f1056f50fa78cdb9ba4ca241cc14e25e022100be3cd0dfd16247f6494475380e9d44c228a10890a3a1dc724b8b4cb8889818bc308202ee30820275a0030201020208496d2fbf3a98da97300a06082a8648ce3d0403023067311b301906035504030c124170706c6520526f6f74204341202d20473331263024060355040b0c1d4170706c652043657274696669636174696f6e20417574686f7269747931133011060355040a0c0a4170706c6520496e632e310b3009060355040613025553301e170d3134303530363233343633305a170d3239303530363233343633305a307a312e302c06035504030c254170706c65204170706c69636174696f6e20496e746567726174696f6e204341202d20473331263024060355040b0c1d4170706c652043657274696669636174696f6e20417574686f7269747931133011060355040a0c0a4170706c6520496e632e310b30090603550406130255533059301306072a8648ce3d020106082a8648ce3d03010703420004f017118419d76485d51a5e25810776e880a2efde7bae4de08dfc4b93e13356d5665b35ae22d097760d224e7bba08fd7617ce88cb76bb6670bec8e82984ff5445a381f73081f4304606082b06010505070101043a3038303606082b06010505073001862a687474703a2f2f6f6373702e6170706c652e636f6d2f6f63737030342d6170706c65726f6f7463616733301d0603551d0e0416041423f249c44f93e4ef27e6c4f6286c3fa2bbfd2e4b300f0603551d130101ff040530030101ff301f0603551d23041830168014bbb0dea15833889aa48a99debebdebafdacb24ab30370603551d1f0430302e302ca02aa0288626687474703a2f2f63726c2e6170706c652e636f6d2f6170706c65726f6f74636167332e63726c300e0603551d0f0101ff0404030201063010060a2a864886f7636406020e04020500300a06082a8648ce3d040302036700306402303acf7283511699b186fb35c356ca62bff417edd90f754da28ebef19c815e42b789f898f79b599f98d5410d8f9de9c2fe0230322dd54421b0a305776c5df3383b9067fd177c2c216d964fc6726982126f54f87a7d1b99cb9b0989216106990f09921d00003182018730820183020101308186307a312e302c06035504030c254170706c65204170706c69636174696f6e20496e746567726174696f6e204341202d20473331263024060355040b0c1d4170706c652043657274696669636174696f6e20417574686f7269747931133011060355040a0c0a4170706c6520496e632e310b3009060355040613025553020816634c8b0e305717300b0609608648016503040201a08193301806092a864886f70d010903310b06092a864886f70d010701301c06092a864886f70d010905310f170d3236303332373034343232315a302806092a864886f70d010934311b3019300b0609608648016503040201a10a06082a8648ce3d040302302f06092a864886f70d01090431220420de088abe02a4f981acade953307d1922bf121ff836f7dfdeedd7689f6aa8c82c300a06082a8648ce3d04030204463044022040e4fbacada10a457f02cbabfd75dea2c9316494458ab473d70fd4e600673fd902204efcde5b48f29c9a99a179a8193d56a954ed216f6643afc2af0d80acfcc2e879000000000000', operationalAnalyticsIdentifier: ':8D78418145EFBC98571CE62A98832FC4286A5F465FA1B0570919E156E901D33F', retries: 0, pspId: '8D78418145EFBC98571CE62A98832FC4286A5F465FA1B0570919E156E901D33F' } code-block